]>
Commit | Line | Data |
---|---|---|
d452335a LP |
1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
2 | #pragma once | |
3 | ||
4 | typedef struct ImagePolicy ImagePolicy; | |
5 | ||
06e78680 | 6 | #include "conf-parser.h" |
d452335a LP |
7 | #include "dissect-image.h" |
8 | #include "errno-list.h" | |
9 | ||
10 | typedef enum PartitionPolicyFlags { | |
11 | /* Not all policy flags really make sense on all partition types, see comments. But even if they | |
12 | * don't make sense we'll parse them anyway, because maybe one day we'll add them for more partition | |
13 | * types, too. Moreover, we allow configuring a "default" policy for all partition types for which no | |
14 | * explicit policy is specified. It's useful if we can use policy flags in there and apply this | |
15 | * default policy gracefully even to partition types where they don't really make too much sense | |
16 | * on. Example: a default policy of "verity+encrypted" certainly makes sense, but for /home/ | |
17 | * partitions this gracefully degrades to "encrypted" (as we do not have a concept of verity for | |
18 | * /home/), and so on. */ | |
19 | PARTITION_POLICY_VERITY = 1 << 0, /* must exist, activate with verity (only applies to root/usr partitions) */ | |
20 | PARTITION_POLICY_SIGNED = 1 << 1, /* must exist, activate with signed verity (only applies to root/usr partitions) */ | |
21 | PARTITION_POLICY_ENCRYPTED = 1 << 2, /* must exist, activate with LUKS encryption (applies to any data partition, but not to verity/signature partitions */ | |
22 | PARTITION_POLICY_UNPROTECTED = 1 << 3, /* must exist, activate without encryption/verity */ | |
23 | PARTITION_POLICY_UNUSED = 1 << 4, /* must exist, don't use */ | |
24 | PARTITION_POLICY_ABSENT = 1 << 5, /* must not exist */ | |
25 | PARTITION_POLICY_OPEN = PARTITION_POLICY_VERITY|PARTITION_POLICY_SIGNED|PARTITION_POLICY_ENCRYPTED| | |
26 | PARTITION_POLICY_UNPROTECTED|PARTITION_POLICY_UNUSED|PARTITION_POLICY_ABSENT, | |
27 | PARTITION_POLICY_IGNORE = PARTITION_POLICY_UNUSED|PARTITION_POLICY_ABSENT, | |
28 | _PARTITION_POLICY_USE_MASK = PARTITION_POLICY_OPEN, | |
29 | ||
30 | PARTITION_POLICY_READ_ONLY_OFF = 1 << 6, /* State of GPT partition flag "read-only" must be on */ | |
31 | PARTITION_POLICY_READ_ONLY_ON = 1 << 7, | |
32 | _PARTITION_POLICY_READ_ONLY_MASK = PARTITION_POLICY_READ_ONLY_OFF|PARTITION_POLICY_READ_ONLY_ON, | |
33 | PARTITION_POLICY_GROWFS_OFF = 1 << 8, /* State of GPT partition flag "growfs" must be on */ | |
34 | PARTITION_POLICY_GROWFS_ON = 1 << 9, | |
35 | _PARTITION_POLICY_GROWFS_MASK = PARTITION_POLICY_GROWFS_OFF|PARTITION_POLICY_GROWFS_ON, | |
36 | _PARTITION_POLICY_PFLAGS_MASK = _PARTITION_POLICY_READ_ONLY_MASK|_PARTITION_POLICY_GROWFS_MASK, | |
37 | ||
38 | _PARTITION_POLICY_MASK = _PARTITION_POLICY_USE_MASK|_PARTITION_POLICY_READ_ONLY_MASK|_PARTITION_POLICY_GROWFS_MASK, | |
39 | ||
40 | _PARTITION_POLICY_FLAGS_INVALID = -EINVAL, | |
41 | _PARTITION_POLICY_FLAGS_ERRNO_MAX = -ERRNO_MAX, /* Ensure the whole errno range fits into this enum */ | |
42 | } PartitionPolicyFlags; | |
43 | ||
44 | assert_cc((_PARTITION_POLICY_USE_MASK | _PARTITION_POLICY_PFLAGS_MASK) >= 0); /* ensure flags don't collide with errno range */ | |
45 | ||
46 | typedef struct PartitionPolicy { | |
47 | PartitionDesignator designator; | |
48 | PartitionPolicyFlags flags; | |
49 | } PartitionPolicy; | |
50 | ||
51 | struct ImagePolicy { | |
52 | PartitionPolicyFlags default_flags; /* for any designator not listed in the list below */ | |
53 | size_t n_policies; | |
54 | PartitionPolicy policies[]; /* sorted by designator, hence suitable for binary search */ | |
55 | }; | |
56 | ||
7227dd81 | 57 | /* Default policies for various use cases */ |
d452335a LP |
58 | extern const ImagePolicy image_policy_allow; |
59 | extern const ImagePolicy image_policy_deny; | |
60 | extern const ImagePolicy image_policy_ignore; | |
d4fee894 LP |
61 | extern const ImagePolicy image_policy_sysext; /* No verity required */ |
62 | extern const ImagePolicy image_policy_sysext_strict; /* Signed verity required */ | |
63 | extern const ImagePolicy image_policy_confext; /* No verity required */ | |
64 | extern const ImagePolicy image_policy_confext_strict; /* Signed verity required */ | |
d452335a LP |
65 | extern const ImagePolicy image_policy_container; |
66 | extern const ImagePolicy image_policy_service; | |
67 | extern const ImagePolicy image_policy_host; | |
68 | ||
69 | PartitionPolicyFlags image_policy_get(const ImagePolicy *policy, PartitionDesignator designator); | |
70 | PartitionPolicyFlags image_policy_get_exhaustively(const ImagePolicy *policy, PartitionDesignator designator); | |
71 | ||
72 | /* We want that the NULL image policy means "everything" allowed, hence use these simple accessors to make | |
73 | * NULL policies work reasonably */ | |
74 | static inline PartitionPolicyFlags image_policy_default(const ImagePolicy *policy) { | |
75 | return policy ? policy->default_flags : PARTITION_POLICY_OPEN; | |
76 | } | |
77 | ||
78 | static inline size_t image_policy_n_entries(const ImagePolicy *policy) { | |
79 | return policy ? policy->n_policies : 0; | |
80 | } | |
81 | ||
637d57dd | 82 | PartitionPolicyFlags partition_policy_flags_extend(PartitionPolicyFlags flags); |
2251e4ef | 83 | PartitionPolicyFlags partition_policy_flags_reduce(PartitionPolicyFlags flags); |
637d57dd | 84 | |
d452335a LP |
85 | PartitionPolicyFlags partition_policy_flags_from_string(const char *s); |
86 | int partition_policy_flags_to_string(PartitionPolicyFlags flags, bool simplify, char **ret); | |
87 | ||
88 | int image_policy_from_string(const char *s, ImagePolicy **ret); | |
89 | int image_policy_to_string(const ImagePolicy *policy, bool simplify, char **ret); | |
90 | ||
91 | /* Recognizes three special policies by equivalence */ | |
92 | bool image_policy_equiv_ignore(const ImagePolicy *policy); | |
93 | bool image_policy_equiv_allow(const ImagePolicy *policy); | |
94 | bool image_policy_equiv_deny(const ImagePolicy *policy); | |
95 | ||
96 | bool image_policy_equal(const ImagePolicy *a, const ImagePolicy *b); /* checks if defined the same way, i.e. has literally the same ruleset */ | |
97 | int image_policy_equivalent(const ImagePolicy *a, const ImagePolicy *b); /* checks if the outcome is the same, i.e. for all partitions results in the same decisions. */ | |
98 | ||
2251e4ef LP |
99 | int image_policy_intersect(const ImagePolicy *a, const ImagePolicy *b, ImagePolicy **ret); |
100 | ||
d452335a LP |
101 | static inline ImagePolicy* image_policy_free(ImagePolicy *p) { |
102 | return mfree(p); | |
103 | } | |
104 | ||
105 | DEFINE_TRIVIAL_CLEANUP_FUNC(ImagePolicy*, image_policy_free); | |
06e78680 YW |
106 | |
107 | CONFIG_PARSER_PROTOTYPE(config_parse_image_policy); | |
108 | int parse_image_policy_argument(const char *s, ImagePolicy **policy); |