[thirdparty/systemd.git] / src / shared / securebits-util.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <errno.h>
#include <stdio.h>

#include "alloc-util.h"
#include "extract-word.h"
#include "securebits-util.h"
#include "string-util.h"

int secure_bits_to_string_alloc(int i, char **s) {
        _cleanup_free_ char *str = NULL;
        size_t len;
        int r;

        assert(s);

        r = asprintf(&str, "%s%s%s%s%s%s",
                     (i & (1 << SECURE_KEEP_CAPS)) ? "keep-caps " : "",
                     (i & (1 << SECURE_KEEP_CAPS_LOCKED)) ? "keep-caps-locked " : "",
                     (i & (1 << SECURE_NO_SETUID_FIXUP)) ? "no-setuid-fixup " : "",
                     (i & (1 << SECURE_NO_SETUID_FIXUP_LOCKED)) ? "no-setuid-fixup-locked " : "",
                     (i & (1 << SECURE_NOROOT)) ? "noroot " : "",
                     (i & (1 << SECURE_NOROOT_LOCKED)) ? "noroot-locked " : "");
        if (r < 0)
                return -ENOMEM;

        len = strlen(str);
        if (len != 0)
                str[len - 1] = '\0';

        *s = TAKE_PTR(str);

        return 0;
}

int secure_bits_from_string(const char *s) {
        int secure_bits = 0;
        const char *p;
        int r;

        for (p = s;;) {
                _cleanup_free_ char *word = NULL;

                r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
                if (r == -ENOMEM)
                        return r;
                if (r <= 0)
                        break;

                if (streq(word, "keep-caps"))
                        secure_bits |= 1 << SECURE_KEEP_CAPS;
                else if (streq(word, "keep-caps-locked"))
                        secure_bits |= 1 << SECURE_KEEP_CAPS_LOCKED;
                else if (streq(word, "no-setuid-fixup"))
                        secure_bits |= 1 << SECURE_NO_SETUID_FIXUP;
                else if (streq(word, "no-setuid-fixup-locked"))
                        secure_bits |= 1 << SECURE_NO_SETUID_FIXUP_LOCKED;
                else if (streq(word, "noroot"))
                        secure_bits |= 1 << SECURE_NOROOT;
                else if (streq(word, "noroot-locked"))
                        secure_bits |= 1 << SECURE_NOROOT_LOCKED;
        }

        return secure_bits;
}
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
07d46372 YW	2
07d46372 YW	3	#include <errno.h>
dccca82b	4	#include <stdio.h>
07d46372 YW	5
	6	#include "alloc-util.h"
	7	#include "extract-word.h"
07d46372 YW	8	#include "securebits-util.h"
	9	#include "string-util.h"
	10
	11	int secure_bits_to_string_alloc(int i, char **s) {
	12	_cleanup_free_ char *str = NULL;
	13	size_t len;
	14	int r;
	15
	16	assert(s);
	17
	18	r = asprintf(&str, "%s%s%s%s%s%s",
	19	(i & (1 << SECURE_KEEP_CAPS)) ? "keep-caps " : "",
	20	(i & (1 << SECURE_KEEP_CAPS_LOCKED)) ? "keep-caps-locked " : "",
	21	(i & (1 << SECURE_NO_SETUID_FIXUP)) ? "no-setuid-fixup " : "",
	22	(i & (1 << SECURE_NO_SETUID_FIXUP_LOCKED)) ? "no-setuid-fixup-locked " : "",
	23	(i & (1 << SECURE_NOROOT)) ? "noroot " : "",
	24	(i & (1 << SECURE_NOROOT_LOCKED)) ? "noroot-locked " : "");
	25	if (r < 0)
	26	return -ENOMEM;
	27
	28	len = strlen(str);
	29	if (len != 0)
	30	str[len - 1] = '\0';
	31
ae2a15bc	32	*s = TAKE_PTR(str);
07d46372 YW	33
	34	return 0;
	35	}
	36
	37	int secure_bits_from_string(const char *s) {
	38	int secure_bits = 0;
	39	const char *p;
	40	int r;
	41
	42	for (p = s;;) {
	43	_cleanup_free_ char *word = NULL;
	44
4ec85141	45	r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
07d46372 YW	46	if (r == -ENOMEM)
	47	return r;
	48	if (r <= 0)
	49	break;
	50
	51	if (streq(word, "keep-caps"))
	52	secure_bits \|= 1 << SECURE_KEEP_CAPS;
	53	else if (streq(word, "keep-caps-locked"))
	54	secure_bits \|= 1 << SECURE_KEEP_CAPS_LOCKED;
	55	else if (streq(word, "no-setuid-fixup"))
	56	secure_bits \|= 1 << SECURE_NO_SETUID_FIXUP;
	57	else if (streq(word, "no-setuid-fixup-locked"))
	58	secure_bits \|= 1 << SECURE_NO_SETUID_FIXUP_LOCKED;
	59	else if (streq(word, "noroot"))
	60	secure_bits \|= 1 << SECURE_NOROOT;
	61	else if (streq(word, "noroot-locked"))
	62	secure_bits \|= 1 << SECURE_NOROOT_LOCKED;
	63	}
	64
	65	return secure_bits;
	66	}