src/basic/securebits-util.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2
   3 #include <errno.h>
   4 #include <stdio.h>
   5
   6 #include "alloc-util.h"
   7 #include "extract-word.h"
   8 #include "securebits.h"
   9 #include "securebits-util.h"
  10 #include "string-util.h"
  11
  12 int secure_bits_to_string_alloc(int i, char **s) {
  13         _cleanup_free_ char *str = NULL;
  14         size_t len;
  15         int r;
  16
  17         assert(s);
  18
  19         r = asprintf(&str, "%s%s%s%s%s%s",
  20                      (i & (1 << SECURE_KEEP_CAPS)) ? "keep-caps " : "",
  21                      (i & (1 << SECURE_KEEP_CAPS_LOCKED)) ? "keep-caps-locked " : "",
  22                      (i & (1 << SECURE_NO_SETUID_FIXUP)) ? "no-setuid-fixup " : "",
  23                      (i & (1 << SECURE_NO_SETUID_FIXUP_LOCKED)) ? "no-setuid-fixup-locked " : "",
  24                      (i & (1 << SECURE_NOROOT)) ? "noroot " : "",
  25                      (i & (1 << SECURE_NOROOT_LOCKED)) ? "noroot-locked " : "");
  26         if (r < 0)
  27                 return -ENOMEM;
  28
  29         len = strlen(str);
  30         if (len != 0)
  31                 str[len - 1] = '\0';
  32
  33         *s = TAKE_PTR(str);
  34
  35         return 0;
  36 }
  37
  38 int secure_bits_from_string(const char *s) {
  39         int secure_bits = 0;
  40         const char *p;
  41         int r;
  42
  43         for (p = s;;) {
  44                 _cleanup_free_ char *word = NULL;
  45
  46                 r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
  47                 if (r == -ENOMEM)
  48                         return r;
  49                 if (r <= 0)
  50                         break;
  51
  52                 if (streq(word, "keep-caps"))
  53                         secure_bits |= 1 << SECURE_KEEP_CAPS;
  54                 else if (streq(word, "keep-caps-locked"))
  55                         secure_bits |= 1 << SECURE_KEEP_CAPS_LOCKED;
  56                 else if (streq(word, "no-setuid-fixup"))
  57                         secure_bits |= 1 << SECURE_NO_SETUID_FIXUP;
  58                 else if (streq(word, "no-setuid-fixup-locked"))
  59                         secure_bits |= 1 << SECURE_NO_SETUID_FIXUP_LOCKED;
  60                 else if (streq(word, "noroot"))
  61                         secure_bits |= 1 << SECURE_NOROOT;
  62                 else if (streq(word, "noroot-locked"))
  63                         secure_bits |= 1 << SECURE_NOROOT_LOCKED;
  64         }
  65
  66         return secure_bits;
  67 }