PolicyProvider.c File Reference

Defines interactions with an external Policy Provider. More...

#include <BPSecLib_Private.h>
#include "PublicInterfaceImpl.h"
#include "SecurityActionSet.h"

Include dependency graph for PolicyProvider.c:

Functions
int	BSL_PolicyRegistry_InspectActions (const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location)
	Queries the policy provider for any security operations to take on the bundle.
int	BSL_PolicyRegistry_FinalizeActions (const BSL_LibCtx_t *bsl, const BSL_SecurityActionSet_t *policy_actions, const BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output)
	Finalizes policy provider for sec ops & sec results for a bundle.

Detailed Description

Defines interactions with an external Policy Provider.

Function Documentation

BSL_PolicyRegistry_FinalizeActions()

int BSL_PolicyRegistry_FinalizeActions	(	const BSL_LibCtx_t *	bsl,
		const BSL_SecurityActionSet_t *	policy_actions,
		const BSL_BundleRef_t *	bundle,
		const BSL_SecurityResponseSet_t *	response_output
	)

Finalizes policy provider for sec ops & sec results for a bundle.

Note

Currently the implementation is such that the Policy Provider callback handles the policy action on failure that is stored in the the Security Operations in the Action Set. As such, the backend and Security Context do not use the policy action field of the BSL_SecOper_s and the Policy Provider is the sole executor of policy actions regarding failures.

Parameters

[in]	bsl	BSL library context
[in]	policy_actions	A policy action set, which may contain error codes and other info. [Zeroed, pre-allocated and memory owned by caller] Caller-allocated, zeroed space for action set
[in,out]	bundle	Bundle seeking security operations
[in]	response_output	results from security context
[in]	location	Where in the BPA lifecycle this query arises from

Returns

0 if success

References BSL_ERR_POLICY_FINAL, BSL_SecurityActionSet_CountActions(), and BSL_SUCCESS.

Referenced by BSL_API_ApplySecurity(), and test_MultiplePolicyProviders().

BSL_PolicyRegistry_InspectActions()

int BSL_PolicyRegistry_InspectActions	(	const BSL_LibCtx_t *	bsl,
		BSL_SecurityActionSet_t *	output_action_set,
		const BSL_BundleRef_t *	bundle,
		BSL_PolicyLocation_e	location
	)

Queries the policy provider for any security operations to take on the bundle.

Note

The caller is obligated to allocate space for the policy_action_set output. This memory must be zeroed before being passed, doing otherwise will raise an assertion.

Parameters

[in]	bsl	BSL library context
[out]	output_action_set	policy action set, which may contain error codes and other info. [Zeroed, pre-allocated and memory owned by caller] Caller-allocated, zeroed space for action set
[in,out]	bundle	Bundle seeking security operations
[in]	location	Where in the BPA lifecycle this query arises from

Returns

0 if success

References BSL_ERR_POLICY_FINAL, BSL_LOG_INFO, BSL_SecurityActionSet_CountActions(), and BSL_SUCCESS.

Referenced by BSL_API_QuerySecurity(), test_MultiplePolicyProviders(), test_PolicyProvider_Inspect_RFC9173_BIB(), test_PolicyProvider_InspectEmptyRuleset(), and test_PolicyProvider_InspectSingleBIBRuleset().