Local implementation of locally-defined data structures. More...
#include <stddef.h>#include <stdlib.h>#include <string.h>#include <sys/types.h>#include <m-array.h>#include <BPSecLib_Private.h>#include "SamplePolicyProvider.h"
Include dependency graph for SamplePolicyProvider.c:Functions | |
| static bool | BSLP_PolicyProvider_IsConsistent (const BSLP_PolicyProvider_t *self) |
| static bool | BSLP_PolicyPredicate_IsConsistent (const BSLP_PolicyPredicate_t *self) |
| static bool | BSLP_PolicyRule_IsConsistent (const BSLP_PolicyRule_t *self) |
| static uint64_t | BSLP_PolicyProvider_HandleFailures (BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper) |
| static uint64_t | get_target_block_id (const BSL_BundleRef_t *bundle, uint64_t target_block_type) |
| int | BSLP_QueryPolicy (const void *user_data, BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location) |
| Note that criticality is HIGH. | |
| int | BSLP_FinalizePolicy (const void *user_data, const BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output) |
| void | BSLP_PolicyPredicate_Deinit (BSLP_PolicyPredicate_t *self) |
| void | BSLP_Deinit (void *user_data) |
| void | BSLP_PolicyPredicate_Init (BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEIDPattern_t src_eid_pattern, BSL_HostEIDPattern_t secsrc_eid_pattern, BSL_HostEIDPattern_t dst_eid_pattern) |
| Initialize this policy predicate. | |
| bool | BSLP_PolicyPredicate_IsMatch (const BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEID_t src_eid, BSL_HostEID_t dst_eid) |
| Returns true if the given predicate matches the arguments. | |
| int | BSLP_PolicyRule_Init (BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyPredicate_t *predicate, int64_t context_id, BSL_SecRole_e role, BSL_SecBlockType_e sec_block_type, BSL_BundleBlockTypeCode_e target_block_type, BSL_PolicyAction_e failure_action_code) |
| Initialize this policy rule. | |
| void | BSLP_PolicyRule_Deinit (BSLP_PolicyRule_t *self) |
| De-initialize, release any resources, and zero this struct. | |
| void | BSLP_PolicyRule_CopyParam (BSLP_PolicyRule_t *self, const BSL_SecParam_t *param) |
| Include a BPSec parameter to this rule. | |
| void | BSLP_PolicyRule_MoveParam (BSLP_PolicyRule_t *self, BSL_SecParam_t *param) |
| Include a BPSec parameter to this rule. | |
| int | BSLP_PolicyRule_EvaluateAsSecOper (const BSLP_PolicyRule_t *self, BSL_SecOper_t *sec_oper, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location) |
| Critical function creating a security operation from a bundle and location. | |
Detailed Description
Local implementation of locally-defined data structures.
Function Documentation
◆ BSLP_Deinit()
| void BSLP_Deinit | ( | void * | user_data | ) |
References ASSERT_ARG_EXPR, BSL_free(), BSL_LOG_INFO, BSLP_PolicyPredicate_Deinit(), BSLP_PolicyProvider_IsConsistent(), BSLP_PolicyRule_Deinit(), BSLP_PolicyProvider_t::predicate_count, BSLP_PolicyProvider_t::predicates, BSLP_PolicyProvider_t::rule_count, and BSLP_PolicyProvider_t::rules.
Referenced by _setUp(), MockBPA_Agent_Init(), setUp(), and test_MultiplePolicyProviders().
◆ BSLP_FinalizePolicy()
| int BSLP_FinalizePolicy | ( | const void * | user_data, |
| const BSL_SecurityActionSet_t * | output_action_set, | ||
| const BSL_BundleRef_t * | bundle, | ||
| const BSL_SecurityResponseSet_t * | response_output | ||
| ) |
References ASSERT_ARG_EXPR, BSL_LOG_INFO, BSL_SECOP_CONCLUSION_FAILURE, BSL_SECOP_CONCLUSION_INVALID, BSL_SECOP_CONCLUSION_PENDING, BSL_SECOP_CONCLUSION_SUCCESS, BSL_SecOper_GetConclusion(), BSL_SecurityAction_CountSecOpers(), BSL_SecurityAction_GetPPID(), BSL_SecurityAction_GetSecOperAtIndex(), BSL_SecurityActionSet_CountActions(), BSL_SecurityActionSet_GetActionAtIndex(), BSL_SUCCESS, BSLP_PolicyProvider_HandleFailures(), BSLP_PolicyProvider_IsConsistent(), and BSLP_PolicyProvider_t::pp_id.
Referenced by _setUp(), MockBPA_Agent_Init(), setUp(), and test_MultiplePolicyProviders().
◆ BSLP_PolicyPredicate_Deinit()
| void BSLP_PolicyPredicate_Deinit | ( | BSLP_PolicyPredicate_t * | self | ) |
◆ BSLP_PolicyPredicate_Init()
| void BSLP_PolicyPredicate_Init | ( | BSLP_PolicyPredicate_t * | self, |
| BSL_PolicyLocation_e | location, | ||
| BSL_HostEIDPattern_t | src_eid_pattern, | ||
| BSL_HostEIDPattern_t | secsrc_eid_pattern, | ||
| BSL_HostEIDPattern_t | dst_eid_pattern | ||
| ) |
Initialize this policy predicate.
A policy predicate represents a way to match whether a rule applies to a bundle.
- Parameters
-
[in] self This predicate [in] location The BSL_PolicyLocation_e location in the BPA [in] src_eid_pattern Host-defined EID pattern to match for [in] srcsrc_eid_pattern Host-defined EID pattern for SECURITY SOURCE in security block [in] dst_eid_pattern Host-defined EID pattern for DESTINATION EID
- Returns
- Nothing
References ASSERT_ARG_NONNULL, ASSERT_POSTCONDITION, BSLP_PolicyPredicate_IsConsistent(), BSLP_PolicyPredicate_t::dst_eid_pattern, BSLP_PolicyPredicate_t::location, BSLP_PolicyPredicate_t::secsrc_eid_pattern, and BSLP_PolicyPredicate_t::src_eid_pattern.
Referenced by _setUp(), mock_bpa_register_policy(), mock_bpa_register_policy_from_json(), setUp(), TEST_CASE(), test_MultiplePolicyProviders(), test_PolicyProvider_Inspect_RFC9173_BIB(), test_PolicyProvider_InspectSingleBIBRuleset(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().
◆ BSLP_PolicyPredicate_IsConsistent()
|
static |
References ASSERT_ARG_EXPR, ASSERT_ARG_NONNULL, BSLP_PolicyPredicate_t::dst_eid_pattern, BSL_HostEIDPattern_t::handle, BSLP_PolicyPredicate_t::location, BSLP_PolicyPredicate_t::secsrc_eid_pattern, and BSLP_PolicyPredicate_t::src_eid_pattern.
Referenced by BSLP_PolicyPredicate_Init(), BSLP_PolicyPredicate_IsMatch(), and BSLP_PolicyRule_IsConsistent().
◆ BSLP_PolicyPredicate_IsMatch()
| bool BSLP_PolicyPredicate_IsMatch | ( | const BSLP_PolicyPredicate_t * | self, |
| BSL_PolicyLocation_e | location, | ||
| BSL_HostEID_t | src_eid, | ||
| BSL_HostEID_t | dst_eid | ||
| ) |
Returns true if the given predicate matches the arguments.
- Parameters
-
[in] self This predicate [in] location Location in the BPA [in] src_eid Source EID [in] dst_eid Destination EID
References ASSERT_ARG_EXPR, BSL_HostEIDPattern_IsMatch(), BSL_LOG_DEBUG, BSLP_PolicyPredicate_IsConsistent(), BSLP_PolicyPredicate_t::dst_eid_pattern, BSLP_PolicyPredicate_t::location, and BSLP_PolicyPredicate_t::src_eid_pattern.
Referenced by BSLP_PolicyRule_EvaluateAsSecOper(), and BSLP_QueryPolicy().
◆ BSLP_PolicyProvider_HandleFailures()
|
static |
References BSL_BundleCtx_DeleteBundle(), BSL_BundleCtx_RemoveBlock(), BSL_ERR_POLICY_FAILED, BSL_LOG_ERR, BSL_LOG_WARNING, BSL_POLICYACTION_DROP_BLOCK, BSL_POLICYACTION_DROP_BUNDLE, BSL_POLICYACTION_NOTHING, BSL_POLICYACTION_UNDEFINED, BSL_SecOper_GetPolicyAction(), BSL_SecOper_GetReasonCode(), BSL_SecOper_GetTargetBlockNum(), BSL_SUCCESS, and CHK_ARG_NONNULL.
Referenced by BSLP_FinalizePolicy().
◆ BSLP_PolicyProvider_IsConsistent()
|
static |
References ASSERT_ARG_EXPR, and ASSERT_ARG_NONNULL.
Referenced by BSLP_Deinit(), BSLP_FinalizePolicy(), and BSLP_QueryPolicy().
◆ BSLP_PolicyRule_CopyParam()
| void BSLP_PolicyRule_CopyParam | ( | BSLP_PolicyRule_t * | self, |
| const BSL_SecParam_t * | param | ||
| ) |
Include a BPSec parameter to this rule.
Used immediately after Init.
- Parameters
-
[in] self This rule [in,out] param Pointer to the Parameter to move from.
References ASSERT_ARG_EXPR, ASSERT_POSTCONDITION, BSL_SecParam_IsConsistent(), BSLP_PolicyRule_IsConsistent(), and BSLP_PolicyRule_t::params.
Referenced by _setUp(), mock_bpa_register_policy(), mock_bpa_register_policy_from_json(), and setUp().
◆ BSLP_PolicyRule_Deinit()
| void BSLP_PolicyRule_Deinit | ( | BSLP_PolicyRule_t * | self | ) |
De-initialize, release any resources, and zero this struct.
- Parameters
-
[in] self This rule
References ASSERT_ARG_EXPR, BSL_free(), BSL_LOG_INFO, BSLP_PolicyRule_IsConsistent(), BSLP_PolicyRule_t::description, and BSLP_PolicyRule_t::params.
Referenced by BSLP_Deinit(), TEST_CASE(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().
◆ BSLP_PolicyRule_EvaluateAsSecOper()
| int BSLP_PolicyRule_EvaluateAsSecOper | ( | const BSLP_PolicyRule_t * | self, |
| BSL_SecOper_t * | sec_oper, | ||
| const BSL_BundleRef_t * | bundle, | ||
| BSL_PolicyLocation_e | location | ||
| ) |
Critical function creating a security operation from a bundle and location.
- Parameters
-
[in] self This policy rule [in] sec_oper [Zeroed, pre-allocated and memory owned by caller] Caller-allocated space for the output security action. [in] bundle Bundle to test match against [in] location Location in the BPA
- Returns
- Zero on success, negative on failure.
References BSL_BLOCK_TYPE_PRIMARY, BSL_BundleCtx_GetBundleMetadata(), BSL_ERR_SECURITY_CONTEXT_FAILED, BSL_LOG_INFO, BSL_LOG_WARNING, BSL_PrimaryBlock_deinit(), BSL_SecOper_AppendParam(), BSL_SecOper_Populate(), BSL_SUCCESS, BSLP_PolicyPredicate_IsMatch(), BSLP_PolicyRule_IsConsistent(), CHK_ARG_NONNULL, CHK_PRECONDITION, BSLP_PolicyRule_t::context_id, BSLP_PolicyRule_t::description, BSLP_PolicyRule_t::failure_action_code, BSL_PrimaryBlock_t::field_dest_eid, BSL_PrimaryBlock_t::field_src_node_id, get_target_block_id(), BSLP_PolicyRule_t::params, BSLP_PolicyRule_t::predicate, BSLP_PolicyRule_t::role, BSLP_PolicyRule_t::sec_block_type, and BSLP_PolicyRule_t::target_block_type.
Referenced by BSLP_QueryPolicy(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().
◆ BSLP_PolicyRule_Init()
| int BSLP_PolicyRule_Init | ( | BSLP_PolicyRule_t * | self, |
| const char * | desc, | ||
| BSLP_PolicyPredicate_t * | predicate, | ||
| int64_t | context_id, | ||
| BSL_SecRole_e | role, | ||
| BSL_SecBlockType_e | sec_block_type, | ||
| BSL_BundleBlockTypeCode_e | target_block_type, | ||
| BSL_PolicyAction_e | failure_action_code | ||
| ) |
Initialize this policy rule.
- Parameters
-
[in] self This policy rule [in] dest Description of this rule (C-string). Will copy characters of parameter from index 0 to BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN - 1. [in] predicate Predicate used to identify which bundles apply [in] context_id Security context ID [in] role Such as source, acceptor, etc [in] sec_block_type Block type (BIB or BCB) [in] target_block_type Target block type (anything, such as primary or payload) [in] failure_action_code Code to indicate fate of security block/bundle if error occurs
- Returns
- Zero on success
References ASSERT_ARG_NONNULL, ASSERT_POSTCONDITION, BSL_malloc(), BSL_SUCCESS, BSLP_POLICYPREDICATE_ARRAY_CAPACITY, BSLP_PolicyRule_IsConsistent(), BSLP_PolicyRule_t::context_id, BSLP_PolicyRule_t::description, BSLP_PolicyRule_t::failure_action_code, BSLP_PolicyRule_t::params, BSLP_PolicyRule_t::predicate, BSLP_PolicyRule_t::role, BSLP_PolicyRule_t::sec_block_type, and BSLP_PolicyRule_t::target_block_type.
Referenced by _setUp(), mock_bpa_register_policy(), mock_bpa_register_policy_from_json(), setUp(), TEST_CASE(), test_MultiplePolicyProviders(), test_PolicyProvider_Inspect_RFC9173_BIB(), test_PolicyProvider_InspectSingleBIBRuleset(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().
◆ BSLP_PolicyRule_IsConsistent()
|
static |
References ASSERT_ARG_EXPR, ASSERT_ARG_NONNULL, BSL_SECROLE_ISVALID, BSLP_PolicyPredicate_IsConsistent(), BSLP_PolicyRule_t::context_id, BSLP_PolicyRule_t::params, BSLP_PolicyRule_t::predicate, BSLP_PolicyRule_t::role, and BSLP_PolicyRule_t::sec_block_type.
Referenced by BSLP_PolicyRule_CopyParam(), BSLP_PolicyRule_Deinit(), BSLP_PolicyRule_EvaluateAsSecOper(), BSLP_PolicyRule_Init(), BSLP_PolicyRule_MoveParam(), and BSLP_QueryPolicy().
◆ BSLP_PolicyRule_MoveParam()
| void BSLP_PolicyRule_MoveParam | ( | BSLP_PolicyRule_t * | self, |
| BSL_SecParam_t * | param | ||
| ) |
Include a BPSec parameter to this rule.
Used immediately after Init.
- Parameters
-
[in] self This rule [in,out] param Pointer to the Parameter to move from.
References ASSERT_ARG_EXPR, ASSERT_POSTCONDITION, BSL_SecParam_IsConsistent(), BSLP_PolicyRule_IsConsistent(), and BSLP_PolicyRule_t::params.
Referenced by test_MultiplePolicyProviders(), and test_PolicyProvider_Inspect_RFC9173_BIB().
◆ BSLP_QueryPolicy()
| int BSLP_QueryPolicy | ( | const void * | user_data, |
| BSL_SecurityActionSet_t * | output_action_set, | ||
| const BSL_BundleRef_t * | bundle, | ||
| BSL_PolicyLocation_e | location | ||
| ) |
Note that criticality is HIGH.
References ASSERT_ARG_EXPR, BSL_BLOCK_TYPE_PRIMARY, BSL_BundleCtx_GetBundleMetadata(), BSL_calloc(), BSL_ERR_HOST_CALLBACK_FAILED, BSL_free(), BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_INFO, BSL_LOG_WARNING, BSL_PrimaryBlock_deinit(), BSL_SECOP_CONCLUSION_INVALID, BSL_SecOper_Deinit(), BSL_SecOper_GetSecurityBlockNum(), BSL_SecOper_GetTargetBlockNum(), BSL_SecOper_Init(), BSL_SecOper_IsBIB(), BSL_SecOper_IsRoleSource(), BSL_SecOper_SetConclusion(), BSL_SecOper_Sizeof(), BSL_SecurityAction_AppendSecOper(), BSL_SecurityAction_Deinit(), BSL_SecurityAction_IncrError(), BSL_SecurityAction_Init(), BSL_SecurityAction_Sizeof(), BSL_SecurityActionSet_AppendAction(), BSL_SecurityActionSet_CountErrors(), BSL_SecurityActionSet_IsConsistent(), BSL_SUCCESS, BSLP_PolicyPredicate_IsMatch(), BSLP_PolicyProvider_IsConsistent(), BSLP_PolicyRule_EvaluateAsSecOper(), BSLP_PolicyRule_IsConsistent(), CHK_POSTCONDITION, BSLP_PolicyRule_t::description, BSL_PrimaryBlock_t::field_dest_eid, BSL_PrimaryBlock_t::field_src_node_id, get_target_block_id(), BSLP_PolicyRule_t::predicate, BSLP_PolicyProvider_t::rule_count, BSLP_PolicyProvider_t::rules, and BSLP_PolicyRule_t::target_block_type.
Referenced by _setUp(), MockBPA_Agent_Init(), setUp(), and test_MultiplePolicyProviders().
◆ get_target_block_id()
|
static |
References BSL_PrimaryBlock_t::block_count, BSL_PrimaryBlock_t::block_numbers, BSL_BundleCtx_GetBlockMetadata(), BSL_BundleCtx_GetBundleMetadata(), BSL_LOG_ERR, BSL_PrimaryBlock_deinit(), BSL_SUCCESS, and BSL_CanonicalBlock_t::type_code.
Referenced by BSLP_PolicyRule_EvaluateAsSecOper(), and BSLP_QueryPolicy().
