Local implementation of locally-defined data structures. More...
#include <stddef.h>#include <stdlib.h>#include <BPSecLib_Private.h>#include <sys/types.h>#include "SamplePolicyProvider.h"
Include dependency graph for SamplePolicyProvider.c:Functions | |
| static bool | BSLP_PolicyProvider_IsConsistent (const BSLP_PolicyProvider_t *self) |
| static bool | BSLP_PolicyPredicate_IsConsistent (const BSLP_PolicyPredicate_t *self) |
| static bool | BSLP_PolicyRule_IsConsistent (const BSLP_PolicyRule_t *self) |
| static uint64_t | get_target_block_id (const BSL_BundleRef_t *bundle, uint64_t target_block_type) |
| int | BSLP_QueryPolicy (const void *user_data, BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location) |
| Note that criticality is HIGH. | |
| int | BSLP_FinalizePolicy (const void *user_data, const BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output) |
| void | BSLP_PolicyPredicate_Deinit (BSLP_PolicyPredicate_t *self) |
| void | BSLP_Deinit (void *user_data) |
| void | BSLP_PolicyPredicate_Init (BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEIDPattern_t src_eid_pattern, BSL_HostEIDPattern_t secsrc_eid_pattern, BSL_HostEIDPattern_t dst_eid_pattern) |
| Initialize this policy predicate. | |
| bool | BSLP_PolicyPredicate_IsMatch (const BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEID_t src_eid, BSL_HostEID_t dst_eid) |
| Returns true if the given predicate matches the arguments. | |
| int | BSLP_PolicyRule_Init (BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyPredicate_t *predicate, uint64_t context_id, BSL_SecRole_e role, BSL_SecBlockType_e sec_block_type, BSL_BundleBlockTypeCode_e target_block_type, BSL_PolicyAction_e failure_action_code) |
| Initialize this policy rule. | |
| void | BSLP_PolicyRule_Deinit (BSLP_PolicyRule_t *self) |
| De-initialize, release any resources, and zero this struct. | |
| void | BSLP_PolicyRule_AddParam (BSLP_PolicyRule_t *self, const BSL_SecParam_t *param) |
| Include a BPSec parameter to this rule. | |
| int | BSLP_PolicyRule_EvaluateAsSecOper (const BSLP_PolicyRule_t *self, BSL_SecOper_t *sec_oper, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location) |
| Critical function creating a security operation from a bundle and location. | |
Detailed Description
Local implementation of locally-defined data structures.
Function Documentation
◆ BSLP_PolicyPredicate_Init()
| void BSLP_PolicyPredicate_Init | ( | BSLP_PolicyPredicate_t * | self, |
| BSL_PolicyLocation_e | location, | ||
| BSL_HostEIDPattern_t | src_eid_pattern, | ||
| BSL_HostEIDPattern_t | secsrc_eid_pattern, | ||
| BSL_HostEIDPattern_t | dst_eid_pattern | ||
| ) |
Initialize this policy predicate.
A policy predicate represents a way to match whether a rule applies to a bundle.
- Parameters
-
[in] self This predicate [in] location The BSL_PolicyLocation_e location in the BPA [in] src_eid_pattern Host-defined EID pattern to match for [in] srcsrc_eid_pattern Host-defined EID pattern for SECURITY SOURCE in security block [in] dst_eid_pattern Host-defined EID pattern for DESTINATION EID
- Returns
- Nothing
Referenced by test_PolicyProvider_Inspect_RFC9173_BIB(), test_PolicyProvider_InspectSingleBIBRuleset(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().
◆ BSLP_PolicyPredicate_IsMatch()
| bool BSLP_PolicyPredicate_IsMatch | ( | const BSLP_PolicyPredicate_t * | self, |
| BSL_PolicyLocation_e | location, | ||
| BSL_HostEID_t | src_eid, | ||
| BSL_HostEID_t | dst_eid | ||
| ) |
Returns true if the given predicate matches the arguments.
- Parameters
-
[in] self This predicate [in] location Location in the BPA [in] src_eid Source EID [in] dst_eid Destination EID
References BSL_HostEIDPattern_IsMatch(), and BSL_LOG_DEBUG.
Referenced by BSLP_PolicyRule_EvaluateAsSecOper(), and BSLP_QueryPolicy().
◆ BSLP_PolicyRule_AddParam()
| void BSLP_PolicyRule_AddParam | ( | BSLP_PolicyRule_t * | self, |
| const BSL_SecParam_t * | param | ||
| ) |
Include a BPSec parameter to this rule.
Used immediately after Init.
- Parameters
-
[in] self This rule [in] param Pointer to the Parameter.
References BSL_SecParam_IsConsistent(), and BSL_SecParam_Sizeof().
Referenced by test_PolicyProvider_Inspect_RFC9173_BIB().
◆ BSLP_PolicyRule_Deinit()
| void BSLP_PolicyRule_Deinit | ( | BSLP_PolicyRule_t * | self | ) |
De-initialize, release any resources, and zero this struct.
- Parameters
-
[in] self This rule
References BSL_FREE, and BSL_LOG_INFO.
Referenced by test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().
◆ BSLP_PolicyRule_EvaluateAsSecOper()
| int BSLP_PolicyRule_EvaluateAsSecOper | ( | const BSLP_PolicyRule_t * | self, |
| BSL_SecOper_t * | sec_oper, | ||
| const BSL_BundleRef_t * | bundle, | ||
| BSL_PolicyLocation_e | location | ||
| ) |
Critical function creating a security operation from a bundle and location.
- Parameters
-
[in] self This policy rule [in] sec_oper [Zeroed, pre-allocated and memory owned by caller] Caller-allocated space for the output security action. [in] bundle Bundle to test match against [in] location Location in the BPA
- Returns
- Zero on success, negative on failure.
References BSL_BLOCK_TYPE_PRIMARY, BSL_BundleCtx_GetBundleMetadata(), BSL_ERR_SECURITY_CONTEXT_FAILED, BSL_LOG_INFO, BSL_LOG_WARNING, BSL_SecOper_AppendParam(), BSL_SecOper_Populate(), BSL_SecParam_Sizeof(), BSL_SUCCESS, BSLP_PolicyPredicate_IsMatch(), BSL_PrimaryBlock_t::field_dest_eid, and BSL_PrimaryBlock_t::field_src_node_id.
Referenced by BSLP_QueryPolicy(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().
◆ BSLP_PolicyRule_Init()
| int BSLP_PolicyRule_Init | ( | BSLP_PolicyRule_t * | self, |
| const char * | desc, | ||
| BSLP_PolicyPredicate_t * | predicate, | ||
| uint64_t | context_id, | ||
| BSL_SecRole_e | role, | ||
| BSL_SecBlockType_e | sec_block_type, | ||
| BSL_BundleBlockTypeCode_e | target_block_type, | ||
| BSL_PolicyAction_e | failure_action_code | ||
| ) |
Initialize this policy rule.
- Parameters
-
[in] self This policy rule [in] dest Description of this rule (C-string) [in] predicate Predicate used to identify which bundles apply [in] context_id Security context ID [in] role Such as source, acceptor, etc [in] sec_block_type Block type (BIB or BCB) [in] target_block_type Target block type (anything, such as primary or payload)
- Returns
- Zero on success
References BSL_CALLOC, BSL_SecParam_Sizeof(), and BSL_SUCCESS.
Referenced by test_PolicyProvider_Inspect_RFC9173_BIB(), test_PolicyProvider_InspectSingleBIBRuleset(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().
