Spec of locally-defined data structures. More...

#include <stdint.h>
#include <BPSecLib_Private.h>
#include <backend/SecParam.h>

Include dependency graph for SamplePolicyProvider.h:

This graph shows which files directly or indirectly include this file:

Data Structures
struct	BSLP_PolicyPredicate_t
	THE key function that matches a bundle against a rule to provide the output action and specific parameters to use for the security operation. More...

struct	BSLP_PolicyRule_t
	Represents a policy rule. More...

struct	BSLP_PolicyProvider_t
	Concrete definition of a policy provider. More...

Macros
#define	BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN 100
	Maximum string length of a policy rule description; Affects BSLP_PolicyRule_Init `desc` parameter.

#define	BSLP_POLICYPREDICATE_ARRAY_CAPACITY (100)

Functions
void	BSLP_PolicyPredicate_Init (BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEIDPattern_t src_eid_pattern, BSL_HostEIDPattern_t secsrc_eid_pattern, BSL_HostEIDPattern_t dst_eid_pattern)
	Initialize this policy predicate.

void	BSLP_PolicyPredicate_Deinit (BSLP_PolicyPredicate_t *self)

bool	BSLP_PolicyPredicate_IsMatch (const BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEID_t src_eid, BSL_HostEID_t dst_eid)
	Returns true if the given predicate matches the arguments.

int	BSLP_PolicyRule_Init (BSLP_PolicyRule_t self, const char desc, BSLP_PolicyPredicate_t *predicate, int64_t context_id, BSL_SecRole_e role, BSL_SecBlockType_e sec_block_type, BSL_BundleBlockTypeCode_e target_block_type, BSL_PolicyAction_e failure_action_code)
	Initialize this policy rule.

void	BSLP_PolicyRule_Deinit (BSLP_PolicyRule_t *self)
	De-initialize, release any resources, and zero this struct.

void	BSLP_PolicyRule_CopyParam (BSLP_PolicyRule_t self, const BSL_SecParam_t param)
	Include a BPSec parameter to this rule.

void	BSLP_PolicyRule_MoveParam (BSLP_PolicyRule_t self, BSL_SecParam_t param)
	Include a BPSec parameter to this rule.

int	BSLP_PolicyRule_EvaluateAsSecOper (const BSLP_PolicyRule_t self, BSL_SecOper_t sec_oper, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location)
	Critical function creating a security operation from a bundle and location.

void	BSLP_Deinit (void *user_data)

int	BSLP_QueryPolicy (const void user_data, BSL_SecurityActionSet_t output_action_set, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location)
	Note that criticality is HIGH.

int	BSLP_FinalizePolicy (const void user_data, const BSL_SecurityActionSet_t output_action_set, const BSL_BundleRef_t bundle, const BSL_SecurityResponseSet_t response_output)

Detailed Description

Spec of locally-defined data structures.

Macro Definition Documentation

◆ BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN

#define BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN 100

Maximum string length of a policy rule description; Affects BSLP_PolicyRule_Init desc parameter.

◆ BSLP_POLICYPREDICATE_ARRAY_CAPACITY

#define BSLP_POLICYPREDICATE_ARRAY_CAPACITY (100)

Function Documentation

◆ BSLP_Deinit()

void BSLP_Deinit ( void * user_data )

References ASSERT_ARG_EXPR, BSL_free(), BSL_LOG_INFO, BSLP_PolicyPredicate_Deinit(), BSLP_PolicyProvider_IsConsistent(), BSLP_PolicyRule_Deinit(), BSLP_PolicyProvider_t::predicate_count, BSLP_PolicyProvider_t::predicates, BSLP_PolicyProvider_t::rule_count, and BSLP_PolicyProvider_t::rules.

Referenced by _setUp(), MockBPA_Agent_Init(), setUp(), and test_MultiplePolicyProviders().

◆ BSLP_FinalizePolicy()

int BSLP_FinalizePolicy	(	const void *	user_data,
		const BSL_SecurityActionSet_t *	output_action_set,
		const BSL_BundleRef_t *	bundle,
		const BSL_SecurityResponseSet_t *	response_output
	)

◆ BSLP_PolicyPredicate_Deinit()

void BSLP_PolicyPredicate_Deinit ( BSLP_PolicyPredicate_t * self )

References BSL_HostEIDPattern_Deinit(), BSLP_PolicyPredicate_t::dst_eid_pattern, BSLP_PolicyPredicate_t::secsrc_eid_pattern, and BSLP_PolicyPredicate_t::src_eid_pattern.

Referenced by BSLP_Deinit(), TEST_CASE(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().

◆ BSLP_PolicyPredicate_Init()

void BSLP_PolicyPredicate_Init	(	BSLP_PolicyPredicate_t *	self,
		BSL_PolicyLocation_e	location,
		BSL_HostEIDPattern_t	src_eid_pattern,
		BSL_HostEIDPattern_t	secsrc_eid_pattern,
		BSL_HostEIDPattern_t	dst_eid_pattern
	)

Initialize this policy predicate.

A policy predicate represents a way to match whether a rule applies to a bundle.

Parameters

[in]	self	This predicate
[in]	location	The BSL_PolicyLocation_e location in the BPA
[in]	src_eid_pattern	Host-defined EID pattern to match for
[in]	srcsrc_eid_pattern	Host-defined EID pattern for SECURITY SOURCE in security block
[in]	dst_eid_pattern	Host-defined EID pattern for DESTINATION EID

Returns: Nothing

References ASSERT_ARG_NONNULL, ASSERT_POSTCONDITION, BSLP_PolicyPredicate_IsConsistent(), BSLP_PolicyPredicate_t::dst_eid_pattern, BSLP_PolicyPredicate_t::location, BSLP_PolicyPredicate_t::secsrc_eid_pattern, and BSLP_PolicyPredicate_t::src_eid_pattern.

Referenced by _setUp(), mock_bpa_register_policy(), mock_bpa_register_policy_from_json(), setUp(), TEST_CASE(), test_MultiplePolicyProviders(), test_PolicyProvider_Inspect_RFC9173_BIB(), test_PolicyProvider_InspectSingleBIBRuleset(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().

◆ BSLP_PolicyPredicate_IsMatch()

bool BSLP_PolicyPredicate_IsMatch	(	const BSLP_PolicyPredicate_t *	self,
		BSL_PolicyLocation_e	location,
		BSL_HostEID_t	src_eid,
		BSL_HostEID_t	dst_eid
	)

Returns true if the given predicate matches the arguments.

Parameters

[in]	self	This predicate
[in]	location	Location in the BPA
[in]	src_eid	Source EID
[in]	dst_eid	Destination EID

References ASSERT_ARG_EXPR, BSL_HostEIDPattern_IsMatch(), BSL_LOG_DEBUG, BSLP_PolicyPredicate_IsConsistent(), BSLP_PolicyPredicate_t::dst_eid_pattern, BSLP_PolicyPredicate_t::location, and BSLP_PolicyPredicate_t::src_eid_pattern.

Referenced by BSLP_PolicyRule_EvaluateAsSecOper(), and BSLP_QueryPolicy().

◆ BSLP_PolicyRule_CopyParam()

void BSLP_PolicyRule_CopyParam	(	BSLP_PolicyRule_t *	self,
		const BSL_SecParam_t *	param
	)

Include a BPSec parameter to this rule.

Used immediately after Init.

Parameters

[in]	self	This rule
[in,out]	param	Pointer to the Parameter to move from.

References ASSERT_ARG_EXPR, ASSERT_POSTCONDITION, BSL_SecParam_IsConsistent(), BSLP_PolicyRule_IsConsistent(), and BSLP_PolicyRule_t::params.

Referenced by _setUp(), mock_bpa_register_policy(), mock_bpa_register_policy_from_json(), and setUp().

◆ BSLP_PolicyRule_Deinit()

void BSLP_PolicyRule_Deinit ( BSLP_PolicyRule_t * self )

De-initialize, release any resources, and zero this struct.

Parameters

[in] self This rule

References ASSERT_ARG_EXPR, BSL_free(), BSL_LOG_INFO, BSLP_PolicyRule_IsConsistent(), BSLP_PolicyRule_t::description, and BSLP_PolicyRule_t::params.

Referenced by BSLP_Deinit(), TEST_CASE(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().

◆ BSLP_PolicyRule_EvaluateAsSecOper()

int BSLP_PolicyRule_EvaluateAsSecOper	(	const BSLP_PolicyRule_t *	self,
		BSL_SecOper_t *	sec_oper,
		const BSL_BundleRef_t *	bundle,
		BSL_PolicyLocation_e	location
	)

Critical function creating a security operation from a bundle and location.

Parameters

[in]	self	This policy rule
[in]	sec_oper	[Zeroed, pre-allocated and memory owned by caller] Caller-allocated space for the output security action.
[in]	bundle	Bundle to test match against
[in]	location	Location in the BPA

Returns: Zero on success, negative on failure.

References BSL_BLOCK_TYPE_PRIMARY, BSL_BundleCtx_GetBundleMetadata(), BSL_ERR_SECURITY_CONTEXT_FAILED, BSL_LOG_INFO, BSL_LOG_WARNING, BSL_PrimaryBlock_deinit(), BSL_SecOper_AppendParam(), BSL_SecOper_Populate(), BSL_SUCCESS, BSLP_PolicyPredicate_IsMatch(), BSLP_PolicyRule_IsConsistent(), CHK_ARG_NONNULL, CHK_PRECONDITION, BSLP_PolicyRule_t::context_id, BSLP_PolicyRule_t::description, BSLP_PolicyRule_t::failure_action_code, BSL_PrimaryBlock_t::field_dest_eid, BSL_PrimaryBlock_t::field_src_node_id, get_target_block_id(), BSLP_PolicyRule_t::params, BSLP_PolicyRule_t::predicate, BSLP_PolicyRule_t::role, BSLP_PolicyRule_t::sec_block_type, and BSLP_PolicyRule_t::target_block_type.

Referenced by BSLP_QueryPolicy(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().

◆ BSLP_PolicyRule_Init()

int BSLP_PolicyRule_Init	(	BSLP_PolicyRule_t *	self,
		const char *	desc,
		BSLP_PolicyPredicate_t *	predicate,
		int64_t	context_id,
		BSL_SecRole_e	role,
		BSL_SecBlockType_e	sec_block_type,
		BSL_BundleBlockTypeCode_e	target_block_type,
		BSL_PolicyAction_e	failure_action_code
	)

Initialize this policy rule.

Parameters

[in]	self	This policy rule
[in]	dest	Description of this rule (C-string). Will copy characters of parameter from index 0 to BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN - 1.
[in]	predicate	Predicate used to identify which bundles apply
[in]	context_id	Security context ID
[in]	role	Such as source, acceptor, etc
[in]	sec_block_type	Block type (BIB or BCB)
[in]	target_block_type	Target block type (anything, such as primary or payload)
[in]	failure_action_code	Code to indicate fate of security block/bundle if error occurs

Returns: Zero on success

References ASSERT_ARG_NONNULL, ASSERT_POSTCONDITION, BSL_malloc(), BSL_SUCCESS, BSLP_POLICYPREDICATE_ARRAY_CAPACITY, BSLP_PolicyRule_IsConsistent(), BSLP_PolicyRule_t::context_id, BSLP_PolicyRule_t::description, BSLP_PolicyRule_t::failure_action_code, BSLP_PolicyRule_t::params, BSLP_PolicyRule_t::predicate, BSLP_PolicyRule_t::role, BSLP_PolicyRule_t::sec_block_type, and BSLP_PolicyRule_t::target_block_type.

Referenced by _setUp(), mock_bpa_register_policy(), mock_bpa_register_policy_from_json(), setUp(), TEST_CASE(), test_MultiplePolicyProviders(), test_PolicyProvider_Inspect_RFC9173_BIB(), test_PolicyProvider_InspectSingleBIBRuleset(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().

◆ BSLP_PolicyRule_MoveParam()

void BSLP_PolicyRule_MoveParam	(	BSLP_PolicyRule_t *	self,
		BSL_SecParam_t *	param
	)

Include a BPSec parameter to this rule.

Used immediately after Init.

Parameters

[in]	self	This rule
[in,out]	param	Pointer to the Parameter to move from.

References ASSERT_ARG_EXPR, ASSERT_POSTCONDITION, BSL_SecParam_IsConsistent(), BSLP_PolicyRule_IsConsistent(), and BSLP_PolicyRule_t::params.

Referenced by test_MultiplePolicyProviders(), and test_PolicyProvider_Inspect_RFC9173_BIB().

◆ BSLP_QueryPolicy()

int BSLP_QueryPolicy	(	const void *	user_data,
		BSL_SecurityActionSet_t *	output_action_set,
		const BSL_BundleRef_t *	bundle,
		BSL_PolicyLocation_e	location
	)

Note that criticality is HIGH.

Referenced by _setUp(), MockBPA_Agent_Init(), setUp(), and test_MultiplePolicyProviders().

Data Structures

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN

◆ BSLP_POLICYPREDICATE_ARRAY_CAPACITY

Function Documentation

◆ BSLP_Deinit()

◆ BSLP_FinalizePolicy()

◆ BSLP_PolicyPredicate_Deinit()

◆ BSLP_PolicyPredicate_Init()

◆ BSLP_PolicyPredicate_IsMatch()

◆ BSLP_PolicyRule_CopyParam()

◆ BSLP_PolicyRule_Deinit()

◆ BSLP_PolicyRule_EvaluateAsSecOper()

◆ BSLP_PolicyRule_Init()

◆ BSLP_PolicyRule_MoveParam()

◆ BSLP_QueryPolicy()