Spec of locally-defined data structures. More...
#include <stdint.h>#include <pthread.h>#include <m-array.h>#include <m-string.h>#include <BPSecLib_Private.h>#include <backend/SecParam.h>
Include dependency graph for SamplePolicyProvider.h: This graph shows which files directly or indirectly include this file:Data Structures | |
| struct | BSLP_PolicyPredicate_t |
| THE key function that matches a bundle against a rule to provide the output action and specific parameters to use for the security operation. More... | |
| struct | BSLP_PolicyRule_t |
| Represents a policy rule. More... | |
| struct | BSLP_PolicyProvider_t |
| Policy provider data. References shared among individual providers in BSL context. More... | |
Macros | |
| #define | M_OPL_BSLP_PolicyPredicate_t() |
| OPLIST for BSLP_PolicyPredicate_t. | |
| #define | BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN 100 |
Maximum string length of a policy rule description; Affects BSLP_PolicyRule_Init desc parameter. | |
| #define | M_OPL_BSLP_PolicyRule_t() |
| OPLIST for BSLP_PolicyRule_t. | |
| #define | BSLP_POLICYPREDICATE_ARRAY_CAPACITY (100) |
Functions | |
| void | BSLP_Deinit (void *user_data) |
| De-initialize policy provider user_data. | |
| int | BSLP_PolicyPredicate_InitFrom (BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, const char *src_eid_pattern, const char *secsrc_eid_pattern, const char *dst_eid_pattern) |
| Initialize policy predicate from c string patterns. | |
| void | BSLP_PolicyPredicate_Init (BSLP_PolicyPredicate_t *self) |
| Initialize policy predicate and associated host eid pattern structures. | |
| void | BSLP_PolicyPredicate_ShallowCopy (BSLP_PolicyPredicate_t *self, const BSLP_PolicyPredicate_t *src) |
| Shallow copy of policy predicate. | |
| void | BSLP_PolicyPredicate_Deinit (BSLP_PolicyPredicate_t *self) |
| Deinitialize policy predicate and associated host eid pattern structures. | |
| bool | BSLP_PolicyPredicate_IsMatch (const BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEID_t src_eid, BSL_HostEID_t dst_eid) |
| Returns true if the given predicate matches the arguments. | |
| int | BSLP_PolicyRule_InitFrom (BSLP_PolicyRule_t *self, const char *desc, int64_t context_id, BSL_SecRole_e role, BSL_SecBlockType_e sec_block_type, uint64_t target_block_type, BSL_PolicyAction_e failure_action_code) |
| Initialize this policy rule from parameters. | |
| void | BSLP_PolicyRule_Init (BSLP_PolicyRule_t *self) |
| Initialize policy rule. | |
| void | BSLP_PolicyRule_InitSet (BSLP_PolicyRule_t *self, const BSLP_PolicyRule_t *src) |
| Deinitialize policy rule. | |
| void | BSLP_PolicyRule_Deinit (BSLP_PolicyRule_t *self) |
| De-initialize, release any resources, and zero this struct. | |
| void | BSLP_PolicyRule_CopyParam (BSLP_PolicyRule_t *self, const BSL_SecParam_t *param) |
| Include a BPSec parameter to this rule. | |
| void | BSLP_PolicyRule_MoveParam (BSLP_PolicyRule_t *self, BSL_SecParam_t *param) |
| Include a BPSec parameter to this rule. | |
| BSLP_PolicyProvider_t * | BSLP_PolicyProvider_Init (uint64_t pp_id) |
| Initialize policy provider data Data owned by BPA, reference should be provided to BSL library context(s) | |
| int | BSLP_PolicyProvider_AddRule (BSLP_PolicyProvider_t *self, BSLP_PolicyRule_t *rule, const BSLP_PolicyPredicate_t *predicate) |
| Add rule and corresponding predicate to policy provider. | |
| void | BSLP_PolicyProvider_Deinit (BSLP_PolicyProvider_t *self) |
| Deinitialize policy provider data References to this data will become invalid. | |
| int | BSLP_PolicyRule_EvaluateAsSecOper (const BSLP_PolicyRule_t *self, const BSLP_PolicyPredicate_t *predicate, BSL_SecOper_t *sec_oper, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location) |
| Evaluate policy rule as security operation. | |
| int | BSLP_QueryPolicy (void *user_data, BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location) |
| Note that criticality is HIGH. | |
| int | BSLP_FinalizePolicy (void *user_data, const BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output) |
Detailed Description
Spec of locally-defined data structures.
Macro Definition Documentation
◆ BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN
| #define BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN 100 |
Maximum string length of a policy rule description; Affects BSLP_PolicyRule_Init desc parameter.
◆ BSLP_POLICYPREDICATE_ARRAY_CAPACITY
| #define BSLP_POLICYPREDICATE_ARRAY_CAPACITY (100) |
◆ M_OPL_BSLP_PolicyPredicate_t
| #define M_OPL_BSLP_PolicyPredicate_t | ( | ) |
OPLIST for BSLP_PolicyPredicate_t.
◆ M_OPL_BSLP_PolicyRule_t
| #define M_OPL_BSLP_PolicyRule_t | ( | ) |
OPLIST for BSLP_PolicyRule_t.
Function Documentation
◆ BSLP_Deinit()
| void BSLP_Deinit | ( | void * | user_data | ) |
De-initialize policy provider user_data.
Called during de-initialization of each library instance.
- Parameters
-
user_data reference to shared data. Not owned by library context's policy provider
Referenced by _setUp(), MockBPA_Agent_Init(), setUp(), and test_MultiplePolicyProviders().
◆ BSLP_FinalizePolicy()
| int BSLP_FinalizePolicy | ( | void * | user_data, |
| const BSL_SecurityActionSet_t * | output_action_set, | ||
| const BSL_BundleRef_t * | bundle, | ||
| const BSL_SecurityResponseSet_t * | response_output | ||
| ) |
References BSL_LOG_INFO, BSL_SECOP_CONCLUSION_FAILURE, BSL_SECOP_CONCLUSION_INVALID, BSL_SECOP_CONCLUSION_PENDING, BSL_SECOP_CONCLUSION_SUCCESS, BSL_SecOper_GetConclusion(), BSL_SecurityAction_CountSecOpers(), BSL_SecurityAction_GetPPID(), BSL_SecurityAction_GetSecOperAtIndex(), BSL_SecurityActionSet_CountActions(), BSL_SecurityActionSet_GetActionAtIndex(), BSL_SUCCESS, BSLP_PolicyProvider_HandleFailures(), BSLP_PolicyProvider_t::mutex, and BSLP_PolicyProvider_t::pp_id.
Referenced by _setUp(), MockBPA_Agent_Init(), setUp(), and test_MultiplePolicyProviders().
◆ BSLP_PolicyPredicate_Deinit()
| void BSLP_PolicyPredicate_Deinit | ( | BSLP_PolicyPredicate_t * | self | ) |
Deinitialize policy predicate and associated host eid pattern structures.
- Parameters
-
self policy predicate
References BSL_HostEIDPattern_Deinit(), BSLP_PolicyPredicate_t::dst_eid_pattern, BSLP_PolicyPredicate_t::secsrc_eid_pattern, and BSLP_PolicyPredicate_t::src_eid_pattern.
Referenced by test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().
◆ BSLP_PolicyPredicate_Init()
| void BSLP_PolicyPredicate_Init | ( | BSLP_PolicyPredicate_t * | self | ) |
Initialize policy predicate and associated host eid pattern structures.
- Parameters
-
self policy predicate
References BSL_HostEIDPattern_Init(), BSLP_PolicyPredicate_t::dst_eid_pattern, BSLP_PolicyPredicate_t::location, BSLP_PolicyPredicate_t::secsrc_eid_pattern, and BSLP_PolicyPredicate_t::src_eid_pattern.
Referenced by BSLP_PolicyPredicate_InitFrom().
◆ BSLP_PolicyPredicate_InitFrom()
| int BSLP_PolicyPredicate_InitFrom | ( | BSLP_PolicyPredicate_t * | self, |
| BSL_PolicyLocation_e | location, | ||
| const char * | src_eid_pattern, | ||
| const char * | secsrc_eid_pattern, | ||
| const char * | dst_eid_pattern | ||
| ) |
Initialize policy predicate from c string patterns.
A policy predicate represents a way to match whether a rule applies to a bundle.
- Parameters
-
[in] self This predicate [in] location The BSL_PolicyLocation_e location in the BPA [in] src_eid_pattern c string pattern for SOURCE matching [in] srcsrc_eid_pattern c string pattern for SECURITY SOURCE matching [in] dst_eid_pattern c string pattern for DESTINATION matching
- Returns
- 0 on success
References BSL_ERR_HOST_CALLBACK_FAILED, BSL_ERR_PROPERTY_CHECK_FAILED, BSL_HostEIDPattern_DecodeFromText(), BSL_SUCCESS, BSLP_PolicyPredicate_Init(), BSLP_PolicyPredicate_IsConsistent(), BSLP_PolicyPredicate_t::dst_eid_pattern, BSLP_PolicyPredicate_t::location, BSLP_PolicyPredicate_t::secsrc_eid_pattern, and BSLP_PolicyPredicate_t::src_eid_pattern.
Referenced by _setUp(), BSLP_RegisterPolicyFromBitstring(), BSLP_RegisterPolicyFromJSON(), setUp(), test_MultiplePolicyProviders(), test_PolicyProvider_Inspect_RFC9173_BIB(), test_PolicyProvider_InspectSingleBIBRuleset(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().
◆ BSLP_PolicyPredicate_IsMatch()
| bool BSLP_PolicyPredicate_IsMatch | ( | const BSLP_PolicyPredicate_t * | self, |
| BSL_PolicyLocation_e | location, | ||
| BSL_HostEID_t | src_eid, | ||
| BSL_HostEID_t | dst_eid | ||
| ) |
Returns true if the given predicate matches the arguments.
- Parameters
-
[in] self This predicate [in] location Location in the BPA [in] src_eid Source EID [in] dst_eid Destination EID
References ASSERT_ARG_EXPR, BSL_HostEIDPattern_IsMatch(), BSL_LOG_DEBUG, BSLP_PolicyPredicate_IsConsistent(), BSLP_PolicyPredicate_t::dst_eid_pattern, BSLP_PolicyPredicate_t::location, and BSLP_PolicyPredicate_t::src_eid_pattern.
Referenced by BSLP_PolicyRule_EvaluateAsSecOper(), and BSLP_QueryPolicy().
◆ BSLP_PolicyPredicate_ShallowCopy()
| void BSLP_PolicyPredicate_ShallowCopy | ( | BSLP_PolicyPredicate_t * | self, |
| const BSLP_PolicyPredicate_t * | src | ||
| ) |
Shallow copy of policy predicate.
- Parameters
-
self destination policy predicate src source policy predicate
References BSLP_PolicyPredicate_t::dst_eid_pattern, BSL_HostEIDPattern_t::handle, BSLP_PolicyPredicate_t::location, BSLP_PolicyPredicate_t::secsrc_eid_pattern, and BSLP_PolicyPredicate_t::src_eid_pattern.
◆ BSLP_PolicyProvider_AddRule()
| int BSLP_PolicyProvider_AddRule | ( | BSLP_PolicyProvider_t * | self, |
| BSLP_PolicyRule_t * | rule, | ||
| const BSLP_PolicyPredicate_t * | predicate | ||
| ) |
Add rule and corresponding predicate to policy provider.
- Parameters
-
self policy provider rule policy rule to add predicate predicate to be associated with policy rule
References BSL_ERR_ARG_INVALID, BSL_SUCCESS, BSLP_PolicyPredicate_IsConsistent(), BSLP_PolicyRule_IsConsistent(), BSLP_PolicyProvider_t::mutex, BSLP_PolicyProvider_t::predicates, and BSLP_PolicyProvider_t::rules.
Referenced by _setUp(), BSLP_RegisterPolicyFromBitstring(), BSLP_RegisterPolicyFromJSON(), setUp(), test_MultiplePolicyProviders(), test_PolicyProvider_Inspect_RFC9173_BIB(), and test_PolicyProvider_InspectSingleBIBRuleset().
◆ BSLP_PolicyProvider_Deinit()
| void BSLP_PolicyProvider_Deinit | ( | BSLP_PolicyProvider_t * | self | ) |
Deinitialize policy provider data References to this data will become invalid.
- Parameters
-
self policy provider data to de-initialize
References BSL_free(), BSLP_PolicyProvider_t::mutex, BSLP_PolicyProvider_t::predicates, and BSLP_PolicyProvider_t::rules.
Referenced by _tearDown(), main(), tearDown(), and test_MultiplePolicyProviders().
◆ BSLP_PolicyProvider_Init()
| BSLP_PolicyProvider_t * BSLP_PolicyProvider_Init | ( | uint64_t | pp_id | ) |
Initialize policy provider data Data owned by BPA, reference should be provided to BSL library context(s)
- Parameters
-
pp_id policy provider id (must be > 0)
- Returns
- valid pointer to dynamically allocated policy provider
References ASSERT_ARG_EXPR, ASSERT_ARG_NONNULL, BSL_malloc(), BSLP_PolicyProvider_t::mutex, BSLP_PolicyProvider_t::pp_id, BSLP_PolicyProvider_t::predicates, and BSLP_PolicyProvider_t::rules.
Referenced by _setUp(), MockBPA_Agent_Init(), setUp(), and test_MultiplePolicyProviders().
◆ BSLP_PolicyRule_CopyParam()
| void BSLP_PolicyRule_CopyParam | ( | BSLP_PolicyRule_t * | self, |
| const BSL_SecParam_t * | param | ||
| ) |
Include a BPSec parameter to this rule.
Used immediately after Init.
- Parameters
-
[in] self This rule [in,out] param Pointer to the Parameter to move from.
References ASSERT_ARG_EXPR, ASSERT_POSTCONDITION, BSL_SecParam_IsConsistent(), BSLP_PolicyRule_IsConsistent(), and BSLP_PolicyRule_t::params.
Referenced by _setUp(), BSLP_RegisterPolicyFromBitstring(), BSLP_RegisterPolicyFromJSON(), and setUp().
◆ BSLP_PolicyRule_Deinit()
| void BSLP_PolicyRule_Deinit | ( | BSLP_PolicyRule_t * | self | ) |
De-initialize, release any resources, and zero this struct.
- Parameters
-
[in] self This rule
References BSL_LOG_INFO, BSLP_PolicyRule_t::description, BSLP_PolicyRule_t::params, and string_clear().
Referenced by test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().
◆ BSLP_PolicyRule_EvaluateAsSecOper()
| int BSLP_PolicyRule_EvaluateAsSecOper | ( | const BSLP_PolicyRule_t * | self, |
| const BSLP_PolicyPredicate_t * | predicate, | ||
| BSL_SecOper_t * | sec_oper, | ||
| const BSL_BundleRef_t * | bundle, | ||
| BSL_PolicyLocation_e | location | ||
| ) |
Evaluate policy rule as security operation.
- Parameters
-
self policy rule predicate associated predicate sec_oper security operation bundle bundle reference location policy location
- Returns
- 0 on success
References BSL_BLOCK_TYPE_PRIMARY, BSL_BundleCtx_GetBundleMetadata(), BSL_ERR_SECURITY_CONTEXT_FAILED, BSL_LOG_INFO, BSL_LOG_WARNING, BSL_PrimaryBlock_deinit(), BSL_SecOper_AppendParam(), BSL_SecOper_Populate(), BSL_SUCCESS, BSLP_PolicyPredicate_IsMatch(), BSLP_PolicyRule_IsConsistent(), CHK_ARG_NONNULL, CHK_PRECONDITION, BSLP_PolicyRule_t::context_id, BSLP_PolicyRule_t::description, BSLP_PolicyRule_t::failure_action_code, BSL_PrimaryBlock_t::field_dest_eid, BSL_PrimaryBlock_t::field_src_node_id, get_target_block_id(), BSLP_PolicyRule_t::params, BSLP_PolicyRule_t::role, BSLP_PolicyRule_t::sec_block_type, and BSLP_PolicyRule_t::target_block_type.
Referenced by BSLP_QueryPolicy(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().
◆ BSLP_PolicyRule_Init()
| void BSLP_PolicyRule_Init | ( | BSLP_PolicyRule_t * | self | ) |
Initialize policy rule.
- Parameters
-
self policy rule
References BSLP_PolicyRule_t::description, and BSLP_PolicyRule_t::params.
Referenced by BSLP_PolicyRule_InitFrom().
◆ BSLP_PolicyRule_InitFrom()
| int BSLP_PolicyRule_InitFrom | ( | BSLP_PolicyRule_t * | self, |
| const char * | desc, | ||
| int64_t | context_id, | ||
| BSL_SecRole_e | role, | ||
| BSL_SecBlockType_e | sec_block_type, | ||
| uint64_t | target_block_type, | ||
| BSL_PolicyAction_e | failure_action_code | ||
| ) |
Initialize this policy rule from parameters.
- Parameters
-
[in] self This policy rule [in] dest Description of this rule (C-string). Will copy characters of parameter from index 0 to BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN - 1. [in] context_id Security context ID [in] role Such as source, acceptor, etc [in] sec_block_type Block type (BIB or BCB) [in] target_block_type Target block type (anything, such as primary or payload) [in] failure_action_code Code to indicate fate of security block/bundle if error occurs
- Returns
- Zero on success
References BSL_ERR_PROPERTY_CHECK_FAILED, BSL_SUCCESS, BSLP_PolicyRule_Init(), BSLP_PolicyRule_IsConsistent(), BSLP_PolicyRule_t::context_id, BSLP_PolicyRule_t::description, BSLP_PolicyRule_t::failure_action_code, BSLP_PolicyRule_t::role, BSLP_PolicyRule_t::sec_block_type, and BSLP_PolicyRule_t::target_block_type.
Referenced by _setUp(), BSLP_RegisterPolicyFromBitstring(), BSLP_RegisterPolicyFromJSON(), setUp(), test_MultiplePolicyProviders(), test_PolicyProvider_Inspect_RFC9173_BIB(), test_PolicyProvider_InspectSingleBIBRuleset(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().
◆ BSLP_PolicyRule_InitSet()
| void BSLP_PolicyRule_InitSet | ( | BSLP_PolicyRule_t * | self, |
| const BSLP_PolicyRule_t * | src | ||
| ) |
Deinitialize policy rule.
- Parameters
-
self policy rule
References BSLP_PolicyRule_t::context_id, BSLP_PolicyRule_t::description, BSLP_PolicyRule_t::failure_action_code, BSLP_PolicyRule_t::params, BSLP_PolicyRule_t::role, BSLP_PolicyRule_t::sec_block_type, and BSLP_PolicyRule_t::target_block_type.
◆ BSLP_PolicyRule_MoveParam()
| void BSLP_PolicyRule_MoveParam | ( | BSLP_PolicyRule_t * | self, |
| BSL_SecParam_t * | param | ||
| ) |
Include a BPSec parameter to this rule.
Used immediately after Init.
- Parameters
-
[in] self This rule [in,out] param Pointer to the Parameter to move from.
References ASSERT_ARG_EXPR, ASSERT_POSTCONDITION, BSL_SecParam_IsConsistent(), BSLP_PolicyRule_IsConsistent(), and BSLP_PolicyRule_t::params.
Referenced by test_MultiplePolicyProviders(), and test_PolicyProvider_Inspect_RFC9173_BIB().
◆ BSLP_QueryPolicy()
| int BSLP_QueryPolicy | ( | void * | user_data, |
| BSL_SecurityActionSet_t * | output_action_set, | ||
| const BSL_BundleRef_t * | bundle, | ||
| BSL_PolicyLocation_e | location | ||
| ) |
Note that criticality is HIGH.
References BSL_BLOCK_TYPE_PRIMARY, BSL_BundleCtx_GetBundleMetadata(), BSL_calloc(), BSL_ERR_HOST_CALLBACK_FAILED, BSL_free(), BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_INFO, BSL_LOG_WARNING, BSL_PrimaryBlock_deinit(), BSL_SECOP_CONCLUSION_INVALID, BSL_SecOper_Deinit(), BSL_SecOper_GetSecurityBlockNum(), BSL_SecOper_GetTargetBlockNum(), BSL_SecOper_Init(), BSL_SecOper_IsBIB(), BSL_SecOper_IsRoleSource(), BSL_SecOper_SetConclusion(), BSL_SecOper_Sizeof(), BSL_SecurityAction_AppendSecOper(), BSL_SecurityAction_Deinit(), BSL_SecurityAction_IncrError(), BSL_SecurityAction_Init(), BSL_SecurityAction_Sizeof(), BSL_SecurityActionSet_AppendAction(), BSL_SecurityActionSet_CountErrors(), BSL_SecurityActionSet_IsConsistent(), BSL_SUCCESS, BSLP_PolicyPredicate_IsMatch(), BSLP_PolicyRule_EvaluateAsSecOper(), BSLP_PolicyRule_IsConsistent(), CHK_POSTCONDITION, BSLP_PolicyRule_t::description, BSL_PrimaryBlock_t::field_dest_eid, BSL_PrimaryBlock_t::field_src_node_id, get_target_block_id(), BSLP_PolicyProvider_t::mutex, BSLP_PolicyProvider_t::predicates, BSLP_PolicyProvider_t::rules, and BSLP_PolicyRule_t::target_block_type.
Referenced by _setUp(), MockBPA_Agent_Init(), setUp(), and test_MultiplePolicyProviders().
