Spec of locally-defined data structures. More...

#include <stdint.h>
#include <BPSecLib_Private.h>

Include dependency graph for SamplePolicyProvider.h:

This graph shows which files directly or indirectly include this file:

Data Structures
struct	BSLP_PolicyPredicate_t
	THE key function that matches a bundle against a rule to provide the output action and specific parameters to use for the security operation. More...

struct	BSLP_PolicyRule_s
	Represents a policy rule. More...

struct	BSLP_PolicyProvider_s
	Concrete definition of the BSL_PolicyProvider_t. More...

Macros
#define	BSLP_POLICYPREDICATE_ARRAY_CAPACITY (100)

Typedefs
typedef struct BSLP_PolicyRule_s	BSLP_PolicyRule_t
	Represents a policy rule.

typedef struct BSLP_PolicyProvider_s	BSLP_PolicyProvider_t
	Concrete definition of the BSL_PolicyProvider_t.

Functions
void	BSLP_PolicyPredicate_Init (BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEIDPattern_t src_eid_pattern, BSL_HostEIDPattern_t secsrc_eid_pattern, BSL_HostEIDPattern_t dst_eid_pattern)
	Initialize this policy predicate.

void	BSLP_PolicyPredicate_Deinit (BSLP_PolicyPredicate_t *self)

bool	BSLP_PolicyPredicate_IsMatch (const BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEID_t src_eid, BSL_HostEID_t dst_eid)
	Returns true if the given predicate matches the arguments.

int	BSLP_PolicyRule_Init (BSLP_PolicyRule_t self, const char desc, BSLP_PolicyPredicate_t *predicate, uint64_t context_id, BSL_SecRole_e role, BSL_SecBlockType_e sec_block_type, BSL_BundleBlockTypeCode_e target_block_type, BSL_PolicyAction_e failure_action_code)
	Initialize this policy rule.

void	BSLP_PolicyRule_Deinit (BSLP_PolicyRule_t *self)
	De-initialize, release any resources, and zero this struct.

void	BSLP_PolicyRule_AddParam (BSLP_PolicyRule_t self, const BSL_SecParam_t param)
	Include a BPSec parameter to this rule.

int	BSLP_PolicyRule_EvaluateAsSecOper (const BSLP_PolicyRule_t self, BSL_SecOper_t sec_oper, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location)
	Critical function creating a security operation from a bundle and location.

void	BSLP_Deinit (void *user_data)

int	BSLP_QueryPolicy (const void user_data, BSL_SecurityActionSet_t output_action_set, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location)
	Note that criticality is HIGH.

Detailed Description

Spec of locally-defined data structures.

Definition in file SamplePolicyProvider.h.

Macro Definition Documentation

◆ BSLP_POLICYPREDICATE_ARRAY_CAPACITY

#define BSLP_POLICYPREDICATE_ARRAY_CAPACITY (100)

Definition at line 151 of file SamplePolicyProvider.h.

Typedef Documentation

◆ BSLP_PolicyRule_t

typedef struct BSLP_PolicyRule_s BSLP_PolicyRule_t

Represents a policy rule.

A policy rule contains parameters and other metadata necessary to create populated Security Operations for a given bundle.

It first contains a predicate, which is used to identify whether this rule applies to a given bundle.

It then uses the other fields to create and populate security operations with details (type, role, parameter values, etc.)

Function Documentation

◆ BSLP_Deinit()

void BSLP_Deinit ( void * user_data )

Definition at line 153 of file SamplePolicyProvider.c.

◆ BSLP_PolicyPredicate_Deinit()

void BSLP_PolicyPredicate_Deinit ( BSLP_PolicyPredicate_t * self )

Definition at line 145 of file SamplePolicyProvider.c.

◆ BSLP_PolicyPredicate_Init()

void BSLP_PolicyPredicate_Init	(	BSLP_PolicyPredicate_t *	self,
		BSL_PolicyLocation_e	location,
		BSL_HostEIDPattern_t	src_eid_pattern,
		BSL_HostEIDPattern_t	secsrc_eid_pattern,
		BSL_HostEIDPattern_t	dst_eid_pattern
	)

Initialize this policy predicate.

A policy predicate represents a way to match whether a rule applies to a bundle.

Parameters

[in]	self	This predicate
[in]	location	BSL_PolicyLocation_e location in the BPA
[in]	src_eid_pattern	Host-defined EID pattern to match for
[in]	srcsrc_eid_pattern	Host-defined EID pattern for SECURITY SOURCE in security block
[in]	dst_eid_pattern	Host-defined EID pattern for DESTINATION EID

Returns: Nothing

Definition at line 170 of file SamplePolicyProvider.c.

◆ BSLP_PolicyPredicate_IsMatch()

bool BSLP_PolicyPredicate_IsMatch	(	const BSLP_PolicyPredicate_t *	self,
		BSL_PolicyLocation_e	location,
		BSL_HostEID_t	src_eid,
		BSL_HostEID_t	dst_eid
	)

Returns true if the given predicate matches the arguments.

Parameters

[in]	self	This predicate
[in]	location	Location in the BPA
[in]	src_eid	Source EID
[in]	dst_eid	Destination EID

Definition at line 186 of file SamplePolicyProvider.c.

References BSL_HostEIDPattern_IsMatch(), and BSL_LOG_DEBUG.

Referenced by BSLP_PolicyRule_EvaluateAsSecOper(), and BSLP_QueryPolicy().

◆ BSLP_PolicyRule_AddParam()

void BSLP_PolicyRule_AddParam	(	BSLP_PolicyRule_t *	self,
		const BSL_SecParam_t *	param
	)

Include a BPSec parameter to this rule.

Used immediately after Init.

Parameters

[in]	self	This rule
[in]	param	Pointer to the Parameter.

Definition at line 239 of file SamplePolicyProvider.c.

References BSL_SecParam_IsConsistent(), and BSL_SecParam_Sizeof().

◆ BSLP_PolicyRule_Deinit()

void BSLP_PolicyRule_Deinit ( BSLP_PolicyRule_t * self )

De-initialize, release any resources, and zero this struct.

Parameters

[in] self This rule

Definition at line 231 of file SamplePolicyProvider.c.

References BSL_LOG_INFO.

◆ BSLP_PolicyRule_EvaluateAsSecOper()

int BSLP_PolicyRule_EvaluateAsSecOper	(	const BSLP_PolicyRule_t *	self,
		BSL_SecOper_t *	sec_oper,
		const BSL_BundleRef_t *	bundle,
		BSL_PolicyLocation_e	location
	)

Critical function creating a security operation from a bundle and location.

Parameters

[in]	self	This policy rule
[in]	sec_oper	[Zeroed, pre-allocated and memory owned by caller] Caller-allocated space for the output security action.
[in]	bundle	Bundle to test match against
[in]	location	Location in the BPA

Returns: Zero on success, negative on failure.

Definition at line 254 of file SamplePolicyProvider.c.

References BSL_BLOCK_TYPE_PRIMARY, BSL_BundleCtx_GetBundleMetadata(), BSL_ERR_SECURITY_CONTEXT_FAILED, BSL_LOG_INFO, BSL_LOG_WARNING, BSL_SecOper_AppendParam(), BSL_SecOper_Init(), BSL_SecParam_Sizeof(), BSL_SUCCESS, BSLP_PolicyPredicate_IsMatch(), BSL_PrimaryBlock_s::field_dest_eid, and BSL_PrimaryBlock_s::field_src_node_id.

Referenced by BSLP_QueryPolicy().

◆ BSLP_PolicyRule_Init()

int BSLP_PolicyRule_Init	(	BSLP_PolicyRule_t *	self,
		const char *	desc,
		BSLP_PolicyPredicate_t *	predicate,
		uint64_t	context_id,
		BSL_SecRole_e	role,
		BSL_SecBlockType_e	sec_block_type,
		BSL_BundleBlockTypeCode_e	target_block_type,
		BSL_PolicyAction_e	failure_action_code
	)

Initialize this policy rule.

Parameters

[in]	self	This policy rule
[in]	dest	Description of this rule (C-string)
[in]	predicate	Predicate used to identify which bundles apply
[in]	context_id	Security context ID
[in]	role	Such as source, acceptor, etc
[in]	sec_block_type	Block type (BIB or BCB)
[in]	target_block_type	Target block type (anything, such as primary or payload)

Returns: Zero on success

Definition at line 211 of file SamplePolicyProvider.c.

References BSL_SecParam_Sizeof(), and BSL_SUCCESS.

◆ BSLP_QueryPolicy()

int BSLP_QueryPolicy	(	const void *	user_data,
		BSL_SecurityActionSet_t *	output_action_set,
		const BSL_BundleRef_t *	bundle,
		BSL_PolicyLocation_e	location
	)

Data Structures

Macros

Typedefs

Functions

Detailed Description

Macro Definition Documentation

◆ BSLP_POLICYPREDICATE_ARRAY_CAPACITY

Typedef Documentation

◆ BSLP_PolicyRule_t

Function Documentation

◆ BSLP_Deinit()

◆ BSLP_PolicyPredicate_Deinit()

◆ BSLP_PolicyPredicate_Init()

◆ BSLP_PolicyPredicate_IsMatch()

◆ BSLP_PolicyRule_AddParam()

◆ BSLP_PolicyRule_Deinit()

◆ BSLP_PolicyRule_EvaluateAsSecOper()

◆ BSLP_PolicyRule_Init()

◆ BSLP_QueryPolicy()