|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] flask: add flask-{get, set}-bool tools
# HG changeset patch
# User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
# Date 1328196293 0
# Node ID 2d956b5baeb00b1cd560805896a427d19dd97887
# Parent 300bfdf167fa5c0bcd129914c1bd890b431fdb9e
flask: add flask-{get,set}-bool tools
These utilities can be used to modify policy booleans, which allow
minor policy changes without reloading the security policy. This can
be used to make security policy change based on external information
such as time of day, user physical presence, completion of system
boot, or other relevant variables.
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Committed-by: Keir Fraser <keir@xxxxxxx>
---
diff -r 300bfdf167fa -r 2d956b5baeb0 tools/flask/utils/Makefile
--- a/tools/flask/utils/Makefile Thu Feb 02 15:24:13 2012 +0000
+++ b/tools/flask/utils/Makefile Thu Feb 02 15:24:53 2012 +0000
@@ -11,7 +11,7 @@
TESTFLAGS= -DTESTING
TESTENV = XENSTORED_ROOTDIR=$(TESTDIR) XENSTORED_RUNDIR=$(TESTDIR)
-CLIENTS := flask-loadpolicy flask-setenforce flask-getenforce flask-label-pci
+CLIENTS := flask-loadpolicy flask-setenforce flask-getenforce flask-label-pci
flask-get-bool flask-set-bool
CLIENTS_SRCS := $(patsubst flask-%,%.c,$(CLIENTS))
CLIENTS_OBJS := $(patsubst flask-%,%.o,$(CLIENTS))
@@ -30,6 +30,12 @@
flask-label-pci: label-pci.o
$(CC) $(LDFLAGS) $< $(LDLIBS) -L$(LIBFLASK_ROOT) -lflask
$(LDLIBS_libxenctrl) -o $@
+flask-get-bool: get-bool.o
+ $(CC) $(LDFLAGS) $< $(LDLIBS) -L$(LIBFLASK_ROOT) -lflask
$(LDLIBS_libxenctrl) -o $@
+
+flask-set-bool: set-bool.o
+ $(CC) $(LDFLAGS) $< $(LDLIBS) -L$(LIBFLASK_ROOT) -lflask
$(LDLIBS_libxenctrl) -o $@
+
.PHONY: clean
clean:
rm -f *.o *.opic *.so
diff -r 300bfdf167fa -r 2d956b5baeb0 tools/flask/utils/get-bool.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/flask/utils/get-bool.c Thu Feb 02 15:24:53 2012 +0000
@@ -0,0 +1,90 @@
+/*
+ * Author: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <stdio.h>
+#include <xenctrl.h>
+#include <fcntl.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <unistd.h>
+#include <inttypes.h>
+#include <libflask.h>
+
+static void usage(char **argv)
+{
+ fprintf(stderr, "Usage: %s {name|-a}\n", argv[0]);
+ exit(1);
+}
+
+static int all_bools(xc_interface *xch)
+{
+ int err = 0, i = 0, curr, pend;
+ char name[256];
+ while (1) {
+ err = flask_getbool_byid(xch, i, name, &curr, &pend);
+ if (err < 0) {
+ if (errno == ENOENT)
+ return 0;
+ fprintf(stderr, "flask_getbool: Unable to get boolean
#%d: %s (%d)",
+ i, strerror(errno), err);
+ return 2;
+ }
+ if (curr == pend)
+ printf("%s: %d\n", name, curr);
+ else
+ printf("%s: %d (pending %d)\n", name, curr, pend);
+ i++;
+ }
+}
+
+int main(int argc, char **argv)
+{
+ int err = 0;
+ xc_interface *xch;
+ int curr, pend;
+
+ if (argc != 2)
+ usage(argv);
+
+ xch = xc_interface_open(0,0,0);
+ if ( !xch )
+ {
+ fprintf(stderr, "Unable to create interface to xenctrl: %s\n",
+ strerror(errno));
+ err = 1;
+ goto done;
+ }
+
+ if (!strcmp(argv[1], "-a"))
+ {
+ err = all_bools(xch);
+ goto done;
+ }
+
+ err = flask_getbool_byname(xch, argv[1], &curr, &pend);
+ if (err) {
+ fprintf(stderr, "flask_getbool: Unable to get boolean %s: %s
(%d)",
+ argv[1], strerror(errno), err);
+ err = 2;
+ goto done;
+ }
+
+ if (curr == pend)
+ printf("%s: %d\n", argv[1], curr);
+ else
+ printf("%s: %d (pending %d)\n", argv[1], curr, pend);
+
+ done:
+ if ( xch )
+ xc_interface_close(xch);
+
+ return err;
+}
diff -r 300bfdf167fa -r 2d956b5baeb0 tools/flask/utils/set-bool.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/flask/utils/set-bool.c Thu Feb 02 15:24:53 2012 +0000
@@ -0,0 +1,72 @@
+/*
+ * Author: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <stdio.h>
+#include <xenctrl.h>
+#include <fcntl.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <unistd.h>
+#include <inttypes.h>
+#include <libflask.h>
+
+static void usage(char **argv)
+{
+ fprintf(stderr, "Usage: %s name value\n", argv[0]);
+ exit(1);
+}
+
+static int str2bool(const char *str)
+{
+ if (str[0] == '0' || str[0] == '1')
+ return (str[0] == '1');
+ if (!strcasecmp(str, "enabled") || !strcasecmp(str, "on") ||
!strcasecmp(str, "y"))
+ return 1;
+ if (!strcasecmp(str, "disabled") || !strcasecmp(str, "off") ||
!strcasecmp(str, "n"))
+ return 0;
+ fprintf(stderr, "Unknown value %s\n", str);
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ int err = 0;
+ xc_interface *xch;
+ int value;
+
+ if (argc != 3)
+ usage(argv);
+
+ value = str2bool(argv[2]);
+
+ xch = xc_interface_open(0,0,0);
+ if ( !xch )
+ {
+ fprintf(stderr, "Unable to create interface to xenctrl: %s\n",
+ strerror(errno));
+ err = 1;
+ goto done;
+ }
+
+ err = flask_setbool(xch, argv[1], value, 1);
+ if (err) {
+ fprintf(stderr, "flask_setbool: Unable to set boolean %s=%s: %s
(%d)",
+ argv[1], argv[2], strerror(errno), err);
+ err = 2;
+ goto done;
+ }
+
+ done:
+ if ( xch )
+ xc_interface_close(xch);
+
+ return err;
+}
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |