blob: 8025b8ada0d2a719c329cfd01b03b222fba74dae [file] [log] [blame]
// Copyright 2022 The ChromiumOS Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "mojo_service_manager/daemon/service_policy.h"
#include <string>
#include <utility>
#include <base/check.h>
#include <base/logging.h>
#include <base/strings/string_util.h>
namespace chromeos::mojo_service_manager {
ServicePolicy::ServicePolicy() = default;
ServicePolicy::~ServicePolicy() = default;
ServicePolicy::ServicePolicy(ServicePolicy&&) = default;
ServicePolicy& ServicePolicy::operator=(ServicePolicy&&) = default;
void ServicePolicy::SetOwnerUid(uint32_t uid) {
CHECK(!owner_uid_);
CHECK(owner_.empty());
owner_uid_ = uid;
}
void ServicePolicy::SetOwner(const std::string& security_context) {
CHECK(!owner_uid_);
CHECK(owner_.empty());
owner_ = security_context;
}
void ServicePolicy::AddRequesterUid(uint32_t uid) {
requesters_uid_.insert(uid);
}
void ServicePolicy::AddRequester(const std::string& security_context) {
requesters_.insert(security_context);
}
bool ServicePolicy::Merge(ServicePolicy another) {
bool res = true;
if (owner_uid_ && another.owner_uid_) {
res = false;
LOG(ERROR)
<< "Cannot merge ServicePolicy. Only allow one owner but got two ("
<< owner_uid_.value() << " and " << another.owner_uid_.value() << ").";
} else if (another.owner_uid_) {
owner_uid_ = another.owner_uid_;
}
if (!owner_.empty() && !another.owner_.empty()) {
res = false;
LOG(ERROR)
<< "Cannot merge ServicePolicy. Only allow one owner but got two ("
<< owner_ << " and " << another.owner_ << ").";
} else if (!another.owner_.empty()) {
owner_ = another.owner_;
}
if (owner_uid_ && !owner_.empty()) {
res = false;
LOG(ERROR) << "Cannot merge ServicePolicy. Both username owner and SeLinux "
"owner are set.";
}
requesters_uid_.merge(another.requesters_uid_);
requesters_.merge(another.requesters_);
return res;
}
bool ServicePolicy::IsOwnerUid(uint32_t uid) const {
return owner_uid_ == uid;
}
bool ServicePolicy::IsOwner(const std::string& security_context) const {
return owner_ == security_context;
}
bool ServicePolicy::IsRequesterUid(uint32_t uid) const {
return requesters_uid_.count(uid);
}
bool ServicePolicy::IsRequester(const std::string& security_context) const {
return requesters_.count(security_context);
}
bool MergeServicePolicyMaps(ServicePolicyMap* from, ServicePolicyMap* to) {
bool res = true;
for (auto& item : *from) {
auto& [service_name, policy_from] = item;
ServicePolicy& policy_to = (*to)[service_name];
if (!policy_to.Merge(std::move(policy_from))) {
res = false;
LOG(ERROR) << "Cannot merge ServicePolicy of the service: "
<< service_name;
}
}
return res;
}
bool ValidateServiceName(const std::string& service_name) {
if (service_name.empty())
return false;
for (char c : service_name) {
if (!base::IsAsciiAlpha(c) && !base::IsAsciiDigit(c)) {
return false;
}
}
return true;
}
bool ValidateSecurityContext(const std::string& security_context) {
if (security_context.empty())
return false;
for (char c : security_context) {
if (!base::IsAsciiLower(c) && !base::IsAsciiDigit(c) && c != '_' &&
c != ':') {
return false;
}
}
return true;
}
} // namespace chromeos::mojo_service_manager