/* SPDX-License-Identifier: LGPL-2.1+ */ /*** This file is part of systemd. Copyright 2017 Yu Watanabe systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. systemd is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with systemd; If not, see . ***/ #include #include "alloc-util.h" #include "extract-word.h" #include "securebits.h" #include "securebits-util.h" #include "string-util.h" int secure_bits_to_string_alloc(int i, char **s) { _cleanup_free_ char *str = NULL; size_t len; int r; assert(s); r = asprintf(&str, "%s%s%s%s%s%s", (i & (1 << SECURE_KEEP_CAPS)) ? "keep-caps " : "", (i & (1 << SECURE_KEEP_CAPS_LOCKED)) ? "keep-caps-locked " : "", (i & (1 << SECURE_NO_SETUID_FIXUP)) ? "no-setuid-fixup " : "", (i & (1 << SECURE_NO_SETUID_FIXUP_LOCKED)) ? "no-setuid-fixup-locked " : "", (i & (1 << SECURE_NOROOT)) ? "noroot " : "", (i & (1 << SECURE_NOROOT_LOCKED)) ? "noroot-locked " : ""); if (r < 0) return -ENOMEM; len = strlen(str); if (len != 0) str[len - 1] = '\0'; *s = str; str = NULL; return 0; } int secure_bits_from_string(const char *s) { int secure_bits = 0; const char *p; int r; for (p = s;;) { _cleanup_free_ char *word = NULL; r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES); if (r == -ENOMEM) return r; if (r <= 0) break; if (streq(word, "keep-caps")) secure_bits |= 1 << SECURE_KEEP_CAPS; else if (streq(word, "keep-caps-locked")) secure_bits |= 1 << SECURE_KEEP_CAPS_LOCKED; else if (streq(word, "no-setuid-fixup")) secure_bits |= 1 << SECURE_NO_SETUID_FIXUP; else if (streq(word, "no-setuid-fixup-locked")) secure_bits |= 1 << SECURE_NO_SETUID_FIXUP_LOCKED; else if (streq(word, "noroot")) secure_bits |= 1 << SECURE_NOROOT; else if (streq(word, "noroot-locked")) secure_bits |= 1 << SECURE_NOROOT_LOCKED; } return secure_bits; }