XCCDF_POLICY

Policy interface to Extensible Configuration Checklist Description Format. More...

Data Structures

struct  xccdf_policy_model
 XCCDF policy model structure contains xccdf_benchmark as reference to Benchmark element in XML file and list of policies that are abstract structure of Profile element from benchmark file. More...
struct  xccdf_policy
 XCCDF policy structure is abstract (class) structure of Profile element from benchmark. More...
struct  xccdf_value_binding
 XCCDF value binding structure is binding between Refine values, Set values, Value element and Check export element of benchmark. More...
struct  xccdf_policy_iterator
 Iterate through policies. More...
struct  oscap_file_entry_iterator
struct  oscap_file_entry_list

Files

file  xccdf_policy.h
 

Open-scap XCCDF Policy library interface.


Functions

struct xccdf_policy_modelxccdf_policy_model::xccdf_policy_model_new (struct xccdf_benchmark *benchmark)
 Constructor of Policy Model structure.
struct xccdf_policyxccdf_policy::xccdf_policy_new (struct xccdf_policy_model *model, struct xccdf_profile *profile)
 Constructor of Policy structure.
struct xccdf_value_bindingxccdf_value_binding::xccdf_value_binding_new (void)
 Constructor of structure with profile bindings - refine_rules, refine_values and set_values.
void xccdf_policy_model::xccdf_policy_model_free (struct xccdf_policy_model *)
 Destructor of Policy Model structure.
void xccdf_policy::xccdf_policy_free (struct xccdf_policy *)
 Destructor of Policy structure.
void xccdf_value_binding::xccdf_value_binding_free (struct xccdf_value_binding *)
 Destructor of Value binding structure.
bool xccdf_policy_model::xccdf_policy_model_register_engine_callback (struct xccdf_policy_model *model, char *sys, void *func, void *usr)
 Function to register callback for checking system.
bool xccdf_policy_model::xccdf_policy_model_register_output_callback (struct xccdf_policy_model *model, oscap_reporter func, void *usr)
 Function to register output callback for checking system that will be called AFTER each rule evaluation.
bool xccdf_policy_model::xccdf_policy_model_register_start_callback (struct xccdf_policy_model *model, oscap_reporter func, void *usr)
 Function to register start callback for checking system that will be called BEFORE each rule evaluation.

Evaluators



struct xccdf_itemxccdf_policy_tailor_item (struct xccdf_policy *policy, struct xccdf_item *item)
 Clone the item and tailor it against given policy (profile).
struct oscap_file_entry_listxccdf_policy_model_get_systems_and_files (struct xccdf_policy_model *policy_model)
 Return names of files that are used in checks of particular rules.
struct oscap_file_entry_listxccdf_item_get_systems_and_files (struct xccdf_item *item)
 Return names of files that are used in checks of particular rules.
struct oscap_stringlistxccdf_policy_model_get_files (struct xccdf_policy_model *policy_model)
 Return names of files that are used in checks of particular rules.
struct oscap_stringlistxccdf_item_get_files (struct xccdf_item *item)
 Return names of files that are used in checks of particular rules.
struct xccdf_resultxccdf_policy::xccdf_policy_evaluate (struct xccdf_policy *policy)
 Call the checking engine for each selected rule in given policy structure.
bool xccdf_policy::xccdf_policy_resolve (struct xccdf_policy *policy)
 Resolve benchmark by applying all refine_rules and refine_values to rules / values of benchmark.
struct oscap_file_entryoscap_file_entry::oscap_file_entry_new (void)
struct oscap_file_entryoscap_file_entry::oscap_file_entry_dup (struct oscap_file_entry *file_entry)
void oscap_file_entry::oscap_file_entry_free (struct oscap_file_entry *entry)
const char * oscap_file_entry::oscap_file_entry_get_system (struct oscap_file_entry *entry)
const char * oscap_file_entry::oscap_file_entry_get_file (struct oscap_file_entry *entry)
struct oscap_file_entryoscap_file_entry_iterator::oscap_file_entry_iterator_next (struct oscap_file_entry_iterator *it)
bool oscap_file_entry_iterator::oscap_file_entry_iterator_has_more (struct oscap_file_entry_iterator *it)
void oscap_file_entry_iterator::oscap_file_entry_iterator_free (struct oscap_file_entry_iterator *it)
void oscap_file_entry_iterator::oscap_file_entry_iterator_reset (struct oscap_file_entry_iterator *it)
struct oscap_file_entry_listoscap_file_entry_list::oscap_file_entry_list_new (void)
void oscap_file_entry_list::oscap_file_entry_list_free (struct oscap_file_entry_list *list)
struct oscap_file_entry_iteratoroscap_file_entry_list::oscap_file_entry_list_get_files (struct oscap_file_entry_list *list)

Iterators



struct xccdf_scorexccdf_policy_get_score (struct xccdf_policy *policy, struct xccdf_result *test_result, const char *system)
 Get score of the XCCDF Benchmark.
char * xccdf_policy_substitute (const char *text, struct xccdf_policy *policy)
 Perform textual substitution of cdf:sub elements with respect to given XCCDF policy.
bool xccdf_policy_iterator::xccdf_policy_iterator_has_more (struct xccdf_policy_iterator *it)
 Return true if the list is not empty, false otherwise.
struct xccdf_policyxccdf_policy_iterator::xccdf_policy_iterator_next (struct xccdf_policy_iterator *it)
 Return the next xccdf_policy structure from the list and increment the iterator.
void xccdf_policy_iterator::xccdf_policy_iterator_free (struct xccdf_policy_iterator *it)
 Free the iterator structure (it makes no changes to the list structure).
void xccdf_policy_iterator::xccdf_policy_iterator_reset (struct xccdf_policy_iterator *it)
 Reset the iterator structure (it will point to the first item in the list).

Getters

Return value is pointer to structure's member.

Do not free unless you null the pointer in the structure. Use remove function otherwise.



struct xccdf_policy_modelxccdf_policy::xccdf_policy_get_model (const struct xccdf_policy *policy)
 Get model from Policy (parent structure of Policy to access the benchmark).
struct xccdf_benchmarkxccdf_policy_model::xccdf_policy_model_get_benchmark (const struct xccdf_policy_model *item)
 Get Benchmark from Policy Model.
struct
xccdf_value_binding_iterator * 
xccdf_policy::xccdf_policy_get_values (const struct xccdf_policy *item)
 Get Value Bindings from XCCDF Policy.
struct xccdf_policy_iteratorxccdf_policy_model::xccdf_policy_model_get_policies (const struct xccdf_policy_model *model)
 Get policies from Policy Model.
struct xccdf_select_iteratorxccdf_policy::xccdf_policy_get_selected_rules (struct xccdf_policy *)
 Get selected rules from policy.
struct xccdf_profilexccdf_policy::xccdf_policy_get_profile (const struct xccdf_policy *)
 Get XCCDF Profile from Policy.
struct xccdf_select_iteratorxccdf_policy::xccdf_policy_get_selects (const struct xccdf_policy *)
 Get rules from Policy.
char * xccdf_value_binding::xccdf_value_binding_get_name (const struct xccdf_value_binding *)
 Get variable name from value bindings.
char * xccdf_value_binding::xccdf_value_binding_get_value (const struct xccdf_value_binding *)
 Get value from value bindings.
xccdf_value_type_t xccdf_value_binding::xccdf_value_binding_get_type (const struct xccdf_value_binding *)
 get variable type from value bindings
xccdf_operator_t xccdf_value_binding::xccdf_value_binding_get_operator (const struct xccdf_value_binding *)
 get Value operator from value bindings
char * xccdf_value_binding::xccdf_value_binding_get_setvalue (const struct xccdf_value_binding *)
 get Set Value from value bindings
struct xccdf_result_iteratorxccdf_policy_model::xccdf_policy_get_results (const struct xccdf_policy *policy)
 Get results of all XCCDF Policy results.
struct xccdf_resultxccdf_policy_model::xccdf_policy_get_result_by_id (struct xccdf_policy *policy, const char *id)
 Get XCCDF Result structure by it's idetificator if there is one.
const char * xccdf_policy::xccdf_policy_get_id (struct xccdf_policy *policy)
 Get ID of XCCDF Profile that is implemented by XCCDF Policy.
struct xccdf_policyxccdf_policy_model::xccdf_policy_model_get_policy_by_id (struct xccdf_policy_model *policy_model, const char *id)
 Get XCCDF Policy from Policy model by speciefied ID of Profile.

Setters

For lists use add functions.

Parameters of set functions are duplicated in memory and need to be freed by caller.



bool xccdf_policy_model::xccdf_policy_model_add_policy (struct xccdf_policy_model *, struct xccdf_policy *)
 Add Policy to Policy Model.
bool xccdf_policy::xccdf_policy_add_select (struct xccdf_policy *, struct xccdf_select *)
 Add rule to Policy.
bool xccdf_policy::xccdf_policy_set_selected (struct xccdf_policy *policy, char *idref)
 Set a new selector to the Policy structure.
bool xccdf_policy_model::xccdf_policy_add_result (struct xccdf_policy *policy, struct xccdf_result *item)
 Add result to XCCDF Policy Model.
bool xccdf_policy::xccdf_policy_add_value (struct xccdf_policy *, struct xccdf_value_binding *)
 Add value binding to the Policy structure.
struct xccdf_selectxccdf_policy::xccdf_policy_get_select_by_id (struct xccdf_policy *policy, const char *item_id)
 Add check export to the Value Binding structure.

Detailed Description

Policy interface to Extensible Configuration Checklist Description Format.

Purpose of this layer is to separate the transport syntax of the XCCDF XML from the processes of evaluating and scoring the policy content comprised by the XCCDF documents. XCCDF Policy model performs the loading, evaluation and scoring tasks of XCCDF.


Function Documentation

struct oscap_file_entry * oscap_file_entry_dup ( struct oscap_file_entry file_entry  )  [read, inherited]
void oscap_file_entry_free ( struct oscap_file_entry entry  )  [inherited]
const char * oscap_file_entry_get_file ( struct oscap_file_entry entry  )  [inherited]
const char * oscap_file_entry_get_system ( struct oscap_file_entry entry  )  [inherited]
void oscap_file_entry_iterator_free ( struct oscap_file_entry_iterator it  )  [inherited]
bool oscap_file_entry_iterator_has_more ( struct oscap_file_entry_iterator it  )  [inherited]
struct oscap_file_entry * oscap_file_entry_iterator_next ( struct oscap_file_entry_iterator it  )  [read, inherited]
void oscap_file_entry_iterator_reset ( struct oscap_file_entry_iterator it  )  [inherited]
void oscap_file_entry_list_free ( struct oscap_file_entry_list list  )  [inherited]
struct oscap_file_entry_iterator * oscap_file_entry_list_get_files ( struct oscap_file_entry_list list  )  [read, inherited]
struct oscap_file_entry_list * oscap_file_entry_list_new ( void   )  [read, inherited]
struct oscap_file_entry * oscap_file_entry_new ( void   )  [read, inherited]
struct oscap_stringlist* xccdf_item_get_files ( struct xccdf_item item  )  [read]

Return names of files that are used in checks of particular rules.

Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"

struct oscap_file_entry_list* xccdf_item_get_systems_and_files ( struct xccdf_item item  )  [read]

Return names of files that are used in checks of particular rules.

Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"

The resulting list should be freed with oscap_filelist_free.

bool xccdf_policy_add_select ( struct xccdf_policy ,
struct xccdf_select  
) [inherited]

Add rule to Policy.

Returns:
true if rule has been added succesfully
bool xccdf_policy_add_value ( struct xccdf_policy ,
struct xccdf_value_binding  
) [inherited]

Add value binding to the Policy structure.

Returns:
true if rule has been added succesfully
struct xccdf_result * xccdf_policy_evaluate ( struct xccdf_policy policy  )  [read, inherited]

Call the checking engine for each selected rule in given policy structure.

Parameters:
policy given Policy to evaluate
Returns:
true if evaluation pass or false in case of error
Example
Before each policy evaluation user has to register callback that will be called for each check. Every checking engine must have registered callback or the particular check will be skipped. In the code below is used the predefined function oval_agent_eval_rule for evaluation OVAL checks:
 xccdf_policy_model_register_engine_callback(policy_model, "http://oval.mitre.org/XMLSchema/oval-definitions-5", oval_agent_eval_rule, (void *) usr);
If you use this predefined OVAL callback, user data structure (last parameter of register function) MUST be of type oval_agent_session_t:
 struct oval_agent_session * sess = oval_agent_new_session((struct oval_definition_model *) model, "name-of-file");
const char * xccdf_policy_get_id ( struct xccdf_policy policy  )  [inherited]

Get ID of XCCDF Profile that is implemented by XCCDF Policy.

Parameters:
policy XCCDF Policy
Returns:
ID of Policy's Profile
struct xccdf_policy_model * xccdf_policy_get_model ( const struct xccdf_policy policy  )  [read, inherited]

Get model from Policy (parent structure of Policy to access the benchmark).

Parameters:
policy XCCDF Policy
Returns:
Policy model
struct xccdf_profile * xccdf_policy_get_profile ( const struct xccdf_policy  )  [read, inherited]

Get XCCDF Profile from Policy.

Returns:
XCCDF Profile
struct xccdf_result * xccdf_policy_get_result_by_id ( struct xccdf_policy policy,
const char *  id 
) [read, inherited]

Get XCCDF Result structure by it's idetificator if there is one.

Returns:
structure xccdf_result if found, NULL otherwise
struct xccdf_score* xccdf_policy_get_score ( struct xccdf_policy policy,
struct xccdf_result test_result,
const char *  system 
) [read]

Get score of the XCCDF Benchmark.

Parameters:
policy XCCDF Policy
test_result Test Result model
system Score system
Returns:
XCCDF Score
struct xccdf_select * xccdf_policy_get_select_by_id ( struct xccdf_policy policy,
const char *  item_id 
) [read, inherited]

Add check export to the Value Binding structure.

Returns:
true if rule has been added succesfully Get select from policy by specified ID of XCCDF Item
XCCDF Select
struct xccdf_select_iterator * xccdf_policy_get_selected_rules ( struct xccdf_policy  )  [read, inherited]

Get selected rules from policy.

Returns:
Pointer to select iterator.
Return values:
NULL on faliure
struct xccdf_select_iterator * xccdf_policy_get_selects ( const struct xccdf_policy  )  [read, inherited]

Get rules from Policy.

Returns:
xccdf_select_iterator
bool xccdf_policy_model_add_policy ( struct xccdf_policy_model ,
struct xccdf_policy  
) [inherited]

Add Policy to Policy Model.

Returns:
true if policy has been added succesfully
struct xccdf_benchmark * xccdf_policy_model_get_benchmark ( const struct xccdf_policy_model item  )  [read, inherited]

Get Benchmark from Policy Model.

Parameters:
item Policy model structure
Returns:
XCCDF Benchmark for given policy model
struct oscap_stringlist* xccdf_policy_model_get_files ( struct xccdf_policy_model policy_model  )  [read]

Return names of files that are used in checks of particular rules.

Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"

struct xccdf_policy_iterator * xccdf_policy_model_get_policies ( const struct xccdf_policy_model model  )  [read, inherited]

Get policies from Policy Model.

Parameters:
model Policy Model
Returns:
Iterator for list of policies
struct xccdf_policy * xccdf_policy_model_get_policy_by_id ( struct xccdf_policy_model policy_model,
const char *  id 
) [read, inherited]

Get XCCDF Policy from Policy model by speciefied ID of Profile.

Parameters:
policy_model XCCDF Policy model
id ID of Profile
Returns:
XCCDF Policy
struct oscap_file_entry_list* xccdf_policy_model_get_systems_and_files ( struct xccdf_policy_model policy_model  )  [read]

Return names of files that are used in checks of particular rules.

Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"

The resulting list should be freed with oscap_filelist_free.

struct xccdf_policy_model * xccdf_policy_model_new ( struct xccdf_benchmark benchmark  )  [read, inherited]

Constructor of Policy Model structure.

Parameters:
benchmark Struct xccdf_benchmark with benchmark model
Returns:
new xccdf_policy_model
bool xccdf_policy_model_register_engine_callback ( struct xccdf_policy_model model,
char *  sys,
void *  func,
void *  usr 
) [inherited]

Function to register callback for checking system.

Parameters:
model XCCDF Policy Model
sys String representing given checking system
func Callback - pointer to function called by XCCDF Policy system when rule parsed
usr optional parameter for passing user data to callback
Returns:
true if callback registered succesfully, false otherwise
bool xccdf_policy_model_register_output_callback ( struct xccdf_policy_model model,
oscap_reporter  func,
void *  usr 
) [inherited]

Function to register output callback for checking system that will be called AFTER each rule evaluation.

Parameters:
model XCCDF Policy Model
func Callback - pointer to function called by XCCDF Policy system when rule parsed
usr optional parameter for passing user data to callback
Returns:
true if callback registered succesfully, false otherwise
Example
With the first function below (register output callback) user registers the callback that will be called after each rule evalution is done. Second callback is registered as callback for evaluation itself and will be called during the evaluation.
 xccdf_policy_model_register_output_callback(policy_model, callback, NULL);
 xccdf_policy_model_register_engine_callback(policy_model, "http://oval.mitre.org/XMLSchema/oval-definitions-5", oval_agent_eval_rule, (void *) sess);
The example of callback:
 static int callback(const struct oscap_reporter_message *msg, void *arg)
 {
      xccdf_test_result_type_t result = oscap_reporter_message_get_user2num(msg);
      if (result == XCCDF_RESULT_NOT_SELECTED) return 0;
 
      printf("\n");
      printf("Rule ID:\r\t\t\033[1m%s\033[0;0m\n", oscap_reporter_message_get_user1str(msg));
      printf("Title:\r\t\t%s\n", oscap_reporter_message_get_user3str(msg));
      printf("Result:\r\t\t\033[%sm%s\033[0m\n", RESULT_COLORS[result], xccdf_test_result_type_get_text((xccdf_test_result_type_t) result));
      return 0;
 }
bool xccdf_policy_model_register_start_callback ( struct xccdf_policy_model model,
oscap_reporter  func,
void *  usr 
) [inherited]

Function to register start callback for checking system that will be called BEFORE each rule evaluation.

Parameters:
model XCCDF Policy Model
func Callback - pointer to function called by XCCDF Policy system when rule parsed
usr optional parameter for passing user data to callback
Returns:
true if callback registered succesfully, false otherwise
Example
With the first function below (register start callback) user registers the callback that will be called before each rule evalution is started. Second callback is registered as callback for evaluation itself and will be called during the evaluation. Last callback is registered output callback.
 xccdf_policy_model_register_start_callback(policy_model, callback_start, NULL);
 xccdf_policy_model_register_engine_callback(policy_model, "http://oval.mitre.org/XMLSchema/oval-definitions-5", oval_agent_eval_rule, (void *) sess);
 xccdf_policy_model_register_output_callback(policy_model, callback_end, NULL);
The example of callback_start:
 static int callback(const struct oscap_reporter_message *msg, void *arg)
 {
      printf("Evaluating rule \"%s\". Please wait.". oscap_reporter_message_get_user1num(msg));
      return 0;
 }
struct xccdf_policy * xccdf_policy_new ( struct xccdf_policy_model model,
struct xccdf_profile profile 
) [read, inherited]

Constructor of Policy structure.

Parameters:
model Policy model
profile Profile from XCCDF Benchmark
bool xccdf_policy_resolve ( struct xccdf_policy policy  )  [inherited]

Resolve benchmark by applying all refine_rules and refine_values to rules / values of benchmark.

All properties in benchmark will be irreversible changed and user has to load benchmark (from XML) again to discard these changes.

Parameters:
policy XCCDF policy containing rules/values that will be applied to benchmark rules/values.
Returns:
true if process ends succesfuly or false in case of error
bool xccdf_policy_set_selected ( struct xccdf_policy policy,
char *  idref 
) [inherited]

Set a new selector to the Policy structure.

Returns:
true if rule has been added succesfully
char* xccdf_policy_substitute ( const char *  text,
struct xccdf_policy policy 
)

Perform textual substitution of cdf:sub elements with respect to given XCCDF policy.

Parameters:
text text to be substituted
policy policy to be used
struct xccdf_item* xccdf_policy_tailor_item ( struct xccdf_policy policy,
struct xccdf_item item 
) [read]

Clone the item and tailor it against given policy (profile).

Parameters:
policy Policy with profile
item XCCDF item to be tailored
Returns:
new item that has to be freed by user
char * xccdf_value_binding_get_name ( const struct xccdf_value_binding  )  [inherited]

Get variable name from value bindings.

Returns:
String
xccdf_operator_t xccdf_value_binding_get_operator ( const struct xccdf_value_binding  )  [inherited]

get Value operator from value bindings

Returns:
xccdf_operator_t
char * xccdf_value_binding_get_setvalue ( const struct xccdf_value_binding  )  [inherited]

get Set Value from value bindings

Returns:
String
xccdf_value_type_t xccdf_value_binding_get_type ( const struct xccdf_value_binding  )  [inherited]

get variable type from value bindings

Returns:
xccdf_value_type_t
char * xccdf_value_binding_get_value ( const struct xccdf_value_binding  )  [inherited]

Get value from value bindings.

Returns:
String
struct xccdf_value_binding * xccdf_value_binding_new ( void   )  [read, inherited]

Constructor of structure with profile bindings - refine_rules, refine_values and set_values.

Returns:
new structure of xccdf_value_binding

Generated on 30 Mar 2012 for Open SCAP Library by  doxygen 1.6.1