XCCDF_POLICY

Policy interface to Extensible Configuration Checklist Description Format. More...


Files

file  xccdf_policy.h
 Open-scap XCCDF Policy library interface.

Modules

 Engine Plugin

Data Structures

struct  xccdf_policy_model
 XCCDF policy model structure contains xccdf_benchmark as reference to Benchmark element in XML file and list of policies that are abstract structure of Profile element from benchmark file. More...
struct  xccdf_policy
 XCCDF policy structure is abstract (class) structure of Profile element from benchmark. More...
struct  xccdf_value_binding
 XCCDF value binding structure is binding between Refine values, Set values, Value element and Check export element of benchmark. More...
struct  xccdf_policy_iterator
 Iterate through policies. More...
struct  oscap_file_entry_iterator
struct  oscap_file_entry_list

Getters

Return value is pointer to structure's member.

Do not free unless you null the pointer in the structure. Use remove function otherwise.

struct xccdf_policy_modelxccdf_policy_get_model (const struct xccdf_policy *policy)
 Get model from Policy (parent structure of Policy to access the benchmark).
struct xccdf_benchmarkxccdf_policy_model_get_benchmark (const struct xccdf_policy_model *item)
 Get Benchmark from Policy Model.
struct
xccdf_value_binding_iterator * 
xccdf_policy_get_values (const struct xccdf_policy *item)
 Get Value Bindings from XCCDF Policy xccdf_policy.
struct xccdf_policy_iteratorxccdf_policy_model_get_policies (const struct xccdf_policy_model *model)
 Get policies from Policy Model.
int xccdf_policy_model_build_all_useful_policies (struct xccdf_policy_model *policy_model)
 Build all policies that can be useful for user.
struct xccdf_select_iteratorxccdf_policy_get_selected_rules (struct xccdf_policy *)
 Get selected rules from policy xccdf_policy.
struct xccdf_profilexccdf_policy_get_profile (const struct xccdf_policy *)
 Get XCCDF Profile from Policy xccdf_policy.
struct xccdf_select_iteratorxccdf_policy_get_selects (const struct xccdf_policy *)
 Get rules from Policy xccdf_policy.
char * xccdf_value_binding_get_name (const struct xccdf_value_binding *)
 Get variable name from value bindings xccdf_value_binding.
char * xccdf_value_binding_get_value (const struct xccdf_value_binding *)
 Get value from value bindings xccdf_value_binding.
xccdf_value_type_t xccdf_value_binding_get_type (const struct xccdf_value_binding *)
 get variable type from value bindings xccdf_value_binding
xccdf_operator_t xccdf_value_binding_get_operator (const struct xccdf_value_binding *)
 get Value operator from value bindings xccdf_value_binding
char * xccdf_value_binding_get_setvalue (const struct xccdf_value_binding *)
 get Set Value from value bindings xccdf_value_binding
struct xccdf_result_iteratorxccdf_policy_get_results (const struct xccdf_policy *policy)
 Get results of all XCCDF Policy results xccdf_policy_model.
struct xccdf_resultxccdf_policy_get_result_by_id (struct xccdf_policy *policy, const char *id)
 Get XCCDF Result structure by it's idetificator if there is one xccdf_policy_model.
const char * xccdf_policy_get_id (struct xccdf_policy *policy)
 Get ID of XCCDF Profile that is implemented by XCCDF Policy.
struct xccdf_policyxccdf_policy_model_get_policy_by_id (struct xccdf_policy_model *policy_model, const char *id)
 Get XCCDF Policy from Policy model by speciefied ID of Profile.

Setters

For lists use add functions.

Parameters of set functions are duplicated in memory and need to be freed by caller.

bool xccdf_policy_model_add_policy (struct xccdf_policy_model *, struct xccdf_policy *)
 Add Policy to Policy Model xccdf_policy_model.
bool xccdf_policy_add_select (struct xccdf_policy *, struct xccdf_select *)
 Add rule to Policy xccdf_policy.
bool xccdf_policy_set_selected (struct xccdf_policy *policy, char *idref)
 Set a new selector to the Policy structure xccdf_policy.
bool xccdf_policy_add_result (struct xccdf_policy *policy, struct xccdf_result *item)
 Add result to XCCDF Policy Model xccdf_policy_model.
bool xccdf_policy_add_value (struct xccdf_policy *, struct xccdf_value_binding *)
 Add value binding to the Policy structure xccdf_policy.
bool xccdf_policy_is_item_selected (struct xccdf_policy *policy, const char *id)
 Get the selection settings of the item.
int xccdf_policy_get_selected_rules_count (struct xccdf_policy *policy)
 Retrieves number of selected items in the policy.
struct xccdf_selectxccdf_policy_get_select_by_id (struct xccdf_policy *policy, const char *item_id)
 Get select from policy by specified ID of XCCDF Item xccdf_policy.

Evaluators

struct xccdf_resultxccdf_policy_evaluate (struct xccdf_policy *policy)
 Call the checking engine for each selected rule in given policy structure.
bool xccdf_policy_resolve (struct xccdf_policy *policy)
 Resolve benchmark by applying all refine_rules and refine_values to rules / values of benchmark.
int xccdf_policy_generate_fix (struct xccdf_policy *policy, struct xccdf_result *result, const char *sys, int output_fd)
 Generate remediation prescription (presumably a remediation script).
struct xccdf_itemxccdf_policy_tailor_item (struct xccdf_policy *policy, struct xccdf_item *item)
 Clone the item and tailor it against given policy (profile).
struct oscap_file_entry * oscap_file_entry_new (void)
 oscap_file_entry
struct oscap_file_entry * oscap_file_entry_dup (struct oscap_file_entry *file_entry)
 oscap_file_entry
void oscap_file_entry_free (struct oscap_file_entry *entry)
 oscap_file_entry
const char * oscap_file_entry_get_system (struct oscap_file_entry *entry)
 oscap_file_entry
const char * oscap_file_entry_get_file (struct oscap_file_entry *entry)
 oscap_file_entry
struct oscap_file_entry * oscap_file_entry_iterator_next (struct oscap_file_entry_iterator *it)
 oscap_file_entry_iterator
bool oscap_file_entry_iterator_has_more (struct oscap_file_entry_iterator *it)
 oscap_file_entry_iterator
void oscap_file_entry_iterator_free (struct oscap_file_entry_iterator *it)
 oscap_file_entry_iterator
void oscap_file_entry_iterator_reset (struct oscap_file_entry_iterator *it)
 oscap_file_entry_iterator
struct oscap_file_entry_listoscap_file_entry_list_new (void)
 oscap_file_entry_list
void oscap_file_entry_list_free (struct oscap_file_entry_list *list)
 oscap_file_entry_list
struct oscap_file_entry_iteratoroscap_file_entry_list_get_files (struct oscap_file_entry_list *list)
 oscap_file_entry_list
struct oscap_file_entry_listxccdf_policy_model_get_systems_and_files (struct xccdf_policy_model *policy_model)
 Return names of files that are used in checks of particular rules.
struct oscap_file_entry_listxccdf_item_get_systems_and_files (struct xccdf_item *item)
 Return names of files that are used in checks of particular rules.
struct oscap_stringlistxccdf_policy_model_get_files (struct xccdf_policy_model *policy_model)
 Return names of files that are used in checks of particular rules.
struct oscap_stringlistxccdf_item_get_files (struct xccdf_item *item)
 Return names of files that are used in checks of particular rules.
xccdf_test_result_type_t xccdf_test_result_resolve_and_operation (xccdf_test_result_type_t A, xccdf_test_result_type_t B)
 Return result of the AND operation for two given attributes.

Iterators

bool xccdf_policy_iterator_has_more (struct xccdf_policy_iterator *it)
 Return true if the list is not empty, false otherwise xccdf_policy_iterator.
struct xccdf_policyxccdf_policy_iterator_next (struct xccdf_policy_iterator *it)
 Return the next xccdf_policy structure from the list and increment the iterator xccdf_policy_iterator.
void xccdf_policy_iterator_free (struct xccdf_policy_iterator *it)
 Free the iterator structure (it makes no changes to the list structure) xccdf_policy_iterator.
void xccdf_policy_iterator_reset (struct xccdf_policy_iterator *it)
 Reset the iterator structure (it will point to the first item in the list) xccdf_policy_iterator.
bool xccdf_value_binding_iterator_has_more (struct xccdf_value_binding_iterator *it)
 Return true if the list is not empty, false otherwise xccdf_value_binding_iterator.
struct xccdf_value_bindingxccdf_value_binding_iterator_next (struct xccdf_value_binding_iterator *it)
 Return the next xccdf_value_binding structure from the list and increment the iterator xccdf_value_binding_iterator.
void xccdf_value_binding_iterator_free (struct xccdf_value_binding_iterator *it)
 Free the iterator structure (it makes no changes to the list structure) xccdf_value_binding_iterator.
void xccdf_value_binding_iterator_reset (struct xccdf_value_binding_iterator *it)
 Reset the iterator structure (it will point to the first item in the list) xccdf_value_binding_iterator.
struct xccdf_scorexccdf_policy_get_score (struct xccdf_policy *policy, struct xccdf_result *test_result, const char *system)
 Get score of the XCCDF Benchmark.
int xccdf_policy_recalculate_score (struct xccdf_policy *policy, struct xccdf_result *test_result)
 Recalculate score of the XCCDF Benchmark.
const char * xccdf_policy_get_value_of_item (struct xccdf_policy *policy, struct xccdf_item *item)
 Get value of given value item in context of given policy xccdf_policy.
char * xccdf_policy_substitute (const char *text, struct xccdf_policy *policy)
 Perform textual substitution of cdf:sub elements with respect to given XCCDF policy.

Typedefs

typedef void *(* xccdf_policy_engine_query_fn )(void *, xccdf_policy_engine_query_t, void *)
 Type of function which implements queries defined within xccdf_policy_engine_query_t.
typedef xccdf_test_result_type_t(* xccdf_policy_engine_eval_fn )(struct xccdf_policy *policy, const char *rule_id, const char *definition_id, const char *href_if, struct xccdf_value_binding_iterator *value_binding_it, struct xccdf_check_import_iterator *check_imports_it, void *user_data)
 Type of function which implements OpenSCAP checking engine.
typedef int(* policy_reporter_output )(struct xccdf_rule_result *, void *)
typedef int(* policy_reporter_start )(struct xccdf_rule *, void *)

Enumerations

enum  xccdf_policy_engine_query_t { POLICY_ENGINE_QUERY_NAMES_FOR_HREF = 1 }
 Type of a query over checking-engine data. More...

Functions

struct xccdf_policy_modelxccdf_policy_model_new (struct xccdf_benchmark *benchmark)
 Constructor of Policy Model structure.
struct xccdf_policyxccdf_policy_new (struct xccdf_policy_model *model, struct xccdf_profile *profile)
 Constructor of Policy structure.
struct xccdf_value_bindingxccdf_value_binding_new (void)
 Constructor of structure with profile bindings - refine_rules, refine_values and set_values xccdf_value_binding.
void xccdf_policy_model_free (struct xccdf_policy_model *)
 Destructor of Policy Model structure xccdf_policy_model.
void xccdf_policy_free (struct xccdf_policy *)
 Destructor of Policy structure xccdf_policy.
void xccdf_value_binding_free (struct xccdf_value_binding *)
 Destructor of Value binding structure xccdf_value_binding.
bool xccdf_policy_model_set_tailoring (struct xccdf_policy_model *model, struct xccdf_tailoring *tailoring)
 Sets the Tailoring element to use in the policy.
struct xccdf_tailoringxccdf_policy_model_get_tailoring (struct xccdf_policy_model *model)
 Retrieves the Tailoring element used in this policy.
char * xccdf_policy_get_readable_item_title (struct xccdf_policy *policy, struct xccdf_item *item, const char *preferred_lang)
 Get human readable title of given XCCDF Item.
char * xccdf_policy_get_readable_item_description (struct xccdf_policy *policy, struct xccdf_item *item, const char *preferred_lang)
 Get human readable description of given XCCDF Item.
bool xccdf_policy_model_add_cpe_dict_source (struct xccdf_policy_model *model, struct oscap_source *source)
 Registers an additional CPE dictionary for applicability testing The one embedded in the evaluated XCCDF take precedence!
bool xccdf_policy_model_add_cpe_dict (struct xccdf_policy_model *model, const char *cpe_dict)
 Registers an additional CPE dictionary for applicability testing The one embedded in the evaluated XCCDF take precedence!
bool xccdf_policy_model_add_cpe_lang_model_source (struct xccdf_policy_model *model, struct oscap_source *source)
 Registers an additional CPE lang model for applicability testing The one embedded in the evaluated XCCDF take precedence!
bool xccdf_policy_model_add_cpe_lang_model (struct xccdf_policy_model *model, const char *cpe_lang)
 Registers an additional CPE lang model for applicability testing The one embedded in the evaluated XCCDF take precedence!
bool xccdf_policy_model_add_cpe_autodetect_source (struct xccdf_policy_model *model, struct oscap_source *source)
 Registers an additional CPE resource (either dictionary or language) Autodetects given file and acts accordingly.
bool xccdf_policy_model_add_cpe_autodetect (struct xccdf_policy_model *model, const char *filepath)
 Registers an additional CPE resource (either dictionary or language) Autodetects given file and acts accordingly.
struct oscap_htable_iterator * xccdf_policy_model_get_cpe_oval_sessions (struct xccdf_policy_model *model)
 Retrieves an iterator of all OVAL sessions created for CPE applicability evaluation key is the OVAL href, value is the OVAL session itself (type oval_agent_session*).
bool xccdf_policy_model_register_engine_callback (struct xccdf_policy_model *model, char *sys, void *func, void *usr)
 Function to register callback for checking system.
bool xccdf_policy_model_register_engine_and_query_callback (struct xccdf_policy_model *model, char *sys, xccdf_policy_engine_eval_fn eval_fn, void *usr, xccdf_policy_engine_query_fn query_fn)
 Function to register callback for checking system.
bool xccdf_policy_model_register_output_callback (struct xccdf_policy_model *model, policy_reporter_output func, void *usr)
 Function to register output callback for checking system that will be called AFTER each rule evaluation.
bool xccdf_policy_model_register_start_callback (struct xccdf_policy_model *model, policy_reporter_start func, void *usr)
 Function to register start callback for checking system that will be called BEFORE each rule evaluation.

Detailed Description

Policy interface to Extensible Configuration Checklist Description Format.

Purpose of this layer is to separate the transport syntax of the XCCDF XML from the processes of evaluating and scoring the policy content comprised by the XCCDF documents. XCCDF Policy model performs the loading, evaluation and scoring tasks of XCCDF.


Typedef Documentation

typedef xccdf_test_result_type_t(* xccdf_policy_engine_eval_fn)(struct xccdf_policy *policy, const char *rule_id, const char *definition_id, const char *href_if, struct xccdf_value_binding_iterator *value_binding_it, struct xccdf_check_import_iterator *check_imports_it, void *user_data)

Type of function which implements OpenSCAP checking engine.

This function defines basic interface between XCCDF module and thee checking engine. For each checking engine required for evaluation there should be at least one such function registerd. The registered function is then used by xccdf_policy module to perform evaluation on the machine.

typedef void*(* xccdf_policy_engine_query_fn)(void *, xccdf_policy_engine_query_t, void *)

Type of function which implements queries defined within xccdf_policy_engine_query_t.

Each checking engine may register its own function of the xccdf_policy_engine_query_fn type. The registered function is then used by xccdf_policy module to acquire comprehensive info about the checking-engine itself or the data fed in. First argument of the function is always user data as registered. Second argument defines the query. Third argument is dependent on query and defined as follows:

  • (const char *)href -- for POLICY_ENGINE_QUERY_NAMES_FOR_HREF

Expected return type depends also on query as follows:

  • (struct oscap_stringlists *) -- for POLICY_ENGINE_QUERY_NAMES_FOR_HREF
  • NULL shall be returned if the function doesn't understand the query.


Enumeration Type Documentation

Type of a query over checking-engine data.

This allows xccdf_policy module to query checking engine and acquire comprehensive info.


Function Documentation

struct oscap_stringlist* xccdf_item_get_files ( struct xccdf_item item  )  [read]

Return names of files that are used in checks of particular rules.

Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"

struct oscap_file_entry_list* xccdf_item_get_systems_and_files ( struct xccdf_item item  )  [read]

Return names of files that are used in checks of particular rules.

Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"

The resulting list should be freed with oscap_filelist_free.

bool xccdf_policy_add_select ( struct xccdf_policy ,
struct xccdf_select  
)

Add rule to Policy xccdf_policy.

Returns:
true if rule has been added succesfully

bool xccdf_policy_add_value ( struct xccdf_policy ,
struct xccdf_value_binding  
)

Add value binding to the Policy structure xccdf_policy.

Returns:
true if rule has been added succesfully

struct xccdf_result* xccdf_policy_evaluate ( struct xccdf_policy policy  )  [read]

Call the checking engine for each selected rule in given policy structure.

Parameters:
policy given Policy to evaluate xccdf_policy
Returns:
true if evaluation pass or false in case of error
Example
Before each policy evaluation user has to register callback that will be called for each check. Every checking engine must have registered callback or the particular check will be skipped. In the code below is used the predefined function oval_agent_eval_rule for evaluation OVAL checks:
 xccdf_policy_model_register_engine_oval(policy_mode, agent_session)
If you use this predefined OVAL callback, user data structure (last parameter of register function) MUST be of type oval_agent_session_t:
 struct oval_agent_session * sess = oval_agent_new_session((struct oval_definition_model *) model, "name-of-file");

Set ID of TestResult

We need to process document top-down order. See conflicts/requires and Item Processing Algorithm

int xccdf_policy_generate_fix ( struct xccdf_policy policy,
struct xccdf_result result,
const char *  sys,
int  output_fd 
)

Generate remediation prescription (presumably a remediation script).

xccdf_policy

Parameters:
policy XCCDF Policy
result XCCDF TestResult. This may be omitted to generate the prescription based solely on the XCCDF Policy (xccdf:Profile).
sys Consider only those fixes that have attribute equal to sys
output_fd write prescription to this file descriptor
Returns:
zero on success, non-zero indicate partial (incomplete) output.

const char* xccdf_policy_get_id ( struct xccdf_policy policy  ) 

Get ID of XCCDF Profile that is implemented by XCCDF Policy.

Parameters:
policy XCCDF Policy xccdf_policy
Returns:
ID of Policy's Profile

struct xccdf_policy_model* xccdf_policy_get_model ( const struct xccdf_policy policy  )  [read]

Get model from Policy (parent structure of Policy to access the benchmark).

Parameters:
policy XCCDF Policy
Returns:
Policy model xccdf_policy

struct xccdf_profile* xccdf_policy_get_profile ( const struct xccdf_policy  )  [read]

Get XCCDF Profile from Policy xccdf_policy.

Returns:
XCCDF Profile

char* xccdf_policy_get_readable_item_description ( struct xccdf_policy policy,
struct xccdf_item item,
const char *  preferred_lang 
)

Get human readable description of given XCCDF Item.

This function searches for description with the best matching language and resolves any inner <xccdf:sub> substitution (in accordance with the given XCCDF Policy. xccdf_policy

Parameters:
policy XCCDF Policy
item XCCDF Item to query description from
preferred_lang Language of your choice, Null value for the default.
Returns:
plaintext C string which must be freed by caller

char* xccdf_policy_get_readable_item_title ( struct xccdf_policy policy,
struct xccdf_item item,
const char *  preferred_lang 
)

Get human readable title of given XCCDF Item.

This finds title with best matching language and resolves <xccdf:sub> substitution in accordance with the given XCCDF Policy. xccdf_policy

Parameters:
policy XCCDF Policy
item XCCDF Item to query title from
preferred_lang Language of your choice, Null value for the default.
Returns:
plaintext C string which must be freed by caller

struct xccdf_result* xccdf_policy_get_result_by_id ( struct xccdf_policy policy,
const char *  id 
) [read]

Get XCCDF Result structure by it's idetificator if there is one xccdf_policy_model.

Returns:
structure xccdf_result if found, NULL otherwise

struct xccdf_score* xccdf_policy_get_score ( struct xccdf_policy policy,
struct xccdf_result test_result,
const char *  system 
) [read]

Get score of the XCCDF Benchmark.

Parameters:
policy XCCDF Policy
test_result Test Result model
system Score system
Returns:
XCCDF Score

struct xccdf_select* xccdf_policy_get_select_by_id ( struct xccdf_policy policy,
const char *  item_id 
) [read]

Get select from policy by specified ID of XCCDF Item xccdf_policy.

Returns:
XCCDF Select

struct xccdf_select_iterator* xccdf_policy_get_selected_rules ( struct xccdf_policy  )  [read]

Get selected rules from policy xccdf_policy.

Returns:
Pointer to select iterator.
Return values:
NULL on faliure

int xccdf_policy_get_selected_rules_count ( struct xccdf_policy policy  ) 

Retrieves number of selected items in the policy.

Note:
This is meant to be used to estimate scanning progress for example.

struct xccdf_select_iterator* xccdf_policy_get_selects ( const struct xccdf_policy  )  [read]

Get rules from Policy xccdf_policy.

Returns:
xccdf_select_iterator

const char* xccdf_policy_get_value_of_item ( struct xccdf_policy policy,
struct xccdf_item item 
)

Get value of given value item in context of given policy xccdf_policy.

Parameters:
policy XCCDF policy
item the xccdf:Value to resolve
Returns:
string representation of resolved value_instance.
Return values:
NULL indicates failure

bool xccdf_policy_is_item_selected ( struct xccdf_policy policy,
const char *  id 
)

Get the selection settings of the item.

xccdf_policy

Returns:
true if the item is selected

bool xccdf_policy_model_add_cpe_autodetect ( struct xccdf_policy_model model,
const char *  filepath 
)

Registers an additional CPE resource (either dictionary or language) Autodetects given file and acts accordingly.

The one embedded in the evaluated XCCDF take precedence!

Deprecated:
Deprecated in favor of xccdf_policy_model_add_cpe_autodetect_source

bool xccdf_policy_model_add_cpe_autodetect_source ( struct xccdf_policy_model model,
struct oscap_source *  source 
)

Registers an additional CPE resource (either dictionary or language) Autodetects given file and acts accordingly.

The one embedded in the evaluated XCCDF take precedence!

bool xccdf_policy_model_add_cpe_dict ( struct xccdf_policy_model model,
const char *  cpe_dict 
)

Registers an additional CPE dictionary for applicability testing The one embedded in the evaluated XCCDF take precedence!

Deprecated:
Deprecated in favor of xccdf_policy_model_add_cpe_dict_source

bool xccdf_policy_model_add_cpe_lang_model ( struct xccdf_policy_model model,
const char *  cpe_lang 
)

Registers an additional CPE lang model for applicability testing The one embedded in the evaluated XCCDF take precedence!

Deprecated:
Deprecated in favor of xccdf_policy_model_add_cpe_lang_model_source

bool xccdf_policy_model_add_policy ( struct xccdf_policy_model ,
struct xccdf_policy  
)

Add Policy to Policy Model xccdf_policy_model.

Returns:
true if policy has been added succesfully

int xccdf_policy_model_build_all_useful_policies ( struct xccdf_policy_model policy_model  ) 

Build all policies that can be useful for user.

The useful policy is any that contains at least one Rule. For example the default profile oftentimes does not contain any rules. xccdf_policy_model

Parameters:
policy_model - XCCDF Policy Model
Returns:
0 on success

struct xccdf_benchmark* xccdf_policy_model_get_benchmark ( const struct xccdf_policy_model item  )  [read]

Get Benchmark from Policy Model.

Parameters:
item Policy model structure
Returns:
XCCDF Benchmark for given policy model xccdf_policy_model

struct oscap_stringlist* xccdf_policy_model_get_files ( struct xccdf_policy_model policy_model  )  [read]

Return names of files that are used in checks of particular rules.

Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"

struct xccdf_policy_iterator* xccdf_policy_model_get_policies ( const struct xccdf_policy_model model  )  [read]

Get policies from Policy Model.

Be aware, this function returns only a list of previously initialized policies. A policy can be initialized by xccdf_policy_model_get_policy_by_id.

Parameters:
model Policy Model
Returns:
Iterator for list of policies xccdf_policy_model

struct xccdf_policy* xccdf_policy_model_get_policy_by_id ( struct xccdf_policy_model policy_model,
const char *  id 
) [read]

Get XCCDF Policy from Policy model by speciefied ID of Profile.

Parameters:
policy_model XCCDF Policy model
id ID of Profile xccdf_policy_model
Returns:
XCCDF Policy

struct oscap_file_entry_list* xccdf_policy_model_get_systems_and_files ( struct xccdf_policy_model policy_model  )  [read]

Return names of files that are used in checks of particular rules.

Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"

The resulting list should be freed with oscap_filelist_free.

struct xccdf_tailoring* xccdf_policy_model_get_tailoring ( struct xccdf_policy_model model  )  [read]

Retrieves the Tailoring element used in this policy.

xccdf_policy_model

struct xccdf_policy_model* xccdf_policy_model_new ( struct xccdf_benchmark benchmark  )  [read]

Constructor of Policy Model structure.

Parameters:
benchmark Struct xccdf_benchmark with benchmark model
Returns:
new xccdf_policy_model
Note:
The policy model will take ownership of given benchmark and free it when it's being destructed! xccdf_policy_model
Constructor of Policy Model structure.

Create new structure and fill the policies list with policy entries that are inherited from XCCDF benchmark Profile elements. For each profile element call xccdf_policy_new function.

bool xccdf_policy_model_register_engine_and_query_callback ( struct xccdf_policy_model model,
char *  sys,
xccdf_policy_engine_eval_fn  eval_fn,
void *  usr,
xccdf_policy_engine_query_fn  query_fn 
)

Function to register callback for checking system.

Parameters:
model XCCDF Policy Model
sys String representing given checking system
eval_fn Callback - pointer to function called by XCCDF Policy system when rule parsed
usr optional parameter for passing user data to callback
query_fn - optional parameter for providing xccdf_policy_engine_query_fn implementation for given system. xccdf_policy_model
Returns:
true if callback registered succesfully, false otherwise

bool xccdf_policy_model_register_engine_callback ( struct xccdf_policy_model model,
char *  sys,
void *  func,
void *  usr 
)

Function to register callback for checking system.

Parameters:
model XCCDF Policy Model
sys String representing given checking system
func Callback - pointer to function called by XCCDF Policy system when rule parsed
usr optional parameter for passing user data to callback xccdf_policy_model
Returns:
true if callback registered succesfully, false otherwise
Deprecated:
This function is deprecated by xccdf_policy_model_register_engine_and_query_callback and might be dropped from future releases.
Function to register callback for checking system.

System is used for evaluating content of rules.

bool xccdf_policy_model_register_output_callback ( struct xccdf_policy_model model,
policy_reporter_output  func,
void *  usr 
)

Function to register output callback for checking system that will be called AFTER each rule evaluation.

Parameters:
model XCCDF Policy Model
func Callback - pointer to function called by XCCDF Policy system when rule parsed
usr optional parameter for passing user data to callback xccdf_policy_model
Returns:
true if callback registered succesfully, false otherwise

bool xccdf_policy_model_register_start_callback ( struct xccdf_policy_model model,
policy_reporter_start  func,
void *  usr 
)

Function to register start callback for checking system that will be called BEFORE each rule evaluation.

Parameters:
model XCCDF Policy Model
func Callback - pointer to function called by XCCDF Policy system when rule parsed
usr optional parameter for passing user data to callback xccdf_policy_model
Returns:
true if callback registered succesfully, false otherwise

bool xccdf_policy_model_set_tailoring ( struct xccdf_policy_model model,
struct xccdf_tailoring tailoring 
)

Sets the Tailoring element to use in the policy.

Profiles from the Benchmark *may* be shadowed by profiles in the given Tailoring element! Calling this function will affect the results of xccdf_policy_model_get_policy_by_id calls.

This does INVALIDATE preexisting xccdf_policy pointers in this xccdf_policy_model! It is recommended to call this function before policy for any profile is queried.

Note:
The policy model will take ownership of given tailoring and free it when it's being destructed or when new tailoring is being set.

struct xccdf_policy* xccdf_policy_new ( struct xccdf_policy_model model,
struct xccdf_profile profile 
) [read]

Constructor of Policy structure.

Parameters:
model Policy model
profile Profile from XCCDF Benchmark xccdf_policy
Constructor of Policy structure.

Create the structure and resolve all rules from benchmark that are not present in selectors. This step is necessary because of default values of groups / rules that can be added to Policy whether or not they have their selector. Last step is filling the list of value bindings (see more in xccdf_value_binding_proccess).

int xccdf_policy_recalculate_score ( struct xccdf_policy policy,
struct xccdf_result test_result 
)

Recalculate score of the XCCDF Benchmark.

Parameters:
policy XCCDF Policy
test_result Test Result model
Returns:
zero on success

bool xccdf_policy_resolve ( struct xccdf_policy policy  ) 

Resolve benchmark by applying all refine_rules and refine_values to rules / values of benchmark.

All properties in benchmark will be irreversible changed and user has to load benchmark (from XML) again to discard these changes.

Parameters:
policy XCCDF policy containing rules/values that will be applied to benchmark rules/values.
Returns:
true if process ends succesfuly or false in case of error xccdf_policy
Resolve benchmark by applying all refine_rules and refine_values to rules / values of benchmark.

Beware ! Benchmark properties will be changed ! For discarding changes you have to load benchmark from XML file again.

bool xccdf_policy_set_selected ( struct xccdf_policy policy,
char *  idref 
)

Set a new selector to the Policy structure xccdf_policy.

Returns:
true if rule has been added succesfully
Deprecated:
This function is deprecated by xccdf_policy_add_select and might be dropped from future releases.

char* xccdf_policy_substitute ( const char *  text,
struct xccdf_policy policy 
)

Perform textual substitution of cdf:sub elements with respect to given XCCDF policy.

Parameters:
text text to be substituted
policy policy to be used

struct xccdf_item* xccdf_policy_tailor_item ( struct xccdf_policy policy,
struct xccdf_item item 
) [read]

Clone the item and tailor it against given policy (profile).

Parameters:
policy Policy with profile
item XCCDF item to be tailored
Returns:
new item that has to be freed by user
Deprecated:
This function is deprecated and might be dropped from future releases.

xccdf_test_result_type_t xccdf_test_result_resolve_and_operation ( xccdf_test_result_type_t  A,
xccdf_test_result_type_t  B 
)

Return result of the AND operation for two given attributes.

For more details about the attributes A and B please consult 'Table 26: Possible Results for a Single Test' from NISTIR-7275r4. For more details about the AND operation please consult 'Table 12: Truth Table for AND' in the very same document.

char* xccdf_value_binding_get_name ( const struct xccdf_value_binding  ) 

Get variable name from value bindings xccdf_value_binding.

Returns:
String

xccdf_operator_t xccdf_value_binding_get_operator ( const struct xccdf_value_binding  ) 

get Value operator from value bindings xccdf_value_binding

Returns:
xccdf_operator_t

char* xccdf_value_binding_get_setvalue ( const struct xccdf_value_binding  ) 

get Set Value from value bindings xccdf_value_binding

Returns:
String

xccdf_value_type_t xccdf_value_binding_get_type ( const struct xccdf_value_binding  ) 

get variable type from value bindings xccdf_value_binding

Returns:
xccdf_value_type_t

char* xccdf_value_binding_get_value ( const struct xccdf_value_binding  ) 

Get value from value bindings xccdf_value_binding.

Returns:
String

struct xccdf_value_binding* xccdf_value_binding_new ( void   )  [read]

Constructor of structure with profile bindings - refine_rules, refine_values and set_values xccdf_value_binding.

Returns:
new structure of xccdf_value_binding


Generated on Tue Nov 14 12:18:58 2017 for Open SCAP Library by  doxygen 1.5.6