| 
									
										
										
										
											2023-09-29 13:40:35 -04:00
										 |  |  | // Copyright (c) Tailscale Inc & AUTHORS | 
					
						
							|  |  |  | // SPDX-License-Identifier: BSD-3-Clause | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | package syspolicy | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							|  |  |  | 	"errors" | 
					
						
							|  |  |  | 	"sync/atomic" | 
					
						
							|  |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | var ( | 
					
						
							|  |  |  | 	handlerUsed atomic.Bool | 
					
						
							|  |  |  | 	handler     Handler = defaultHandler{} | 
					
						
							|  |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // Handler reads system policies from OS-specific storage. | 
					
						
							|  |  |  | type Handler interface { | 
					
						
							| 
									
										
										
										
											2024-04-13 17:38:55 -07:00
										 |  |  | 	// ReadString reads the policy setting's string value for the given key. | 
					
						
							|  |  |  | 	// It should return ErrNoSuchKey if the key does not have a value set. | 
					
						
							| 
									
										
										
										
											2023-09-29 13:40:35 -04:00
										 |  |  | 	ReadString(key string) (string, error) | 
					
						
							| 
									
										
										
										
											2024-04-13 17:38:55 -07:00
										 |  |  | 	// ReadUInt64 reads the policy setting's uint64 value for the given key. | 
					
						
							|  |  |  | 	// It should return ErrNoSuchKey if the key does not have a value set. | 
					
						
							| 
									
										
										
										
											2023-09-29 13:40:35 -04:00
										 |  |  | 	ReadUInt64(key string) (uint64, error) | 
					
						
							| 
									
										
										
										
											2024-04-13 17:38:55 -07:00
										 |  |  | 	// ReadBool reads the policy setting's boolean value for the given key. | 
					
						
							|  |  |  | 	// It should return ErrNoSuchKey if the key does not have a value set. | 
					
						
							| 
									
										
										
										
											2023-09-29 21:27:04 -04:00
										 |  |  | 	ReadBoolean(key string) (bool, error) | 
					
						
							| 
									
										
										
										
											2024-04-23 22:23:48 -07:00
										 |  |  | 	// ReadStringArray reads the policy setting's string array value for the given key. | 
					
						
							|  |  |  | 	// It should return ErrNoSuchKey if the key does not have a value set. | 
					
						
							|  |  |  | 	ReadStringArray(key string) ([]string, error) | 
					
						
							| 
									
										
										
										
											2023-09-29 13:40:35 -04:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-04-13 17:38:55 -07:00
										 |  |  | // ErrNoSuchKey is returned by a Handler when the specified key does not have a | 
					
						
							|  |  |  | // value set. | 
					
						
							| 
									
										
										
										
											2023-09-29 13:40:35 -04:00
										 |  |  | var ErrNoSuchKey = errors.New("no such key") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // defaultHandler is the catch all syspolicy type for anything that isn't windows or apple. | 
					
						
							|  |  |  | type defaultHandler struct{} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func (defaultHandler) ReadString(_ string) (string, error) { | 
					
						
							|  |  |  | 	return "", ErrNoSuchKey | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func (defaultHandler) ReadUInt64(_ string) (uint64, error) { | 
					
						
							|  |  |  | 	return 0, ErrNoSuchKey | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-29 21:27:04 -04:00
										 |  |  | func (defaultHandler) ReadBoolean(_ string) (bool, error) { | 
					
						
							|  |  |  | 	return false, ErrNoSuchKey | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-04-23 22:23:48 -07:00
										 |  |  | func (defaultHandler) ReadStringArray(_ string) ([]string, error) { | 
					
						
							|  |  |  | 	return nil, ErrNoSuchKey | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-29 13:40:35 -04:00
										 |  |  | // markHandlerInUse is called before handler methods are called. | 
					
						
							|  |  |  | func markHandlerInUse() { | 
					
						
							|  |  |  | 	handlerUsed.Store(true) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // RegisterHandler initializes the policy handler and ensures registration will happen once. | 
					
						
							|  |  |  | func RegisterHandler(h Handler) { | 
					
						
							|  |  |  | 	// Technically this assignment is not concurrency safe, but in the | 
					
						
							|  |  |  | 	// event that there was any risk of a data race, we will panic due to | 
					
						
							|  |  |  | 	// the CompareAndSwap failing. | 
					
						
							|  |  |  | 	handler = h | 
					
						
							|  |  |  | 	if !handlerUsed.CompareAndSwap(false, true) { | 
					
						
							|  |  |  | 		panic("handler was already used before registration") | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2023-11-29 16:48:25 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-05-23 23:13:32 -07:00
										 |  |  | // TB is a subset of testing.TB that we use to set up test helpers. | 
					
						
							|  |  |  | // It's defined here to avoid pulling in the testing package. | 
					
						
							|  |  |  | type TB interface { | 
					
						
							|  |  |  | 	Helper() | 
					
						
							|  |  |  | 	Cleanup(func()) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func SetHandlerForTest(tb TB, h Handler) { | 
					
						
							| 
									
										
										
										
											2023-11-29 16:48:25 -05:00
										 |  |  | 	tb.Helper() | 
					
						
							|  |  |  | 	oldHandler := handler | 
					
						
							|  |  |  | 	handler = h | 
					
						
							|  |  |  | 	tb.Cleanup(func() { handler = oldHandler }) | 
					
						
							|  |  |  | } |