libsbutil: add helpers for reading config options (w/out env export)

All sandbox settings thus far have been for libsandbox.so to process.
With newer features though, we have settings that might only apply to
the main sandbox program.  Add some helper functions for parsing out
those settings (which a later commit will utilize).

Signed-off-by: Mike Frysinger <vapier@gentoo.org>

4 files changed, 40 insertions, 13 deletions

diff --git a/libsbutil/environment.c b/libsbutil/environment.c
index 70fdb72..805b9e6 100644
--- a/libsbutil/environment.c
+++ b/libsbutil/environment.c
@@ -10,9 +10,27 @@
 #include "headers.h"
 #include "sbutil.h"
 
-static bool env_is_in(const char *env, const char *values[], bool *set)
+static const char * const true_values[] = {
+	"1", "true", "yes", NULL,
+};
+
+static const char * const false_values[] = {
+	"0", "false", "no", NULL,
+};
+
+static bool val_is_in(const char *val, const char * const values[])
 {
 	size_t i = 0;
+
+	while (values[i])
+		if (!strcasecmp(val, values[i++]))
+			return true;
+
+	return false;
+}
+
+static bool env_is_in(const char *env, const char * const values[], bool *set)
+{
 	const char *val;
 
 	if (unlikely(!env))
@@ -23,19 +41,21 @@ static bool env_is_in(const char *env, const char *values[], bool *set)
 	if (unlikely(!*set))
 		return false;
 
-	while (values[i])
-		if (!strcasecmp(val, values[i++]))
-			return true;
+	return val_is_in(val, values);
+}
 
-	return false;
+bool is_val_on(const char *val)
+{
+	return val_is_in(val, true_values);
+}
+bool is_val_off(const char *val)
+{
+	return val_is_in(val, false_values);
 }
 
 bool is_env_set_on(const char *env, bool *set)
 {
-	static const char *values[] = {
-		"1", "true", "yes", NULL,
-	};
-	return env_is_in(env, values, set);
+	return env_is_in(env, true_values, set);
 }
 bool is_env_on(const char *env)
 {
@@ -45,10 +65,7 @@ bool is_env_on(const char *env)
 
 bool is_env_set_off(const char *env, bool *set)
 {
-	static const char *values[] = {
-		"0", "false", "no", NULL,
-	};
-	return env_is_in(env, values, set);
+	return env_is_in(env, false_values, set);
 }
 bool is_env_off(const char *env)
 {
diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h
index 56fe6d3..15979da 100644
--- a/libsbutil/sbutil.h
+++ b/libsbutil/sbutil.h
@@ -73,6 +73,8 @@ void get_sandbox_log(char *path, const char *tmpdir);
 void get_sandbox_debug_log(char *path, const char *tmpdir);
 void get_sandbox_message_path(char *path);
 int get_tmp_dir(char *path);
+bool is_val_on(const char *);
+bool is_val_off(const char *);
 bool is_env_on(const char *);
 bool is_env_off(const char *);
 bool is_env_set_on(const char *, bool *);
diff --git a/src/environ.c b/src/environ.c
index 5f22829..346bc26 100644
--- a/src/environ.c
+++ b/src/environ.c
@@ -101,6 +101,12 @@ static void setup_cfg_var(const char *env_var)
 	}
 }
 
+bool sb_get_cnf_bool(const char *key, bool default_val)
+{
+	const char *val = rc_get_cnf_entry(sb_conf_file(), key, NULL);
+	return val ? is_val_on(val) : default_val;
+}
+
 /* Get passed access variable from sandbox.conf for sandbox.d/, and set it in
  * the environment. */
 static int setup_access_var(const char *access_var)
diff --git a/src/sandbox.h b/src/sandbox.h
index 361d468..4233bd6 100644
--- a/src/sandbox.h
+++ b/src/sandbox.h
@@ -26,6 +26,8 @@ struct sandbox_info_t {
 
 extern char **setup_environ(struct sandbox_info_t *sandbox_info);
 
+extern bool sb_get_cnf_bool(const char *, bool);
+
 #define sb_warn(fmt, args...)  fprintf(stderr, "%s:%s  " fmt "\n", "sandbox", __func__, ## args)
 #define sb_pwarn(fmt, args...) sb_warn(fmt ": %s\n", ## args, strerror(errno))
 #define _sb_err(func, fmt, args...) do { sb_##func(fmt, ## args); exit(EXIT_FAILURE); } while (0)