[PATCH 5/8] util: add virFirewallDApplyPolicyRichRules()

Eric Garver <eric@xxxxxxxxxxx> · Thu, 10 Nov 2022 11:31:49 -0500

Signed-off-by: Eric Garver <eric@xxxxxxxxxxx>
---
 src/libvirt_private.syms |  1 +
 src/util/virfirewalld.c  | 44 ++++++++++++++++++++++++++++++++++++++++
 src/util/virfirewalld.h  |  4 ++++
 3 files changed, 49 insertions(+)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index c5882c535210..8fddb9aad11b 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2358,6 +2358,7 @@ virFirewallStartTransaction;
 
 
 # util/virfirewalld.h
+virFirewallDApplyPolicyRichRules;
 virFirewallDApplyRule;
 virFirewallDGetBackend;
 virFirewallDGetPolicies;
diff --git a/src/util/virfirewalld.c b/src/util/virfirewalld.c
index 07f9cdd1e485..9b3c1d84c48f 100644
--- a/src/util/virfirewalld.c
+++ b/src/util/virfirewalld.c
@@ -426,6 +426,50 @@ virFirewallDApplyRule(virFirewallLayer layer,
     return 0;
 }
 
+/**
+ * virFirewallDApplyPolicyRichRules:
+ * @policy:             which policy to apply rules to
+ * @rules:              rules to apply, array of strings
+ * @rules_count:        number of rules in rules array
+ *
+ * Returns 0 on success, non-zero on failure
+ */
+int
+virFirewallDApplyPolicyRichRules(const char *policy,
+                                 const char **rules,
+                                 size_t rules_count)
+{
+    GDBusConnection *sysbus = virGDBusGetSystemBus();
+    g_autoptr(GVariant) message = NULL;
+    GVariant *array = NULL;
+    GVariantBuilder builder;
+    size_t i;
+
+    if (!sysbus)
+        return -1;
+
+    g_variant_builder_init(&builder, G_VARIANT_TYPE_STRING_ARRAY);
+    for (i = 0; i < rules_count; i++) {
+        g_variant_builder_add(&builder, "s", rules[i]);
+    }
+    array = g_variant_builder_end(&builder);
+
+    g_variant_builder_init(&builder, G_VARIANT_TYPE_VARDICT);
+    g_variant_builder_add(&builder, "{sv}", "rich_rules", array);
+
+    message = g_variant_new("(sa{sv})", policy, &builder);
+
+    return virGDBusCallMethod(sysbus,
+                             NULL,
+                             NULL,
+                             NULL,
+                             VIR_FIREWALL_FIREWALLD_SERVICE,
+                             "/org/fedoraproject/FirewallD1",
+                             "org.fedoraproject.FirewallD1.policy",
+                             "setPolicySettings",
+                             message);
+}
+
 
 int
 virFirewallDInterfaceSetZone(const char *iface,
diff --git a/src/util/virfirewalld.h b/src/util/virfirewalld.h
index 11aad7786dfb..9ff4e02e1d59 100644
--- a/src/util/virfirewalld.h
+++ b/src/util/virfirewalld.h
@@ -40,6 +40,10 @@ int virFirewallDApplyRule(virFirewallLayer layer,
                           char **args, size_t argsLen,
                           bool ignoreErrors,
                           char **output);
+int virFirewallDApplyPolicyRichRules(const char *policy,
+                                     const char **rules,
+                                     size_t rules_count);
+
 
 int virFirewallDInterfaceSetZone(const char *iface,
                                  const char *zone);
-- 
2.37.3







