#include "strv.h"
#include "conf-files.h"
#include "bus-internal.h"
+#include "bus-message.h"
#include "bus-policy.h"
static void policy_item_free(PolicyItem *i) {
}
}
+enum {
+ ALLOW,
+ DUNNO,
+ DENY,
+};
+
+struct policy_check_filter {
+ int class;
+ const struct ucred *ucred;
+ int message_type;
+ const char *name;
+ const char *interface;
+ const char *path;
+ const char *member;
+};
+
+static int is_permissive(PolicyItem *i) {
+
+ assert(i);
+
+ return (i->type == POLICY_ITEM_ALLOW) ? ALLOW : DENY;
+}
+
+static int check_policy_item(PolicyItem *i, const struct policy_check_filter *filter) {
+
+ assert(i);
+ assert(filter);
+
+ switch (i->class) {
+ case POLICY_ITEM_SEND:
+ case POLICY_ITEM_RECV:
+
+ if (i->name && !streq_ptr(i->name, filter->name))
+ break;
+
+ if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type))
+ break;
+
+ if (i->path && !streq_ptr(i->path, filter->path))
+ break;
+
+ if (i->member && !streq_ptr(i->member, filter->member))
+ break;
+
+ if (i->interface && !streq_ptr(i->interface, filter->interface))
+ break;
+
+ return is_permissive(i);
+
+ case POLICY_ITEM_OWN:
+ assert(filter->name);
+
+ if (streq(i->name, "*") || streq(i->name, filter->name))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_OWN_PREFIX:
+ assert(filter->name);
+
+ if (streq(i->name, "*") || startswith(i->name, filter->name))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_USER:
+ assert(filter->ucred);
+
+ if ((streq_ptr(i->name, "*") || (i->uid_valid && i->uid == filter->ucred->uid)))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_GROUP:
+ assert(filter->ucred);
+
+ if ((streq_ptr(i->name, "*") || (i->gid_valid && i->gid == filter->ucred->gid)))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_IGNORE:
+ default:
+ break;
+ }
+
+ return DUNNO;
+}
+
+static int check_policy_items(PolicyItem *items, const struct policy_check_filter *filter) {
+
+ PolicyItem *i;
+ int r, ret = DUNNO;
+
+ assert(filter);
+
+ /* Check all policies in a set - a broader one might be followed by a more specific one,
+ * and the order of rules in policy definitions matters */
+ LIST_FOREACH(items, i, items) {
+ if (i->class != filter->class)
+ continue;
+
+ r = check_policy_item(i, filter);
+ if (r != DUNNO)
+ ret = r;
+ }
+
+ return ret;
+}
+
+static int policy_check(Policy *p, const struct policy_check_filter *filter) {
+
+ PolicyItem *items;
+ int r;
+
+ assert(p);
+ assert(filter);
+
+ /*
+ * The policy check is implemented by the following logic:
+ *
+ * 1. Check mandatory items. If the message matches any of these, it is decisive.
+ * 2. See if the passed ucred match against the user/group hashmaps. A matching entry is also decisive.
+ * 3. Consult the defaults if non of the above matched with a more specific rule.
+ * 4. If the message isn't caught be the defaults either, reject it.
+ */
+
+ r = check_policy_items(p->mandatory_items, filter);
+ if (r != DUNNO)
+ return r;
+
+ if (filter->ucred) {
+ items = hashmap_get(p->user_items, UINT32_TO_PTR(filter->ucred->uid));
+ if (items) {
+ r = check_policy_items(items, filter);
+ if (r != DUNNO)
+ return r;
+ }
+
+ items = hashmap_get(p->group_items, UINT32_TO_PTR(filter->ucred->gid));
+ if (items) {
+ r = check_policy_items(items, filter);
+ if (r != DUNNO)
+ return r;
+ }
+ }
+
+ return check_policy_items(p->default_items, filter);
+}
+
+bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name) {
+
+ struct policy_check_filter filter = {
+ .class = POLICY_ITEM_OWN,
+ .ucred = ucred,
+ .name = name,
+ };
+
+ return policy_check(p, &filter) == ALLOW;
+}
+
+bool policy_check_hello(Policy *p, const struct ucred *ucred) {
+
+ struct policy_check_filter filter = {
+ .ucred = ucred,
+ };
+ int user, group;
+
+ filter.class = POLICY_ITEM_USER;
+ user = policy_check(p, &filter);
+ if (user == DENY)
+ return false;
+
+ filter.class = POLICY_ITEM_GROUP;
+ group = policy_check(p, &filter);
+ if (group == DENY)
+ return false;
+
+ return !(user == DUNNO && group == DUNNO);
+}
+
+bool policy_check_recv(Policy *p,
+ const struct ucred *ucred,
+ int message_type,
+ const char *name,
+ const char *path,
+ const char *interface,
+ const char *member) {
+
+ struct policy_check_filter filter = {
+ .class = POLICY_ITEM_RECV,
+ .ucred = ucred,
+ .message_type = message_type,
+ .name = name,
+ .interface = interface,
+ .path = path,
+ .member = member,
+ };
+
+ return policy_check(p, &filter) == ALLOW;
+}
+
+bool policy_check_send(Policy *p,
+ const struct ucred *ucred,
+ int message_type,
+ const char *name,
+ const char *path,
+ const char *interface,
+ const char *member) {
+
+ struct policy_check_filter filter = {
+ .class = POLICY_ITEM_SEND,
+ .ucred = ucred,
+ .message_type = message_type,
+ .name = name,
+ .interface = interface,
+ .path = path,
+ .member = member,
+ };
+
+ return policy_check(p, &filter) == ALLOW;
+}
+
int policy_load(Policy *p, char **files) {
char **i;
int r;
user = uid_to_name(i->uid);
- printf("%sUser: %s\n",
- prefix, strna(user));
+ printf("%sUser: %s (%d)\n",
+ prefix, strna(user), i->uid);
}
if (i->gid_valid) {
group = gid_to_name(i->gid);
- printf("%sGroup: %s\n",
- prefix, strna(group));
+ printf("%sGroup: %s (%d)\n",
+ prefix, strna(group), i->gid);
}
}
}
}
}
-noreturn void policy_dump(Policy *p) {
+void policy_dump(Policy *p) {
printf("%s Default Items:\n", draw_special_char(DRAW_ARROW));
dump_items(p->default_items, "\t");
printf("%s Mandatory Items:\n", draw_special_char(DRAW_ARROW));
dump_items(p->mandatory_items, "\t");
-
- exit(0);
}
static const char* const policy_item_type_table[_POLICY_ITEM_TYPE_MAX] = {