chiark / gitweb /
cb0726aa3ffb7e0de28d866049bb21f2b4886de6
[elogind.git] / src / bus-proxyd / bus-policy.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4   This file is part of systemd.
5
6   Copyright 2013 Lennart Poettering
7
8   systemd is free software; you can redistribute it and/or modify it
9   under the terms of the GNU Lesser General Public License as published by
10   the Free Software Foundation; either version 2.1 of the License, or
11   (at your option) any later version.
12
13   systemd is distributed in the hope that it will be useful, but
14   WITHOUT ANY WARRANTY; without even the implied warranty of
15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16   Lesser General Public License for more details.
17
18   You should have received a copy of the GNU Lesser General Public License
19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include "xml.h"
23 #include "fileio.h"
24 #include "strv.h"
25 #include "conf-files.h"
26 #include "bus-internal.h"
27 #include "bus-message.h"
28 #include "bus-policy.h"
29
30 static void policy_item_free(PolicyItem *i) {
31         assert(i);
32
33         free(i->interface);
34         free(i->member);
35         free(i->error);
36         free(i->name);
37         free(i->path);
38         free(i);
39 }
40
41 DEFINE_TRIVIAL_CLEANUP_FUNC(PolicyItem*, policy_item_free);
42
43 static void item_append(PolicyItem *i, PolicyItem **list) {
44
45         PolicyItem *tail;
46
47         LIST_FIND_TAIL(items, *list, tail);
48         LIST_INSERT_AFTER(items, *list, tail, i);
49 }
50
51 static int file_load(Policy *p, const char *path) {
52
53         _cleanup_free_ char *c = NULL, *policy_user = NULL, *policy_group = NULL;
54         _cleanup_(policy_item_freep) PolicyItem *i = NULL;
55         void *xml_state = NULL;
56         unsigned n_other = 0;
57         const char *q;
58         int r;
59
60         enum {
61                 STATE_OUTSIDE,
62                 STATE_BUSCONFIG,
63                 STATE_POLICY,
64                 STATE_POLICY_CONTEXT,
65                 STATE_POLICY_USER,
66                 STATE_POLICY_GROUP,
67                 STATE_POLICY_OTHER_ATTRIBUTE,
68                 STATE_ALLOW_DENY,
69                 STATE_ALLOW_DENY_INTERFACE,
70                 STATE_ALLOW_DENY_MEMBER,
71                 STATE_ALLOW_DENY_ERROR,
72                 STATE_ALLOW_DENY_PATH,
73                 STATE_ALLOW_DENY_MESSAGE_TYPE,
74                 STATE_ALLOW_DENY_NAME,
75                 STATE_ALLOW_DENY_OTHER_ATTRIBUTE,
76                 STATE_OTHER,
77         } state = STATE_OUTSIDE;
78
79         enum {
80                 POLICY_CATEGORY_NONE,
81                 POLICY_CATEGORY_DEFAULT,
82                 POLICY_CATEGORY_MANDATORY,
83                 POLICY_CATEGORY_USER,
84                 POLICY_CATEGORY_GROUP
85         } policy_category = POLICY_CATEGORY_NONE;
86
87         unsigned line = 0;
88
89         assert(p);
90
91         r = read_full_file(path, &c, NULL);
92         if (r < 0) {
93                 if (r == -ENOENT)
94                         return 0;
95                 if (r == -EISDIR)
96                         return r;
97
98                 log_error("Failed to load %s: %s", path, strerror(-r));
99                 return r;
100         }
101
102         q = c;
103         for (;;) {
104                 _cleanup_free_ char *name = NULL;
105                 int t;
106
107                 t = xml_tokenize(&q, &name, &xml_state, &line);
108                 if (t < 0) {
109                         log_error("XML parse failure in %s: %s", path, strerror(-t));
110                         return t;
111                 }
112
113                 switch (state) {
114
115                 case STATE_OUTSIDE:
116
117                         if (t == XML_TAG_OPEN) {
118                                 if (streq(name, "busconfig"))
119                                         state = STATE_BUSCONFIG;
120                                 else {
121                                         log_error("Unexpected tag %s at %s:%u.", name, path, line);
122                                         return -EINVAL;
123                                 }
124
125                         } else if (t == XML_END)
126                                 return 0;
127                         else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
128                                 log_error("Unexpected token (1) at %s:%u.", path, line);
129                                 return -EINVAL;
130                         }
131
132                         break;
133
134                 case STATE_BUSCONFIG:
135
136                         if (t == XML_TAG_OPEN) {
137                                 if (streq(name, "policy")) {
138                                         state = STATE_POLICY;
139                                         policy_category = POLICY_CATEGORY_NONE;
140                                         free(policy_user);
141                                         free(policy_group);
142                                         policy_user = policy_group = NULL;
143                                 } else {
144                                         state = STATE_OTHER;
145                                         n_other = 0;
146                                 }
147                         } else if (t == XML_TAG_CLOSE_EMPTY ||
148                                    (t == XML_TAG_CLOSE && streq(name, "busconfig")))
149                                 state = STATE_OUTSIDE;
150                         else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
151                                 log_error("Unexpected token (2) at %s:%u.", path, line);
152                                 return -EINVAL;
153                         }
154
155                         break;
156
157                 case STATE_POLICY:
158
159                         if (t == XML_ATTRIBUTE_NAME) {
160                                 if (streq(name, "context"))
161                                         state = STATE_POLICY_CONTEXT;
162                                 else if (streq(name, "user"))
163                                         state = STATE_POLICY_USER;
164                                 else if (streq(name, "group"))
165                                         state = STATE_POLICY_GROUP;
166                                 else {
167                                         if (streq(name, "at_console"))
168                                                 log_debug("Attribute %s of <policy> tag unsupported at %s:%u, ignoring.", name, path, line);
169                                         else
170                                                 log_warning("Attribute %s of <policy> tag unknown at %s:%u, ignoring.", name, path, line);
171                                         state = STATE_POLICY_OTHER_ATTRIBUTE;
172                                 }
173                         } else if (t == XML_TAG_CLOSE_EMPTY ||
174                                    (t == XML_TAG_CLOSE && streq(name, "policy")))
175                                 state = STATE_BUSCONFIG;
176                         else if (t == XML_TAG_OPEN) {
177                                 PolicyItemType it;
178
179                                 if (streq(name, "allow"))
180                                         it = POLICY_ITEM_ALLOW;
181                                 else if (streq(name, "deny"))
182                                         it = POLICY_ITEM_DENY;
183                                 else {
184                                         log_warning("Unknown tag %s in <policy> %s:%u.", name, path, line);
185                                         return -EINVAL;
186                                 }
187
188                                 assert(!i);
189                                 i = new0(PolicyItem, 1);
190                                 if (!i)
191                                         return log_oom();
192
193                                 i->type = it;
194                                 state = STATE_ALLOW_DENY;
195
196                         } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
197                                 log_error("Unexpected token (3) at %s:%u.", path, line);
198                                 return -EINVAL;
199                         }
200
201                         break;
202
203                 case STATE_POLICY_CONTEXT:
204
205                         if (t == XML_ATTRIBUTE_VALUE) {
206                                 if (streq(name, "default")) {
207                                         policy_category = POLICY_CATEGORY_DEFAULT;
208                                         state = STATE_POLICY;
209                                 } else if (streq(name, "mandatory")) {
210                                         policy_category = POLICY_CATEGORY_MANDATORY;
211                                         state = STATE_POLICY;
212                                 } else {
213                                         log_error("context= parameter %s unknown for <policy> at %s:%u.", name, path, line);
214                                         return -EINVAL;
215                                 }
216                         } else {
217                                 log_error("Unexpected token (4) at %s:%u.", path, line);
218                                 return -EINVAL;
219                         }
220
221                         break;
222
223                 case STATE_POLICY_USER:
224
225                         if (t == XML_ATTRIBUTE_VALUE) {
226                                 free(policy_user);
227                                 policy_user = name;
228                                 name = NULL;
229                                 policy_category = POLICY_CATEGORY_USER;
230                                 state = STATE_POLICY;
231                         } else {
232                                 log_error("Unexpected token (5) in %s:%u.", path, line);
233                                 return -EINVAL;
234                         }
235
236                         break;
237
238                 case STATE_POLICY_GROUP:
239
240                         if (t == XML_ATTRIBUTE_VALUE) {
241                                 free(policy_group);
242                                 policy_group = name;
243                                 name = NULL;
244                                 policy_category = POLICY_CATEGORY_GROUP;
245                                 state = STATE_POLICY;
246                         } else {
247                                 log_error("Unexpected token (6) at %s:%u.", path, line);
248                                 return -EINVAL;
249                         }
250
251                         break;
252
253                 case STATE_POLICY_OTHER_ATTRIBUTE:
254
255                         if (t == XML_ATTRIBUTE_VALUE)
256                                 state = STATE_POLICY;
257                         else {
258                                 log_error("Unexpected token (7) in %s:%u.", path, line);
259                                 return -EINVAL;
260                         }
261
262                         break;
263
264                 case STATE_ALLOW_DENY:
265
266                         assert(i);
267
268                         if (t == XML_ATTRIBUTE_NAME) {
269                                 PolicyItemClass ic;
270
271                                 if (startswith(name, "send_"))
272                                         ic = POLICY_ITEM_SEND;
273                                 else if (startswith(name, "receive_"))
274                                         ic = POLICY_ITEM_RECV;
275                                 else if (streq(name, "own"))
276                                         ic = POLICY_ITEM_OWN;
277                                 else if (streq(name, "own_prefix"))
278                                         ic = POLICY_ITEM_OWN_PREFIX;
279                                 else if (streq(name, "user"))
280                                         ic = POLICY_ITEM_USER;
281                                 else if (streq(name, "group"))
282                                         ic = POLICY_ITEM_GROUP;
283                                 else if (streq(name, "eavesdrop")) {
284                                         log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line);
285                                         i->class = POLICY_ITEM_IGNORE;
286                                         state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
287                                         break;
288                                 } else {
289                                         log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line);
290                                         state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
291                                         break;
292                                 }
293
294                                 if (i->class != _POLICY_ITEM_CLASS_UNSET && ic != i->class) {
295                                         log_error("send_ and receive_ fields mixed on same tag at %s:%u.", path, line);
296                                         return -EINVAL;
297                                 }
298
299                                 i->class = ic;
300
301                                 if (ic == POLICY_ITEM_SEND || ic == POLICY_ITEM_RECV) {
302                                         const char *u;
303
304                                         u = strchr(name, '_');
305                                         assert(u);
306
307                                         u++;
308
309                                         if (streq(u, "interface"))
310                                                 state = STATE_ALLOW_DENY_INTERFACE;
311                                         else if (streq(u, "member"))
312                                                 state = STATE_ALLOW_DENY_MEMBER;
313                                         else if (streq(u, "error"))
314                                                 state = STATE_ALLOW_DENY_ERROR;
315                                         else if (streq(u, "path"))
316                                                 state = STATE_ALLOW_DENY_PATH;
317                                         else if (streq(u, "type"))
318                                                 state = STATE_ALLOW_DENY_MESSAGE_TYPE;
319                                         else if ((streq(u, "destination") && ic == POLICY_ITEM_SEND) ||
320                                                  (streq(u, "sender") && ic == POLICY_ITEM_RECV))
321                                                 state = STATE_ALLOW_DENY_NAME;
322                                         else {
323                                                 if (streq(u, "requested_reply"))
324                                                         log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line);
325                                                 else
326                                                         log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line);
327                                                 state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
328                                                 break;
329                                         }
330                                 } else
331                                         state = STATE_ALLOW_DENY_NAME;
332
333                         } else if (t == XML_TAG_CLOSE_EMPTY ||
334                                    (t == XML_TAG_CLOSE && streq(name, i->type == POLICY_ITEM_ALLOW ? "allow" : "deny"))) {
335
336                                 if (i->class == _POLICY_ITEM_CLASS_UNSET) {
337                                         log_error("Policy not set at %s:%u.", path, line);
338                                         return -EINVAL;
339                                 }
340
341                                 if (policy_category == POLICY_CATEGORY_DEFAULT)
342                                         item_append(i, &p->default_items);
343                                 else if (policy_category == POLICY_CATEGORY_MANDATORY)
344                                         item_append(i, &p->mandatory_items);
345                                 else if (policy_category == POLICY_CATEGORY_USER) {
346                                         const char *u = policy_user;
347
348                                         assert_cc(sizeof(uid_t) == sizeof(uint32_t));
349
350                                         r = hashmap_ensure_allocated(&p->user_items, NULL);
351                                         if (r < 0)
352                                                 return log_oom();
353
354                                         if (!u) {
355                                                 log_error("User policy without name");
356                                                 return -EINVAL;
357                                         }
358
359                                         r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
360                                         if (r < 0) {
361                                                 log_error("Failed to resolve user %s, ignoring policy: %s", u, strerror(-r));
362                                                 free(i);
363                                         } else {
364                                                 PolicyItem *first;
365
366                                                 first = hashmap_get(p->user_items, UINT32_TO_PTR(i->uid));
367                                                 item_append(i, &first);
368                                                 i->uid_valid = true;
369
370                                                 r = hashmap_replace(p->user_items, UINT32_TO_PTR(i->uid), first);
371                                                 if (r < 0) {
372                                                         LIST_REMOVE(items, first, i);
373                                                         return log_oom();
374                                                 }
375                                         }
376
377                                 } else if (policy_category == POLICY_CATEGORY_GROUP) {
378                                         const char *g = policy_group;
379
380                                         assert_cc(sizeof(gid_t) == sizeof(uint32_t));
381
382                                         r = hashmap_ensure_allocated(&p->group_items, NULL);
383                                         if (r < 0)
384                                                 return log_oom();
385
386                                         if (!g) {
387                                                 log_error("Group policy without name");
388                                                 return -EINVAL;
389                                         }
390
391                                         r = get_group_creds(&g, &i->gid);
392                                         if (r < 0) {
393                                                 log_error("Failed to resolve group %s, ignoring policy: %s", g, strerror(-r));
394                                                 free(i);
395                                         } else {
396                                                 PolicyItem *first;
397
398                                                 first = hashmap_get(p->group_items, UINT32_TO_PTR(i->gid));
399                                                 item_append(i, &first);
400                                                 i->gid_valid = true;
401
402                                                 r = hashmap_replace(p->group_items, UINT32_TO_PTR(i->gid), first);
403                                                 if (r < 0) {
404                                                         LIST_REMOVE(items, first, i);
405                                                         return log_oom();
406                                                 }
407                                         }
408                                 }
409
410                                 state = STATE_POLICY;
411                                 i = NULL;
412
413                         } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
414                                 log_error("Unexpected token (8) at %s:%u.", path, line);
415                                 return -EINVAL;
416                         }
417
418                         break;
419
420                 case STATE_ALLOW_DENY_INTERFACE:
421
422                         if (t == XML_ATTRIBUTE_VALUE) {
423                                 assert(i);
424                                 if (i->interface) {
425                                         log_error("Duplicate interface at %s:%u.", path, line);
426                                         return -EINVAL;
427                                 }
428
429                                 i->interface = name;
430                                 name = NULL;
431                                 state = STATE_ALLOW_DENY;
432                         } else {
433                                 log_error("Unexpected token (9) at %s:%u.", path, line);
434                                 return -EINVAL;
435                         }
436
437                         break;
438
439                 case STATE_ALLOW_DENY_MEMBER:
440
441                         if (t == XML_ATTRIBUTE_VALUE) {
442                                 assert(i);
443                                 if (i->member) {
444                                         log_error("Duplicate member in %s:%u.", path, line);
445                                         return -EINVAL;
446                                 }
447
448                                 i->member = name;
449                                 name = NULL;
450                                 state = STATE_ALLOW_DENY;
451                         } else {
452                                 log_error("Unexpected token (10) in %s:%u.", path, line);
453                                 return -EINVAL;
454                         }
455
456                         break;
457
458                 case STATE_ALLOW_DENY_ERROR:
459
460                         if (t == XML_ATTRIBUTE_VALUE) {
461                                 assert(i);
462                                 if (i->error) {
463                                         log_error("Duplicate error in %s:%u.", path, line);
464                                         return -EINVAL;
465                                 }
466
467                                 i->error = name;
468                                 name = NULL;
469                                 state = STATE_ALLOW_DENY;
470                         } else {
471                                 log_error("Unexpected token (11) in %s:%u.", path, line);
472                                 return -EINVAL;
473                         }
474
475                         break;
476
477                 case STATE_ALLOW_DENY_PATH:
478
479                         if (t == XML_ATTRIBUTE_VALUE) {
480                                 assert(i);
481                                 if (i->path) {
482                                         log_error("Duplicate path in %s:%u.", path, line);
483                                         return -EINVAL;
484                                 }
485
486                                 i->path = name;
487                                 name = NULL;
488                                 state = STATE_ALLOW_DENY;
489                         } else {
490                                 log_error("Unexpected token (12) in %s:%u.", path, line);
491                                 return -EINVAL;
492                         }
493
494                         break;
495
496                 case STATE_ALLOW_DENY_MESSAGE_TYPE:
497
498                         if (t == XML_ATTRIBUTE_VALUE) {
499                                 assert(i);
500
501                                 if (i->message_type != 0) {
502                                         log_error("Duplicate message type in %s:%u.", path, line);
503                                         return -EINVAL;
504                                 }
505
506                                 r = bus_message_type_from_string(name, &i->message_type);
507                                 if (r < 0) {
508                                         log_error("Invalid message type in %s:%u.", path, line);
509                                         return -EINVAL;
510                                 }
511
512                                 state = STATE_ALLOW_DENY;
513                         } else {
514                                 log_error("Unexpected token (13) in %s:%u.", path, line);
515                                 return -EINVAL;
516                         }
517
518                         break;
519
520                 case STATE_ALLOW_DENY_NAME:
521
522                         if (t == XML_ATTRIBUTE_VALUE) {
523                                 assert(i);
524                                 if (i->name) {
525                                         log_error("Duplicate name in %s:%u.", path, line);
526                                         return -EINVAL;
527                                 }
528
529                                 switch (i->class) {
530                                 case POLICY_ITEM_USER:
531                                         if (!streq(name, "*")) {
532                                                 const char *u = name;
533
534                                                 r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
535                                                 if (r < 0)
536                                                         log_error("Failed to resolve user %s: %s", name, strerror(-r));
537                                                 else
538                                                         i->uid_valid = true;
539                                         }
540                                         break;
541                                 case POLICY_ITEM_GROUP:
542                                         if (!streq(name, "*")) {
543                                                 const char *g = name;
544
545                                                 r = get_group_creds(&g, &i->gid);
546                                                 if (r < 0)
547                                                         log_error("Failed to resolve group %s: %s", name, strerror(-r));
548                                                 else
549                                                         i->gid_valid = true;
550                                         }
551                                         break;
552                                 default:
553                                         break;
554                                 }
555
556                                 i->name = name;
557                                 name = NULL;
558
559                                 state = STATE_ALLOW_DENY;
560                         } else {
561                                 log_error("Unexpected token (14) in %s:%u.", path, line);
562                                 return -EINVAL;
563                         }
564
565                         break;
566
567                 case STATE_ALLOW_DENY_OTHER_ATTRIBUTE:
568
569                         if (t == XML_ATTRIBUTE_VALUE)
570                                 state = STATE_ALLOW_DENY;
571                         else {
572                                 log_error("Unexpected token (15) in %s:%u.", path, line);
573                                 return -EINVAL;
574                         }
575
576                         break;
577
578                 case STATE_OTHER:
579
580                         if (t == XML_TAG_OPEN)
581                                 n_other++;
582                         else if (t == XML_TAG_CLOSE || t == XML_TAG_CLOSE_EMPTY) {
583
584                                 if (n_other == 0)
585                                         state = STATE_BUSCONFIG;
586                                 else
587                                         n_other--;
588                         }
589
590                         break;
591                 }
592         }
593 }
594
595 enum {
596         ALLOW,
597         DUNNO,
598         DENY,
599 };
600
601 struct policy_check_filter {
602         int class;
603         const struct ucred *ucred;
604         int message_type;
605         const char *name;
606         const char *interface;
607         const char *path;
608         const char *member;
609 };
610
611 static int is_permissive(PolicyItem *i) {
612
613         assert(i);
614
615         return (i->type == POLICY_ITEM_ALLOW) ? ALLOW : DENY;
616 }
617
618 static int check_policy_item(PolicyItem *i, const struct policy_check_filter *filter) {
619
620         assert(i);
621         assert(filter);
622
623         switch (i->class) {
624         case POLICY_ITEM_SEND:
625         case POLICY_ITEM_RECV:
626
627                 if (i->name && !streq_ptr(i->name, filter->name))
628                         break;
629
630                 if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type))
631                         break;
632
633                 if (i->path && !streq_ptr(i->path, filter->path))
634                         break;
635
636                 if (i->member && !streq_ptr(i->member, filter->member))
637                         break;
638
639                 if (i->interface && !streq_ptr(i->interface, filter->interface))
640                         break;
641
642                 return is_permissive(i);
643
644         case POLICY_ITEM_OWN:
645                 assert(filter->name);
646
647                 if (streq(i->name, "*") || streq(i->name, filter->name))
648                         return is_permissive(i);
649                 break;
650
651         case POLICY_ITEM_OWN_PREFIX:
652                 assert(filter->name);
653
654                 if (streq(i->name, "*") || service_name_startswith(i->name, filter->name))
655                         return is_permissive(i);
656                 break;
657
658         case POLICY_ITEM_USER:
659                 assert(filter->ucred);
660
661                 if ((streq_ptr(i->name, "*") || (i->uid_valid && i->uid == filter->ucred->uid)))
662                         return is_permissive(i);
663                 break;
664
665         case POLICY_ITEM_GROUP:
666                 assert(filter->ucred);
667
668                 if ((streq_ptr(i->name, "*") || (i->gid_valid && i->gid == filter->ucred->gid)))
669                         return is_permissive(i);
670                 break;
671
672         case POLICY_ITEM_IGNORE:
673         default:
674                 break;
675         }
676
677         return DUNNO;
678 }
679
680 static int check_policy_items(PolicyItem *items, const struct policy_check_filter *filter) {
681
682         PolicyItem *i;
683         int r, ret = DUNNO;
684
685         assert(filter);
686
687         /* Check all policies in a set - a broader one might be followed by a more specific one,
688          * and the order of rules in policy definitions matters */
689         LIST_FOREACH(items, i, items) {
690                 if (i->class != filter->class)
691                         continue;
692
693                 r = check_policy_item(i, filter);
694                 if (r != DUNNO)
695                         ret = r;
696         }
697
698         return ret;
699 }
700
701 static int policy_check(Policy *p, const struct policy_check_filter *filter) {
702
703         PolicyItem *items;
704         int r;
705
706         assert(p);
707         assert(filter);
708
709         /*
710          * The policy check is implemented by the following logic:
711          *
712          * 1. Check mandatory items. If the message matches any of these, it is decisive.
713          * 2. See if the passed ucred match against the user/group hashmaps. A matching entry is also decisive.
714          * 3. Consult the defaults if non of the above matched with a more specific rule.
715          * 4. If the message isn't caught be the defaults either, reject it.
716          */
717
718         r = check_policy_items(p->mandatory_items, filter);
719         if (r != DUNNO)
720                 return r;
721
722         if (filter->ucred) {
723                 items = hashmap_get(p->user_items, UINT32_TO_PTR(filter->ucred->uid));
724                 if (items) {
725                         r = check_policy_items(items, filter);
726                         if (r != DUNNO)
727                                 return r;
728                 }
729
730                 items = hashmap_get(p->group_items, UINT32_TO_PTR(filter->ucred->gid));
731                 if (items) {
732                         r = check_policy_items(items, filter);
733                         if (r != DUNNO)
734                                 return r;
735                 }
736         }
737
738         return check_policy_items(p->default_items, filter);
739 }
740
741 bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name) {
742
743         struct policy_check_filter filter = {
744                 .class = POLICY_ITEM_OWN,
745                 .ucred = ucred,
746                 .name  = name,
747         };
748
749         return policy_check(p, &filter) == ALLOW;
750 }
751
752 bool policy_check_hello(Policy *p, const struct ucred *ucred) {
753
754         struct policy_check_filter filter = {
755                 .ucred  = ucred,
756         };
757         int user, group;
758
759         filter.class = POLICY_ITEM_USER;
760         user = policy_check(p, &filter);
761         if (user == DENY)
762                 return false;
763
764         filter.class = POLICY_ITEM_GROUP;
765         group = policy_check(p, &filter);
766         if (group == DENY)
767                 return false;
768
769         return !(user == DUNNO && group == DUNNO);
770 }
771
772 bool policy_check_recv(Policy *p,
773                        const struct ucred *ucred,
774                        int message_type,
775                        const char *name,
776                        const char *path,
777                        const char *interface,
778                        const char *member) {
779
780         struct policy_check_filter filter = {
781                 .class        = POLICY_ITEM_RECV,
782                 .ucred        = ucred,
783                 .message_type = message_type,
784                 .name         = name,
785                 .interface    = interface,
786                 .path         = path,
787                 .member       = member,
788         };
789
790         return policy_check(p, &filter) == ALLOW;
791 }
792
793 bool policy_check_send(Policy *p,
794                        const struct ucred *ucred,
795                        int message_type,
796                        const char *name,
797                        const char *path,
798                        const char *interface,
799                        const char *member) {
800
801         struct policy_check_filter filter = {
802                 .class        = POLICY_ITEM_SEND,
803                 .ucred        = ucred,
804                 .message_type = message_type,
805                 .name         = name,
806                 .interface    = interface,
807                 .path         = path,
808                 .member       = member,
809         };
810
811         return policy_check(p, &filter) == ALLOW;
812 }
813
814 int policy_load(Policy *p, char **files) {
815         char **i;
816         int r;
817
818         assert(p);
819
820         STRV_FOREACH(i, files) {
821
822                 r = file_load(p, *i);
823                 if (r == -EISDIR) {
824                         _cleanup_strv_free_ char **l = NULL;
825                         char **j;
826
827                         r = conf_files_list(&l, ".conf", NULL, *i, NULL);
828                         if (r < 0) {
829                                 log_error("Failed to get configuration file list: %s", strerror(-r));
830                                 return r;
831                         }
832
833                         STRV_FOREACH(j, l)
834                                 file_load(p, *j);
835                 }
836
837                 /* We ignore all errors but EISDIR, and just proceed. */
838         }
839
840         return 0;
841 }
842
843 void policy_free(Policy *p) {
844         PolicyItem *i, *first;
845
846         if (!p)
847                 return;
848
849         while ((i = p->default_items)) {
850                 LIST_REMOVE(items, p->default_items, i);
851                 policy_item_free(i);
852         }
853
854         while ((i = p->mandatory_items)) {
855                 LIST_REMOVE(items, p->mandatory_items, i);
856                 policy_item_free(i);
857         }
858
859         while ((first = hashmap_steal_first(p->user_items))) {
860
861                 while ((i = first)) {
862                         LIST_REMOVE(items, first, i);
863                         policy_item_free(i);
864                 }
865         }
866
867         while ((first = hashmap_steal_first(p->group_items))) {
868
869                 while ((i = first)) {
870                         LIST_REMOVE(items, first, i);
871                         policy_item_free(i);
872                 }
873         }
874
875         hashmap_free(p->user_items);
876         hashmap_free(p->group_items);
877
878         p->user_items = p->group_items = NULL;
879 }
880
881 static void dump_items(PolicyItem *items, const char *prefix) {
882
883         PolicyItem *i;
884
885         if (!items)
886                 return;
887
888         if (!prefix)
889                 prefix = "";
890
891         LIST_FOREACH(items, i, items) {
892
893                 printf("%sType: %s\n"
894                        "%sClass: %s\n",
895                        prefix, policy_item_type_to_string(i->type),
896                        prefix, policy_item_class_to_string(i->class));
897
898                 if (i->interface)
899                         printf("%sInterface: %s\n",
900                                prefix, i->interface);
901
902                 if (i->member)
903                         printf("%sMember: %s\n",
904                                prefix, i->member);
905
906                 if (i->error)
907                         printf("%sError: %s\n",
908                                prefix, i->error);
909
910                 if (i->path)
911                         printf("%sPath: %s\n",
912                                prefix, i->path);
913
914                 if (i->name)
915                         printf("%sName: %s\n",
916                                prefix, i->name);
917
918                 if (i->message_type != 0)
919                         printf("%sMessage Type: %s\n",
920                                prefix, bus_message_type_to_string(i->message_type));
921
922                 if (i->uid_valid) {
923                         _cleanup_free_ char *user;
924
925                         user = uid_to_name(i->uid);
926
927                         printf("%sUser: %s (%d)\n",
928                                prefix, strna(user), i->uid);
929                 }
930
931                 if (i->gid_valid) {
932                         _cleanup_free_ char *group;
933
934                         group = gid_to_name(i->gid);
935
936                         printf("%sGroup: %s (%d)\n",
937                                prefix, strna(group), i->gid);
938                 }
939         }
940 }
941
942 static void dump_hashmap_items(Hashmap *h) {
943         PolicyItem *i;
944         Iterator j;
945         void *k;
946
947         HASHMAP_FOREACH_KEY(i, k, h, j) {
948                 printf("\t%s Item for %u:\n", draw_special_char(DRAW_ARROW), PTR_TO_UINT(k));
949                 dump_items(i, "\t\t");
950         }
951 }
952
953 void policy_dump(Policy *p) {
954
955         printf("%s Default Items:\n", draw_special_char(DRAW_ARROW));
956         dump_items(p->default_items, "\t");
957
958         printf("%s Group Items:\n", draw_special_char(DRAW_ARROW));
959         dump_hashmap_items(p->group_items);
960
961         printf("%s User Items:\n", draw_special_char(DRAW_ARROW));
962         dump_hashmap_items(p->user_items);
963
964         printf("%s Mandatory Items:\n", draw_special_char(DRAW_ARROW));
965         dump_items(p->mandatory_items, "\t");
966 }
967
968 static const char* const policy_item_type_table[_POLICY_ITEM_TYPE_MAX] = {
969         [_POLICY_ITEM_TYPE_UNSET] = "unset",
970         [POLICY_ITEM_ALLOW] = "allow",
971         [POLICY_ITEM_DENY] = "deny",
972 };
973 DEFINE_STRING_TABLE_LOOKUP(policy_item_type, PolicyItemType);
974
975 static const char* const policy_item_class_table[_POLICY_ITEM_CLASS_MAX] = {
976         [_POLICY_ITEM_CLASS_UNSET] = "unset",
977         [POLICY_ITEM_SEND] = "send",
978         [POLICY_ITEM_RECV] = "recv",
979         [POLICY_ITEM_OWN] = "own",
980         [POLICY_ITEM_OWN_PREFIX] = "own-prefix",
981         [POLICY_ITEM_USER] = "user",
982         [POLICY_ITEM_GROUP] = "group",
983         [POLICY_ITEM_IGNORE] = "ignore",
984 };
985 DEFINE_STRING_TABLE_LOOKUP(policy_item_class, PolicyItemClass);