src/bus-proxyd/bus-policy.c

   1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
   2
   3 /***
   4   This file is part of systemd.
   5
   6   Copyright 2013 Lennart Poettering
   7
   8   systemd is free software; you can redistribute it and/or modify it
   9   under the terms of the GNU Lesser General Public License as published by
  10   the Free Software Foundation; either version 2.1 of the License, or
  11   (at your option) any later version.
  12
  13   systemd is distributed in the hope that it will be useful, but
  14   WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  16   Lesser General Public License for more details.
  17
  18   You should have received a copy of the GNU Lesser General Public License
  19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  20 ***/
  21
  22 #include "xml.h"
  23 #include "fileio.h"
  24 #include "strv.h"
  25 #include "conf-files.h"
  26 #include "bus-internal.h"
  27 #include "bus-message.h"
  28 #include "bus-policy.h"
  29
  30 static void policy_item_free(PolicyItem *i) {
  31         assert(i);
  32
  33         free(i->interface);
  34         free(i->member);
  35         free(i->error);
  36         free(i->name);
  37         free(i->path);
  38         free(i);
  39 }
  40
  41 DEFINE_TRIVIAL_CLEANUP_FUNC(PolicyItem*, policy_item_free);
  42
  43 static void item_append(PolicyItem *i, PolicyItem **list) {
  44
  45         PolicyItem *tail;
  46
  47         LIST_FIND_TAIL(items, *list, tail);
  48         LIST_INSERT_AFTER(items, *list, tail, i);
  49 }
  50
  51 static int file_load(Policy *p, const char *path) {
  52
  53         _cleanup_free_ char *c = NULL, *policy_user = NULL, *policy_group = NULL;
  54         _cleanup_(policy_item_freep) PolicyItem *i = NULL;
  55         void *xml_state = NULL;
  56         unsigned n_other = 0;
  57         const char *q;
  58         int r;
  59
  60         enum {
  61                 STATE_OUTSIDE,
  62                 STATE_BUSCONFIG,
  63                 STATE_POLICY,
  64                 STATE_POLICY_CONTEXT,
  65                 STATE_POLICY_USER,
  66                 STATE_POLICY_GROUP,
  67                 STATE_POLICY_OTHER_ATTRIBUTE,
  68                 STATE_ALLOW_DENY,
  69                 STATE_ALLOW_DENY_INTERFACE,
  70                 STATE_ALLOW_DENY_MEMBER,
  71                 STATE_ALLOW_DENY_ERROR,
  72                 STATE_ALLOW_DENY_PATH,
  73                 STATE_ALLOW_DENY_MESSAGE_TYPE,
  74                 STATE_ALLOW_DENY_NAME,
  75                 STATE_ALLOW_DENY_OTHER_ATTRIBUTE,
  76                 STATE_OTHER,
  77         } state = STATE_OUTSIDE;
  78
  79         enum {
  80                 POLICY_CATEGORY_NONE,
  81                 POLICY_CATEGORY_DEFAULT,
  82                 POLICY_CATEGORY_MANDATORY,
  83                 POLICY_CATEGORY_USER,
  84                 POLICY_CATEGORY_GROUP
  85         } policy_category = POLICY_CATEGORY_NONE;
  86
  87         unsigned line = 0;
  88
  89         assert(p);
  90
  91         r = read_full_file(path, &c, NULL);
  92         if (r < 0) {
  93                 if (r == -ENOENT)
  94                         return 0;
  95                 if (r == -EISDIR)
  96                         return r;
  97
  98                 log_error("Failed to load %s: %s", path, strerror(-r));
  99                 return r;
 100         }
 101
 102         q = c;
 103         for (;;) {
 104                 _cleanup_free_ char *name = NULL;
 105                 int t;
 106
 107                 t = xml_tokenize(&q, &name, &xml_state, &line);
 108                 if (t < 0) {
 109                         log_error("XML parse failure in %s: %s", path, strerror(-t));
 110                         return t;
 111                 }
 112
 113                 switch (state) {
 114
 115                 case STATE_OUTSIDE:
 116
 117                         if (t == XML_TAG_OPEN) {
 118                                 if (streq(name, "busconfig"))
 119                                         state = STATE_BUSCONFIG;
 120                                 else {
 121                                         log_error("Unexpected tag %s at %s:%u.", name, path, line);
 122                                         return -EINVAL;
 123                                 }
 124
 125                         } else if (t == XML_END)
 126                                 return 0;
 127                         else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
 128                                 log_error("Unexpected token (1) at %s:%u.", path, line);
 129                                 return -EINVAL;
 130                         }
 131
 132                         break;
 133
 134                 case STATE_BUSCONFIG:
 135
 136                         if (t == XML_TAG_OPEN) {
 137                                 if (streq(name, "policy")) {
 138                                         state = STATE_POLICY;
 139                                         policy_category = POLICY_CATEGORY_NONE;
 140                                         free(policy_user);
 141                                         free(policy_group);
 142                                         policy_user = policy_group = NULL;
 143                                 } else {
 144                                         state = STATE_OTHER;
 145                                         n_other = 0;
 146                                 }
 147                         } else if (t == XML_TAG_CLOSE_EMPTY ||
 148                                    (t == XML_TAG_CLOSE && streq(name, "busconfig")))
 149                                 state = STATE_OUTSIDE;
 150                         else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
 151                                 log_error("Unexpected token (2) at %s:%u.", path, line);
 152                                 return -EINVAL;
 153                         }
 154
 155                         break;
 156
 157                 case STATE_POLICY:
 158
 159                         if (t == XML_ATTRIBUTE_NAME) {
 160                                 if (streq(name, "context"))
 161                                         state = STATE_POLICY_CONTEXT;
 162                                 else if (streq(name, "user"))
 163                                         state = STATE_POLICY_USER;
 164                                 else if (streq(name, "group"))
 165                                         state = STATE_POLICY_GROUP;
 166                                 else {
 167                                         if (streq(name, "at_console"))
 168                                                 log_debug("Attribute %s of <policy> tag unsupported at %s:%u, ignoring.", name, path, line);
 169                                         else
 170                                                 log_warning("Attribute %s of <policy> tag unknown at %s:%u, ignoring.", name, path, line);
 171                                         state = STATE_POLICY_OTHER_ATTRIBUTE;
 172                                 }
 173                         } else if (t == XML_TAG_CLOSE_EMPTY ||
 174                                    (t == XML_TAG_CLOSE && streq(name, "policy")))
 175                                 state = STATE_BUSCONFIG;
 176                         else if (t == XML_TAG_OPEN) {
 177                                 PolicyItemType it;
 178
 179                                 if (streq(name, "allow"))
 180                                         it = POLICY_ITEM_ALLOW;
 181                                 else if (streq(name, "deny"))
 182                                         it = POLICY_ITEM_DENY;
 183                                 else {
 184                                         log_warning("Unknown tag %s in <policy> %s:%u.", name, path, line);
 185                                         return -EINVAL;
 186                                 }
 187
 188                                 assert(!i);
 189                                 i = new0(PolicyItem, 1);
 190                                 if (!i)
 191                                         return log_oom();
 192
 193                                 i->type = it;
 194                                 state = STATE_ALLOW_DENY;
 195
 196                         } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
 197                                 log_error("Unexpected token (3) at %s:%u.", path, line);
 198                                 return -EINVAL;
 199                         }
 200
 201                         break;
 202
 203                 case STATE_POLICY_CONTEXT:
 204
 205                         if (t == XML_ATTRIBUTE_VALUE) {
 206                                 if (streq(name, "default")) {
 207                                         policy_category = POLICY_CATEGORY_DEFAULT;
 208                                         state = STATE_POLICY;
 209                                 } else if (streq(name, "mandatory")) {
 210                                         policy_category = POLICY_CATEGORY_MANDATORY;
 211                                         state = STATE_POLICY;
 212                                 } else {
 213                                         log_error("context= parameter %s unknown for <policy> at %s:%u.", name, path, line);
 214                                         return -EINVAL;
 215                                 }
 216                         } else {
 217                                 log_error("Unexpected token (4) at %s:%u.", path, line);
 218                                 return -EINVAL;
 219                         }
 220
 221                         break;
 222
 223                 case STATE_POLICY_USER:
 224
 225                         if (t == XML_ATTRIBUTE_VALUE) {
 226                                 free(policy_user);
 227                                 policy_user = name;
 228                                 name = NULL;
 229                                 policy_category = POLICY_CATEGORY_USER;
 230                                 state = STATE_POLICY;
 231                         } else {
 232                                 log_error("Unexpected token (5) in %s:%u.", path, line);
 233                                 return -EINVAL;
 234                         }
 235
 236                         break;
 237
 238                 case STATE_POLICY_GROUP:
 239
 240                         if (t == XML_ATTRIBUTE_VALUE) {
 241                                 free(policy_group);
 242                                 policy_group = name;
 243                                 name = NULL;
 244                                 policy_category = POLICY_CATEGORY_GROUP;
 245                                 state = STATE_POLICY;
 246                         } else {
 247                                 log_error("Unexpected token (6) at %s:%u.", path, line);
 248                                 return -EINVAL;
 249                         }
 250
 251                         break;
 252
 253                 case STATE_POLICY_OTHER_ATTRIBUTE:
 254
 255                         if (t == XML_ATTRIBUTE_VALUE)
 256                                 state = STATE_POLICY;
 257                         else {
 258                                 log_error("Unexpected token (7) in %s:%u.", path, line);
 259                                 return -EINVAL;
 260                         }
 261
 262                         break;
 263
 264                 case STATE_ALLOW_DENY:
 265
 266                         assert(i);
 267
 268                         if (t == XML_ATTRIBUTE_NAME) {
 269                                 PolicyItemClass ic;
 270
 271                                 if (startswith(name, "send_"))
 272                                         ic = POLICY_ITEM_SEND;
 273                                 else if (startswith(name, "receive_"))
 274                                         ic = POLICY_ITEM_RECV;
 275                                 else if (streq(name, "own"))
 276                                         ic = POLICY_ITEM_OWN;
 277                                 else if (streq(name, "own_prefix"))
 278                                         ic = POLICY_ITEM_OWN_PREFIX;
 279                                 else if (streq(name, "user"))
 280                                         ic = POLICY_ITEM_USER;
 281                                 else if (streq(name, "group"))
 282                                         ic = POLICY_ITEM_GROUP;
 283                                 else if (streq(name, "eavesdrop")) {
 284                                         log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line);
 285                                         i->class = POLICY_ITEM_IGNORE;
 286                                         state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
 287                                         break;
 288                                 } else {
 289                                         log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line);
 290                                         state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
 291                                         break;
 292                                 }
 293
 294                                 if (i->class != _POLICY_ITEM_CLASS_UNSET && ic != i->class) {
 295                                         log_error("send_ and receive_ fields mixed on same tag at %s:%u.", path, line);
 296                                         return -EINVAL;
 297                                 }
 298
 299                                 i->class = ic;
 300
 301                                 if (ic == POLICY_ITEM_SEND || ic == POLICY_ITEM_RECV) {
 302                                         const char *u;
 303
 304                                         u = strchr(name, '_');
 305                                         assert(u);
 306
 307                                         u++;
 308
 309                                         if (streq(u, "interface"))
 310                                                 state = STATE_ALLOW_DENY_INTERFACE;
 311                                         else if (streq(u, "member"))
 312                                                 state = STATE_ALLOW_DENY_MEMBER;
 313                                         else if (streq(u, "error"))
 314                                                 state = STATE_ALLOW_DENY_ERROR;
 315                                         else if (streq(u, "path"))
 316                                                 state = STATE_ALLOW_DENY_PATH;
 317                                         else if (streq(u, "type"))
 318                                                 state = STATE_ALLOW_DENY_MESSAGE_TYPE;
 319                                         else if ((streq(u, "destination") && ic == POLICY_ITEM_SEND) ||
 320                                                  (streq(u, "sender") && ic == POLICY_ITEM_RECV))
 321                                                 state = STATE_ALLOW_DENY_NAME;
 322                                         else {
 323                                                 if (streq(u, "requested_reply"))
 324                                                         log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line);
 325                                                 else
 326                                                         log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line);
 327                                                 state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
 328                                                 break;
 329                                         }
 330                                 } else
 331                                         state = STATE_ALLOW_DENY_NAME;
 332
 333                         } else if (t == XML_TAG_CLOSE_EMPTY ||
 334                                    (t == XML_TAG_CLOSE && streq(name, i->type == POLICY_ITEM_ALLOW ? "allow" : "deny"))) {
 335
 336                                 if (i->class == _POLICY_ITEM_CLASS_UNSET) {
 337                                         log_error("Policy not set at %s:%u.", path, line);
 338                                         return -EINVAL;
 339                                 }
 340
 341                                 if (policy_category == POLICY_CATEGORY_DEFAULT)
 342                                         item_append(i, &p->default_items);
 343                                 else if (policy_category == POLICY_CATEGORY_MANDATORY)
 344                                         item_append(i, &p->mandatory_items);
 345                                 else if (policy_category == POLICY_CATEGORY_USER) {
 346                                         const char *u = policy_user;
 347
 348                                         assert_cc(sizeof(uid_t) == sizeof(uint32_t));
 349
 350                                         r = hashmap_ensure_allocated(&p->user_items, NULL);
 351                                         if (r < 0)
 352                                                 return log_oom();
 353
 354                                         if (!u) {
 355                                                 log_error("User policy without name");
 356                                                 return -EINVAL;
 357                                         }
 358
 359                                         r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
 360                                         if (r < 0) {
 361                                                 log_error("Failed to resolve user %s, ignoring policy: %s", u, strerror(-r));
 362                                                 free(i);
 363                                         } else {
 364                                                 PolicyItem *first;
 365
 366                                                 first = hashmap_get(p->user_items, UINT32_TO_PTR(i->uid));
 367                                                 item_append(i, &first);
 368                                                 i->uid_valid = true;
 369
 370                                                 r = hashmap_replace(p->user_items, UINT32_TO_PTR(i->uid), first);
 371                                                 if (r < 0) {
 372                                                         LIST_REMOVE(items, first, i);
 373                                                         return log_oom();
 374                                                 }
 375                                         }
 376
 377                                 } else if (policy_category == POLICY_CATEGORY_GROUP) {
 378                                         const char *g = policy_group;
 379
 380                                         assert_cc(sizeof(gid_t) == sizeof(uint32_t));
 381
 382                                         r = hashmap_ensure_allocated(&p->group_items, NULL);
 383                                         if (r < 0)
 384                                                 return log_oom();
 385
 386                                         if (!g) {
 387                                                 log_error("Group policy without name");
 388                                                 return -EINVAL;
 389                                         }
 390
 391                                         r = get_group_creds(&g, &i->gid);
 392                                         if (r < 0) {
 393                                                 log_error("Failed to resolve group %s, ignoring policy: %s", g, strerror(-r));
 394                                                 free(i);
 395                                         } else {
 396                                                 PolicyItem *first;
 397
 398                                                 first = hashmap_get(p->group_items, UINT32_TO_PTR(i->gid));
 399                                                 item_append(i, &first);
 400                                                 i->gid_valid = true;
 401
 402                                                 r = hashmap_replace(p->group_items, UINT32_TO_PTR(i->gid), first);
 403                                                 if (r < 0) {
 404                                                         LIST_REMOVE(items, first, i);
 405                                                         return log_oom();
 406                                                 }
 407                                         }
 408                                 }
 409
 410                                 state = STATE_POLICY;
 411                                 i = NULL;
 412
 413                         } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
 414                                 log_error("Unexpected token (8) at %s:%u.", path, line);
 415                                 return -EINVAL;
 416                         }
 417
 418                         break;
 419
 420                 case STATE_ALLOW_DENY_INTERFACE:
 421
 422                         if (t == XML_ATTRIBUTE_VALUE) {
 423                                 assert(i);
 424                                 if (i->interface) {
 425                                         log_error("Duplicate interface at %s:%u.", path, line);
 426                                         return -EINVAL;
 427                                 }
 428
 429                                 i->interface = name;
 430                                 name = NULL;
 431                                 state = STATE_ALLOW_DENY;
 432                         } else {
 433                                 log_error("Unexpected token (9) at %s:%u.", path, line);
 434                                 return -EINVAL;
 435                         }
 436
 437                         break;
 438
 439                 case STATE_ALLOW_DENY_MEMBER:
 440
 441                         if (t == XML_ATTRIBUTE_VALUE) {
 442                                 assert(i);
 443                                 if (i->member) {
 444                                         log_error("Duplicate member in %s:%u.", path, line);
 445                                         return -EINVAL;
 446                                 }
 447
 448                                 i->member = name;
 449                                 name = NULL;
 450                                 state = STATE_ALLOW_DENY;
 451                         } else {
 452                                 log_error("Unexpected token (10) in %s:%u.", path, line);
 453                                 return -EINVAL;
 454                         }
 455
 456                         break;
 457
 458                 case STATE_ALLOW_DENY_ERROR:
 459
 460                         if (t == XML_ATTRIBUTE_VALUE) {
 461                                 assert(i);
 462                                 if (i->error) {
 463                                         log_error("Duplicate error in %s:%u.", path, line);
 464                                         return -EINVAL;
 465                                 }
 466
 467                                 i->error = name;
 468                                 name = NULL;
 469                                 state = STATE_ALLOW_DENY;
 470                         } else {
 471                                 log_error("Unexpected token (11) in %s:%u.", path, line);
 472                                 return -EINVAL;
 473                         }
 474
 475                         break;
 476
 477                 case STATE_ALLOW_DENY_PATH:
 478
 479                         if (t == XML_ATTRIBUTE_VALUE) {
 480                                 assert(i);
 481                                 if (i->path) {
 482                                         log_error("Duplicate path in %s:%u.", path, line);
 483                                         return -EINVAL;
 484                                 }
 485
 486                                 i->path = name;
 487                                 name = NULL;
 488                                 state = STATE_ALLOW_DENY;
 489                         } else {
 490                                 log_error("Unexpected token (12) in %s:%u.", path, line);
 491                                 return -EINVAL;
 492                         }
 493
 494                         break;
 495
 496                 case STATE_ALLOW_DENY_MESSAGE_TYPE:
 497
 498                         if (t == XML_ATTRIBUTE_VALUE) {
 499                                 assert(i);
 500
 501                                 if (i->message_type != 0) {
 502                                         log_error("Duplicate message type in %s:%u.", path, line);
 503                                         return -EINVAL;
 504                                 }
 505
 506                                 r = bus_message_type_from_string(name, &i->message_type);
 507                                 if (r < 0) {
 508                                         log_error("Invalid message type in %s:%u.", path, line);
 509                                         return -EINVAL;
 510                                 }
 511
 512                                 state = STATE_ALLOW_DENY;
 513                         } else {
 514                                 log_error("Unexpected token (13) in %s:%u.", path, line);
 515                                 return -EINVAL;
 516                         }
 517
 518                         break;
 519
 520                 case STATE_ALLOW_DENY_NAME:
 521
 522                         if (t == XML_ATTRIBUTE_VALUE) {
 523                                 assert(i);
 524                                 if (i->name) {
 525                                         log_error("Duplicate name in %s:%u.", path, line);
 526                                         return -EINVAL;
 527                                 }
 528
 529                                 switch (i->class) {
 530                                 case POLICY_ITEM_USER:
 531                                         if (!streq(name, "*")) {
 532                                                 const char *u = name;
 533
 534                                                 r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
 535                                                 if (r < 0)
 536                                                         log_error("Failed to resolve user %s: %s", name, strerror(-r));
 537                                                 else
 538                                                         i->uid_valid = true;
 539                                         }
 540                                         break;
 541                                 case POLICY_ITEM_GROUP:
 542                                         if (!streq(name, "*")) {
 543                                                 const char *g = name;
 544
 545                                                 r = get_group_creds(&g, &i->gid);
 546                                                 if (r < 0)
 547                                                         log_error("Failed to resolve group %s: %s", name, strerror(-r));
 548                                                 else
 549                                                         i->gid_valid = true;
 550                                         }
 551                                         break;
 552                                 default:
 553                                         break;
 554                                 }
 555
 556                                 i->name = name;
 557                                 name = NULL;
 558
 559                                 state = STATE_ALLOW_DENY;
 560                         } else {
 561                                 log_error("Unexpected token (14) in %s:%u.", path, line);
 562                                 return -EINVAL;
 563                         }
 564
 565                         break;
 566
 567                 case STATE_ALLOW_DENY_OTHER_ATTRIBUTE:
 568
 569                         if (t == XML_ATTRIBUTE_VALUE)
 570                                 state = STATE_ALLOW_DENY;
 571                         else {
 572                                 log_error("Unexpected token (15) in %s:%u.", path, line);
 573                                 return -EINVAL;
 574                         }
 575
 576                         break;
 577
 578                 case STATE_OTHER:
 579
 580                         if (t == XML_TAG_OPEN)
 581                                 n_other++;
 582                         else if (t == XML_TAG_CLOSE || t == XML_TAG_CLOSE_EMPTY) {
 583
 584                                 if (n_other == 0)
 585                                         state = STATE_BUSCONFIG;
 586                                 else
 587                                         n_other--;
 588                         }
 589
 590                         break;
 591                 }
 592         }
 593 }
 594
 595 enum {
 596         ALLOW,
 597         DUNNO,
 598         DENY,
 599 };
 600
 601 struct policy_check_filter {
 602         PolicyItemClass class;
 603         const struct ucred *ucred;
 604         int message_type;
 605         const char *name;
 606         const char *interface;
 607         const char *path;
 608         const char *member;
 609 };
 610
 611 static int is_permissive(PolicyItem *i) {
 612
 613         assert(i);
 614
 615         return (i->type == POLICY_ITEM_ALLOW) ? ALLOW : DENY;
 616 }
 617
 618 static int check_policy_item(PolicyItem *i, const struct policy_check_filter *filter) {
 619
 620         assert(i);
 621         assert(filter);
 622
 623         switch (i->class) {
 624         case POLICY_ITEM_SEND:
 625         case POLICY_ITEM_RECV:
 626
 627                 if (i->name && !streq_ptr(i->name, filter->name))
 628                         break;
 629
 630                 if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type))
 631                         break;
 632
 633                 if (i->path && !streq_ptr(i->path, filter->path))
 634                         break;
 635
 636                 if (i->member && !streq_ptr(i->member, filter->member))
 637                         break;
 638
 639                 if (i->interface && !streq_ptr(i->interface, filter->interface))
 640                         break;
 641
 642                 return is_permissive(i);
 643
 644         case POLICY_ITEM_OWN:
 645                 assert(filter->name);
 646
 647                 if (streq(i->name, "*") || streq(i->name, filter->name))
 648                         return is_permissive(i);
 649                 break;
 650
 651         case POLICY_ITEM_OWN_PREFIX:
 652                 assert(filter->name);
 653
 654                 if (streq(i->name, "*") || service_name_startswith(filter->name, i->name))
 655                         return is_permissive(i);
 656                 break;
 657
 658         case POLICY_ITEM_USER:
 659                 assert(filter->ucred);
 660
 661                 if ((streq_ptr(i->name, "*") || (i->uid_valid && i->uid == filter->ucred->uid)))
 662                         return is_permissive(i);
 663                 break;
 664
 665         case POLICY_ITEM_GROUP:
 666                 assert(filter->ucred);
 667
 668                 if ((streq_ptr(i->name, "*") || (i->gid_valid && i->gid == filter->ucred->gid)))
 669                         return is_permissive(i);
 670                 break;
 671
 672         case POLICY_ITEM_IGNORE:
 673         default:
 674                 break;
 675         }
 676
 677         return DUNNO;
 678 }
 679
 680 static int check_policy_items(PolicyItem *items, const struct policy_check_filter *filter) {
 681
 682         PolicyItem *i;
 683         int r, ret = DUNNO;
 684
 685         assert(filter);
 686
 687         /* Check all policies in a set - a broader one might be followed by a more specific one,
 688          * and the order of rules in policy definitions matters */
 689         LIST_FOREACH(items, i, items) {
 690                 if (i->class != filter->class &&
 691                     IN_SET(i->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX) != IN_SET(filter->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX))
 692                         continue;
 693
 694                 r = check_policy_item(i, filter);
 695                 if (r != DUNNO)
 696                         ret = r;
 697         }
 698
 699         return ret;
 700 }
 701
 702 static int policy_check(Policy *p, const struct policy_check_filter *filter) {
 703
 704         PolicyItem *items;
 705         int r;
 706
 707         assert(p);
 708         assert(filter);
 709
 710         /*
 711          * The policy check is implemented by the following logic:
 712          *
 713          * 1. Check mandatory items. If the message matches any of these, it is decisive.
 714          * 2. See if the passed ucred match against the user/group hashmaps. A matching entry is also decisive.
 715          * 3. Consult the defaults if non of the above matched with a more specific rule.
 716          * 4. If the message isn't caught be the defaults either, reject it.
 717          */
 718
 719         r = check_policy_items(p->mandatory_items, filter);
 720         if (r != DUNNO)
 721                 return r;
 722
 723         if (filter->ucred) {
 724                 items = hashmap_get(p->user_items, UINT32_TO_PTR(filter->ucred->uid));
 725                 if (items) {
 726                         r = check_policy_items(items, filter);
 727                         if (r != DUNNO)
 728                                 return r;
 729                 }
 730
 731                 items = hashmap_get(p->group_items, UINT32_TO_PTR(filter->ucred->gid));
 732                 if (items) {
 733                         r = check_policy_items(items, filter);
 734                         if (r != DUNNO)
 735                                 return r;
 736                 }
 737         }
 738
 739         return check_policy_items(p->default_items, filter);
 740 }
 741
 742 bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name) {
 743
 744         struct policy_check_filter filter = {
 745                 .class = POLICY_ITEM_OWN,
 746                 .ucred = ucred,
 747                 .name  = name,
 748         };
 749
 750         return policy_check(p, &filter) == ALLOW;
 751 }
 752
 753 bool policy_check_hello(Policy *p, const struct ucred *ucred) {
 754
 755         struct policy_check_filter filter = {
 756                 .ucred  = ucred,
 757         };
 758         int user, group;
 759
 760         filter.class = POLICY_ITEM_USER;
 761         user = policy_check(p, &filter);
 762         if (user == DENY)
 763                 return false;
 764
 765         filter.class = POLICY_ITEM_GROUP;
 766         group = policy_check(p, &filter);
 767         if (group == DENY)
 768                 return false;
 769
 770         return !(user == DUNNO && group == DUNNO);
 771 }
 772
 773 bool policy_check_recv(Policy *p,
 774                        const struct ucred *ucred,
 775                        int message_type,
 776                        const char *name,
 777                        const char *path,
 778                        const char *interface,
 779                        const char *member) {
 780
 781         struct policy_check_filter filter = {
 782                 .class        = POLICY_ITEM_RECV,
 783                 .ucred        = ucred,
 784                 .message_type = message_type,
 785                 .name         = name,
 786                 .interface    = interface,
 787                 .path         = path,
 788                 .member       = member,
 789         };
 790
 791         return policy_check(p, &filter) == ALLOW;
 792 }
 793
 794 bool policy_check_send(Policy *p,
 795                        const struct ucred *ucred,
 796                        int message_type,
 797                        const char *name,
 798                        const char *path,
 799                        const char *interface,
 800                        const char *member) {
 801
 802         struct policy_check_filter filter = {
 803                 .class        = POLICY_ITEM_SEND,
 804                 .ucred        = ucred,
 805                 .message_type = message_type,
 806                 .name         = name,
 807                 .interface    = interface,
 808                 .path         = path,
 809                 .member       = member,
 810         };
 811
 812         return policy_check(p, &filter) == ALLOW;
 813 }
 814
 815 int policy_load(Policy *p, char **files) {
 816         char **i;
 817         int r;
 818
 819         assert(p);
 820
 821         STRV_FOREACH(i, files) {
 822
 823                 r = file_load(p, *i);
 824                 if (r == -EISDIR) {
 825                         _cleanup_strv_free_ char **l = NULL;
 826                         char **j;
 827
 828                         r = conf_files_list(&l, ".conf", NULL, *i, NULL);
 829                         if (r < 0) {
 830                                 log_error("Failed to get configuration file list: %s", strerror(-r));
 831                                 return r;
 832                         }
 833
 834                         STRV_FOREACH(j, l)
 835                                 file_load(p, *j);
 836                 }
 837
 838                 /* We ignore all errors but EISDIR, and just proceed. */
 839         }
 840
 841         return 0;
 842 }
 843
 844 void policy_free(Policy *p) {
 845         PolicyItem *i, *first;
 846
 847         if (!p)
 848                 return;
 849
 850         while ((i = p->default_items)) {
 851                 LIST_REMOVE(items, p->default_items, i);
 852                 policy_item_free(i);
 853         }
 854
 855         while ((i = p->mandatory_items)) {
 856                 LIST_REMOVE(items, p->mandatory_items, i);
 857                 policy_item_free(i);
 858         }
 859
 860         while ((first = hashmap_steal_first(p->user_items))) {
 861
 862                 while ((i = first)) {
 863                         LIST_REMOVE(items, first, i);
 864                         policy_item_free(i);
 865                 }
 866         }
 867
 868         while ((first = hashmap_steal_first(p->group_items))) {
 869
 870                 while ((i = first)) {
 871                         LIST_REMOVE(items, first, i);
 872                         policy_item_free(i);
 873                 }
 874         }
 875
 876         hashmap_free(p->user_items);
 877         hashmap_free(p->group_items);
 878
 879         p->user_items = p->group_items = NULL;
 880 }
 881
 882 static void dump_items(PolicyItem *items, const char *prefix) {
 883
 884         PolicyItem *i;
 885
 886         if (!items)
 887                 return;
 888
 889         if (!prefix)
 890                 prefix = "";
 891
 892         LIST_FOREACH(items, i, items) {
 893
 894                 printf("%sType: %s\n"
 895                        "%sClass: %s\n",
 896                        prefix, policy_item_type_to_string(i->type),
 897                        prefix, policy_item_class_to_string(i->class));
 898
 899                 if (i->interface)
 900                         printf("%sInterface: %s\n",
 901                                prefix, i->interface);
 902
 903                 if (i->member)
 904                         printf("%sMember: %s\n",
 905                                prefix, i->member);
 906
 907                 if (i->error)
 908                         printf("%sError: %s\n",
 909                                prefix, i->error);
 910
 911                 if (i->path)
 912                         printf("%sPath: %s\n",
 913                                prefix, i->path);
 914
 915                 if (i->name)
 916                         printf("%sName: %s\n",
 917                                prefix, i->name);
 918
 919                 if (i->message_type != 0)
 920                         printf("%sMessage Type: %s\n",
 921                                prefix, bus_message_type_to_string(i->message_type));
 922
 923                 if (i->uid_valid) {
 924                         _cleanup_free_ char *user;
 925
 926                         user = uid_to_name(i->uid);
 927
 928                         printf("%sUser: %s (%d)\n",
 929                                prefix, strna(user), i->uid);
 930                 }
 931
 932                 if (i->gid_valid) {
 933                         _cleanup_free_ char *group;
 934
 935                         group = gid_to_name(i->gid);
 936
 937                         printf("%sGroup: %s (%d)\n",
 938                                prefix, strna(group), i->gid);
 939                 }
 940         }
 941 }
 942
 943 static void dump_hashmap_items(Hashmap *h) {
 944         PolicyItem *i;
 945         Iterator j;
 946         void *k;
 947
 948         HASHMAP_FOREACH_KEY(i, k, h, j) {
 949                 printf("\t%s Item for %u:\n", draw_special_char(DRAW_ARROW), PTR_TO_UINT(k));
 950                 dump_items(i, "\t\t");
 951         }
 952 }
 953
 954 void policy_dump(Policy *p) {
 955
 956         printf("%s Default Items:\n", draw_special_char(DRAW_ARROW));
 957         dump_items(p->default_items, "\t");
 958
 959         printf("%s Group Items:\n", draw_special_char(DRAW_ARROW));
 960         dump_hashmap_items(p->group_items);
 961
 962         printf("%s User Items:\n", draw_special_char(DRAW_ARROW));
 963         dump_hashmap_items(p->user_items);
 964
 965         printf("%s Mandatory Items:\n", draw_special_char(DRAW_ARROW));
 966         dump_items(p->mandatory_items, "\t");
 967 }
 968
 969 static const char* const policy_item_type_table[_POLICY_ITEM_TYPE_MAX] = {
 970         [_POLICY_ITEM_TYPE_UNSET] = "unset",
 971         [POLICY_ITEM_ALLOW] = "allow",
 972         [POLICY_ITEM_DENY] = "deny",
 973 };
 974 DEFINE_STRING_TABLE_LOOKUP(policy_item_type, PolicyItemType);
 975
 976 static const char* const policy_item_class_table[_POLICY_ITEM_CLASS_MAX] = {
 977         [_POLICY_ITEM_CLASS_UNSET] = "unset",
 978         [POLICY_ITEM_SEND] = "send",
 979         [POLICY_ITEM_RECV] = "recv",
 980         [POLICY_ITEM_OWN] = "own",
 981         [POLICY_ITEM_OWN_PREFIX] = "own-prefix",
 982         [POLICY_ITEM_USER] = "user",
 983         [POLICY_ITEM_GROUP] = "group",
 984         [POLICY_ITEM_IGNORE] = "ignore",
 985 };
 986 DEFINE_STRING_TABLE_LOOKUP(policy_item_class, PolicyItemClass);