chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
bus-policy: actually test messages against the newly added test.conf
[elogind.git] / src / bus-proxyd / bus-policy.c
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index 625f5ddaeee6648bd207d2026772afa26b55ff5b..d543bf9af42700998f9e9006b2444a55ea10edc3 100644 (file)
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -599,7 +599,7 @@ enum {
 };
 
 struct policy_check_filter {
-        int class;
+        PolicyItemClass class;
         const struct ucred *ucred;
         int message_type;
         const char *name;
@@ -627,7 +627,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
                 if (i->name && !streq_ptr(i->name, filter->name))
                         break;
 
-                if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type))
+                if ((i->message_type != 0) && (i->message_type != filter->message_type))
                         break;
 
                 if (i->path && !streq_ptr(i->path, filter->path))
@@ -651,7 +651,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
         case POLICY_ITEM_OWN_PREFIX:
                 assert(filter->name);
 
-                if (streq(i->name, "*") || startswith(i->name, filter->name))
+                if (streq(i->name, "*") || service_name_startswith(filter->name, i->name))
                         return is_permissive(i);
                 break;
 
@@ -687,7 +687,8 @@ static int check_policy_items(PolicyItem *items, const struct policy_check_filte
         /* Check all policies in a set - a broader one might be followed by a more specific one,
          * and the order of rules in policy definitions matters */
         LIST_FOREACH(items, i, items) {
-                if (i->class != filter->class)
+                if (i->class != filter->class &&
+                    !(i->class == POLICY_ITEM_OWN_PREFIX && filter->class == POLICY_ITEM_OWN))
                         continue;
 
                 r = check_policy_item(i, filter);
@@ -706,6 +707,8 @@ static int policy_check(Policy *p, const struct policy_check_filter *filter) {
         assert(p);
         assert(filter);
 
+        assert(IN_SET(filter->class, POLICY_ITEM_SEND, POLICY_ITEM_RECV, POLICY_ITEM_OWN, POLICY_ITEM_USER, POLICY_ITEM_GROUP));
+
         /*
          * The policy check is implemented by the following logic:
          *
Unnamed repository; edit this file 'description' to name the repository.