ic = POLICY_ITEM_GROUP;
else if (streq(name, "eavesdrop")) {
log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line);
- i->class = POLICY_ITEM_IGNORE;
state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
break;
} else {
}
if (i->class != _POLICY_ITEM_CLASS_UNSET && ic != i->class) {
- log_error("send_ and receive_ fields mixed on same tag at %s:%u.", path, line);
+ log_error("send_, receive_/eavesdrop fields mixed on same tag at %s:%u.", path, line);
return -EINVAL;
}
} else if (t == XML_TAG_CLOSE_EMPTY ||
(t == XML_TAG_CLOSE && streq(name, i->type == POLICY_ITEM_ALLOW ? "allow" : "deny"))) {
- if (i->class == _POLICY_ITEM_CLASS_UNSET) {
- log_error("Policy not set at %s:%u.", path, line);
- return -EINVAL;
- }
+ /* If the tag is fully empty so far, we consider it a recv */
+ if (i->class == _POLICY_ITEM_CLASS_UNSET)
+ i->class = POLICY_ITEM_RECV;
if (policy_category == POLICY_CATEGORY_DEFAULT)
item_append(i, &p->default_items);
return -EINVAL;
}
- i->interface = name;
- name = NULL;
+ if (!streq(name, "*")) {
+ i->interface = name;
+ name = NULL;
+ }
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (9) at %s:%u.", path, line);
return -EINVAL;
}
- i->member = name;
- name = NULL;
+ if (!streq(name, "*")) {
+ i->member = name;
+ name = NULL;
+ }
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (10) in %s:%u.", path, line);
return -EINVAL;
}
- i->error = name;
- name = NULL;
+ if (!streq(name, "*")) {
+ i->error = name;
+ name = NULL;
+ }
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (11) in %s:%u.", path, line);
return -EINVAL;
}
- i->path = name;
- name = NULL;
+ if (!streq(name, "*")) {
+ i->path = name;
+ name = NULL;
+ }
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (12) in %s:%u.", path, line);
return -EINVAL;
}
- r = bus_message_type_from_string(name, &i->message_type);
- if (r < 0) {
- log_error("Invalid message type in %s:%u.", path, line);
- return -EINVAL;
+ if (!streq(name, "*")) {
+ r = bus_message_type_from_string(name, &i->message_type);
+ if (r < 0) {
+ log_error("Invalid message type in %s:%u.", path, line);
+ return -EINVAL;
+ }
}
state = STATE_ALLOW_DENY;
i->gid_valid = true;
}
break;
+
+ case POLICY_ITEM_SEND:
+ case POLICY_ITEM_RECV:
+
+ if (streq(name, "*")) {
+ free(name);
+ name = NULL;
+ }
+ break;
+
+
default:
break;
}