return -EINVAL;
}
- i->interface = name;
- name = NULL;
+ if (!streq(name, "*")) {
+ i->interface = name;
+ name = NULL;
+ }
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (9) at %s:%u.", path, line);
return -EINVAL;
}
- i->member = name;
- name = NULL;
+ if (!streq(name, "*")) {
+ i->member = name;
+ name = NULL;
+ }
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (10) in %s:%u.", path, line);
return -EINVAL;
}
- i->error = name;
- name = NULL;
+ if (!streq(name, "*")) {
+ i->error = name;
+ name = NULL;
+ }
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (11) in %s:%u.", path, line);
return -EINVAL;
}
- i->path = name;
- name = NULL;
+ if (!streq(name, "*")) {
+ i->path = name;
+ name = NULL;
+ }
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (12) in %s:%u.", path, line);
return -EINVAL;
}
- r = bus_message_type_from_string(name, &i->message_type);
- if (r < 0) {
- log_error("Invalid message type in %s:%u.", path, line);
- return -EINVAL;
+ if (!streq(name, "*")) {
+ r = bus_message_type_from_string(name, &i->message_type);
+ if (r < 0) {
+ log_error("Invalid message type in %s:%u.", path, line);
+ return -EINVAL;
+ }
}
state = STATE_ALLOW_DENY;
i->gid_valid = true;
}
break;
+
+ case POLICY_ITEM_SEND:
+ case POLICY_ITEM_RECV:
+
+ if (streq(name, "*")) {
+ free(name);
+ name = NULL;
+ }
+ break;
+
+
default:
break;
}
const char *name,
const char *path,
const char *interface,
- const char *member) {
+ const char *member,
+ bool dbus_to_kernel) {
struct policy_check_filter filter = {
.class = POLICY_ITEM_RECV,
verdict = policy_check(p, &filter);
log_full(LOG_AUTH | (verdict != ALLOW ? LOG_WARNING : LOG_DEBUG),
- "Receive permission check for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s interface=%s path=%s member=%s: %s",
- uid, gid, bus_message_type_to_string(message_type), strna(name), strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
+ "Receive permission check %s for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s path=%s interface=%s member=%s: %s",
+ dbus_to_kernel ? "dbus-1 to kernel" : "kernel to dbus-1", uid, gid, bus_message_type_to_string(message_type), strna(name),
+ strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
return verdict == ALLOW;
}
const char *name,
const char *path,
const char *interface,
- const char *member) {
+ const char *member,
+ bool dbus_to_kernel) {
struct policy_check_filter filter = {
.class = POLICY_ITEM_SEND,
verdict = policy_check(p, &filter);
log_full(LOG_AUTH | (verdict != ALLOW ? LOG_WARNING : LOG_DEBUG),
- "Send permission check for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s interface=%s path=%s member=%s: %s",
- uid, gid, bus_message_type_to_string(message_type), strna(name), strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
+ "Send permission check %s for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s path=%s interface=%s member=%s: %s",
+ dbus_to_kernel ? "dbus-1 to kernel" : "kernel to dbus-1", uid, gid, bus_message_type_to_string(message_type), strna(name),
+ strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
return verdict == ALLOW;
}
printf("%s Mandatory Items:\n", draw_special_char(DRAW_ARROW));
dump_items(p->mandatory_items, "\t");
+
+ fflush(stdout);
}
static const char* const policy_item_type_table[_POLICY_ITEM_TYPE_MAX] = {
~ianmdlvl / elogind.git / blobdiff