X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fbus-proxyd%2Fbus-xml-policy.c;h=119c731947f06fe4f0e74a93ec18e1c8d4bfc2a9;hp=cf39c52546d68c9c2fbb026f31f83301cffd5d06;hb=585b46db6baedf61aa94bf8fe9322a97bd06013d;hpb=f131770b1465fbf423881f16ba85523a05f846fe diff --git a/src/bus-proxyd/bus-xml-policy.c b/src/bus-proxyd/bus-xml-policy.c index cf39c5254..119c73194 100644 --- a/src/bus-proxyd/bus-xml-policy.c +++ b/src/bus-proxyd/bus-xml-policy.c @@ -279,7 +279,6 @@ static int file_load(Policy *p, const char *path) { ic = POLICY_ITEM_GROUP; else if (streq(name, "eavesdrop")) { log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line); - i->class = POLICY_ITEM_IGNORE; state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE; break; } else { @@ -289,7 +288,7 @@ static int file_load(Policy *p, const char *path) { } if (i->class != _POLICY_ITEM_CLASS_UNSET && ic != i->class) { - log_error("send_ and receive_ fields mixed on same tag at %s:%u.", path, line); + log_error("send_, receive_/eavesdrop fields mixed on same tag at %s:%u.", path, line); return -EINVAL; } @@ -330,10 +329,9 @@ static int file_load(Policy *p, const char *path) { } else if (t == XML_TAG_CLOSE_EMPTY || (t == XML_TAG_CLOSE && streq(name, i->type == POLICY_ITEM_ALLOW ? "allow" : "deny"))) { - if (i->class == _POLICY_ITEM_CLASS_UNSET) { - log_error("Policy not set at %s:%u.", path, line); - return -EINVAL; - } + /* If the tag is fully empty so far, we consider it a recv */ + if (i->class == _POLICY_ITEM_CLASS_UNSET) + i->class = POLICY_ITEM_RECV; if (policy_category == POLICY_CATEGORY_DEFAULT) item_append(i, &p->default_items); @@ -423,8 +421,10 @@ static int file_load(Policy *p, const char *path) { return -EINVAL; } - i->interface = name; - name = NULL; + if (!streq(name, "*")) { + i->interface = name; + name = NULL; + } state = STATE_ALLOW_DENY; } else { log_error("Unexpected token (9) at %s:%u.", path, line); @@ -442,8 +442,10 @@ static int file_load(Policy *p, const char *path) { return -EINVAL; } - i->member = name; - name = NULL; + if (!streq(name, "*")) { + i->member = name; + name = NULL; + } state = STATE_ALLOW_DENY; } else { log_error("Unexpected token (10) in %s:%u.", path, line); @@ -461,8 +463,10 @@ static int file_load(Policy *p, const char *path) { return -EINVAL; } - i->error = name; - name = NULL; + if (!streq(name, "*")) { + i->error = name; + name = NULL; + } state = STATE_ALLOW_DENY; } else { log_error("Unexpected token (11) in %s:%u.", path, line); @@ -480,8 +484,10 @@ static int file_load(Policy *p, const char *path) { return -EINVAL; } - i->path = name; - name = NULL; + if (!streq(name, "*")) { + i->path = name; + name = NULL; + } state = STATE_ALLOW_DENY; } else { log_error("Unexpected token (12) in %s:%u.", path, line); @@ -500,10 +506,12 @@ static int file_load(Policy *p, const char *path) { return -EINVAL; } - r = bus_message_type_from_string(name, &i->message_type); - if (r < 0) { - log_error("Invalid message type in %s:%u.", path, line); - return -EINVAL; + if (!streq(name, "*")) { + r = bus_message_type_from_string(name, &i->message_type); + if (r < 0) { + log_error("Invalid message type in %s:%u.", path, line); + return -EINVAL; + } } state = STATE_ALLOW_DENY; @@ -546,6 +554,17 @@ static int file_load(Policy *p, const char *path) { i->gid_valid = true; } break; + + case POLICY_ITEM_SEND: + case POLICY_ITEM_RECV: + + if (streq(name, "*")) { + free(name); + name = NULL; + } + break; + + default: break; }