X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Flibsystemd%2Fsd-bus%2Fbus-kernel.c;h=e229baf2664f9d99e4b9e8cf3528d5e47850d0e8;hp=eec62aca9c315299749700128649cda4a0fb550e;hb=03e334a1c7dc8c20c38902aa039440763acc9b17;hpb=151b9b9662a90455262ce575a8a8ae74bf4ff336 diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c index eec62aca9..e229baf26 100644 --- a/src/libsystemd/sd-bus/bus-kernel.c +++ b/src/libsystemd/sd-bus/bus-kernel.c @@ -36,6 +36,7 @@ #include "bus-kernel.h" #include "bus-bloom.h" #include "bus-util.h" +#include "bus-label.h" #include "cgroup-util.h" #define UNIQUE_NAME_MAX (3+DECIMAL_STR_MAX(uint64_t)) @@ -265,7 +266,7 @@ static int bus_message_setup_kmsg(sd_bus *b, sd_bus_message *m) { well_known ? 0 : m->destination ? unique : KDBUS_DST_ID_BROADCAST; m->kdbus->payload_type = KDBUS_PAYLOAD_DBUS; - m->kdbus->cookie = m->header->serial; + m->kdbus->cookie = (uint64_t) m->header->serial; m->kdbus->priority = m->priority; if (m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED) @@ -658,7 +659,7 @@ int bus_kernel_take_fd(sd_bus *b) { b->use_memfd = 1; if (b->connection_name) { - g = sd_bus_label_escape(b->connection_name); + g = bus_label_escape(b->connection_name); if (!g) return -ENOMEM; @@ -678,7 +679,7 @@ int bus_kernel_take_fd(sd_bus *b) { } else { _cleanup_free_ char *e = NULL; - e = sd_bus_label_escape(pr); + e = bus_label_escape(pr); if (!e) return -ENOMEM; @@ -691,7 +692,7 @@ int bus_kernel_take_fd(sd_bus *b) { name = g; } - b->connection_name = sd_bus_label_unescape(name); + b->connection_name = bus_label_unescape(name); if (!b->connection_name) return -ENOMEM; } @@ -810,7 +811,7 @@ static void close_kdbus_msg(sd_bus *bus, struct kdbus_msg *k) { if (d->type == KDBUS_ITEM_FDS) close_many(d->fds, (d->size - offsetof(struct kdbus_item, fds)) / sizeof(int)); else if (d->type == KDBUS_ITEM_PAYLOAD_MEMFD) - close_nointr_nofail(d->memfd.fd); + safe_close(d->memfd.fd); } } @@ -1119,7 +1120,7 @@ int bus_kernel_pop_memfd(sd_bus *bus, void **address, size_t *mapped, size_t *al assert(bus->connection_name); - g = sd_bus_label_escape(bus->connection_name); + g = bus_label_escape(bus->connection_name); if (!g) return -ENOMEM; @@ -1164,7 +1165,7 @@ static void close_and_munmap(int fd, void *address, size_t size) { if (size > 0) assert_se(munmap(address, PAGE_ALIGN(size)) >= 0); - close_nointr_nofail(fd); + safe_close(fd); } void bus_kernel_push_memfd(sd_bus *bus, int fd, void *address, size_t mapped, size_t allocated) { @@ -1309,17 +1310,17 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) { n->type = KDBUS_ITEM_MAKE_NAME; make->size += ALIGN8(n->size); - make->flags = KDBUS_MAKE_POLICY_OPEN | (world ? KDBUS_MAKE_ACCESS_WORLD : 0); + make->flags = world ? KDBUS_MAKE_ACCESS_WORLD : 0; if (ioctl(fd, KDBUS_CMD_BUS_MAKE, make) < 0) { - close_nointr_nofail(fd); + safe_close(fd); return -errno; } /* The higher 32bit of the flags field are considered * 'incompatible flags'. Refuse them all for now. */ if (make->flags > 0xFFFFFFFFULL) { - close_nointr_nofail(fd); + safe_close(fd); return -ENOTSUP; } @@ -1328,7 +1329,7 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) { p = strjoin("/dev/kdbus/", n->str, "/bus", NULL); if (!p) { - close_nointr_nofail(fd); + safe_close(fd); return -ENOMEM; } @@ -1338,37 +1339,92 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) { return fd; } -int bus_kernel_create_starter(const char *bus, const char *name) { +static void bus_kernel_translate_policy(const BusNamePolicy *policy, struct kdbus_item *item) +{ + switch (policy->type) { + case BUSNAME_POLICY_TYPE_USER: + item->policy_access.type = KDBUS_POLICY_ACCESS_USER; + item->policy_access.id = policy->uid; + break; + + case BUSNAME_POLICY_TYPE_GROUP: + item->policy_access.type = KDBUS_POLICY_ACCESS_GROUP; + item->policy_access.id = policy->gid; + break; + + case BUSNAME_POLICY_TYPE_WORLD: + item->policy_access.type = KDBUS_POLICY_ACCESS_WORLD; + break; + + default: + assert_not_reached("Unknown policy type"); + } + + switch (policy->access) { + case BUSNAME_POLICY_ACCESS_SEE: + item->policy_access.access = KDBUS_POLICY_SEE; + break; + + case BUSNAME_POLICY_ACCESS_TALK: + item->policy_access.access = KDBUS_POLICY_TALK; + break; + + case BUSNAME_POLICY_ACCESS_OWN: + item->policy_access.access = KDBUS_POLICY_OWN; + break; + + default: + assert_not_reached("Unknown policy access"); + } +} + +int bus_kernel_create_starter(const char *bus, const char *name, BusNamePolicy *policy) { struct kdbus_cmd_hello *hello; struct kdbus_item *n; + size_t policy_cnt = 0; + BusNamePolicy *po; + size_t size; char *p; int fd; assert(bus); assert(name); - p = alloca(sizeof("/dev/kdbus/") - 1 + DECIMAL_STR_MAX(uid_t) + 1 + strlen(bus) + sizeof("/bus")); + p = alloca(strlen("/dev/kdbus/") + DECIMAL_STR_MAX(uid_t) + 1 + strlen(bus) + strlen("/bus") + 1); sprintf(p, "/dev/kdbus/%lu-%s/bus", (unsigned long) getuid(), bus); fd = open(p, O_RDWR|O_NOCTTY|O_CLOEXEC); if (fd < 0) return -errno; - hello = alloca0(ALIGN8(offsetof(struct kdbus_cmd_hello, items) + - offsetof(struct kdbus_item, str) + - strlen(name) + 1)); + LIST_FOREACH(policy, po, policy) + policy_cnt++; + + size = ALIGN8(offsetof(struct kdbus_cmd_hello, items)) + + ALIGN8(offsetof(struct kdbus_item, str) + strlen(name) + 1) + + policy_cnt * ALIGN8(offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access)); + + hello = alloca0(size); n = hello->items; strcpy(n->str, name); n->size = offsetof(struct kdbus_item, str) + strlen(n->str) + 1; n->type = KDBUS_ITEM_NAME; + n = KDBUS_ITEM_NEXT(n); + + LIST_FOREACH(policy, po, policy) { + n->type = KDBUS_ITEM_POLICY_ACCESS; + n->size = offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access); + bus_kernel_translate_policy(po, n); + n = KDBUS_ITEM_NEXT(n); + } - hello->size = ALIGN8(offsetof(struct kdbus_cmd_hello, items) + n->size); + hello->size = size; hello->conn_flags = KDBUS_HELLO_ACTIVATOR; hello->pool_size = KDBUS_POOL_SIZE; if (ioctl(fd, KDBUS_CMD_HELLO, hello) < 0) { - close_nointr_nofail(fd); + safe_close(fd); return -errno; } @@ -1376,12 +1432,12 @@ int bus_kernel_create_starter(const char *bus, const char *name) { * 'incompatible flags'. Refuse them all for now. */ if (hello->bus_flags > 0xFFFFFFFFULL || hello->conn_flags > 0xFFFFFFFFULL) { - close_nointr_nofail(fd); + safe_close(fd); return -ENOTSUP; } if (!bloom_validate_parameters((size_t) hello->bloom.size, (unsigned) hello->bloom.n_hash)) { - close_nointr_nofail(fd); + safe_close(fd); return -ENOTSUP; } @@ -1410,17 +1466,17 @@ int bus_kernel_create_domain(const char *name, char **s) { n->type = KDBUS_ITEM_MAKE_NAME; make->size = ALIGN8(offsetof(struct kdbus_cmd_make, items) + n->size); - make->flags = KDBUS_MAKE_POLICY_OPEN | KDBUS_MAKE_ACCESS_WORLD; + make->flags = KDBUS_MAKE_ACCESS_WORLD; if (ioctl(fd, KDBUS_CMD_DOMAIN_MAKE, make) < 0) { - close_nointr_nofail(fd); + safe_close(fd); return -errno; } /* The higher 32bit of the flags field are considered * 'incompatible flags'. Refuse them all for now. */ if (make->flags > 0xFFFFFFFFULL) { - close_nointr_nofail(fd); + safe_close(fd); return -ENOTSUP; } @@ -1429,7 +1485,7 @@ int bus_kernel_create_domain(const char *name, char **s) { p = strappend("/dev/kdbus/domain/", name); if (!p) { - close_nointr_nofail(fd); + safe_close(fd); return -ENOMEM; } @@ -1446,7 +1502,7 @@ int bus_kernel_create_monitor(const char *bus) { assert(bus); - p = alloca(sizeof("/dev/kdbus/") - 1 + DECIMAL_STR_MAX(uid_t) + 1 + strlen(bus) + sizeof("/bus")); + p = alloca(strlen("/dev/kdbus/") + DECIMAL_STR_MAX(uid_t) + 1 + strlen(bus) + strlen("/bus") + 1); sprintf(p, "/dev/kdbus/%lu-%s/bus", (unsigned long) getuid(), bus); fd = open(p, O_RDWR|O_NOCTTY|O_CLOEXEC); @@ -1459,7 +1515,7 @@ int bus_kernel_create_monitor(const char *bus) { hello->pool_size = KDBUS_POOL_SIZE; if (ioctl(fd, KDBUS_CMD_HELLO, hello) < 0) { - close_nointr_nofail(fd); + safe_close(fd); return -errno; } @@ -1467,7 +1523,7 @@ int bus_kernel_create_monitor(const char *bus) { * 'incompatible flags'. Refuse them all for now. */ if (hello->bus_flags > 0xFFFFFFFFULL || hello->conn_flags > 0xFFFFFFFFULL) { - close_nointr_nofail(fd); + safe_close(fd); return -ENOTSUP; }