sd-bus: add support for policy upload on activator connections

Activator connections may upload policy when registering to the bus.
This patch contains code to translate between BusNamePolicy objects and
the kdbus specific items.

diff --git a/src/core/busname.c b/src/core/busname.c
index 4806e741ca64a566c665731030ba4702c99e7b6b..bd7d02d73b6940ad3246d38cf86a4fbf44bf6444 100644 (file)
--- a/src/core/busname.c
+++ b/src/core/busname.c
@@ -233,7 +233,8 @@ static int busname_open_fd(BusName *n) {
         if (n->starter_fd >= 0)
                 return 0;
 
-        n->starter_fd = bus_kernel_create_starter(UNIT(n)->manager->running_as == SYSTEMD_SYSTEM ? "system" : "user", n->name);
+        n->starter_fd = bus_kernel_create_starter(UNIT(n)->manager->running_as == SYSTEMD_SYSTEM ? "system" : "user",
+                                                  n->name, n->policy);
         if (n->starter_fd < 0) {
                 log_warning_unit(UNIT(n)->id, "Failed to create starter fd: %s", strerror(-n->starter_fd));
                 return n->starter_fd;

diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c
index 36274113142899906eee34ab0e3070a7f573af74..2a1b0b424a9dba2a7fd96ca2f13083984473b16c 100644 (file)
--- a/src/libsystemd/sd-bus/bus-kernel.c
+++ b/src/libsystemd/sd-bus/bus-kernel.c
@@ -1338,9 +1338,51 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) {
         return fd;
 }
 
-int bus_kernel_create_starter(const char *bus, const char *name) {
+static void bus_kernel_translate_policy(const BusNamePolicy *policy, struct kdbus_item *item)
+{
+        switch (policy->type) {
+        case BUSNAME_POLICY_TYPE_USER:
+                item->policy_access.type = KDBUS_POLICY_ACCESS_USER;
+                item->policy_access.id = policy->uid;
+                break;
+
+        case BUSNAME_POLICY_TYPE_GROUP:
+                item->policy_access.type = KDBUS_POLICY_ACCESS_GROUP;
+                item->policy_access.id = policy->gid;
+                break;
+
+        case BUSNAME_POLICY_TYPE_WORLD:
+                item->policy_access.type = KDBUS_POLICY_ACCESS_WORLD;
+                break;
+
+        default:
+                assert_not_reached("Unknown policy type");
+        }
+
+        switch (policy->access) {
+        case BUSNAME_POLICY_ACCESS_SEE:
+                item->policy_access.access = KDBUS_POLICY_SEE;
+                break;
+
+        case BUSNAME_POLICY_ACCESS_TALK:
+                item->policy_access.access = KDBUS_POLICY_TALK;
+                break;
+
+        case BUSNAME_POLICY_ACCESS_OWN:
+                item->policy_access.access = KDBUS_POLICY_OWN;
+                break;
+
+        default:
+                assert_not_reached("Unknown policy access");
+        }
+}
+
+int bus_kernel_create_starter(const char *bus, const char *name, BusNamePolicy *policy) {
         struct kdbus_cmd_hello *hello;
         struct kdbus_item *n;
+        size_t policy_cnt = 0;
+        BusNamePolicy *po;
+        size_t size;
         char *p;
         int fd;
 
@@ -1354,16 +1396,29 @@ int bus_kernel_create_starter(const char *bus, const char *name) {
         if (fd < 0)
                 return -errno;
 
-        hello = alloca0(ALIGN8(offsetof(struct kdbus_cmd_hello, items) +
-                               offsetof(struct kdbus_item, str) +
-                               strlen(name) + 1));
+        LIST_FOREACH(policy, po, policy)
+                policy_cnt++;
+
+        size = ALIGN8(offsetof(struct kdbus_cmd_hello, items)) +
+               ALIGN8(offsetof(struct kdbus_item, str) + strlen(name) + 1) +
+               policy_cnt * ALIGN8(offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access));
+
+        hello = alloca0(size);
 
         n = hello->items;
         strcpy(n->str, name);
         n->size = offsetof(struct kdbus_item, str) + strlen(n->str) + 1;
         n->type = KDBUS_ITEM_NAME;
+        n = KDBUS_ITEM_NEXT(n);
+
+        LIST_FOREACH(policy, po, policy) {
+                n->type = KDBUS_ITEM_POLICY_ACCESS;
+                n->size = offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access);
+                bus_kernel_translate_policy(po, n);
+                n = KDBUS_ITEM_NEXT(n);
+        }
 
-        hello->size = ALIGN8(offsetof(struct kdbus_cmd_hello, items) + n->size);
+        hello->size = size;
         hello->conn_flags = KDBUS_HELLO_ACTIVATOR;
         hello->pool_size = KDBUS_POOL_SIZE;
 

diff --git a/src/libsystemd/sd-bus/bus-kernel.h b/src/libsystemd/sd-bus/bus-kernel.h
index 8db418a14d95dabfa3911ec4f5d1961b976beaea..c4722cbac60988b60c71af9a9ba4d1d04341d620 100644 (file)
--- a/src/libsystemd/sd-bus/bus-kernel.h
+++ b/src/libsystemd/sd-bus/bus-kernel.h
@@ -23,6 +23,7 @@
 
 #include <stdbool.h>
 
+#include "busname.h"
 #include "sd-bus.h"
 
 #define KDBUS_ITEM_NEXT(item) \
@@ -65,7 +66,7 @@ int bus_kernel_read_message(sd_bus *bus, bool hint_priority, int64_t priority);
 
 int bus_kernel_create_bus(const char *name, bool world, char **s);
 int bus_kernel_create_domain(const char *name, char **s);
-int bus_kernel_create_starter(const char *bus, const char *name);
+int bus_kernel_create_starter(const char *bus, const char *name, BusNamePolicy *policy);
 int bus_kernel_create_monitor(const char *bus);
 
 int bus_kernel_pop_memfd(sd_bus *bus, void **address, size_t *mapped, size_t *allocated);