chiark / gitweb /
bus-policy: actually test messages against the newly added test.conf
authorLennart Poettering <lennart@poettering.net>
Wed, 26 Nov 2014 20:15:39 +0000 (21:15 +0100)
committerLennart Poettering <lennart@poettering.net>
Wed, 26 Nov 2014 20:15:39 +0000 (21:15 +0100)
src/bus-proxyd/bus-policy.c
src/bus-proxyd/test-bus-policy.c

index ff6a3e4..d543bf9 100644 (file)
@@ -627,7 +627,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
                 if (i->name && !streq_ptr(i->name, filter->name))
                         break;
 
-                if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type))
+                if ((i->message_type != 0) && (i->message_type != filter->message_type))
                         break;
 
                 if (i->path && !streq_ptr(i->path, filter->path))
@@ -688,7 +688,7 @@ static int check_policy_items(PolicyItem *items, const struct policy_check_filte
          * and the order of rules in policy definitions matters */
         LIST_FOREACH(items, i, items) {
                 if (i->class != filter->class &&
-                    IN_SET(i->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX) != IN_SET(filter->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX))
+                    !(i->class == POLICY_ITEM_OWN_PREFIX && filter->class == POLICY_ITEM_OWN))
                         continue;
 
                 r = check_policy_item(i, filter);
@@ -707,6 +707,8 @@ static int policy_check(Policy *p, const struct policy_check_filter *filter) {
         assert(p);
         assert(filter);
 
+        assert(IN_SET(filter->class, POLICY_ITEM_SEND, POLICY_ITEM_RECV, POLICY_ITEM_OWN, POLICY_ITEM_USER, POLICY_ITEM_GROUP));
+
         /*
          * The policy check is implemented by the following logic:
          *
index 3140e08..1c1d1ef 100644 (file)
@@ -157,6 +157,25 @@ int main(int argc, char *argv[]) {
 
         assert_se(test_policy_load(&p, "test.conf") >= 0);
         policy_dump(&p);
+
+        ucred.uid = 0;
+        assert_se(policy_check_own(&p, &ucred, "org.foo.FooService") == true);
+        assert_se(policy_check_own(&p, &ucred, "org.foo.FooService2") == false);
+        assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == false);
+        assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
+        assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
+        assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface2", "Member") == false);
+        assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService2", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
+
+        ucred.uid = 100;
+        assert_se(policy_check_own(&p, &ucred, "org.foo.FooService") == false);
+        assert_se(policy_check_own(&p, &ucred, "org.foo.FooService2") == false);
+        assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == false);
+        assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
+        assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
+        assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface2", "Member") == false);
+        assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService2", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
+
         policy_free(&p);
 
         return EXIT_SUCCESS;