bus-policy: actually test messages against the newly added test.conf

diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index ff6a3e4e193cc80dc4c0930ed55a7167ab06b508..d543bf9af42700998f9e9006b2444a55ea10edc3 100644 (file)
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -627,7 +627,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
                 if (i->name && !streq_ptr(i->name, filter->name))
                         break;
 
-                if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type))
+                if ((i->message_type != 0) && (i->message_type != filter->message_type))
                         break;
 
                 if (i->path && !streq_ptr(i->path, filter->path))
@@ -688,7 +688,7 @@ static int check_policy_items(PolicyItem *items, const struct policy_check_filte
          * and the order of rules in policy definitions matters */
         LIST_FOREACH(items, i, items) {
                 if (i->class != filter->class &&
-                    IN_SET(i->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX) != IN_SET(filter->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX))
+                    !(i->class == POLICY_ITEM_OWN_PREFIX && filter->class == POLICY_ITEM_OWN))
                         continue;
 
                 r = check_policy_item(i, filter);
@@ -707,6 +707,8 @@ static int policy_check(Policy *p, const struct policy_check_filter *filter) {
         assert(p);
         assert(filter);
 
+        assert(IN_SET(filter->class, POLICY_ITEM_SEND, POLICY_ITEM_RECV, POLICY_ITEM_OWN, POLICY_ITEM_USER, POLICY_ITEM_GROUP));
+
         /*
          * The policy check is implemented by the following logic:
          *

diff --git a/src/bus-proxyd/test-bus-policy.c b/src/bus-proxyd/test-bus-policy.c
index 3140e083c2ee62c68001a9b602fb55f546ba3864..1c1d1ef9ed664241f2e2fba2e79a366f13a57cb4 100644 (file)
--- a/src/bus-proxyd/test-bus-policy.c
+++ b/src/bus-proxyd/test-bus-policy.c
@@ -157,6 +157,25 @@ int main(int argc, char *argv[]) {
 
         assert_se(test_policy_load(&p, "test.conf") >= 0);
         policy_dump(&p);
+
+        ucred.uid = 0;
+        assert_se(policy_check_own(&p, &ucred, "org.foo.FooService") == true);
+        assert_se(policy_check_own(&p, &ucred, "org.foo.FooService2") == false);
+        assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == false);
+        assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
+        assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
+        assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface2", "Member") == false);
+        assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService2", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
+
+        ucred.uid = 100;
+        assert_se(policy_check_own(&p, &ucred, "org.foo.FooService") == false);
+        assert_se(policy_check_own(&p, &ucred, "org.foo.FooService2") == false);
+        assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == false);
+        assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
+        assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
+        assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface2", "Member") == false);
+        assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService2", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
+
         policy_free(&p);
 
         return EXIT_SUCCESS;