bus-policy: steal a test case for prefix ownership from dbus1, and make sure it passe...

diff --git a/Makefile.am b/Makefile.am
index b52ff8e77dfba1c9448dc2869ebaa3e34dbd249e..5545aa187c97a15e72986b58949f6a1511cb501c 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -1383,7 +1383,8 @@ EXTRA_DIST += \
        test/bus-policy/hello.conf \
        test/bus-policy/methods.conf \
        test/bus-policy/ownerships.conf \
-       test/bus-policy/signals.conf
+       test/bus-policy/signals.conf \
+       test/bus-policy/check-own-rules.conf
 
 
 EXTRA_DIST += \

diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index cb0726aa3ffb7e0de28d866049bb21f2b4886de6..ff6a3e4e193cc80dc4c0930ed55a7167ab06b508 100644 (file)
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -599,7 +599,7 @@ enum {
 };
 
 struct policy_check_filter {
-        int class;
+        PolicyItemClass class;
         const struct ucred *ucred;
         int message_type;
         const char *name;
@@ -651,7 +651,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
         case POLICY_ITEM_OWN_PREFIX:
                 assert(filter->name);
 
-                if (streq(i->name, "*") || service_name_startswith(i->name, filter->name))
+                if (streq(i->name, "*") || service_name_startswith(filter->name, i->name))
                         return is_permissive(i);
                 break;
 
@@ -687,7 +687,8 @@ static int check_policy_items(PolicyItem *items, const struct policy_check_filte
         /* Check all policies in a set - a broader one might be followed by a more specific one,
          * and the order of rules in policy definitions matters */
         LIST_FOREACH(items, i, items) {
-                if (i->class != filter->class)
+                if (i->class != filter->class &&
+                    IN_SET(i->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX) != IN_SET(filter->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX))
                         continue;
 
                 r = check_policy_item(i, filter);

diff --git a/src/bus-proxyd/test-bus-policy.c b/src/bus-proxyd/test-bus-policy.c
index c9a027e8771bd9a4cd08e59fadf09b1199533b59..a4b7b6af08e9daa36c60399cad57a0a7f533bda1 100644 (file)
--- a/src/bus-proxyd/test-bus-policy.c
+++ b/src/bus-proxyd/test-bus-policy.c
@@ -131,5 +131,21 @@ int main(int argc, char *argv[]) {
 
         policy_free(&p);
 
+        /* dbus1 test file: ownership */
+
+        assert_se(test_policy_load(&p, "check-own-rules.conf") >= 0);
+        policy_dump(&p);
+
+        assert_se(policy_check_own(&p, &ucred, "org.freedesktop") == false);
+        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystem") == false);
+        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems") == true);
+        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems.foo") == true);
+        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems.foo.bar") == true);
+        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems2") == false);
+        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems2.foo") == false);
+        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems2.foo.bar") == false);
+
+        policy_free(&p);
+
         return EXIT_SUCCESS;
 }

diff --git a/test/bus-policy/check-own-rules.conf b/test/bus-policy/check-own-rules.conf
new file mode 100644 (file)
index 0000000..bc2f415
--- /dev/null
+++ b/test/bus-policy/check-own-rules.conf
@@ -0,0 +1,14 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <user>mybususer</user>
+  <listen>unix:path=/foo/bar</listen>
+  <listen>tcp:port=1234</listen>
+  <servicedir>/usr/share/foo</servicedir>
+  <policy context="default">
+    <allow user="*"/>
+    <deny own="*"/>
+    <allow own_prefix="org.freedesktop.ManySystems"/>
+  </policy>
+
+</busconfig>