X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;ds=sidebyside;f=src%2Flibsystemd-bus%2Fsd-bus.c;h=81bfe0d92202847420922e6a5c7f8080fe6bc633;hb=adacb9575a09981fcf11279f2f661e3fc21e58ff;hp=fef122bf3ede6a2740178e8ed655d052533e7151;hpb=85719154e7412de2d84f64b50b6b98b13981b65f;p=elogind.git

diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c
index fef122bf3..81bfe0d92 100644
--- a/src/libsystemd-bus/sd-bus.c
+++ b/src/libsystemd-bus/sd-bus.c
@@ -318,6 +318,15 @@ _public_ int sd_bus_set_anonymous(sd_bus *bus, int b) {
         return 0;
 }
 
+_public_ int sd_bus_set_trusted(sd_bus *bus, int b) {
+        assert_return(bus, -EINVAL);
+        assert_return(bus->state == BUS_UNSET, -EPERM);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        bus->trusted = !!b;
+        return 0;
+}
+
 static int hello_callback(sd_bus *bus, sd_bus_message *reply, void *userdata, sd_bus_error *error) {
         const char *s;
         int r;
@@ -1005,6 +1014,11 @@ _public_ int sd_bus_open_system(sd_bus **ret) {
 
         b->bus_client = true;
 
+        /* Let's do per-method access control on the system bus. We
+         * need the caller's UID and capability set for that. */
+        b->trusted = false;
+        b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS;
+
         r = sd_bus_start(b);
         if (r < 0)
                 goto fail;
@@ -1065,6 +1079,10 @@ _public_ int sd_bus_open_user(sd_bus **ret) {
 
         b->bus_client = true;
 
+        /* We don't do any per-method access control on the user
+         * bus. */
+        b->trusted = true;
+
         r = sd_bus_start(b);
         if (r < 0)
                 goto fail;