X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fbus-proxyd%2Fbus-policy.c;h=cb0726aa3ffb7e0de28d866049bb21f2b4886de6;hb=f5d8989ce5fc4e6eb338ec7b1b2c6d6a74c44c63;hp=e870fbc9485aa735aa244947bdff55f2efe28dd9;hpb=ed91202f1c237a41a3ee3754a4a1d37139d7f34f;p=elogind.git diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c index e870fbc94..cb0726aa3 100644 --- a/src/bus-proxyd/bus-policy.c +++ b/src/bus-proxyd/bus-policy.c @@ -24,6 +24,7 @@ #include "strv.h" #include "conf-files.h" #include "bus-internal.h" +#include "bus-message.h" #include "bus-policy.h" static void policy_item_free(PolicyItem *i) { @@ -591,6 +592,225 @@ static int file_load(Policy *p, const char *path) { } } +enum { + ALLOW, + DUNNO, + DENY, +}; + +struct policy_check_filter { + int class; + const struct ucred *ucred; + int message_type; + const char *name; + const char *interface; + const char *path; + const char *member; +}; + +static int is_permissive(PolicyItem *i) { + + assert(i); + + return (i->type == POLICY_ITEM_ALLOW) ? ALLOW : DENY; +} + +static int check_policy_item(PolicyItem *i, const struct policy_check_filter *filter) { + + assert(i); + assert(filter); + + switch (i->class) { + case POLICY_ITEM_SEND: + case POLICY_ITEM_RECV: + + if (i->name && !streq_ptr(i->name, filter->name)) + break; + + if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type)) + break; + + if (i->path && !streq_ptr(i->path, filter->path)) + break; + + if (i->member && !streq_ptr(i->member, filter->member)) + break; + + if (i->interface && !streq_ptr(i->interface, filter->interface)) + break; + + return is_permissive(i); + + case POLICY_ITEM_OWN: + assert(filter->name); + + if (streq(i->name, "*") || streq(i->name, filter->name)) + return is_permissive(i); + break; + + case POLICY_ITEM_OWN_PREFIX: + assert(filter->name); + + if (streq(i->name, "*") || service_name_startswith(i->name, filter->name)) + return is_permissive(i); + break; + + case POLICY_ITEM_USER: + assert(filter->ucred); + + if ((streq_ptr(i->name, "*") || (i->uid_valid && i->uid == filter->ucred->uid))) + return is_permissive(i); + break; + + case POLICY_ITEM_GROUP: + assert(filter->ucred); + + if ((streq_ptr(i->name, "*") || (i->gid_valid && i->gid == filter->ucred->gid))) + return is_permissive(i); + break; + + case POLICY_ITEM_IGNORE: + default: + break; + } + + return DUNNO; +} + +static int check_policy_items(PolicyItem *items, const struct policy_check_filter *filter) { + + PolicyItem *i; + int r, ret = DUNNO; + + assert(filter); + + /* Check all policies in a set - a broader one might be followed by a more specific one, + * and the order of rules in policy definitions matters */ + LIST_FOREACH(items, i, items) { + if (i->class != filter->class) + continue; + + r = check_policy_item(i, filter); + if (r != DUNNO) + ret = r; + } + + return ret; +} + +static int policy_check(Policy *p, const struct policy_check_filter *filter) { + + PolicyItem *items; + int r; + + assert(p); + assert(filter); + + /* + * The policy check is implemented by the following logic: + * + * 1. Check mandatory items. If the message matches any of these, it is decisive. + * 2. See if the passed ucred match against the user/group hashmaps. A matching entry is also decisive. + * 3. Consult the defaults if non of the above matched with a more specific rule. + * 4. If the message isn't caught be the defaults either, reject it. + */ + + r = check_policy_items(p->mandatory_items, filter); + if (r != DUNNO) + return r; + + if (filter->ucred) { + items = hashmap_get(p->user_items, UINT32_TO_PTR(filter->ucred->uid)); + if (items) { + r = check_policy_items(items, filter); + if (r != DUNNO) + return r; + } + + items = hashmap_get(p->group_items, UINT32_TO_PTR(filter->ucred->gid)); + if (items) { + r = check_policy_items(items, filter); + if (r != DUNNO) + return r; + } + } + + return check_policy_items(p->default_items, filter); +} + +bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name) { + + struct policy_check_filter filter = { + .class = POLICY_ITEM_OWN, + .ucred = ucred, + .name = name, + }; + + return policy_check(p, &filter) == ALLOW; +} + +bool policy_check_hello(Policy *p, const struct ucred *ucred) { + + struct policy_check_filter filter = { + .ucred = ucred, + }; + int user, group; + + filter.class = POLICY_ITEM_USER; + user = policy_check(p, &filter); + if (user == DENY) + return false; + + filter.class = POLICY_ITEM_GROUP; + group = policy_check(p, &filter); + if (group == DENY) + return false; + + return !(user == DUNNO && group == DUNNO); +} + +bool policy_check_recv(Policy *p, + const struct ucred *ucred, + int message_type, + const char *name, + const char *path, + const char *interface, + const char *member) { + + struct policy_check_filter filter = { + .class = POLICY_ITEM_RECV, + .ucred = ucred, + .message_type = message_type, + .name = name, + .interface = interface, + .path = path, + .member = member, + }; + + return policy_check(p, &filter) == ALLOW; +} + +bool policy_check_send(Policy *p, + const struct ucred *ucred, + int message_type, + const char *name, + const char *path, + const char *interface, + const char *member) { + + struct policy_check_filter filter = { + .class = POLICY_ITEM_SEND, + .ucred = ucred, + .message_type = message_type, + .name = name, + .interface = interface, + .path = path, + .member = member, + }; + + return policy_check(p, &filter) == ALLOW; +} + int policy_load(Policy *p, char **files) { char **i; int r;