From: Daniel Mack <daniel@zonque.org>
Date: Wed, 24 Sep 2014 15:18:35 +0000 (+0200)
Subject: bus-proxyd: enforce policy for Hello messages
X-Git-Tag: v218~470
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=8573b68fecc65a0cd285e4c5e288831856948e62;p=elogind.git

bus-proxyd: enforce policy for Hello messages
---

diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index aaa79243c..a6554aba3 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -997,7 +997,7 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) {
         }
 }
 
-static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hello) {
+static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *policy, const struct ucred *ucred, bool *got_hello) {
         _cleanup_bus_message_unref_ sd_bus_message *n = NULL;
         bool is_hello;
         int r;
@@ -1029,6 +1029,11 @@ static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hell
                 return -EIO;
         }
 
+        if (!policy_check_hello(policy, ucred)) {
+                log_error("Policy denied HELLO");
+                return -EPERM;
+        }
+
         *got_hello = true;
 
         if (!a->is_kernel)
@@ -1418,7 +1423,7 @@ int main(int argc, char *argv[]) {
                                 goto finish;
                         }
 
-                        k = process_hello(a, b, m, &got_hello);
+                        k = process_hello(a, b, m, &policy, &ucred, &got_hello);
                         if (k < 0) {
                                 r = k;
                                 log_error("Failed to process HELLO: %s", strerror(-r));