Hence, copy this behaviour for bus-proxy too.
_cleanup_free_ char *peersec = NULL;
Policy policy_buffer = {}, *policy = NULL;
_cleanup_set_free_free_ Set *owned_names = NULL;
_cleanup_free_ char *peersec = NULL;
Policy policy_buffer = {}, *policy = NULL;
_cleanup_set_free_free_ Set *owned_names = NULL;
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
log_parse_environment();
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
log_parse_environment();
+ original_uid = getuid();
+
is_unix =
sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
is_unix =
sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
policy = &policy_buffer;
/* policy_dump(policy); */
policy = &policy_buffer;
/* policy_dump(policy); */
- if (!policy_check_hello(policy, ucred.uid, ucred.gid)) {
+ if (ucred.uid == original_uid)
+ log_debug("Permitting access, since bus owner matches bus client.");
+ else if (policy_check_hello(policy, ucred.uid, ucred.gid))
+ log_debug("Permitting access due to XML policy.");
+ else {
r = log_error_errno(EPERM, "Policy denied connection.");
goto finish;
}
r = log_error_errno(EPERM, "Policy denied connection.");
goto finish;
}