shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-02 10:51:20 +03:00
Code

bus-policy: actually test messages against the newly added test.conf

Browse Source
This commit is contained in:
Lennart Poettering 2014-11-26 21:15:39 +01:00
parent 55e189007c
commit 278ebf8d26
2 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/bus-proxyd/bus-policy.c
View File

@ -627,7 +627,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
if (i->name && !streq_ptr(i->name, filter->name))
break;
if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type))
if ((i->message_type != 0) && (i->message_type != filter->message_type))
break;
if (i->path && !streq_ptr(i->path, filter->path))
@ -688,7 +688,7 @@ static int check_policy_items(PolicyItem *items, const struct policy_check_filte
* and the order of rules in policy definitions matters */
LIST_FOREACH(items, i, items) {
if (i->class != filter->class &&
IN_SET(i->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX) != IN_SET(filter->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX))
!(i->class == POLICY_ITEM_OWN_PREFIX && filter->class == POLICY_ITEM_OWN))
continue;
r = check_policy_item(i, filter);
@ -707,6 +707,8 @@ static int policy_check(Policy *p, const struct policy_check_filter *filter) {
assert(p);
assert(filter);
assert(IN_SET(filter->class, POLICY_ITEM_SEND, POLICY_ITEM_RECV, POLICY_ITEM_OWN, POLICY_ITEM_USER, POLICY_ITEM_GROUP));
/*
* The policy check is implemented by the following logic:
*

19
src/bus-proxyd/test-bus-policy.c
View File

@ -157,6 +157,25 @@ int main(int argc, char *argv[]) {
assert_se(test_policy_load(&p, "test.conf") >= 0);
policy_dump(&p);
ucred.uid = 0;
assert_se(policy_check_own(&p, &ucred, "org.foo.FooService") == true);
assert_se(policy_check_own(&p, &ucred, "org.foo.FooService2") == false);
assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == false);
assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface2", "Member") == false);
assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService2", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
ucred.uid = 100;
assert_se(policy_check_own(&p, &ucred, "org.foo.FooService") == false);
assert_se(policy_check_own(&p, &ucred, "org.foo.FooService2") == false);
assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == false);
assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface2", "Member") == false);
assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService2", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
policy_free(&p);
return EXIT_SUCCESS;