bus-proxyd: assorted cleanups and fixes

Just some cleanups around policy checks that came up during review. The code is still not productive.
2025-03-28 02:50:16 +03:00 · 2014-10-07 17:58:29 +02:00 · 2014-10-07 17:58:29 +02:00 · e91c8c2019
commit e91c8c2019
parent 1b600437ba
2 changed files with 14 additions and 11 deletions
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@ -604,7 +604,10 @@ struct policy_check_filter {
        int message_type;
        const char *interface;
        const char *path;
-        const char *member;
+        union {
+                const char *name;
+                const char *member;
+        };
        char **names_strv;
        Hashmap *names_hash;
 };
@ -633,7 +636,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
                                break;
                }

-                if (i->message_type && (i->message_type != filter->message_type))
+                if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type))
                        break;

                if (i->path && !streq_ptr(i->path, filter->path))
@ -650,14 +653,14 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
        case POLICY_ITEM_OWN:
                assert(filter->member);

-                if (streq(i->name, filter->member))
+                if (streq(i->name, "*") || streq(i->name, filter->name))
                        return is_permissive(i);
                break;

        case POLICY_ITEM_OWN_PREFIX:
                assert(filter->member);

-                if (startswith(i->name, filter->member))
+                if (streq(i->name, "*") || startswith(i->name, filter->name))
                        return is_permissive(i);
                break;

@ -747,9 +750,9 @@ static int policy_check(Policy *p, const struct policy_check_filter *filter) {
 bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name) {

        struct policy_check_filter filter = {
-                .class  = POLICY_ITEM_OWN,
-                .ucred  = ucred,
-                .member = name,
+                .class = POLICY_ITEM_OWN,
+                .ucred = ucred,
+                .name  = name,
        };

        return policy_check(p, &filter) == ALLOW;
@ -758,21 +761,21 @@ bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name) {
 bool policy_check_hello(Policy *p, const struct ucred *ucred) {

        struct policy_check_filter filter = {
-                .class  = POLICY_ITEM_USER,
                .ucred  = ucred,
        };
        int user, group;

+        filter.class = POLICY_ITEM_USER;
        user = policy_check(p, &filter);
        if (user == DENY)
                return false;

        filter.class = POLICY_ITEM_GROUP;
        group = policy_check(p, &filter);
-        if (user == DUNNO && group == DUNNO)
+        if (group == DENY)
                return false;

-        return !(user == DENY || group == DENY);
+        return !(user == DUNNO && group == DUNNO);
 }

 bool policy_check_recv(Policy *p,
--- a/test/bus-policy/methods.conf
+++ b/test/bus-policy/methods.conf
@ -11,7 +11,7 @@
                <allow send_destination="org.test.test1" send_interface="org.test.int1"/>
                <allow send_destination="org.test.test1" send_interface="org.test.int2"/>

-                <allow receive_sender="org.test.test3" receive_interface="org.test.int3" receiver_member="Member111"/>
+                <allow receive_sender="org.test.test3" receive_interface="org.test.int3" receive_member="Member111"/>
        </policy>

 </busconfig>