mirror of
https://github.com/systemd/systemd.git
synced 2024-11-02 10:51:20 +03:00
bus-proxy: properly check for bus name prefixes when enforcing policy
This commit is contained in:
parent
49d4b1eecf
commit
f5d8989ce5
@ -651,7 +651,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
|
||||
case POLICY_ITEM_OWN_PREFIX:
|
||||
assert(filter->name);
|
||||
|
||||
if (streq(i->name, "*") || startswith(i->name, filter->name))
|
||||
if (streq(i->name, "*") || service_name_startswith(i->name, filter->name))
|
||||
return is_permissive(i);
|
||||
break;
|
||||
|
||||
|
@ -166,6 +166,26 @@ bool service_name_is_valid(const char *p) {
|
||||
return true;
|
||||
}
|
||||
|
||||
char* service_name_startswith(const char *a, const char *b) {
|
||||
const char *p;
|
||||
|
||||
if (!service_name_is_valid(a) ||
|
||||
!service_name_is_valid(b))
|
||||
return NULL;
|
||||
|
||||
p = startswith(a, b);
|
||||
if (!p)
|
||||
return NULL;
|
||||
|
||||
if (*p == 0)
|
||||
return (char*) p;
|
||||
|
||||
if (*p == '.')
|
||||
return (char*) p + 1;
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
bool member_name_is_valid(const char *p) {
|
||||
const char *q;
|
||||
|
||||
|
@ -340,6 +340,7 @@ struct sd_bus {
|
||||
|
||||
bool interface_name_is_valid(const char *p) _pure_;
|
||||
bool service_name_is_valid(const char *p) _pure_;
|
||||
char* service_name_startswith(const char *a, const char *b);
|
||||
bool member_name_is_valid(const char *p) _pure_;
|
||||
bool object_path_is_valid(const char *p) _pure_;
|
||||
char *object_path_startswith(const char *a, const char *b) _pure_;
|
||||
|
Loading…
Reference in New Issue
Block a user