mirror of
https://github.com/systemd/systemd.git
synced 2024-11-02 10:51:20 +03:00
bus-proxy: properly check for bus name prefixes when enforcing policy
This commit is contained in:
parent
49d4b1eecf
commit
f5d8989ce5
@ -651,7 +651,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
|
|||||||
case POLICY_ITEM_OWN_PREFIX:
|
case POLICY_ITEM_OWN_PREFIX:
|
||||||
assert(filter->name);
|
assert(filter->name);
|
||||||
|
|
||||||
if (streq(i->name, "*") || startswith(i->name, filter->name))
|
if (streq(i->name, "*") || service_name_startswith(i->name, filter->name))
|
||||||
return is_permissive(i);
|
return is_permissive(i);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -166,6 +166,26 @@ bool service_name_is_valid(const char *p) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
char* service_name_startswith(const char *a, const char *b) {
|
||||||
|
const char *p;
|
||||||
|
|
||||||
|
if (!service_name_is_valid(a) ||
|
||||||
|
!service_name_is_valid(b))
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
p = startswith(a, b);
|
||||||
|
if (!p)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
if (*p == 0)
|
||||||
|
return (char*) p;
|
||||||
|
|
||||||
|
if (*p == '.')
|
||||||
|
return (char*) p + 1;
|
||||||
|
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
bool member_name_is_valid(const char *p) {
|
bool member_name_is_valid(const char *p) {
|
||||||
const char *q;
|
const char *q;
|
||||||
|
|
||||||
|
@ -340,6 +340,7 @@ struct sd_bus {
|
|||||||
|
|
||||||
bool interface_name_is_valid(const char *p) _pure_;
|
bool interface_name_is_valid(const char *p) _pure_;
|
||||||
bool service_name_is_valid(const char *p) _pure_;
|
bool service_name_is_valid(const char *p) _pure_;
|
||||||
|
char* service_name_startswith(const char *a, const char *b);
|
||||||
bool member_name_is_valid(const char *p) _pure_;
|
bool member_name_is_valid(const char *p) _pure_;
|
||||||
bool object_path_is_valid(const char *p) _pure_;
|
bool object_path_is_valid(const char *p) _pure_;
|
||||||
char *object_path_startswith(const char *a, const char *b) _pure_;
|
char *object_path_startswith(const char *a, const char *b) _pure_;
|
||||||
|
Loading…
Reference in New Issue
Block a user