1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* policy.c Bus security policy
4 * Copyright (C) 2003, 2004 Red Hat, Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 #include <dbus/dbus-list.h>
29 #include <dbus/dbus-hash.h>
30 #include <dbus/dbus-internals.h>
33 bus_policy_rule_new (BusPolicyRuleType type,
38 rule = dbus_new0 (BusPolicyRule, 1);
48 case BUS_POLICY_RULE_USER:
49 rule->d.user.uid = DBUS_UID_UNSET;
51 case BUS_POLICY_RULE_GROUP:
52 rule->d.group.gid = DBUS_GID_UNSET;
54 case BUS_POLICY_RULE_SEND:
55 rule->d.send.message_type = DBUS_MESSAGE_TYPE_INVALID;
57 /* allow rules default to TRUE (only requested replies allowed)
58 * deny rules default to FALSE (only unrequested replies denied)
60 rule->d.send.requested_reply = rule->allow;
62 case BUS_POLICY_RULE_RECEIVE:
63 rule->d.receive.message_type = DBUS_MESSAGE_TYPE_INVALID;
64 /* allow rules default to TRUE (only requested replies allowed)
65 * deny rules default to FALSE (only unrequested replies denied)
67 rule->d.receive.requested_reply = rule->allow;
69 case BUS_POLICY_RULE_OWN:
77 bus_policy_rule_ref (BusPolicyRule *rule)
79 _dbus_assert (rule->refcount > 0);
87 bus_policy_rule_unref (BusPolicyRule *rule)
89 _dbus_assert (rule->refcount > 0);
93 if (rule->refcount == 0)
97 case BUS_POLICY_RULE_SEND:
98 dbus_free (rule->d.send.path);
99 dbus_free (rule->d.send.interface);
100 dbus_free (rule->d.send.member);
101 dbus_free (rule->d.send.error);
102 dbus_free (rule->d.send.destination);
104 case BUS_POLICY_RULE_RECEIVE:
105 dbus_free (rule->d.receive.path);
106 dbus_free (rule->d.receive.interface);
107 dbus_free (rule->d.receive.member);
108 dbus_free (rule->d.receive.error);
109 dbus_free (rule->d.receive.origin);
111 case BUS_POLICY_RULE_OWN:
112 dbus_free (rule->d.own.service_name);
114 case BUS_POLICY_RULE_USER:
116 case BUS_POLICY_RULE_GROUP:
128 DBusList *default_rules; /**< Default policy rules */
129 DBusList *mandatory_rules; /**< Mandatory policy rules */
130 DBusHashTable *rules_by_uid; /**< per-UID policy rules */
131 DBusHashTable *rules_by_gid; /**< per-GID policy rules */
132 DBusList *at_console_true_rules; /**< console user policy rules where at_console="true"*/
133 DBusList *at_console_false_rules; /**< console user policy rules where at_console="false"*/
137 free_rule_func (void *data,
140 BusPolicyRule *rule = data;
142 bus_policy_rule_unref (rule);
146 free_rule_list_func (void *data)
148 DBusList **list = data;
150 if (list == NULL) /* DBusHashTable is on crack */
153 _dbus_list_foreach (list, free_rule_func, NULL);
155 _dbus_list_clear (list);
161 bus_policy_new (void)
165 policy = dbus_new0 (BusPolicy, 1);
169 policy->refcount = 1;
171 policy->rules_by_uid = _dbus_hash_table_new (DBUS_HASH_ULONG,
173 free_rule_list_func);
174 if (policy->rules_by_uid == NULL)
177 policy->rules_by_gid = _dbus_hash_table_new (DBUS_HASH_ULONG,
179 free_rule_list_func);
180 if (policy->rules_by_gid == NULL)
186 bus_policy_unref (policy);
191 bus_policy_ref (BusPolicy *policy)
193 _dbus_assert (policy->refcount > 0);
195 policy->refcount += 1;
201 bus_policy_unref (BusPolicy *policy)
203 _dbus_assert (policy->refcount > 0);
205 policy->refcount -= 1;
207 if (policy->refcount == 0)
209 _dbus_list_foreach (&policy->default_rules, free_rule_func, NULL);
210 _dbus_list_clear (&policy->default_rules);
212 _dbus_list_foreach (&policy->mandatory_rules, free_rule_func, NULL);
213 _dbus_list_clear (&policy->mandatory_rules);
215 _dbus_list_foreach (&policy->at_console_true_rules, free_rule_func, NULL);
216 _dbus_list_clear (&policy->at_console_true_rules);
218 _dbus_list_foreach (&policy->at_console_false_rules, free_rule_func, NULL);
219 _dbus_list_clear (&policy->at_console_false_rules);
221 if (policy->rules_by_uid)
223 _dbus_hash_table_unref (policy->rules_by_uid);
224 policy->rules_by_uid = NULL;
227 if (policy->rules_by_gid)
229 _dbus_hash_table_unref (policy->rules_by_gid);
230 policy->rules_by_gid = NULL;
238 add_list_to_client (DBusList **list,
239 BusClientPolicy *client)
243 link = _dbus_list_get_first_link (list);
246 BusPolicyRule *rule = link->data;
247 link = _dbus_list_get_next_link (list, link);
251 case BUS_POLICY_RULE_USER:
252 case BUS_POLICY_RULE_GROUP:
253 /* These aren't per-connection policies */
256 case BUS_POLICY_RULE_OWN:
257 case BUS_POLICY_RULE_SEND:
258 case BUS_POLICY_RULE_RECEIVE:
259 /* These are per-connection */
260 if (!bus_client_policy_append_rule (client, rule))
270 bus_policy_create_client_policy (BusPolicy *policy,
271 DBusConnection *connection,
274 BusClientPolicy *client;
276 dbus_bool_t at_console;
278 _dbus_assert (dbus_connection_get_is_authenticated (connection));
279 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
281 client = bus_client_policy_new ();
285 if (!add_list_to_client (&policy->default_rules,
289 /* we avoid the overhead of looking up user's groups
290 * if we don't have any group rules anyway
292 if (_dbus_hash_table_get_n_entries (policy->rules_by_gid) > 0)
294 unsigned long *groups;
298 if (!bus_connection_get_unix_groups (connection, &groups, &n_groups, error))
306 list = _dbus_hash_table_lookup_ulong (policy->rules_by_gid,
311 if (!add_list_to_client (list, client))
324 if (dbus_connection_get_unix_user (connection, &uid))
326 if (_dbus_hash_table_get_n_entries (policy->rules_by_uid) > 0)
330 list = _dbus_hash_table_lookup_ulong (policy->rules_by_uid,
335 if (!add_list_to_client (list, client))
340 /* Add console rules */
341 at_console = _dbus_unix_user_is_at_console (uid, error);
345 if (!add_list_to_client (&policy->at_console_true_rules, client))
348 else if (dbus_error_is_set (error) == TRUE)
352 else if (!add_list_to_client (&policy->at_console_false_rules, client))
358 if (!add_list_to_client (&policy->mandatory_rules,
362 bus_client_policy_optimize (client);
369 _DBUS_ASSERT_ERROR_IS_SET (error);
371 bus_client_policy_unref (client);
376 list_allows_user (dbus_bool_t def,
379 const unsigned long *group_ids,
387 link = _dbus_list_get_first_link (list);
390 BusPolicyRule *rule = link->data;
391 link = _dbus_list_get_next_link (list, link);
393 if (rule->type == BUS_POLICY_RULE_USER)
395 _dbus_verbose ("List %p user rule uid="DBUS_UID_FORMAT"\n",
396 list, rule->d.user.uid);
398 if (rule->d.user.uid == DBUS_UID_UNSET)
400 else if (rule->d.user.uid != uid)
403 else if (rule->type == BUS_POLICY_RULE_GROUP)
405 _dbus_verbose ("List %p group rule uid="DBUS_UID_FORMAT"\n",
406 list, rule->d.user.uid);
408 if (rule->d.group.gid == DBUS_GID_UNSET)
415 while (i < n_group_ids)
417 if (rule->d.group.gid == group_ids[i])
422 if (i == n_group_ids)
429 allowed = rule->allow;
436 bus_policy_allow_unix_user (BusPolicy *policy,
440 unsigned long *group_ids;
443 /* On OOM or error we always reject the user */
444 if (!_dbus_unix_groups_from_uid (uid, &group_ids, &n_group_ids))
446 _dbus_verbose ("Did not get any groups for UID %lu\n",
451 /* Default to "user owning bus" can connect */
452 allowed = _dbus_unix_user_is_process_owner (uid);
454 allowed = list_allows_user (allowed,
455 &policy->default_rules,
457 group_ids, n_group_ids);
459 allowed = list_allows_user (allowed,
460 &policy->mandatory_rules,
462 group_ids, n_group_ids);
464 dbus_free (group_ids);
466 _dbus_verbose ("UID %lu allowed = %d\n", uid, allowed);
471 /* For now this is never actually called because the default
472 * DBusConnection behavior of 'same user that owns the bus can
473 * connect' is all it would do. Set the windows user function in
474 * connection.c if the config file ever supports doing something
478 bus_policy_allow_windows_user (BusPolicy *policy,
479 const char *windows_sid)
481 /* Windows has no policies here since only the session bus
482 * is really used for now, so just checking that the
483 * connecting person is the same as the bus owner is fine.
485 return _dbus_windows_user_is_process_owner (windows_sid);
489 bus_policy_append_default_rule (BusPolicy *policy,
492 if (!_dbus_list_append (&policy->default_rules, rule))
495 bus_policy_rule_ref (rule);
501 bus_policy_append_mandatory_rule (BusPolicy *policy,
504 if (!_dbus_list_append (&policy->mandatory_rules, rule))
507 bus_policy_rule_ref (rule);
515 get_list (DBusHashTable *hash,
520 list = _dbus_hash_table_lookup_ulong (hash, key);
524 list = dbus_new0 (DBusList*, 1);
528 if (!_dbus_hash_table_insert_ulong (hash, key, list))
539 bus_policy_append_user_rule (BusPolicy *policy,
545 list = get_list (policy->rules_by_uid, uid);
550 if (!_dbus_list_append (list, rule))
553 bus_policy_rule_ref (rule);
559 bus_policy_append_group_rule (BusPolicy *policy,
565 list = get_list (policy->rules_by_gid, gid);
570 if (!_dbus_list_append (list, rule))
573 bus_policy_rule_ref (rule);
579 bus_policy_append_console_rule (BusPolicy *policy,
580 dbus_bool_t at_console,
585 if (!_dbus_list_append (&policy->at_console_true_rules, rule))
590 if (!_dbus_list_append (&policy->at_console_false_rules, rule))
594 bus_policy_rule_ref (rule);
601 append_copy_of_policy_list (DBusList **list,
602 DBusList **to_append)
609 /* Preallocate all our links */
610 link = _dbus_list_get_first_link (to_append);
613 if (!_dbus_list_append (&tmp_list, link->data))
615 _dbus_list_clear (&tmp_list);
619 link = _dbus_list_get_next_link (to_append, link);
622 /* Now append them */
623 while ((link = _dbus_list_pop_first_link (&tmp_list)))
625 bus_policy_rule_ref (link->data);
626 _dbus_list_append_link (list, link);
633 merge_id_hash (DBusHashTable *dest,
634 DBusHashTable *to_absorb)
638 _dbus_hash_iter_init (to_absorb, &iter);
639 while (_dbus_hash_iter_next (&iter))
641 unsigned long id = _dbus_hash_iter_get_ulong_key (&iter);
642 DBusList **list = _dbus_hash_iter_get_value (&iter);
643 DBusList **target = get_list (dest, id);
648 if (!append_copy_of_policy_list (target, list))
656 bus_policy_merge (BusPolicy *policy,
657 BusPolicy *to_absorb)
659 /* FIXME Not properly atomic, but as used for configuration files we
660 * don't rely on it quite so much.
663 if (!append_copy_of_policy_list (&policy->default_rules,
664 &to_absorb->default_rules))
667 if (!append_copy_of_policy_list (&policy->mandatory_rules,
668 &to_absorb->mandatory_rules))
671 if (!append_copy_of_policy_list (&policy->at_console_true_rules,
672 &to_absorb->at_console_true_rules))
675 if (!append_copy_of_policy_list (&policy->at_console_false_rules,
676 &to_absorb->at_console_false_rules))
679 if (!merge_id_hash (policy->rules_by_uid,
680 to_absorb->rules_by_uid))
683 if (!merge_id_hash (policy->rules_by_gid,
684 to_absorb->rules_by_gid))
690 struct BusClientPolicy
698 bus_client_policy_new (void)
700 BusClientPolicy *policy;
702 policy = dbus_new0 (BusClientPolicy, 1);
706 policy->refcount = 1;
712 bus_client_policy_ref (BusClientPolicy *policy)
714 _dbus_assert (policy->refcount > 0);
716 policy->refcount += 1;
722 rule_unref_foreach (void *data,
725 BusPolicyRule *rule = data;
727 bus_policy_rule_unref (rule);
731 bus_client_policy_unref (BusClientPolicy *policy)
733 _dbus_assert (policy->refcount > 0);
735 policy->refcount -= 1;
737 if (policy->refcount == 0)
739 _dbus_list_foreach (&policy->rules,
743 _dbus_list_clear (&policy->rules);
750 remove_rules_by_type_up_to (BusClientPolicy *policy,
751 BusPolicyRuleType type,
756 link = _dbus_list_get_first_link (&policy->rules);
757 while (link != up_to)
759 BusPolicyRule *rule = link->data;
760 DBusList *next = _dbus_list_get_next_link (&policy->rules, link);
762 if (rule->type == type)
764 _dbus_list_remove_link (&policy->rules, link);
765 bus_policy_rule_unref (rule);
773 bus_client_policy_optimize (BusClientPolicy *policy)
777 /* The idea here is that if we have:
779 * <allow send_interface="foo.bar"/>
780 * <deny send_interface="*"/>
782 * (for example) the deny will always override the allow. So we
783 * delete the allow. Ditto for deny followed by allow, etc. This is
784 * a dumb thing to put in a config file, but the <include> feature
785 * of files allows for an "inheritance and override" pattern where
786 * it could make sense. If an included file wants to "start over"
787 * with a blanket deny, no point keeping the rules from the parent
791 _dbus_verbose ("Optimizing policy with %d rules\n",
792 _dbus_list_get_length (&policy->rules));
794 link = _dbus_list_get_first_link (&policy->rules);
799 dbus_bool_t remove_preceding;
801 next = _dbus_list_get_next_link (&policy->rules, link);
804 remove_preceding = FALSE;
806 _dbus_assert (rule != NULL);
810 case BUS_POLICY_RULE_SEND:
812 rule->d.send.message_type == DBUS_MESSAGE_TYPE_INVALID &&
813 rule->d.send.path == NULL &&
814 rule->d.send.interface == NULL &&
815 rule->d.send.member == NULL &&
816 rule->d.send.error == NULL &&
817 rule->d.send.destination == NULL;
819 case BUS_POLICY_RULE_RECEIVE:
821 rule->d.receive.message_type == DBUS_MESSAGE_TYPE_INVALID &&
822 rule->d.receive.path == NULL &&
823 rule->d.receive.interface == NULL &&
824 rule->d.receive.member == NULL &&
825 rule->d.receive.error == NULL &&
826 rule->d.receive.origin == NULL;
828 case BUS_POLICY_RULE_OWN:
830 rule->d.own.service_name == NULL;
832 case BUS_POLICY_RULE_USER:
833 case BUS_POLICY_RULE_GROUP:
834 _dbus_assert_not_reached ("invalid rule");
838 if (remove_preceding)
839 remove_rules_by_type_up_to (policy, rule->type,
845 _dbus_verbose ("After optimization, policy has %d rules\n",
846 _dbus_list_get_length (&policy->rules));
850 bus_client_policy_append_rule (BusClientPolicy *policy,
853 _dbus_verbose ("Appending rule %p with type %d to policy %p\n",
854 rule, rule->type, policy);
856 if (!_dbus_list_append (&policy->rules, rule))
859 bus_policy_rule_ref (rule);
865 bus_client_policy_check_can_send (BusClientPolicy *policy,
866 BusRegistry *registry,
867 dbus_bool_t requested_reply,
868 DBusConnection *receiver,
869 DBusMessage *message,
870 dbus_int32_t *toggles)
875 /* policy->rules is in the order the rules appeared
876 * in the config file, i.e. last rule that applies wins
879 _dbus_verbose (" (policy) checking send rules\n");
883 link = _dbus_list_get_first_link (&policy->rules);
886 BusPolicyRule *rule = link->data;
888 link = _dbus_list_get_next_link (&policy->rules, link);
890 /* Rule is skipped if it specifies a different
891 * message name from the message, or a different
892 * destination from the message
895 if (rule->type != BUS_POLICY_RULE_SEND)
897 _dbus_verbose (" (policy) skipping non-send rule\n");
901 if (rule->d.send.message_type != DBUS_MESSAGE_TYPE_INVALID)
903 if (dbus_message_get_type (message) != rule->d.send.message_type)
905 _dbus_verbose (" (policy) skipping rule for different message type\n");
910 /* If it's a reply, the requested_reply flag kicks in */
911 if (dbus_message_get_reply_serial (message) != 0)
913 /* for allow, requested_reply=true means the rule applies
914 * only when reply was requested. requested_reply=false means
917 if (!requested_reply && rule->allow && rule->d.send.requested_reply && !rule->d.send.eavesdrop)
919 _dbus_verbose (" (policy) skipping allow rule since it only applies to requested replies and does not allow eavesdropping\n");
923 /* for deny, requested_reply=false means the rule applies only
924 * when the reply was not requested. requested_reply=true means the
925 * rule always applies.
927 if (requested_reply && !rule->allow && !rule->d.send.requested_reply)
929 _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n");
934 if (rule->d.send.path != NULL)
936 if (dbus_message_get_path (message) != NULL &&
937 strcmp (dbus_message_get_path (message),
938 rule->d.send.path) != 0)
940 _dbus_verbose (" (policy) skipping rule for different path\n");
945 if (rule->d.send.interface != NULL)
947 /* The interface is optional in messages. For allow rules, if the message
948 * has no interface we want to skip the rule (and thus not allow);
949 * for deny rules, if the message has no interface we want to use the
950 * rule (and thus deny).
952 dbus_bool_t no_interface;
954 no_interface = dbus_message_get_interface (message) == NULL;
956 if ((no_interface && rule->allow) ||
958 strcmp (dbus_message_get_interface (message),
959 rule->d.send.interface) != 0))
961 _dbus_verbose (" (policy) skipping rule for different interface\n");
966 if (rule->d.send.member != NULL)
968 if (dbus_message_get_member (message) != NULL &&
969 strcmp (dbus_message_get_member (message),
970 rule->d.send.member) != 0)
972 _dbus_verbose (" (policy) skipping rule for different member\n");
977 if (rule->d.send.error != NULL)
979 if (dbus_message_get_error_name (message) != NULL &&
980 strcmp (dbus_message_get_error_name (message),
981 rule->d.send.error) != 0)
983 _dbus_verbose (" (policy) skipping rule for different error name\n");
988 if (rule->d.send.destination != NULL)
990 /* receiver can be NULL for messages that are sent to the
991 * message bus itself, we check the strings in that case as
992 * built-in services don't have a DBusConnection but messages
993 * to them have a destination service name.
995 if (receiver == NULL)
997 if (!dbus_message_has_destination (message,
998 rule->d.send.destination))
1000 _dbus_verbose (" (policy) skipping rule because message dest is not %s\n",
1001 rule->d.send.destination);
1008 BusService *service;
1010 _dbus_string_init_const (&str, rule->d.send.destination);
1012 service = bus_registry_lookup (registry, &str);
1013 if (service == NULL)
1015 _dbus_verbose (" (policy) skipping rule because dest %s doesn't exist\n",
1016 rule->d.send.destination);
1020 if (!bus_service_has_owner (service, receiver))
1022 _dbus_verbose (" (policy) skipping rule because dest %s isn't owned by receiver\n",
1023 rule->d.send.destination);
1030 allowed = rule->allow;
1033 _dbus_verbose (" (policy) used rule, allow now = %d\n",
1040 /* See docs on what the args mean on bus_context_check_security_policy()
1044 bus_client_policy_check_can_receive (BusClientPolicy *policy,
1045 BusRegistry *registry,
1046 dbus_bool_t requested_reply,
1047 DBusConnection *sender,
1048 DBusConnection *addressed_recipient,
1049 DBusConnection *proposed_recipient,
1050 DBusMessage *message,
1051 dbus_int32_t *toggles)
1054 dbus_bool_t allowed;
1055 dbus_bool_t eavesdropping;
1058 addressed_recipient != proposed_recipient &&
1059 dbus_message_get_destination (message) != NULL;
1061 /* policy->rules is in the order the rules appeared
1062 * in the config file, i.e. last rule that applies wins
1065 _dbus_verbose (" (policy) checking receive rules, eavesdropping = %d\n", eavesdropping);
1069 link = _dbus_list_get_first_link (&policy->rules);
1070 while (link != NULL)
1072 BusPolicyRule *rule = link->data;
1074 link = _dbus_list_get_next_link (&policy->rules, link);
1076 if (rule->type != BUS_POLICY_RULE_RECEIVE)
1078 _dbus_verbose (" (policy) skipping non-receive rule\n");
1082 if (rule->d.receive.message_type != DBUS_MESSAGE_TYPE_INVALID)
1084 if (dbus_message_get_type (message) != rule->d.receive.message_type)
1086 _dbus_verbose (" (policy) skipping rule for different message type\n");
1091 /* for allow, eavesdrop=false means the rule doesn't apply when
1092 * eavesdropping. eavesdrop=true means always allow.
1094 if (eavesdropping && rule->allow && !rule->d.receive.eavesdrop)
1096 _dbus_verbose (" (policy) skipping allow rule since it doesn't apply to eavesdropping\n");
1100 /* for deny, eavesdrop=true means the rule applies only when
1101 * eavesdropping; eavesdrop=false means always deny.
1103 if (!eavesdropping && !rule->allow && rule->d.receive.eavesdrop)
1105 _dbus_verbose (" (policy) skipping deny rule since it only applies to eavesdropping\n");
1109 /* If it's a reply, the requested_reply flag kicks in */
1110 if (dbus_message_get_reply_serial (message) != 0)
1112 /* for allow, requested_reply=true means the rule applies
1113 * only when reply was requested. requested_reply=false means
1116 if (!requested_reply && rule->allow && rule->d.receive.requested_reply && !rule->d.receive.eavesdrop)
1118 _dbus_verbose (" (policy) skipping allow rule since it only applies to requested replies and does not allow eavesdropping\n");
1122 /* for deny, requested_reply=false means the rule applies only
1123 * when the reply was not requested. requested_reply=true means the
1124 * rule always applies.
1126 if (requested_reply && !rule->allow && !rule->d.receive.requested_reply)
1128 _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n");
1133 if (rule->d.receive.path != NULL)
1135 if (dbus_message_get_path (message) != NULL &&
1136 strcmp (dbus_message_get_path (message),
1137 rule->d.receive.path) != 0)
1139 _dbus_verbose (" (policy) skipping rule for different path\n");
1144 if (rule->d.receive.interface != NULL)
1146 /* The interface is optional in messages. For allow rules, if the message
1147 * has no interface we want to skip the rule (and thus not allow);
1148 * for deny rules, if the message has no interface we want to use the
1149 * rule (and thus deny).
1151 dbus_bool_t no_interface;
1153 no_interface = dbus_message_get_interface (message) == NULL;
1155 if ((no_interface && rule->allow) ||
1157 strcmp (dbus_message_get_interface (message),
1158 rule->d.receive.interface) != 0))
1160 _dbus_verbose (" (policy) skipping rule for different interface\n");
1165 if (rule->d.receive.member != NULL)
1167 if (dbus_message_get_member (message) != NULL &&
1168 strcmp (dbus_message_get_member (message),
1169 rule->d.receive.member) != 0)
1171 _dbus_verbose (" (policy) skipping rule for different member\n");
1176 if (rule->d.receive.error != NULL)
1178 if (dbus_message_get_error_name (message) != NULL &&
1179 strcmp (dbus_message_get_error_name (message),
1180 rule->d.receive.error) != 0)
1182 _dbus_verbose (" (policy) skipping rule for different error name\n");
1187 if (rule->d.receive.origin != NULL)
1189 /* sender can be NULL for messages that originate from the
1190 * message bus itself, we check the strings in that case as
1191 * built-in services don't have a DBusConnection but will
1192 * still set the sender on their messages.
1196 if (!dbus_message_has_sender (message,
1197 rule->d.receive.origin))
1199 _dbus_verbose (" (policy) skipping rule because message sender is not %s\n",
1200 rule->d.receive.origin);
1206 BusService *service;
1209 _dbus_string_init_const (&str, rule->d.receive.origin);
1211 service = bus_registry_lookup (registry, &str);
1213 if (service == NULL)
1215 _dbus_verbose (" (policy) skipping rule because origin %s doesn't exist\n",
1216 rule->d.receive.origin);
1220 if (!bus_service_has_owner (service, sender))
1222 _dbus_verbose (" (policy) skipping rule because origin %s isn't owned by sender\n",
1223 rule->d.receive.origin);
1230 allowed = rule->allow;
1233 _dbus_verbose (" (policy) used rule, allow now = %d\n",
1241 bus_client_policy_check_can_own (BusClientPolicy *policy,
1242 DBusConnection *connection,
1243 const DBusString *service_name)
1246 dbus_bool_t allowed;
1248 /* policy->rules is in the order the rules appeared
1249 * in the config file, i.e. last rule that applies wins
1253 link = _dbus_list_get_first_link (&policy->rules);
1254 while (link != NULL)
1256 BusPolicyRule *rule = link->data;
1258 link = _dbus_list_get_next_link (&policy->rules, link);
1260 /* Rule is skipped if it specifies a different service name from
1264 if (rule->type != BUS_POLICY_RULE_OWN)
1267 if (rule->d.own.service_name != NULL)
1269 if (!_dbus_string_equal_c_str (service_name,
1270 rule->d.own.service_name))
1275 allowed = rule->allow;
1281 #ifdef DBUS_BUILD_TESTS
1284 bus_policy_test (const DBusString *test_data_dir)
1286 /* This doesn't do anything for now because I decided to do it in
1287 * dispatch.c instead by having some of the clients in dispatch.c
1288 * have particular policies applied to them.
1294 #endif /* DBUS_BUILD_TESTS */
projects / platform / upstream / dbus.git / blob