1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* policy.c Bus security policy
4 * Copyright (C) 2003, 2004 Red Hat, Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
31 #include <dbus/dbus-list.h>
32 #include <dbus/dbus-hash.h>
33 #include <dbus/dbus-internals.h>
36 bus_policy_rule_new (BusPolicyRuleType type,
37 BusPolicyRuleAccess access)
41 rule = dbus_new0 (BusPolicyRule, 1);
47 rule->access = access;
51 case BUS_POLICY_RULE_USER:
52 rule->d.user.uid = DBUS_UID_UNSET;
54 case BUS_POLICY_RULE_GROUP:
55 rule->d.group.gid = DBUS_GID_UNSET;
57 case BUS_POLICY_RULE_SEND:
58 rule->d.send.message_type = DBUS_MESSAGE_TYPE_INVALID;
59 /* allow rules default to TRUE (only requested replies allowed)
60 * check rules default to TRUE (only requested replies are checked)
61 * deny rules default to FALSE (only unrequested replies denied)
63 rule->d.send.requested_reply = rule->access != BUS_POLICY_RULE_ACCESS_DENY;
65 case BUS_POLICY_RULE_RECEIVE:
66 rule->d.receive.message_type = DBUS_MESSAGE_TYPE_INVALID;
67 /* allow rules default to TRUE (only requested replies allowed)
68 * check rules default to TRUE (only requested replies are checked)
69 * deny rules default to FALSE (only unrequested replies denied)
71 rule->d.receive.requested_reply = rule->access != BUS_POLICY_RULE_ACCESS_DENY;
73 case BUS_POLICY_RULE_OWN:
81 bus_policy_rule_ref (BusPolicyRule *rule)
83 _dbus_assert (rule->refcount > 0);
91 bus_policy_rule_unref (BusPolicyRule *rule)
93 _dbus_assert (rule->refcount > 0);
97 if (rule->refcount == 0)
101 case BUS_POLICY_RULE_SEND:
102 dbus_free (rule->d.send.path);
103 dbus_free (rule->d.send.interface);
104 dbus_free (rule->d.send.member);
105 dbus_free (rule->d.send.error);
106 dbus_free (rule->d.send.destination);
108 case BUS_POLICY_RULE_RECEIVE:
109 dbus_free (rule->d.receive.path);
110 dbus_free (rule->d.receive.interface);
111 dbus_free (rule->d.receive.member);
112 dbus_free (rule->d.receive.error);
113 dbus_free (rule->d.receive.origin);
115 case BUS_POLICY_RULE_OWN:
116 dbus_free (rule->d.own.service_name);
118 case BUS_POLICY_RULE_USER:
120 case BUS_POLICY_RULE_GROUP:
124 dbus_free (rule->privilege);
133 DBusList *default_rules; /**< Default policy rules */
134 DBusList *mandatory_rules; /**< Mandatory policy rules */
135 DBusHashTable *rules_by_uid; /**< per-UID policy rules */
136 DBusHashTable *rules_by_gid; /**< per-GID policy rules */
137 DBusHashTable *rules_by_smack_label; /**< per-SMACK label policy rules */
138 DBusList *at_console_true_rules; /**< console user policy rules where at_console="true"*/
139 DBusList *at_console_false_rules; /**< console user policy rules where at_console="false"*/
143 free_rule_func (void *data,
146 BusPolicyRule *rule = data;
148 bus_policy_rule_unref (rule);
152 free_rule_list_func (void *data)
154 DBusList **list = data;
156 if (list == NULL) /* DBusHashTable is on crack */
159 _dbus_list_foreach (list, free_rule_func, NULL);
161 _dbus_list_clear (list);
167 bus_policy_new (void)
171 policy = dbus_new0 (BusPolicy, 1);
175 policy->refcount = 1;
177 policy->rules_by_uid = _dbus_hash_table_new (DBUS_HASH_UINTPTR,
179 free_rule_list_func);
180 if (policy->rules_by_uid == NULL)
183 policy->rules_by_gid = _dbus_hash_table_new (DBUS_HASH_UINTPTR,
185 free_rule_list_func);
186 if (policy->rules_by_gid == NULL)
189 #ifdef DBUS_ENABLE_SMACK
190 policy->rules_by_smack_label = _dbus_hash_table_new (DBUS_HASH_STRING,
191 (DBusFreeFunction) dbus_free,
192 free_rule_list_func);
193 if (policy->rules_by_smack_label == NULL)
200 bus_policy_unref (policy);
205 bus_policy_ref (BusPolicy *policy)
207 _dbus_assert (policy->refcount > 0);
209 policy->refcount += 1;
215 bus_policy_unref (BusPolicy *policy)
217 _dbus_assert (policy->refcount > 0);
219 policy->refcount -= 1;
221 if (policy->refcount == 0)
223 _dbus_list_foreach (&policy->default_rules, free_rule_func, NULL);
224 _dbus_list_clear (&policy->default_rules);
226 _dbus_list_foreach (&policy->mandatory_rules, free_rule_func, NULL);
227 _dbus_list_clear (&policy->mandatory_rules);
229 _dbus_list_foreach (&policy->at_console_true_rules, free_rule_func, NULL);
230 _dbus_list_clear (&policy->at_console_true_rules);
232 _dbus_list_foreach (&policy->at_console_false_rules, free_rule_func, NULL);
233 _dbus_list_clear (&policy->at_console_false_rules);
235 if (policy->rules_by_uid)
237 _dbus_hash_table_unref (policy->rules_by_uid);
238 policy->rules_by_uid = NULL;
241 if (policy->rules_by_gid)
243 _dbus_hash_table_unref (policy->rules_by_gid);
244 policy->rules_by_gid = NULL;
247 if (policy->rules_by_smack_label)
249 _dbus_hash_table_unref (policy->rules_by_smack_label);
250 policy->rules_by_smack_label = NULL;
258 add_list_to_client (DBusList **list,
259 BusClientPolicy *client)
263 link = _dbus_list_get_first_link (list);
266 BusPolicyRule *rule = link->data;
267 link = _dbus_list_get_next_link (list, link);
271 case BUS_POLICY_RULE_USER:
272 case BUS_POLICY_RULE_GROUP:
273 /* These aren't per-connection policies */
276 case BUS_POLICY_RULE_OWN:
277 case BUS_POLICY_RULE_SEND:
278 case BUS_POLICY_RULE_RECEIVE:
279 /* These are per-connection */
280 if (!bus_client_policy_append_rule (client, rule))
290 bus_policy_create_client_policy (BusPolicy *policy,
291 DBusConnection *connection,
294 BusClientPolicy *client;
296 dbus_bool_t at_console;
298 _dbus_assert (dbus_connection_get_is_authenticated (connection));
299 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
301 client = bus_client_policy_new ();
305 if (!add_list_to_client (&policy->default_rules,
309 /* we avoid the overhead of looking up user's groups
310 * if we don't have any group rules anyway
312 if (_dbus_hash_table_get_n_entries (policy->rules_by_gid) > 0)
314 unsigned long *groups;
318 if (!bus_connection_get_unix_groups (connection, &groups, &n_groups, error))
326 list = _dbus_hash_table_lookup_uintptr (policy->rules_by_gid,
331 if (!add_list_to_client (list, client))
344 if (dbus_connection_get_unix_user (connection, &uid))
346 if (_dbus_hash_table_get_n_entries (policy->rules_by_uid) > 0)
350 list = _dbus_hash_table_lookup_uintptr (policy->rules_by_uid,
355 if (!add_list_to_client (list, client))
360 /* Add console rules */
361 at_console = _dbus_unix_user_is_at_console (uid, error);
365 if (!add_list_to_client (&policy->at_console_true_rules, client))
368 else if (dbus_error_is_set (error) == TRUE)
372 else if (!add_list_to_client (&policy->at_console_false_rules, client))
378 if (policy->rules_by_smack_label &&
379 _dbus_hash_table_get_n_entries (policy->rules_by_smack_label) > 0)
382 dbus_bool_t nomem_err = FALSE;
384 list = bus_smack_generate_allowed_list(connection, policy->rules_by_smack_label, &nomem_err);
388 nomem_err = !add_list_to_client (list, client);
389 _dbus_list_clear (list);
397 if (!add_list_to_client (&policy->mandatory_rules,
401 bus_client_policy_optimize (client);
408 _DBUS_ASSERT_ERROR_IS_SET (error);
410 bus_client_policy_unref (client);
415 list_allows_user (dbus_bool_t def,
418 const unsigned long *group_ids,
426 link = _dbus_list_get_first_link (list);
429 BusPolicyRule *rule = link->data;
430 link = _dbus_list_get_next_link (list, link);
432 if (rule->type == BUS_POLICY_RULE_USER)
434 _dbus_verbose ("List %p user rule uid="DBUS_UID_FORMAT"\n",
435 list, rule->d.user.uid);
437 if (rule->d.user.uid == DBUS_UID_UNSET)
439 else if (rule->d.user.uid != uid)
442 else if (rule->type == BUS_POLICY_RULE_GROUP)
444 _dbus_verbose ("List %p group rule gid="DBUS_GID_FORMAT"\n",
445 list, rule->d.group.gid);
447 if (rule->d.group.gid == DBUS_GID_UNSET)
454 while (i < n_group_ids)
456 if (rule->d.group.gid == group_ids[i])
461 if (i == n_group_ids)
468 /* We don't intend to support <check user="..." /> and <check group="..." />
469 rules. They are treated like deny.
471 allowed = rule->access == BUS_POLICY_RULE_ACCESS_ALLOW;
478 bus_policy_allow_unix_user (BusPolicy *policy,
482 unsigned long *group_ids;
485 /* On OOM or error we always reject the user */
486 if (!_dbus_unix_groups_from_uid (uid, &group_ids, &n_group_ids))
488 _dbus_verbose ("Did not get any groups for UID %lu\n",
493 /* Default to "user owning bus" can connect */
494 allowed = _dbus_unix_user_is_process_owner (uid);
496 allowed = list_allows_user (allowed,
497 &policy->default_rules,
499 group_ids, n_group_ids);
501 allowed = list_allows_user (allowed,
502 &policy->mandatory_rules,
504 group_ids, n_group_ids);
506 dbus_free (group_ids);
508 _dbus_verbose ("UID %lu allowed = %d\n", uid, allowed);
513 /* For now this is never actually called because the default
514 * DBusConnection behavior of 'same user that owns the bus can
515 * connect' is all it would do. Set the windows user function in
516 * connection.c if the config file ever supports doing something
520 bus_policy_allow_windows_user (BusPolicy *policy,
521 const char *windows_sid)
523 /* Windows has no policies here since only the session bus
524 * is really used for now, so just checking that the
525 * connecting person is the same as the bus owner is fine.
527 return _dbus_windows_user_is_process_owner (windows_sid);
531 bus_policy_append_default_rule (BusPolicy *policy,
534 if (!_dbus_list_append (&policy->default_rules, rule))
537 bus_policy_rule_ref (rule);
543 bus_policy_append_mandatory_rule (BusPolicy *policy,
546 if (!_dbus_list_append (&policy->mandatory_rules, rule))
549 bus_policy_rule_ref (rule);
557 get_list (DBusHashTable *hash,
562 list = _dbus_hash_table_lookup_uintptr (hash, key);
566 list = dbus_new0 (DBusList*, 1);
570 if (!_dbus_hash_table_insert_uintptr (hash, key, list))
581 bus_policy_append_user_rule (BusPolicy *policy,
587 list = get_list (policy->rules_by_uid, uid);
592 if (!_dbus_list_append (list, rule))
595 bus_policy_rule_ref (rule);
601 bus_policy_append_group_rule (BusPolicy *policy,
607 list = get_list (policy->rules_by_gid, gid);
612 if (!_dbus_list_append (list, rule))
615 bus_policy_rule_ref (rule);
620 #ifdef DBUS_ENABLE_SMACK
622 get_list_string (DBusHashTable *table,
630 list = _dbus_hash_table_lookup_string (table, key);
636 list = dbus_new0 (DBusList*, 1);
640 new_key = _dbus_strdup (key);
647 if (!_dbus_hash_table_insert_string (table, new_key, list))
660 bus_policy_append_smack_rule (BusPolicy *policy,
664 #ifdef DBUS_ENABLE_SMACK
667 list = get_list_string (policy->rules_by_smack_label, label);
671 if (!_dbus_list_append (list, rule))
674 bus_policy_rule_ref (rule);
681 bus_policy_append_console_rule (BusPolicy *policy,
682 dbus_bool_t at_console,
687 if (!_dbus_list_append (&policy->at_console_true_rules, rule))
692 if (!_dbus_list_append (&policy->at_console_false_rules, rule))
696 bus_policy_rule_ref (rule);
703 append_copy_of_policy_list (DBusList **list,
704 DBusList **to_append)
711 /* Preallocate all our links */
712 link = _dbus_list_get_first_link (to_append);
715 if (!_dbus_list_append (&tmp_list, link->data))
717 _dbus_list_clear (&tmp_list);
721 link = _dbus_list_get_next_link (to_append, link);
724 /* Now append them */
725 while ((link = _dbus_list_pop_first_link (&tmp_list)))
727 bus_policy_rule_ref (link->data);
728 _dbus_list_append_link (list, link);
735 merge_id_hash (DBusHashTable *dest,
736 DBusHashTable *to_absorb)
740 _dbus_hash_iter_init (to_absorb, &iter);
741 while (_dbus_hash_iter_next (&iter))
743 unsigned long id = _dbus_hash_iter_get_uintptr_key (&iter);
744 DBusList **list = _dbus_hash_iter_get_value (&iter);
745 DBusList **target = get_list (dest, id);
750 if (!append_copy_of_policy_list (target, list))
757 #ifdef DBUS_ENABLE_SMACK
759 merge_string_hash (DBusHashTable *dest,
760 DBusHashTable *to_absorb)
764 _dbus_hash_iter_init (to_absorb, &iter);
765 while (_dbus_hash_iter_next (&iter))
767 const char *absorb_label = _dbus_hash_iter_get_string_key(&iter);
768 DBusList **list = _dbus_hash_iter_get_value (&iter);
769 DBusList **target = get_list_string (dest, absorb_label);
774 if (!append_copy_of_policy_list (target, list))
783 bus_policy_merge (BusPolicy *policy,
784 BusPolicy *to_absorb)
786 /* FIXME Not properly atomic, but as used for configuration files we
787 * don't rely on it quite so much.
790 if (!append_copy_of_policy_list (&policy->default_rules,
791 &to_absorb->default_rules))
794 if (!append_copy_of_policy_list (&policy->mandatory_rules,
795 &to_absorb->mandatory_rules))
798 if (!append_copy_of_policy_list (&policy->at_console_true_rules,
799 &to_absorb->at_console_true_rules))
802 if (!append_copy_of_policy_list (&policy->at_console_false_rules,
803 &to_absorb->at_console_false_rules))
806 if (!merge_id_hash (policy->rules_by_uid,
807 to_absorb->rules_by_uid))
810 if (!merge_id_hash (policy->rules_by_gid,
811 to_absorb->rules_by_gid))
814 #ifdef DBUS_ENABLE_SMACK
815 if (!merge_string_hash (policy->rules_by_smack_label,
816 to_absorb->rules_by_smack_label))
823 struct BusClientPolicy
831 bus_client_policy_new (void)
833 BusClientPolicy *policy;
835 policy = dbus_new0 (BusClientPolicy, 1);
839 policy->refcount = 1;
845 bus_client_policy_ref (BusClientPolicy *policy)
847 _dbus_assert (policy->refcount > 0);
849 policy->refcount += 1;
855 rule_unref_foreach (void *data,
858 BusPolicyRule *rule = data;
860 bus_policy_rule_unref (rule);
864 bus_client_policy_unref (BusClientPolicy *policy)
866 _dbus_assert (policy->refcount > 0);
868 policy->refcount -= 1;
870 if (policy->refcount == 0)
872 _dbus_list_foreach (&policy->rules,
876 _dbus_list_clear (&policy->rules);
883 remove_rules_by_type_up_to (BusClientPolicy *policy,
884 BusPolicyRuleType type,
889 link = _dbus_list_get_first_link (&policy->rules);
890 while (link != up_to)
892 BusPolicyRule *rule = link->data;
893 DBusList *next = _dbus_list_get_next_link (&policy->rules, link);
895 if (rule->type == type)
897 _dbus_list_remove_link (&policy->rules, link);
898 bus_policy_rule_unref (rule);
906 bus_client_policy_optimize (BusClientPolicy *policy)
910 /* The idea here is that if we have:
912 * <allow send_interface="foo.bar"/>
913 * <deny send_interface="*"/>
915 * (for example) the deny will always override the allow. So we
916 * delete the allow. Ditto for deny followed by allow, etc. This is
917 * a dumb thing to put in a config file, but the <include> feature
918 * of files allows for an "inheritance and override" pattern where
919 * it could make sense. If an included file wants to "start over"
920 * with a blanket deny, no point keeping the rules from the parent
924 _dbus_verbose ("Optimizing policy with %d rules\n",
925 _dbus_list_get_length (&policy->rules));
927 link = _dbus_list_get_first_link (&policy->rules);
932 dbus_bool_t remove_preceding;
934 next = _dbus_list_get_next_link (&policy->rules, link);
937 remove_preceding = FALSE;
939 _dbus_assert (rule != NULL);
943 case BUS_POLICY_RULE_SEND:
945 rule->d.send.message_type == DBUS_MESSAGE_TYPE_INVALID &&
946 rule->d.send.path == NULL &&
947 rule->d.send.interface == NULL &&
948 rule->d.send.member == NULL &&
949 rule->d.send.error == NULL &&
950 rule->d.send.destination == NULL;
952 case BUS_POLICY_RULE_RECEIVE:
954 rule->d.receive.message_type == DBUS_MESSAGE_TYPE_INVALID &&
955 rule->d.receive.path == NULL &&
956 rule->d.receive.interface == NULL &&
957 rule->d.receive.member == NULL &&
958 rule->d.receive.error == NULL &&
959 rule->d.receive.origin == NULL;
961 case BUS_POLICY_RULE_OWN:
963 rule->d.own.service_name == NULL;
965 case BUS_POLICY_RULE_USER:
966 case BUS_POLICY_RULE_GROUP:
967 _dbus_assert_not_reached ("invalid rule");
971 if (remove_preceding)
972 remove_rules_by_type_up_to (policy, rule->type,
978 _dbus_verbose ("After optimization, policy has %d rules\n",
979 _dbus_list_get_length (&policy->rules));
983 bus_client_policy_append_rule (BusClientPolicy *policy,
986 _dbus_verbose ("Appending rule %p with type %d to policy %p\n",
987 rule, rule->type, policy);
989 if (!_dbus_list_append (&policy->rules, rule))
992 bus_policy_rule_ref (rule);
998 bus_client_policy_check_can_send (DBusConnection *sender,
999 BusClientPolicy *policy,
1000 BusRegistry *registry,
1001 dbus_bool_t requested_reply,
1002 DBusConnection *addressed_recipient,
1003 DBusConnection *receiver,
1004 DBusMessage *message,
1005 dbus_int32_t *toggles,
1007 const char **privilege_param,
1008 BusDeferredMessage **deferred_message)
1012 const char *privilege;
1014 /* policy->rules is in the order the rules appeared
1015 * in the config file, i.e. last rule that applies wins
1018 _dbus_verbose (" (policy) checking send rules\n");
1021 result = BUS_RESULT_FALSE;
1022 link = _dbus_list_get_first_link (&policy->rules);
1023 while (link != NULL)
1025 BusPolicyRule *rule = link->data;
1027 link = _dbus_list_get_next_link (&policy->rules, link);
1029 /* Rule is skipped if it specifies a different
1030 * message name from the message, or a different
1031 * destination from the message
1034 if (rule->type != BUS_POLICY_RULE_SEND)
1036 _dbus_verbose (" (policy) skipping non-send rule\n");
1040 if (rule->d.send.message_type != DBUS_MESSAGE_TYPE_INVALID)
1042 if (dbus_message_get_type (message) != rule->d.send.message_type)
1044 _dbus_verbose (" (policy) skipping rule for different message type\n");
1049 /* If it's a reply, the requested_reply flag kicks in */
1050 if (dbus_message_get_reply_serial (message) != 0)
1052 /* for allow or check requested_reply=true means the rule applies
1053 * only when reply was requested. requested_reply=false means the
1054 * rule always applies
1056 if (!requested_reply && rule->access != BUS_POLICY_RULE_ACCESS_DENY && rule->d.send.requested_reply && !rule->d.send.eavesdrop)
1058 _dbus_verbose (" (policy) skipping %s rule since it only applies to requested replies and does not allow eavesdropping\n",
1059 rule->access == BUS_POLICY_RULE_ACCESS_ALLOW ? "allow" : "check");
1063 /* for deny, requested_reply=false means the rule applies only
1064 * when the reply was not requested. requested_reply=true means the
1065 * rule always applies.
1067 if (requested_reply && rule->access == BUS_POLICY_RULE_ACCESS_DENY && !rule->d.send.requested_reply)
1069 _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n");
1074 if (rule->d.send.path != NULL)
1076 if (dbus_message_get_path (message) != NULL &&
1077 strcmp (dbus_message_get_path (message),
1078 rule->d.send.path) != 0)
1080 _dbus_verbose (" (policy) skipping rule for different path\n");
1085 if (rule->d.send.interface != NULL)
1087 /* The interface is optional in messages. For allow rules, if the message
1088 * has no interface we want to skip the rule (and thus not allow);
1089 * for deny rules, if the message has no interface we want to use the
1090 * rule (and thus deny). Check rules are meant to be used like allow
1091 * rules (they can grant access, but not remove it), so we treat it like
1094 dbus_bool_t no_interface;
1096 no_interface = dbus_message_get_interface (message) == NULL;
1098 if ((no_interface && rule->access != BUS_POLICY_RULE_ACCESS_DENY) ||
1100 strcmp (dbus_message_get_interface (message),
1101 rule->d.send.interface) != 0))
1103 _dbus_verbose (" (policy) skipping rule for different interface\n");
1108 if (rule->d.send.member != NULL)
1110 if (dbus_message_get_member (message) != NULL &&
1111 strcmp (dbus_message_get_member (message),
1112 rule->d.send.member) != 0)
1114 _dbus_verbose (" (policy) skipping rule for different member\n");
1119 if (rule->d.send.error != NULL)
1121 if (dbus_message_get_error_name (message) != NULL &&
1122 strcmp (dbus_message_get_error_name (message),
1123 rule->d.send.error) != 0)
1125 _dbus_verbose (" (policy) skipping rule for different error name\n");
1130 if (rule->d.send.destination != NULL)
1132 /* receiver can be NULL for messages that are sent to the
1133 * message bus itself, we check the strings in that case as
1134 * built-in services don't have a DBusConnection but messages
1135 * to them have a destination service name.
1137 if (receiver == NULL)
1139 if (!dbus_message_has_destination (message,
1140 rule->d.send.destination))
1142 _dbus_verbose (" (policy) skipping rule because message dest is not %s\n",
1143 rule->d.send.destination);
1150 BusService *service;
1152 _dbus_string_init_const (&str, rule->d.send.destination);
1154 service = bus_registry_lookup (registry, &str);
1155 if (service == NULL)
1157 _dbus_verbose (" (policy) skipping rule because dest %s doesn't exist\n",
1158 rule->d.send.destination);
1162 if (!bus_service_has_owner (service, receiver))
1164 _dbus_verbose (" (policy) skipping rule because dest %s isn't owned by receiver\n",
1165 rule->d.send.destination);
1172 switch (rule->access)
1174 case BUS_POLICY_RULE_ACCESS_ALLOW:
1175 result = BUS_RESULT_TRUE;
1177 case BUS_POLICY_RULE_ACCESS_DENY:
1178 result = BUS_RESULT_FALSE;
1180 case BUS_POLICY_RULE_ACCESS_CHECK:
1181 result = BUS_RESULT_LATER;
1182 privilege = rule->privilege;
1186 *log = rule->d.send.log;
1189 _dbus_verbose (" (policy) used rule, result now = %d\n",
1193 if (result == BUS_RESULT_LATER)
1195 BusContext *context = bus_connection_get_context(sender);
1196 BusCheck *check = bus_context_get_check(context);
1198 result = bus_check_privilege(check, message, sender, addressed_recipient, receiver,
1199 privilege, BUS_DEFERRED_MESSAGE_CHECK_SEND, deferred_message);
1200 if (result == BUS_RESULT_LATER && deferred_message != NULL)
1201 bus_deferred_message_set_policy_check_info(*deferred_message, requested_reply,
1202 *toggles, privilege);
1207 if (privilege_param != NULL)
1208 *privilege_param = privilege;
1213 /* See docs on what the args mean on bus_context_check_security_policy()
1217 bus_client_policy_check_can_receive (BusClientPolicy *policy,
1218 BusRegistry *registry,
1219 dbus_bool_t requested_reply,
1220 DBusConnection *sender,
1221 DBusConnection *addressed_recipient,
1222 DBusConnection *proposed_recipient,
1223 DBusMessage *message,
1224 dbus_int32_t *toggles,
1225 const char **privilege_param,
1226 BusDeferredMessage **deferred_message)
1229 dbus_bool_t eavesdropping;
1231 const char *privilege;
1234 addressed_recipient != proposed_recipient &&
1235 dbus_message_get_destination (message) != NULL;
1237 /* policy->rules is in the order the rules appeared
1238 * in the config file, i.e. last rule that applies wins
1241 _dbus_verbose (" (policy) checking receive rules, eavesdropping = %d\n", eavesdropping);
1244 result = BUS_RESULT_FALSE;
1245 link = _dbus_list_get_first_link (&policy->rules);
1246 while (link != NULL)
1248 BusPolicyRule *rule = link->data;
1250 link = _dbus_list_get_next_link (&policy->rules, link);
1252 if (rule->type != BUS_POLICY_RULE_RECEIVE)
1254 _dbus_verbose (" (policy) skipping non-receive rule\n");
1258 if (rule->d.receive.message_type != DBUS_MESSAGE_TYPE_INVALID)
1260 if (dbus_message_get_type (message) != rule->d.receive.message_type)
1262 _dbus_verbose (" (policy) skipping rule for different message type\n");
1268 /* for allow or check, eavesdrop=false means the rule doesn't apply when
1269 * eavesdropping. eavesdrop=true means the rule always applies
1271 if (eavesdropping && rule->access != BUS_POLICY_RULE_ACCESS_DENY && !rule->d.receive.eavesdrop)
1273 _dbus_verbose (" (policy) skipping %s rule since it doesn't apply to eavesdropping\n",
1274 rule->access == BUS_POLICY_RULE_ACCESS_ALLOW ? "allow" : "check");
1278 /* for deny, eavesdrop=true means the rule applies only when
1279 * eavesdropping; eavesdrop=false means always deny.
1281 if (!eavesdropping && rule->access == BUS_POLICY_RULE_ACCESS_DENY && rule->d.receive.eavesdrop)
1283 _dbus_verbose (" (policy) skipping deny rule since it only applies to eavesdropping\n");
1287 /* If it's a reply, the requested_reply flag kicks in */
1288 if (dbus_message_get_reply_serial (message) != 0)
1290 /* for allow or check requested_reply=true means the rule applies
1291 * only when reply was requested. requested_reply=false means the
1292 * rule always applies
1294 if (!requested_reply && rule->access != BUS_POLICY_RULE_ACCESS_DENY && rule->d.send.requested_reply && !rule->d.send.eavesdrop)
1296 _dbus_verbose (" (policy) skipping %s rule since it only applies to requested replies and does not allow eavesdropping\n",
1297 rule->access == BUS_POLICY_RULE_ACCESS_DENY ? "allow" : "deny");
1301 /* for deny, requested_reply=false means the rule applies only
1302 * when the reply was not requested. requested_reply=true means the
1303 * rule always applies.
1305 if (requested_reply && rule->access == BUS_POLICY_RULE_ACCESS_DENY && !rule->d.receive.requested_reply)
1307 _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n");
1312 if (rule->d.receive.path != NULL)
1314 if (dbus_message_get_path (message) != NULL &&
1315 strcmp (dbus_message_get_path (message),
1316 rule->d.receive.path) != 0)
1318 _dbus_verbose (" (policy) skipping rule for different path\n");
1323 if (rule->d.receive.interface != NULL)
1325 /* The interface is optional in messages. For allow rules, if the message
1326 * has no interface we want to skip the rule (and thus not allow);
1327 * for deny rules, if the message has no interface we want to use the
1328 * rule (and thus deny). Check rules are treated like allow rules.
1330 dbus_bool_t no_interface;
1332 no_interface = dbus_message_get_interface (message) == NULL;
1334 if ((no_interface && rule->access != BUS_POLICY_RULE_ACCESS_DENY) ||
1336 strcmp (dbus_message_get_interface (message),
1337 rule->d.receive.interface) != 0))
1339 _dbus_verbose (" (policy) skipping rule for different interface\n");
1344 if (rule->d.receive.member != NULL)
1346 if (dbus_message_get_member (message) != NULL &&
1347 strcmp (dbus_message_get_member (message),
1348 rule->d.receive.member) != 0)
1350 _dbus_verbose (" (policy) skipping rule for different member\n");
1355 if (rule->d.receive.error != NULL)
1357 if (dbus_message_get_error_name (message) != NULL &&
1358 strcmp (dbus_message_get_error_name (message),
1359 rule->d.receive.error) != 0)
1361 _dbus_verbose (" (policy) skipping rule for different error name\n");
1366 if (rule->d.receive.origin != NULL)
1368 /* sender can be NULL for messages that originate from the
1369 * message bus itself, we check the strings in that case as
1370 * built-in services don't have a DBusConnection but will
1371 * still set the sender on their messages.
1375 if (!dbus_message_has_sender (message,
1376 rule->d.receive.origin))
1378 _dbus_verbose (" (policy) skipping rule because message sender is not %s\n",
1379 rule->d.receive.origin);
1385 BusService *service;
1388 _dbus_string_init_const (&str, rule->d.receive.origin);
1390 service = bus_registry_lookup (registry, &str);
1392 if (service == NULL)
1394 _dbus_verbose (" (policy) skipping rule because origin %s doesn't exist\n",
1395 rule->d.receive.origin);
1399 if (!bus_service_has_owner (service, sender))
1401 _dbus_verbose (" (policy) skipping rule because origin %s isn't owned by sender\n",
1402 rule->d.receive.origin);
1409 switch (rule->access)
1411 case BUS_POLICY_RULE_ACCESS_ALLOW:
1412 result = BUS_RESULT_TRUE;
1414 case BUS_POLICY_RULE_ACCESS_DENY:
1415 result = BUS_RESULT_FALSE;
1417 case BUS_POLICY_RULE_ACCESS_CHECK:
1418 result = BUS_RESULT_LATER;
1419 privilege = rule->privilege;
1425 _dbus_verbose (" (policy) used rule, result now = %d\n",
1430 if (result == BUS_RESULT_LATER)
1432 BusContext *context = bus_connection_get_context(proposed_recipient);
1433 BusCheck *check = bus_context_get_check(context);
1435 result = bus_check_privilege(check, message, sender, addressed_recipient, proposed_recipient,
1436 privilege, BUS_DEFERRED_MESSAGE_CHECK_RECEIVE, deferred_message);
1437 if (result == BUS_RESULT_LATER && deferred_message != NULL)
1438 bus_deferred_message_set_policy_check_info(*deferred_message, requested_reply,
1439 *toggles, privilege);
1444 if (privilege_param != NULL)
1445 *privilege_param = privilege;
1453 bus_rules_check_can_own (DBusList *rules,
1454 const DBusString *service_name,
1455 DBusConnection *connection,
1456 DBusMessage *message)
1460 const char *privilege;
1462 /* rules is in the order the rules appeared
1463 * in the config file, i.e. last rule that applies wins
1466 result = BUS_RESULT_FALSE;
1467 link = _dbus_list_get_first_link (&rules);
1468 while (link != NULL)
1470 BusPolicyRule *rule = link->data;
1472 link = _dbus_list_get_next_link (&rules, link);
1474 /* Rule is skipped if it specifies a different service name from
1478 if (rule->type != BUS_POLICY_RULE_OWN)
1481 if (!rule->d.own.prefix && rule->d.own.service_name != NULL)
1483 if (!_dbus_string_equal_c_str (service_name,
1484 rule->d.own.service_name))
1487 else if (rule->d.own.prefix)
1491 if (!_dbus_string_starts_with_c_str (service_name,
1492 rule->d.own.service_name))
1495 data = _dbus_string_get_const_data (service_name);
1496 next_char = data[strlen (rule->d.own.service_name)];
1497 if (next_char != '\0' && next_char != '.')
1502 switch (rule->access)
1504 case BUS_POLICY_RULE_ACCESS_ALLOW:
1505 result = BUS_RESULT_TRUE;
1507 case BUS_POLICY_RULE_ACCESS_DENY:
1508 result = BUS_RESULT_FALSE;
1510 case BUS_POLICY_RULE_ACCESS_CHECK:
1511 result = BUS_RESULT_LATER;
1512 privilege = rule->privilege;
1517 if (result == BUS_RESULT_LATER)
1519 BusContext *context = bus_connection_get_context(connection);
1520 BusCheck *check = bus_context_get_check(context);
1521 BusDeferredMessage *deferred_message;
1523 result = bus_check_privilege(check, message, connection, NULL, NULL,
1524 privilege, BUS_DEFERRED_MESSAGE_CHECK_OWN, &deferred_message);
1525 if (result == BUS_RESULT_LATER)
1527 bus_deferred_message_disable_sender(deferred_message);
1535 bus_client_policy_check_can_own (BusClientPolicy *policy,
1536 const DBusString *service_name,
1537 DBusConnection *connection,
1538 DBusMessage *message)
1540 return bus_rules_check_can_own (policy->rules, service_name, connection, message);
1543 #ifdef DBUS_ENABLE_EMBEDDED_TESTS
1545 bus_policy_check_can_own (BusPolicy *policy,
1546 const DBusString *service_name)
1548 return bus_rules_check_can_own (policy->default_rules, service_name, NULL, NULL);
1550 #endif /* DBUS_ENABLE_EMBEDDED_TESTS */
projects / platform / upstream / dbus.git / blob