bus/policy.h

   1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
   2 /* policy.h  Bus security policy
   3  *
   4  * Copyright (C) 2003  Red Hat, Inc.
   5  *
   6  * Licensed under the Academic Free License version 2.1
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  21  *
  22  */
  23
  24 #ifndef BUS_POLICY_H
  25 #define BUS_POLICY_H
  26
  27 #include <dbus/dbus.h>
  28 #include <dbus/dbus-string.h>
  29 #include <dbus/dbus-list.h>
  30 #include <dbus/dbus-sysdeps.h>
  31 #include "bus.h"
  32
  33 typedef enum
  34 {
  35   BUS_POLICY_RULE_SEND,
  36   BUS_POLICY_RULE_RECEIVE,
  37   BUS_POLICY_RULE_OWN,
  38   BUS_POLICY_RULE_USER,
  39   BUS_POLICY_RULE_GROUP
  40 } BusPolicyRuleType;
  41
  42 typedef enum
  43 {
  44   BUS_POLICY_RULE_ACCESS_DENY,
  45   BUS_POLICY_RULE_ACCESS_ALLOW,
  46   /** runtime check resulting in allow or deny */
  47   BUS_POLICY_RULE_ACCESS_CHECK
  48 } BusPolicyRuleAccess;
  49
  50 /** determines whether the rule affects a connection, or some global item */
  51 #define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \
  52                                                (rule)->type == BUS_POLICY_RULE_GROUP))
  53
  54 struct BusPolicyRule
  55 {
  56   int refcount;
  57
  58   BusPolicyRuleType type;
  59
  60   unsigned int access : 2; /**< BusPolicyRuleAccess */
  61   char *privilege; /**< for BUS_POLICY_RULE_ACCESS_CHECK */
  62
  63   union
  64   {
  65     struct
  66     {
  67       /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
  68       int   message_type;
  69       /* any of these can be NULL meaning "any" */
  70       char *path;
  71       char *interface;
  72       char *member;
  73       char *error;
  74       char *destination;
  75       unsigned int eavesdrop : 1;
  76       unsigned int requested_reply : 1;
  77       unsigned int log : 1;
  78     } send;
  79
  80     struct
  81     {
  82       /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
  83       int   message_type;
  84       /* any of these can be NULL meaning "any" */
  85       char *path;
  86       char *interface;
  87       char *member;
  88       char *error;
  89       char *origin;
  90       unsigned int eavesdrop : 1;
  91       unsigned int requested_reply : 1;
  92     } receive;
  93
  94     struct
  95     {
  96       /* can be NULL meaning "any" */
  97       char *service_name;
  98       /* if prefix is set, any name starting with service_name can be owned */
  99       unsigned int prefix : 1;
 100     } own;
 101
 102     struct
 103     {
 104       /* can be DBUS_UID_UNSET meaning "any" */
 105       dbus_uid_t uid;
 106     } user;
 107
 108     struct
 109     {
 110       /* can be DBUS_GID_UNSET meaning "any" */
 111       dbus_gid_t gid;
 112     } group;
 113
 114   } d;
 115 };
 116
 117 BusPolicyRule* bus_policy_rule_new   (BusPolicyRuleType type,
 118                                       BusPolicyRuleAccess access);
 119 BusPolicyRule* bus_policy_rule_ref   (BusPolicyRule    *rule);
 120 void           bus_policy_rule_unref (BusPolicyRule    *rule);
 121
 122 BusPolicy*       bus_policy_new                   (void);
 123 BusPolicy*       bus_policy_ref                   (BusPolicy        *policy);
 124 void             bus_policy_unref                 (BusPolicy        *policy);
 125 BusClientPolicy* bus_policy_create_client_policy  (BusPolicy        *policy,
 126                                                    DBusConnection   *connection,
 127                                                    DBusError        *error);
 128 dbus_bool_t      bus_policy_allow_unix_user       (BusPolicy        *policy,
 129                                                    unsigned long     uid);
 130 dbus_bool_t      bus_policy_allow_windows_user    (BusPolicy        *policy,
 131                                                    const char       *windows_sid);
 132 dbus_bool_t      bus_policy_append_default_rule   (BusPolicy        *policy,
 133                                                    BusPolicyRule    *rule);
 134 dbus_bool_t      bus_policy_append_mandatory_rule (BusPolicy        *policy,
 135                                                    BusPolicyRule    *rule);
 136 dbus_bool_t      bus_policy_append_user_rule      (BusPolicy        *policy,
 137                                                    dbus_uid_t        uid,
 138                                                    BusPolicyRule    *rule);
 139 dbus_bool_t      bus_policy_append_group_rule     (BusPolicy        *policy,
 140                                                    dbus_gid_t        gid,
 141                                                    BusPolicyRule    *rule);
 142 dbus_bool_t      bus_policy_append_smack_rule     (BusPolicy        *policy,
 143                                                    const char       *label,
 144                                                    BusPolicyRule    *rule);
 145 dbus_bool_t      bus_policy_append_console_rule   (BusPolicy        *policy,
 146                                                    dbus_bool_t        at_console,
 147                                                    BusPolicyRule    *rule);
 148
 149 dbus_bool_t      bus_policy_merge                 (BusPolicy        *policy,
 150                                                    BusPolicy        *to_absorb);
 151
 152 BusClientPolicy* bus_client_policy_new               (void);
 153 BusClientPolicy* bus_client_policy_ref               (BusClientPolicy  *policy);
 154 void             bus_client_policy_unref             (BusClientPolicy  *policy);
 155 BusResult        bus_client_policy_check_can_send    (DBusConnection      *sender,
 156                                                       BusClientPolicy     *policy,
 157                                                       BusRegistry         *registry,
 158                                                       dbus_bool_t          requested_reply,
 159                                                       DBusConnection      *addressed_recipient,
 160                                                       DBusConnection      *receiver,
 161                                                       DBusMessage         *message,
 162                                                       dbus_int32_t        *toggles,
 163                                                       dbus_bool_t         *log,
 164                                                       const char         **privilege_param,
 165                                                       BusDeferredMessage **deferred_message);
 166 BusResult        bus_client_policy_check_can_receive (BusClientPolicy     *policy,
 167                                                       BusRegistry         *registry,
 168                                                       dbus_bool_t          requested_reply,
 169                                                       DBusConnection      *sender,
 170                                                       DBusConnection      *addressed_recipient,
 171                                                       DBusConnection      *proposed_recipient,
 172                                                       DBusMessage         *message,
 173                                                       dbus_int32_t        *toggles,
 174                                                       const char         **privilege_param,
 175                                                       BusDeferredMessage **deferred_message);
 176 BusResult        bus_client_policy_check_can_own     (BusClientPolicy  *policy,
 177                                                       const DBusString *service_name,
 178                                                       DBusConnection   *connection,
 179                                                       DBusMessage      *message);
 180 dbus_bool_t      bus_client_policy_append_rule       (BusClientPolicy  *policy,
 181                                                       BusPolicyRule    *rule);
 182 void             bus_client_policy_optimize          (BusClientPolicy  *policy);
 183
 184 #ifdef DBUS_ENABLE_EMBEDDED_TESTS
 185 dbus_bool_t      bus_policy_check_can_own     (BusPolicy  *policy,
 186                                                const DBusString *service_name);
 187 #endif
 188
 189 #endif /* BUS_POLICY_H */