1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* policy.h Bus security policy
4 * Copyright (C) 2003 Red Hat, Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
27 #include <dbus/dbus.h>
28 #include <dbus/dbus-string.h>
29 #include <dbus/dbus-list.h>
30 #include <dbus/dbus-sysdeps.h>
36 BUS_POLICY_RULE_RECEIVE,
44 BUS_POLICY_RULE_ACCESS_DENY,
45 BUS_POLICY_RULE_ACCESS_ALLOW,
46 /** runtime check resulting in allow or deny */
47 BUS_POLICY_RULE_ACCESS_CHECK
48 } BusPolicyRuleAccess;
50 /** determines whether the rule affects a connection, or some global item */
51 #define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \
52 (rule)->type == BUS_POLICY_RULE_GROUP))
58 BusPolicyRuleType type;
60 unsigned int access : 2; /**< BusPolicyRuleAccess */
61 char *privilege; /**< for BUS_POLICY_RULE_ACCESS_CHECK */
67 /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
69 /* any of these can be NULL meaning "any" */
75 unsigned int eavesdrop : 1;
76 unsigned int requested_reply : 1;
82 /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
84 /* any of these can be NULL meaning "any" */
90 unsigned int eavesdrop : 1;
91 unsigned int requested_reply : 1;
96 /* can be NULL meaning "any" */
98 /* if prefix is set, any name starting with service_name can be owned */
99 unsigned int prefix : 1;
104 /* can be DBUS_UID_UNSET meaning "any" */
110 /* can be DBUS_GID_UNSET meaning "any" */
117 BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type,
118 BusPolicyRuleAccess access);
119 BusPolicyRule* bus_policy_rule_ref (BusPolicyRule *rule);
120 void bus_policy_rule_unref (BusPolicyRule *rule);
122 BusPolicy* bus_policy_new (void);
123 BusPolicy* bus_policy_ref (BusPolicy *policy);
124 void bus_policy_unref (BusPolicy *policy);
125 BusClientPolicy* bus_policy_create_client_policy (BusPolicy *policy,
126 DBusConnection *connection,
128 dbus_bool_t bus_policy_allow_unix_user (BusPolicy *policy,
130 dbus_bool_t bus_policy_allow_windows_user (BusPolicy *policy,
131 const char *windows_sid);
132 dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy,
133 BusPolicyRule *rule);
134 dbus_bool_t bus_policy_append_mandatory_rule (BusPolicy *policy,
135 BusPolicyRule *rule);
136 dbus_bool_t bus_policy_append_user_rule (BusPolicy *policy,
138 BusPolicyRule *rule);
139 dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy,
141 BusPolicyRule *rule);
142 dbus_bool_t bus_policy_append_smack_rule (BusPolicy *policy,
144 BusPolicyRule *rule);
145 dbus_bool_t bus_policy_append_console_rule (BusPolicy *policy,
146 dbus_bool_t at_console,
147 BusPolicyRule *rule);
149 dbus_bool_t bus_policy_merge (BusPolicy *policy,
150 BusPolicy *to_absorb);
152 BusClientPolicy* bus_client_policy_new (void);
153 BusClientPolicy* bus_client_policy_ref (BusClientPolicy *policy);
154 void bus_client_policy_unref (BusClientPolicy *policy);
155 BusResult bus_client_policy_check_can_send (DBusConnection *sender,
156 BusClientPolicy *policy,
157 BusRegistry *registry,
158 dbus_bool_t requested_reply,
159 DBusConnection *addressed_recipient,
160 DBusConnection *receiver,
161 DBusMessage *message,
162 dbus_int32_t *toggles,
164 const char **privilege_param,
165 BusDeferredMessage **deferred_message);
166 BusResult bus_client_policy_check_can_receive (BusClientPolicy *policy,
167 BusRegistry *registry,
168 dbus_bool_t requested_reply,
169 DBusConnection *sender,
170 DBusConnection *addressed_recipient,
171 DBusConnection *proposed_recipient,
172 DBusMessage *message,
173 dbus_int32_t *toggles,
174 const char **privilege_param,
175 BusDeferredMessage **deferred_message);
176 BusResult bus_client_policy_check_can_own (BusClientPolicy *policy,
177 const DBusString *service_name,
178 DBusConnection *connection,
179 DBusMessage *message);
180 dbus_bool_t bus_client_policy_append_rule (BusClientPolicy *policy,
181 BusPolicyRule *rule);
182 void bus_client_policy_optimize (BusClientPolicy *policy);
184 #ifdef DBUS_ENABLE_EMBEDDED_TESTS
185 dbus_bool_t bus_policy_check_can_own (BusPolicy *policy,
186 const DBusString *service_name);
189 #endif /* BUS_POLICY_H */