#include "selinux.h"
#include <dbus/dbus-list.h>
#include <dbus/dbus-internals.h>
+#include <dbus/dbus-misc.h>
#include <dbus/dbus-sysdeps.h>
#include <string.h>
parser->pidfile = included->pidfile;
included->pidfile = NULL;
}
-
+
+ if (included->servicehelper != NULL)
+ {
+ dbus_free (parser->servicehelper);
+ parser->servicehelper = included->servicehelper;
+ included->servicehelper = NULL;
+ }
+
while ((link = _dbus_list_pop_first_link (&included->listen_on)))
_dbus_list_append_link (&parser->listen_on, link);
maximum number of file descriptors we can receive. Picking a
high value here thus translates directly to more memory
allocation. */
- parser->limits.max_incoming_unix_fds = 1024*4;
- parser->limits.max_outgoing_unix_fds = 1024*4;
- parser->limits.max_message_unix_fds = 1024;
+ parser->limits.max_incoming_unix_fds = DBUS_DEFAULT_MESSAGE_UNIX_FDS*4;
+ parser->limits.max_outgoing_unix_fds = DBUS_DEFAULT_MESSAGE_UNIX_FDS*4;
+ parser->limits.max_message_unix_fds = DBUS_DEFAULT_MESSAGE_UNIX_FDS;
/* Making this long means the user has to wait longer for an error
* message if something screws up, but making it too short means
return table;
}
-#ifdef DBUS_BUILD_TESTS
+#ifdef DBUS_ENABLE_EMBEDDED_TESTS
#include <stdio.h>
typedef enum
} Validity;
static dbus_bool_t
+do_check_own_rules (BusPolicy *policy)
+{
+ const struct {
+ char *name;
+ dbus_bool_t allowed;
+ } checks[] = {
+ {"org.freedesktop", FALSE},
+ {"org.freedesktop.ManySystem", FALSE},
+ {"org.freedesktop.ManySystems", TRUE},
+ {"org.freedesktop.ManySystems.foo", TRUE},
+ {"org.freedesktop.ManySystems.foo.bar", TRUE},
+ {"org.freedesktop.ManySystems2", FALSE},
+ {"org.freedesktop.ManySystems2.foo", FALSE},
+ {"org.freedesktop.ManySystems2.foo.bar", FALSE},
+ {NULL, FALSE}
+ };
+ int i = 0;
+
+ while (checks[i].name)
+ {
+ DBusString service_name;
+ dbus_bool_t ret;
+
+ if (!_dbus_string_init (&service_name))
+ _dbus_assert_not_reached ("couldn't init string");
+ if (!_dbus_string_append (&service_name, checks[i].name))
+ _dbus_assert_not_reached ("couldn't append string");
+
+ ret = bus_policy_check_can_own (policy, &service_name);
+ printf (" Check name %s: %s\n", checks[i].name,
+ ret ? "allowed" : "not allowed");
+ if (checks[i].allowed && !ret)
+ {
+ _dbus_warn ("Cannot own %s\n", checks[i].name);
+ return FALSE;
+ }
+ if (!checks[i].allowed && ret)
+ {
+ _dbus_warn ("Can own %s\n", checks[i].name);
+ return FALSE;
+ }
+ _dbus_string_free (&service_name);
+
+ i++;
+ }
+
+ return TRUE;
+}
+
+static dbus_bool_t
do_load (const DBusString *full_path,
Validity validity,
- dbus_bool_t oom_possible)
+ dbus_bool_t oom_possible,
+ dbus_bool_t check_own_rules)
{
BusConfigParser *parser;
DBusError error;
{
_DBUS_ASSERT_ERROR_IS_CLEAR (&error);
+ if (check_own_rules && do_check_own_rules (parser->policy) == FALSE)
+ {
+ return FALSE;
+ }
+
bus_config_parser_unref (parser);
if (validity == INVALID)
{
const DBusString *full_path;
Validity validity;
+ dbus_bool_t check_own_rules;
} LoaderOomData;
static dbus_bool_t
{
LoaderOomData *d = data;
- return do_load (d->full_path, d->validity, TRUE);
+ return do_load (d->full_path, d->validity, TRUE, d->check_own_rules);
}
static dbus_bool_t
d.full_path = &full_path;
d.validity = validity;
+ d.check_own_rules = _dbus_string_ends_with_c_str (&full_path,
+ "check-own-rules.conf");
/* FIXME hackaround for an expat problem, see
* https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124747
}
#ifdef DBUS_UNIX
- if (!_dbus_setenv ("XDG_DATA_HOME", "/testhome/foo/.testlocal/testshare"))
+ if (!dbus_setenv ("XDG_DATA_HOME", "/testhome/foo/.testlocal/testshare"))
_dbus_assert_not_reached ("couldn't setenv XDG_DATA_HOME");
- if (!_dbus_setenv ("XDG_DATA_DIRS", ":/testusr/testlocal/testshare: :/testusr/testshare:"))
+ if (!dbus_setenv ("XDG_DATA_DIRS", ":/testusr/testlocal/testshare: :/testusr/testshare:"))
_dbus_assert_not_reached ("couldn't setenv XDG_DATA_DIRS");
#endif
if (!_dbus_get_standard_session_servicedirs (&dirs))
}
#ifdef DBUS_UNIX
- if (!_dbus_setenv ("XDG_DATA_HOME", "/testhome/foo/.testlocal/testshare"))
+ if (!dbus_setenv ("XDG_DATA_HOME", "/testhome/foo/.testlocal/testshare"))
_dbus_assert_not_reached ("couldn't setenv XDG_DATA_HOME");
- if (!_dbus_setenv ("XDG_DATA_DIRS", ":/testusr/testlocal/testshare: :/testusr/testshare:"))
+ if (!dbus_setenv ("XDG_DATA_DIRS", ":/testusr/testlocal/testshare: :/testusr/testshare:"))
_dbus_assert_not_reached ("couldn't setenv XDG_DATA_DIRS");
#endif
if (!_dbus_get_standard_system_servicedirs (&dirs))
return TRUE;
}
-#endif /* DBUS_BUILD_TESTS */
+#endif /* DBUS_ENABLE_EMBEDDED_TESTS */