projects / platform / core / system / libdbuspolicy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7b58ed0) | patch
added checking bus-access rules 44/177344/4
authorAleksy Barcz <a.barcz@partner.samsung.com>
Wed, 11 Apr 2018 14:44:19 +0000 (16:44 +0200)
committerAleksy Barcz <a.barcz@partner.samsung.com>
Fri, 27 Apr 2018 11:29:46 +0000 (13:29 +0200)
commitdbe67d08ba6939e80ac089b3d877823e1620b874
tree221848622c2c7b46356c319b3c2c4b1ada30d347tree | snapshot
parent7b58ed0034a4e70fa78899cdb40088d7b3831e01commit | diff
added checking bus-access rules

Implemented enforcing access/opening dbus rules. Added a check to dbuspolicy1_init method
(dbuspolicy1_init will fail if the application is not allowed to access chosen dbus bus).
Moved opening kbus after the check to avoid situation when a process that isn't allowed to
access the bus will hold an open kbus descriptor. No changes are required in glib and dbus
libraries to work properly with the new behaviour of dbuspolicy1_init, but some reordering
should be made to assure that the attempt to access bus will fail exactly in the same place
as when using dbus-daemon.

Refactored logging items (more refactoring of tslog needed).
More compact decision logging for better logs readability. Fixed incorrect logging of checking own policy.
Refactored updating groups to facilitate mocking and testing.
Addedd access/open bus tests. Removed repetitions from Makefile.
Fixed static_assert error msg.

Change-Id: I5042ba50b21ec6cc2c6423b3ade1e5c78d45625b
24 files changed:
Makefile.am diff | blob | history
src/internal/cynara_mockup.cpp diff | blob | history
src/internal/groups_mockup.cpp [new file with mode: 0644] blob
src/internal/groups_proxy.cpp [new file with mode: 0644] blob
src/internal/groups_proxy.hpp [new file with mode: 0644] blob
src/internal/internal.cpp diff | blob | history
src/internal/internal.h diff | blob | history
src/internal/naive_policy_checker.cpp diff | blob | history
src/internal/naive_policy_checker.hpp diff | blob | history
src/internal/naive_policy_db.cpp diff | blob | history
src/internal/naive_policy_db.hpp diff | blob | history
src/internal/policy.cpp diff | blob | history
src/internal/policy.hpp diff | blob | history
src/internal/xml_parser.hpp diff | blob | history
src/libdbuspolicy1.c diff | blob | history
src/test-libdbuspolicy1-access-deny.cpp [new file with mode: 0644] blob
tests/default_deny/session.conf [new file with mode: 0644] blob
tests/default_deny/session.d/access.test.conf [new file with mode: 0644] blob
tests/default_deny/system-ag.conf [new file with mode: 0644] blob
tests/default_deny/system-au.conf [new file with mode: 0644] blob
tests/default_deny/system-base.conf [new file with mode: 0644] blob
tests/default_deny/system-dg.conf [new file with mode: 0644] blob
tests/default_deny/system-du.conf [new file with mode: 0644] blob
tests/default_deny/system.d/access.test.conf [new file with mode: 0644] blob
Domain: System / IPC;