No-interface messages should be handled in a special way.
Dbus says in bus/policy.c:
The interface is optional in messages. For allow rules, if the message
has no interface we want to skip the rule (and thus not allow);
for deny rules, if the message has no interface we want to use the
rule (and thus deny).
For example, a rule of type:
<deny send_type="method_call" send_interface="foo.bar"/>
should:
- deny method_calls with foo.bar interface;
- deny method_calls with no interface.
A rule of type:
<allow send_type="method_call" send_interface="foo.bar"/>
should:
- allow method_calls with foo.bar interface;
- not allow method_calls with not interface (the rule should be ignored).
The point is to make libdbuspolicy work as close as possible to how
dbus-daemon works with policies.
Change-Id: I99563d3728047a67fa4719948719a2df9c5d9f97
const boost::string_ref &_path,
const boost::string_ref &_member,
const boost::string_ref &_name,
- bool _is_name_prefix) const {
+ bool _is_name_prefix,
+ Decision decision) const {
if (_type != MessageType::ANY && _type != type)
return false;
return lhs.empty() || rhs.empty() || lhs == rhs;
};
+ /* A special clause for no-interface messages. If an allow rule is for some interface
+ * and message has no interface we have to ignore the rule.
+ * See dbus/bus/policy.c:bus_client_policy_check_can_send() for reference.
+ */
+ if (interface.empty() && !_interface.empty() && Decision::DENY != decision)
+ return false;
+
if (!equal_or_empty(_interface, interface))
return false;
const boost::string_ref &_path,
const boost::string_ref &_member,
const boost::string_ref &_name,
- bool _is_name_prefix) const;
+ bool _is_name_prefix,
+ Decision decision) const;
};
class MatchItemSend : public MatchItemSR {
s(i->path()),
s(i->member()),
s(i->name()),
- i->is_name_prefix());
+ i->is_name_prefix(),
+ makeDecision(i->decision()->decision()));
}
template <> bool match(const ldp_xml_parser::MatchItemAccess &match, const FB::ItemAccess *item) {
projects / platform / core / system / libdbuspolicy.git / commitdiff