Reload policy rules for completed connections

The message bus which can monitor its conf dirs for changes and reload
confs immediately if dir monitor enabled, for example, inotify in Linux,
kqueue in *BSD.

However, it doesn't apply policy rules change for completed connections,
so to apply policy rules change, the client connection has to disconnect
first and then re-connect to message bus.

For imcomplete connections, it always has the latest review of policy
rules.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39463
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

diff --git a/bus/bus.c b/bus/bus.c
index e24504c..a514e31 100644 (file)
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -526,6 +526,18 @@ process_config_every_time (BusContext      *context,
   context->policy = bus_config_parser_steal_policy (parser);
   _dbus_assert (context->policy != NULL);
 
+  /* context->connections is NULL when creating new BusContext */
+  if (context->connections)
+    {
+      _dbus_verbose ("Reload policy rules for completed connections\n");
+      retval = bus_connections_reload_policy (context->connections, error);
+      if (!retval)
+        {
+          _DBUS_ASSERT_ERROR_IS_SET (error);
+          goto failed;
+        }
+    }
+
   /* We have to build the address backward, so that
    * <listen> later in the config file have priority
    */

diff --git a/bus/connection.c b/bus/connection.c
index fddbc78..8d741d6 100644 (file)
--- a/bus/connection.c
+++ b/bus/connection.c
@@ -1435,6 +1435,42 @@ fail:
   return FALSE;
 }
 
+dbus_bool_t
+bus_connections_reload_policy (BusConnections *connections,
+                               DBusError      *error)
+{
+  BusConnectionData *d;
+  DBusConnection *connection;
+  DBusList *link;
+
+  _dbus_assert (connections != NULL);
+  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+  for (link = _dbus_list_get_first_link (&(connections->completed));
+       link;
+       link = _dbus_list_get_next_link (&(connections->completed), link))
+    {
+      connection = link->data;
+      d = BUS_CONNECTION_DATA (connection);
+      _dbus_assert (d != NULL);
+      _dbus_assert (d->policy != NULL);
+
+      bus_client_policy_unref (d->policy);
+      d->policy = bus_context_create_client_policy (connections->context,
+                                                    connection,
+                                                    error);
+      if (d->policy == NULL)
+        {
+          _dbus_verbose ("Failed to create security policy for connection %p\n",
+                      connection);
+          _DBUS_ASSERT_ERROR_IS_SET (error);
+          return FALSE;
+        }
+    }
+
+  return TRUE;
+}
+
 const char *
 bus_connection_get_name (DBusConnection *connection)
 {

diff --git a/bus/connection.h b/bus/connection.h
index c936021..13c8b99 100644 (file)
--- a/bus/connection.h
+++ b/bus/connection.h
@@ -45,6 +45,8 @@ void            bus_connections_foreach_active    (BusConnections
                                                    void                         *data);
 BusContext*     bus_connections_get_context       (BusConnections               *connections);
 void            bus_connections_increment_stamp   (BusConnections               *connections);
+dbus_bool_t     bus_connections_reload_policy     (BusConnections               *connections,
+                                                   DBusError                    *error);
 BusContext*     bus_connection_get_context        (DBusConnection               *connection);
 BusConnections* bus_connection_get_connections    (DBusConnection               *connection);
 BusRegistry*    bus_connection_get_registry       (DBusConnection               *connection);