goto exit;
}
- /* check if 'conn' is allowed to see any of owner_conn's names*/
- ret = kdbus_ep_policy_check_src_names(conn->ep, owner_conn,
- conn);
+ ret = kdbus_conn_policy_see(conn, owner_conn);
if (ret < 0)
goto exit;
}
return ret;
}
+
+/**
+ * kdbus_conn_policy_see() - verify a connection can see a given peer
+ * @conn: Connection to verify whether it sees a peer
+ * @whom: Peer destination that is to be 'seen'
+ *
+ * This checks whether @conn is able to see @whom.
+ *
+ * Return: 0 if allowed, negative error code if not.
+ */
+int kdbus_conn_policy_see(struct kdbus_conn *conn, struct kdbus_conn *whom)
+{
+ struct kdbus_name_entry *e;
+ int ret = -ENOENT;
+
+ /*
+ * By default, all names are visible on a bus, so a connection can
+ * always see other connections. SEE policies can only be installed on
+ * custom endpoints, where by default no name is visible and we hide
+ * peers from each other, unless you see at least _one_ name of the
+ * peer.
+ */
+ if (!conn->ep->has_policy)
+ return 0;
+
+ down_read(&conn->ep->policy_db.entries_rwlock);
+
+ /*
+ * If conn_dst is allowed to see one name of conn_src then
+ * return success, otherwise fail even if conn_src does not
+ * own any name, this will block any leak from conn_src to
+ * conn_dst
+ */
+ mutex_lock(&whom->lock);
+ list_for_each_entry(e, &whom->names_list, conn_entry) {
+ ret = kdbus_conn_policy_see_name_unlocked(conn, e->name);
+ if (ret == 0)
+ break;
+ }
+ mutex_unlock(&whom->lock);
+
+ up_read(&conn->ep->policy_db.entries_rwlock);
+
+ return ret;
+}
int kdbus_conn_policy_see_name_unlocked(struct kdbus_conn *conn,
const char *name);
int kdbus_conn_policy_see_name(struct kdbus_conn *conn, const char *name);
+int kdbus_conn_policy_see(struct kdbus_conn *conn, struct kdbus_conn *whom);
/* command dispatcher */
int kdbus_cmd_msg_send(struct kdbus_conn *conn_src,
return ret;
}
-
-/**
- * kdbus_ep_policy_check_src_names() - check whether a connection's endpoint
- * is allowed to see any of another
- * connection's currently owned names
- * @ep: Endpoint to operate on
- * @conn_src: Connection that owns the names
- * @conn_dst: Destination connection to check credentials against
- *
- * This function checks whether @ep is allowed to see any of the names
- * currently owned by @conn_src. This is used for custom endpoints
- * which have a stricter policy. If the @ep is not a custom endpoint
- * then this function does nothing but return 0.
- *
- * Return: 0 if allowed, negative error code if not or if @conn_src
- * does not own any name. This is intended behaviour to prevent all
- * messages originated from @conn_src.
- */
-int kdbus_ep_policy_check_src_names(struct kdbus_ep *ep,
- struct kdbus_conn *conn_src,
- struct kdbus_conn *conn_dst)
-{
- struct kdbus_name_entry *e;
- int ret = -ENOENT;
-
- /* This is not a custom endpoint, nothing to do */
- if (!ep->has_policy)
- return 0;
-
- down_read(&ep->policy_db.entries_rwlock);
- mutex_lock(&conn_src->lock);
-
- /*
- * If conn_dst is allowed to see one name of conn_src then
- * return success, otherwise fail even if conn_src does not
- * own any name, this will block any leak from conn_src to
- * conn_dst
- */
- list_for_each_entry(e, &conn_src->names_list, conn_entry) {
- ret = kdbus_conn_policy_see_name_unlocked(conn_dst, e->name);
- if (ret == 0)
- break;
- }
-
- mutex_unlock(&conn_src->lock);
- up_read(&ep->policy_db.entries_rwlock);
-
- return ret;
-}
int kdbus_ep_policy_check_notification(struct kdbus_ep *ep,
struct kdbus_conn *conn,
const struct kdbus_kmsg *kmsg);
-int kdbus_ep_policy_check_src_names(struct kdbus_ep *ep,
- struct kdbus_conn *conn_src,
- struct kdbus_conn *conn_dst);
#endif
projects / platform / core / system / kdbus-bus.git / commitdiff