</sch:rule>
</sch:pattern>
- <sch:pattern name="Default denials not specified (send_destination, own, own_prefix)">
+ <sch:pattern name="Default denials not specified (send_destination, send_destination_prefix, own, own_prefix)">
<sch:rule context="allow[@send_destination]">
<sch:let name="dest_name" value="@send_destination"/>
+ <!-- We need to check if there is 'deny own_prefix' for any prefix of send_destination.
+ Thus, we generate 8 (this is an arbitrary number) prefixes and check against them.
+
+ For example, if send_destination="a.b.c.d.e.f.g.h.i", then the generated prefixes are:
+ a, a.b, a.b.c, a.b.c.d, a.b.c.d.e, a.b.c.d.e.f, a.b.c.d.e.f.g, a.b.c.d.e.f.g.h
+ A warning will show up if there is no 'deny own' for a.b.c.d.e.f.g.h.i and
+ no 'deny own_prefix' for a.b.c.d.e.f.g.h.i and all the above prefixes.
+
+ In case of some shorter destinations, e.g. a.b.c, the generated prefixes are:
+ a, a.b, a.b., a.b.., a.b..., a.b...., a.b....., a.b......
+ but only two of them are valid values anyway.
+ A warning will show up if there is no 'deny own' for a.b.c and
+ no 'deny own_prefix' for a.b.c and all the above prefixes.
+
+ It probably covers most cases. If not, it can be extended.
+ -->
+ <sch:let name="prefix1" value="substring-before($dest_name, '.')"/>
+ <sch:let name="prefix2" value="concat(concat($prefix1, '.'), substring-before(substring-after($dest_name, concat($prefix1, '.')), '.'))"/>
+ <sch:let name="prefix3" value="concat(concat($prefix2, '.'), substring-before(substring-after($dest_name, concat($prefix2, '.')), '.'))"/>
+ <sch:let name="prefix4" value="concat(concat($prefix3, '.'), substring-before(substring-after($dest_name, concat($prefix3, '.')), '.'))"/>
+ <sch:let name="prefix5" value="concat(concat($prefix4, '.'), substring-before(substring-after($dest_name, concat($prefix4, '.')), '.'))"/>
+ <sch:let name="prefix6" value="concat(concat($prefix5, '.'), substring-before(substring-after($dest_name, concat($prefix5, '.')), '.'))"/>
+ <sch:let name="prefix7" value="concat(concat($prefix6, '.'), substring-before(substring-after($dest_name, concat($prefix6, '.')), '.'))"/>
+ <sch:let name="prefix8" value="concat(concat($prefix7, '.'), substring-before(substring-after($dest_name, concat($prefix7, '.')), '.'))"/>
<sch:assert test="//policy[@context='default']/deny[@send_destination = $dest_name]">For each allow send_destination you must add a deny send_destination in default context.</sch:assert>
- <sch:assert test="//policy[@context='default']/deny[@own = $dest_name]">For each allow send_destination you must add a deny own in default context.</sch:assert>
+ <sch:assert test="//policy[@context='default']/deny[@own = $dest_name] or
+ //policy[@context='default']/deny[@own_prefix = $dest_name] or
+ //policy[@context='default']/deny[@own_prefix = $prefix1] or
+ //policy[@context='default']/deny[@own_prefix = $prefix2] or
+ //policy[@context='default']/deny[@own_prefix = $prefix3] or
+ //policy[@context='default']/deny[@own_prefix = $prefix4] or
+ //policy[@context='default']/deny[@own_prefix = $prefix5] or
+ //policy[@context='default']/deny[@own_prefix = $prefix6] or
+ //policy[@context='default']/deny[@own_prefix = $prefix7] or
+ //policy[@context='default']/deny[@own_prefix = $prefix8]
+ ">For each allow send_destination you must add a deny own or deny own_prefix in default context.
+ </sch:assert>
+ </sch:rule>
+ <sch:rule context="allow[@send_destination_prefix]">
+ <sch:let name="dest_name" value="@send_destination_prefix"/>
+ <sch:assert test="//policy[@context='default']/deny[@send_destination_prefix = $dest_name]">For each allow send_destination_prefix you must add a deny send_destination_prefix in default context.</sch:assert>
+ <sch:assert test="//policy[@context='default']/deny[@own_prefix = $dest_name]">For each allow send_destination_prefix you must add a deny own_prefix in default context</sch:assert>
</sch:rule>
<sch:rule context="allow[@own]">
<sch:let name="dest_name" value="@own"/>
<sch:pattern name="Unconstrained allow in default context (or mandatory)">
<!-- policy[@context] means that it applies to both default and mandatory contexts -->
<sch:rule context="policy[@context]/allow[@send_type='method_call']">
- <sch:assert test="@send_destination">Unconstrained allows are not allowed in context default and context mandatory: missing send_destination, but send_type="method_call" is present.</sch:assert>
+ <sch:assert test="@send_destination or @send_destination_prefix">Unconstrained allows are not allowed in context default and context mandatory: missing send_destination or send_destination_prefix, but send_type="method_call" is present.</sch:assert>
<sch:assert test="@send_interface">Unconstrained allows are not allowed in context default and context mandatory: missing send_interface, but send_type="method_call" is present.</sch:assert>
</sch:rule>
<sch:rule context="policy[@context]/allow[@send_path]">
- <sch:assert test="@send_destination">Unconstrained allows are not allowed in context default and context mandatory: missing send_destination, but send_path is present.</sch:assert>
+ <sch:assert test="@send_destination or @send_destination_prefix">Unconstrained allows are not allowed in context default and context mandatory: missing send_destination or send_destination_prefix, but send_path is present.</sch:assert>
</sch:rule>
<sch:rule context="policy[@context]/allow[@receive_type='method_call']">
<sch:assert test="@receive_sender">Unconstrained allows are not allowed in context default and context mandatory: missing receive_sender, but receive_type="method_call" is present.</sch:assert>
</sch:rule>
<!-- user and group contexts need at least send_destination -->
<sch:rule context="policy[@user]/allow[@send_type='method_call'] | policy[@group]/allow[@send_type='method_call']">
- <sch:assert test="@send_destination">Unconstrained allows are not allowed in user or group context: missing send_destination, but send_type="method_call" is present.</sch:assert>
+ <sch:assert test="@send_destination or @send_destination_prefix">Unconstrained allows are not allowed in user or group context: missing send_destination or send_destination_prefix, but send_type="method_call" is present.</sch:assert>
</sch:rule>
<sch:rule context="policy[@user]/allow[@send_path] | policy[@group]/allow[@send_path]">
- <sch:assert test="@send_destination">Unconstrained allows are not allowed in user or group context: missing send_destination, but send_path is present.</sch:assert>
+ <sch:assert test="@send_destination or @send_destination_prefix">Unconstrained allows are not allowed in user or group context: missing send_destination or send_destination_prefix, but send_path is present.</sch:assert>
</sch:rule>
<sch:rule context="policy[@user]/allow[@receive_type='method_call'] | policy[@group]/allow[@receive_type='method_call']">
<sch:assert test="@receive_sender">Unconstrained allows are not allowed in user or group context: missing receive_sender, but receive_type="method_call" is present.</sch:assert>
<sch:assert test="policy[@context='default']">You must provide a policy context-default section.</sch:assert>
</sch:rule>
<sch:rule context="policy[@context='default']">
- <sch:assert test="deny[@own]">You must define a 'deny own="yourname"' rule in context-default policy to avoid depending on a global 'deny own="*"'.</sch:assert>
- <sch:assert test="deny[@send_destination]">You must define a 'deny send_destination="yourname"' rule in context-default policy to avoid depending on a global deny.</sch:assert>
+ <sch:assert test="deny[@own] or deny[@own_prefix]">You must define a 'deny own="yourname"' or 'deny own_prefix="yourname"' rule in context-default policy to avoid depending on a global 'deny own="*"'.</sch:assert>
+ <sch:assert test="deny[@send_destination] or deny[@send_destination_prefix]">You must define a 'deny send_destination="yourname"' or 'deny send_destination_prefix="yourname"' rule in context-default policy to avoid depending on a global deny.</sch:assert>
<!-- TODO what constraints should be made on send_destination and receive sender? -->
</sch:rule>
<sch:pattern name="No send_interface without send_destination">
<sch:rule context="*[@send_interface]">
- <sch:assert test="@send_destination or @send_type='signal'">You mustn't use send_interface without send_destination, unless you limit the rule to only signals with send_type="signal"</sch:assert>
+ <sch:assert test="@send_destination or @send_destination_prefix or @send_type='signal'">You mustn't use send_interface without send_destination or send_destination_prefix, unless you limit the rule to only signals with send_type="signal"</sch:assert>
</sch:rule>
<sch:rule context="*[@receive_interface]">
<sch:assert test="@receive_sender">You mustn't use receive_interface without receive_sender</sch:assert>
<sch:pattern name="No send and receive in one rule">
<sch:rule context="allow|deny">
- <sch:report test="(@send_interface or @send_member or @send_error or @send_broadcast or @send_destination or @send_type or @send_path or @send_requested_reply) and (@receive_interface or @receive_member or @receive_error or @receive_sender or @receive_type or @receive_path or @receive_requsted_reply)">You mustn't use send_ and receive_ attributes in one rule.</sch:report>
+ <sch:report test="(@send_interface or @send_member or @send_error or @send_broadcast or @send_destination or @send_destination_prefix or @send_type or @send_path or @send_requested_reply) and (@receive_interface or @receive_member or @receive_error or @receive_sender or @receive_type or @receive_path or @receive_requsted_reply)">You mustn't use send_ and receive_ attributes in one rule.</sch:report>
</sch:rule>
</sch:pattern>
projects / platform / core / system / dbus-tools.git / commitdiff