When checking the policy on custom endpoints, we cannot white-list
privileged users. Even when the bus owner and the bus client are
using the same uid, we still have to look at the policy entries,
For connections on the default endpoint, however, things are different,
so move the checks from policy.c into endpoint.c and conduct them
after checking the custom endpoint's policy db, but before the default
endpoint's is looked at.
Signed-off-by: Daniel Mack <daniel@zonque.org>
return ret;
}
+ if (kdbus_bus_cred_is_privileged(conn_src->bus, conn_src->cred))
+ return 0;
+ if (uid_eq(conn_src->cred->fsuid, conn_dst->cred->uid))
+ return 0;
+
ret = kdbus_policy_check_talk_access(&ep->bus->policy_db,
conn_src, conn_dst);
if (ret < 0)
return ret;
}
+ if (kdbus_bus_cred_is_privileged(conn->bus, conn->cred))
+ return 0;
+
ret = kdbus_policy_check_own_access(&ep->bus->policy_db, conn, name);
if (ret < 0)
return ret;
const void *owner;
int ret;
- if (kdbus_bus_cred_is_privileged(conn_src->bus, conn_src->cred))
- return 0;
- if (uid_eq(conn_src->cred->fsuid, conn_dst->cred->uid))
- return 0;
-
/*
* If there was a positive match for these two connections before,
* there's an entry in the hash table for them.
{
const struct kdbus_policy_db_entry *e;
- if (kdbus_bus_cred_is_privileged(conn->bus, conn->cred))
- return 0;
-
e = kdbus_policy_lookup(db, name, kdbus_str_hash(name), true);
return kdbus_policy_check_access(e, conn->cred, KDBUS_POLICY_SEE);
}
projects / platform / core / system / kdbus-bus.git / commitdiff