endpoint: add function kdbus_ep_policy_check_see_access() and use it

Add the locked version of kdbus_ep_policy_check_see_access_unlocked()
and use it where appropriate.

Signed-off-by: Djalal Harouni <tixxdz@opendz.org>

diff --git a/connection.c b/connection.c
index 1b6be3bd0838c1f64ca061a41c616dea6eb55d61..ac26a03cb84c8b0390ffeb8b393475cb926ad801 100644 (file)
--- a/connection.c
+++ b/connection.c
@@ -1229,15 +1229,7 @@ int kdbus_cmd_conn_info(struct kdbus_conn *conn,
                        return -EINVAL;
 
                /* check if 'conn' is allowed to see 'name' */
-               down_read(&conn->ep->policy_db.entries_rwlock);
-               mutex_lock(&conn->lock);
-
-               ret = kdbus_ep_policy_check_see_access_unlocked(conn->ep, conn,
-                                                               name);
-
-               mutex_unlock(&conn->lock);
-               up_read(&conn->ep->policy_db.entries_rwlock);
-
+               ret = kdbus_ep_policy_check_see_access(conn->ep, conn, name);
                if (ret < 0)
                        return ret;
 

diff --git a/endpoint.c b/endpoint.c
index faf10497973d52ac5420cbe7358ab7be93e6d180..3e879d888f7e920bb1f9164913336d2023ba995f 100644 (file)
--- a/endpoint.c
+++ b/endpoint.c
@@ -310,6 +310,35 @@ int kdbus_ep_policy_check_see_access_unlocked(struct kdbus_ep *ep,
        return ret;
 }
 
+/**
+ * kdbus_ep_policy_check_see_access() - verify a connection can see
+ *                                     the passed name
+ * @ep:                        Endpoint to operate on
+ * @conn:              Connection that lists names
+ * @name:              Name that is tried to be listed
+ *
+ * This verifies that @conn is allowed to see the well-known name @name via the
+ * endpoint @ep.
+ *
+ * Return: 0 if allowed, negative error code if not.
+ */
+int kdbus_ep_policy_check_see_access(struct kdbus_ep *ep,
+                                    struct kdbus_conn *conn,
+                                    const char *name)
+{
+       int ret;
+
+       down_read(&ep->policy_db.entries_rwlock);
+       mutex_lock(&conn->lock);
+
+       ret = kdbus_ep_policy_check_see_access_unlocked(ep, conn, name);
+
+       mutex_unlock(&conn->lock);
+       up_read(&ep->policy_db.entries_rwlock);
+
+       return ret;
+}
+
 /**
  * kdbus_ep_policy_check_notification() - verify a connection is allowed to see
  *                                       the name in a notification
@@ -337,14 +366,8 @@ int kdbus_ep_policy_check_notification(struct kdbus_ep *ep,
        case KDBUS_ITEM_NAME_ADD:
        case KDBUS_ITEM_NAME_REMOVE:
        case KDBUS_ITEM_NAME_CHANGE:
-               down_read(&ep->policy_db.entries_rwlock);
-               mutex_lock(&conn->lock);
-
-               ret = kdbus_ep_policy_check_see_access_unlocked(ep, conn,
-                                                       kmsg->notify_name);
-
-               mutex_unlock(&conn->lock);
-               up_read(&ep->policy_db.entries_rwlock);
+               ret = kdbus_ep_policy_check_see_access(ep, conn,
+                                                      kmsg->notify_name);
                break;
        default:
                break;

diff --git a/endpoint.h b/endpoint.h
index 23ca8266fd4d2063b0142b5e643f58be7d020d2c..7ad25d31f58e7662c4de066635352e04569a065d 100644 (file)
--- a/endpoint.h
+++ b/endpoint.h
@@ -74,6 +74,9 @@ int kdbus_ep_policy_set(struct kdbus_ep *ep,
 int kdbus_ep_policy_check_see_access_unlocked(struct kdbus_ep *ep,
                                              struct kdbus_conn *conn,
                                              const char *name);
+int kdbus_ep_policy_check_see_access(struct kdbus_ep *ep,
+                                    struct kdbus_conn *conn,
+                                    const char *name);
 int kdbus_ep_policy_check_notification(struct kdbus_ep *ep,
                                       struct kdbus_conn *conn,
                                       const struct kdbus_kmsg *kmsg);