policy: require privileges for seeting the endpoint's policy

author Kay Sievers <kay@vrfy.org>

Sun, 5 Jan 2014 20:53:12 +0000 (00:53 +0400)

committer Kay Sievers <kay@vrfy.org>

Sun, 5 Jan 2014 22:52:49 +0000 (02:52 +0400)
author Kay Sievers <kay@vrfy.org>
Sun, 5 Jan 2014 20:53:12 +0000 (00:53 +0400)
committer Kay Sievers <kay@vrfy.org>
Sun, 5 Jan 2014 22:52:49 +0000 (02:52 +0400)
diff --git a/TODO b/TODO

index 1c15ec91bdd86298aeb3afe1fe2feb5f121dcc66..a71f76e3d5c60753a984776f80276a4111d69a94 100644 (file)
--- a/TODO
+++ b/TODO
@@ -7,6 +7,7 @@ Features:
       - $UID prefix
       - ns creation
       - ep prefixing
+     - policy, policy for custom endpoints
  
    - attach seclabel to names?
  
diff --git a/handle.c b/handle.c

index d0039125820f20c9fa4030ad85c06b5bbd836995..2a7c3f4ee83383d23b051914dc7e17879628695a 100644 (file)
--- a/handle.c
+++ b/handle.c
@@ -442,6 +442,12 @@ static long kdbus_handle_ioctl_ep_connected(struct file *file, unsigned int cmd,
                         break;
                 }
  
+               /* mangling policy is a privileged operation */
+               if (!kdbus_bus_uid_is_privileged(bus)) {
+                       ret = -EFAULT;
+                       break;
+               }
+
                 if (!conn->ep->policy_db) {
                         ret = kdbus_policy_db_new(&conn->ep->policy_db);
                         if (ret < 0)
author	Kay Sievers <kay@vrfy.org>
	Sun, 5 Jan 2014 20:53:12 +0000 (00:53 +0400)
committer	Kay Sievers <kay@vrfy.org>
	Sun, 5 Jan 2014 22:52:49 +0000 (02:52 +0400)