require privileges to activate or monitor

author Kay Sievers <kay@vrfy.org>

Fri, 3 Jan 2014 22:52:12 +0000 (23:52 +0100)

committer Kay Sievers <kay@vrfy.org>

Fri, 3 Jan 2014 22:52:12 +0000 (23:52 +0100)
author Kay Sievers <kay@vrfy.org>
Fri, 3 Jan 2014 22:52:12 +0000 (23:52 +0100)
committer Kay Sievers <kay@vrfy.org>
Fri, 3 Jan 2014 22:52:12 +0000 (23:52 +0100)
diff --git a/connection.c b/connection.c

index b32b0cfaee4b3176b57e3b6ebd296670086ecb6e..a7580c21dc8c4b5810085b8bf9108635eeda8a5e 100644 (file)
--- a/connection.c
+++ b/connection.c
@@ -1470,10 +1470,17 @@ int kdbus_conn_new(struct kdbus_ep *ep,
  
         BUG_ON(*c);
  
+       /* can't be activator and monitor at the same time */
         if (hello->conn_flags & KDBUS_HELLO_ACTIVATOR &&
             hello->conn_flags & KDBUS_HELLO_MONITOR)
                 return -EINVAL;
  
+       /* only privileged connections can activate and monitor */
+       if ((hello->conn_flags & KDBUS_HELLO_ACTIVATOR ||
+            hello->conn_flags & KDBUS_HELLO_MONITOR) &&
+               !kdbus_bus_uid_is_privileged(bus))
+               return -EPERM;
+
         KDBUS_ITEM_FOREACH(item, hello, items) {
                 switch (item->type) {
                 case KDBUS_ITEM_NAME:
author	Kay Sievers <kay@vrfy.org>
	Fri, 3 Jan 2014 22:52:12 +0000 (23:52 +0100)
committer	Kay Sievers <kay@vrfy.org>
	Fri, 3 Jan 2014 22:52:12 +0000 (23:52 +0100)