policychecker: allow sending signal rules with only send_interface

If the global policy for signals is deny, then we need a way
to choose who can send signals. They (usually) have no destination,
so the allowing rules can't have destination.

This commit changes checking rules to allow policy rules with
send_interface constraint, without send_destination, when
send_type="signal" is allows specified.

Change-Id: I041b4e409cbffeae2edaaec8bb2dfa8f60e3994f

diff --git a/policychecker/rules.xsl b/policychecker/rules.xsl
index 8a8d3f4..d05fd3b 100644 (file)
--- a/policychecker/rules.xsl
+++ b/policychecker/rules.xsl
@@ -137,7 +137,7 @@
 
        <sch:pattern name="No send_interface without send_destination">
                <sch:rule context="*[@send_interface]">
-                       <sch:assert test="@send_destination">You mustn't use send_interface without send_destination</sch:assert>
+                       <sch:assert test="@send_destination or @send_type='signal'">You mustn't use send_interface without send_destination, unless you limit the rule to only signals with send_type="signal"</sch:assert>
                </sch:rule>
                <sch:rule context="*[@receive_interface]">
                        <sch:assert test="@receive_sender">You mustn't use receive_interface without receive_sender</sch:assert>