projects / platform / core / system / dbus-tools.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 54d9427)
policychecker: allow 'destination without interface' rules 49/210849/2 accepted/tizen/unified/20190807.111828 submit/tizen/20180808.030253 submit/tizen/20190807.012600 submit/tizen/20190807.012805
authorAdrian Szyndela <adrian.s@samsung.com>
Thu, 25 Jul 2019 08:01:33 +0000 (10:01 +0200)
committerAdrian Szyndela <adrian.s@samsung.com>
Thu, 25 Jul 2019 08:05:50 +0000 (10:05 +0200)
It seems that the checking rules that require all the policy rules
with send_type="method_call" to have specified send_interface
are too strong.

This relaxes the checking rules a bit by allowing rules that:
- are in the "default" or "mandatory" contexts;
- have 'send_type' or 'receive_type set' to "method_call";
- have specified 'send_destination' or 'receive_sender'.
That is, we don't require "send_interface" or "receive interface" anymore
for such rules.

Change-Id: Iefa9bb5a5e23319c7549fa597ab00b5c88600585

policychecker/rules.xsl patch | blob | history

diff --git a/policychecker/rules.xsl b/policychecker/rules.xsl
index 8d0bbe7b772104c73708ec2051a1df8c6ae0d0d5..0d13fb9e96cdc8d8613a04ae960e4bb22e59cdbe 100644 (file)
--- a/policychecker/rules.xsl
+++ b/policychecker/rules.xsl
@@ -70,14 +70,12 @@
                <!-- policy[@context] means that it applies to both default and mandatory contexts -->
                <sch:rule context="policy[@context]/allow[@send_type='method_call']">
                        <sch:assert test="@send_destination or @send_destination_prefix">Unconstrained allows are not allowed in context default and context mandatory: missing send_destination or send_destination_prefix, but send_type="method_call" is present.</sch:assert>
-                       <sch:assert test="@send_interface">Unconstrained allows are not allowed in context default and context mandatory: missing send_interface, but send_type="method_call" is present.</sch:assert>
                </sch:rule>
                <sch:rule context="policy[@context]/allow[@send_path]">
                        <sch:assert test="@send_destination or @send_destination_prefix or (@send_interface and @send_type='signal')">Unconstrained allows are not allowed in context default and context mandatory: missing send_destination or send_destination_prefix for non-signal, but send_path is present.</sch:assert>
                </sch:rule>
                <sch:rule context="policy[@context]/allow[@receive_type='method_call']">
                        <sch:assert test="@receive_sender">Unconstrained allows are not allowed in context default and context mandatory: missing receive_sender, but receive_type="method_call" is present.</sch:assert>
-                       <sch:assert test="@receive_interface">Unconstrained allows are not allowed in context default and context mandatory: missing receive_interface, but receive_type="method_call" is present.</sch:assert>
                </sch:rule>
                <sch:rule context="policy[@context]/allow[@receive_path]">
                        <sch:assert test="@receive_sender">Unconstrained allows are not allowed in context default and context mandatory: missing receive_sender, but receive_path is present.</sch:assert>
Domain: System / IPC;