grant CAP_IPC_OWNER-like access to the owner of the bus

author Kay Sievers <kay@vrfy.org>

Fri, 27 Dec 2013 04:00:37 +0000 (05:00 +0100)

committer Kay Sievers <kay@vrfy.org>

Fri, 27 Dec 2013 04:01:17 +0000 (05:01 +0100)
author Kay Sievers <kay@vrfy.org>
Fri, 27 Dec 2013 04:00:37 +0000 (05:00 +0100)
committer Kay Sievers <kay@vrfy.org>
Fri, 27 Dec 2013 04:01:17 +0000 (05:01 +0100)
diff --git a/connection.c b/connection.c

index f62a95998fe9bae233221d2857d3ba6875d36cb2..d1e61f084e3609bd4e3bc20869fdaedaa4488b80 100644 (file)
--- a/connection.c
+++ b/connection.c
@@ -398,8 +398,8 @@ static int kdbus_conn_queue_insert(struct kdbus_conn *conn,
                 goto exit_unlock;
         }
  
-       if (!capable(CAP_IPC_OWNER) &&
-           conn->msg_count > KDBUS_CONN_MAX_MSGS) {
+       if (conn->msg_count > KDBUS_CONN_MAX_MSGS &&
+           !kdbus_bus_uid_is_privileged(conn->ep->bus)) {
                 ret = -ENOBUFS;
                 goto exit_unlock;
         }
@@ -1481,7 +1481,7 @@ int kdbus_conn_new(struct kdbus_ep *ep,
  
                 case KDBUS_ITEM_CREDS:
                         /* privileged processes can impersonate somebody else */
-                       if (!capable(CAP_IPC_OWNER))
+                       if (!kdbus_bus_uid_is_privileged(bus))
                                 return -EPERM;
  
                         if (item->size !=
@@ -1493,7 +1493,7 @@ int kdbus_conn_new(struct kdbus_ep *ep,
  
                 case KDBUS_ITEM_SECLABEL:
                         /* privileged processes can impersonate somebody else */
-                       if (!capable(CAP_IPC_OWNER))
+                       if (!kdbus_bus_uid_is_privileged(bus))
                                 return -EPERM;
  
                         seclabel = item->str;
diff --git a/internal.h b/internal.h

index 689aa427a74e026049ce9d27dd6670f25e6b7ebf..03f09ae38e695de1735af25422651b4896c7403d 100644 (file)
--- a/internal.h
+++ b/internal.h
@@ -30,7 +30,7 @@
  #define KDBUS_MATCH_MAX_SIZE           SZ_32K          /* maximum size of match data */
  #define KDBUS_POLICY_MAX_SIZE          SZ_32K          /* maximum size of policy data */
  
-#define KDBUS_CONN_MAX_MSGS            64              /* maximum number of queued messages on the bus */
+#define KDBUS_CONN_MAX_MSGS            64              /* maximum number of queued messages per connection */
  #define KDBUS_CONN_MAX_NAMES           64              /* maximum number of well-known names */
  #define KDBUS_CONN_MAX_ALLOCATED_BYTES SZ_64K          /* maximum number of allocated bytes on the bus */
  
diff --git a/message.c b/message.c

index 94cfc2cd06465072b0b9f125d5ec4bd9794459af..0340b55cb83c342dc449504e622350a557d97731 100644 (file)
--- a/message.c
+++ b/message.c
@@ -108,8 +108,8 @@ static int kdbus_msg_scan_items(struct kdbus_conn *conn,
                                 return -EINVAL;
  
                         vecs_size += item->vec.size;
-                       if (!capable(CAP_IPC_OWNER) &&
-                           vecs_size > KDBUS_MSG_MAX_PAYLOAD_VEC_SIZE)
+                       if (vecs_size > KDBUS_MSG_MAX_PAYLOAD_VEC_SIZE &&
+                           !kdbus_bus_uid_is_privileged(conn->ep->bus))
                                 return -EMSGSIZE;
  
                         /* \0-bytes records store only the alignment bytes */
author	Kay Sievers <kay@vrfy.org>
	Fri, 27 Dec 2013 04:00:37 +0000 (05:00 +0100)
committer	Kay Sievers <kay@vrfy.org>
	Fri, 27 Dec 2013 04:01:17 +0000 (05:01 +0100)
connection.c		patch \| blob \| history
internal.h		patch \| blob \| history
message.c		patch \| blob \| history