return (szstr != NULL) ? szstr : "";
}
-int __internal_init(bool bus_type, const char* const config_name)
+int __internal_init(BusType bus_type, const char* const config_name)
{
policy_checker().clearDb(bus_type);
auto err = static_parser().parsePolicy(bus_type, get_str(config_name));
pthread_mutex_t g_mutex = PTHREAD_MUTEX_INITIALIZER;
-void memory_dump(bool bus_type)
+void memory_dump(BusType bus_type)
{
policy_checker().printContent(bus_type);
}
}
}
-void __internal_init_sup_group(bool bus_type, uid_t uid, gid_t gid)
+void __internal_init_sup_group(BusType bus_type, uid_t uid, gid_t gid)
{
policy_checker().updateGroupDb(bus_type, uid, gid);
}
pthread_mutex_unlock(&g_mutex);
}
-int __internal_can_open(bool bus_type,
+int __internal_can_open(BusType bus_type,
uid_t bus_owner,
uid_t user,
gid_t group,
return static_cast<int>(policy_checker().check(bus_type, bus_owner, user, group, label));
}
-int __internal_can_send(bool bus_type,
+int __internal_can_send(BusType bus_type,
const uid_t user,
const gid_t group,
const char* const label,
return static_cast<int>(policy_checker().check(bus_type, user, group, label, matcher));
}
-int __internal_can_send_multi_dest(bool bus_type,
+int __internal_can_send_multi_dest(BusType bus_type,
const uid_t user,
const gid_t group,
const char* const label,
return static_cast<int>(policy_checker().check(bus_type, user, group, label, matcher));
}
-int __internal_can_recv(bool bus_type,
+int __internal_can_recv(BusType bus_type,
const uid_t user,
const gid_t group,
const char* const label,
return static_cast<int>(policy_checker().check(bus_type, user, group, label, matcher));
}
-int __internal_can_recv_multi(bool bus_type,
+int __internal_can_recv_multi(BusType bus_type,
const uid_t user,
const gid_t group,
const char* const label,
}
-int __internal_can_own(bool bus_type,
+int __internal_can_own(BusType bus_type,
const uid_t user,
const gid_t group,
const char* const label,
#define KDBUS_CONN_MAX_NAMES 256
+typedef enum {
+ SYSTEM_BUS = 0,
+ SESSION_BUS = 1
+} BusType;
+
/** Initializes policies from given policy configuration file name
* \param[in] bus_type Bus type (system/session)
* \param[in] config_name Configuration file name
*/
-int __internal_init(bool bus_type, const char* const config_name);
+int __internal_init(BusType bus_type, const char* const config_name);
/** Inits tslog. */
void __internal_init_once(void);
extern pthread_mutex_t g_mutex;
/** Dumps memory */
-void memory_dump(bool bus_type);
+void memory_dump(BusType bus_type);
/** Flushes logs. */
void __internal_init_flush_logs(void);
/** Initializes supplementary groups for current process
* \param[in] bus_type Bus type (system/session)
*/
-void __internal_init_sup_group(bool bus_type, uid_t uid, gid_t gid);
+void __internal_init_sup_group(BusType bus_type, uid_t uid, gid_t gid);
/** Enables logger mutex */
void __internal_enter(void);
void __internal_exit(void);
/** checks if user can open dbus bus */
-int __internal_can_open(bool bus_type,
+int __internal_can_open(BusType bus_type,
uid_t bus_owner,
uid_t user,
gid_t group,
* \param[in] type Message type
* \return 1 on allow, 0 on deny, negative error code otherwise
*/
-int __internal_can_send(bool bus_type,
+int __internal_can_send(BusType bus_type,
const uid_t user,
const gid_t group,
const char* const label,
* \param[in] type Message type
* \return 1 on allow, 0 on deny, negative error code otherwise
*/
-int __internal_can_send_multi_dest(bool bus_type,
+int __internal_can_send_multi_dest(BusType bus_type,
const uid_t user,
const gid_t group,
const char* const label,
* \param[in] type Message type
* \return 1 on allow, 0 on deny, negative error code otherwise
*/
-int __internal_can_recv(bool bus_type,
+int __internal_can_recv(BusType bus_type,
uid_t user,
gid_t group,
const char* const label,
* \param[in] type Message type
* \return 1 on allow, 0 on deny, negative error code otherwise
*/
-int __internal_can_recv_multi(bool bus_type,
+int __internal_can_recv_multi(BusType bus_type,
uid_t user,
gid_t group,
const char* const label,
* \param[in] service Name to own
* \return 1 on allow, 0 on deny, negative error code otherwise
*/
-int __internal_can_own(bool bus_type,
+int __internal_can_own(BusType bus_type,
uid_t user,
gid_t group,
const char* const label,
return DecisionResult::DENY;
}
-DecisionItem NaivePolicyChecker::checkItemAccess(bool bus_type, const MatchItemAccess& item)
+DecisionItem NaivePolicyChecker::checkItemAccess(BusType bus_type, const MatchItemAccess& item)
{
const NaivePolicyDb& policy_db = getPolicyDb(bus_type);
return ret;
}
-DecisionResult NaivePolicyChecker::check(bool bus_type,
+DecisionResult NaivePolicyChecker::check(BusType bus_type,
uid_t bus_owner,
uid_t uid,
gid_t gid,
}
template <typename T>
-DecisionResult NaivePolicyChecker::check(bool bus_type,
+DecisionResult NaivePolicyChecker::check(BusType bus_type,
uid_t uid,
gid_t gid,
const char* const label,
auto ret = checkItem(bus_type, uid, gid, matchItem);
return parseDecision(ret, uid, label);
}
-template DecisionResult NaivePolicyChecker::check(bool, uid_t, gid_t, const char *, const MatchItemOwn &);
-template DecisionResult NaivePolicyChecker::check(bool, uid_t, gid_t, const char *, const MatchItemSend &);
-template DecisionResult NaivePolicyChecker::check(bool, uid_t, gid_t, const char *, const MatchItemReceive &);
+template DecisionResult NaivePolicyChecker::check(BusType, uid_t, gid_t, const char *, const MatchItemOwn &);
+template DecisionResult NaivePolicyChecker::check(BusType, uid_t, gid_t, const char *, const MatchItemSend &);
+template DecisionResult NaivePolicyChecker::check(BusType, uid_t, gid_t, const char *, const MatchItemReceive &);
template<typename T>
-DecisionItem NaivePolicyChecker::checkItem(bool bus_type, uid_t uid, gid_t gid, const T& item) {
+DecisionItem NaivePolicyChecker::checkItem(BusType bus_type, uid_t uid, gid_t gid, const T& item) {
const NaivePolicyDb& policy_db = getPolicyDb(bus_type);
DecisionItem ret = policy_db.getDecisionItemContextMandatory(item);
return Decision::ANY;
}
-void NaivePolicyChecker::updateGroupDb(bool bus_type, uid_t uid, gid_t gid)
+void NaivePolicyChecker::updateGroupDb(BusType bus_type, uid_t uid, gid_t gid)
{
getPolicyDb(bus_type).initializeGroups(uid, gid);
}
-void NaivePolicyChecker::clearDb(bool bus_type)
+void NaivePolicyChecker::clearDb(BusType bus_type)
{
getPolicyDb(bus_type).clear();
}
-void NaivePolicyChecker::printContent(const bool bus_type)
+void NaivePolicyChecker::printContent(BusType bus_type)
{
getPolicyDb(bus_type).printContent();
}
* \ingroup Implementation
*/
template<typename T>
- DecisionItem checkItem(bool bus_type,
+ DecisionItem checkItem(BusType bus_type,
uid_t uid,
gid_t gid,
const T& item);
* \return Returns deny=0, allow=1 or cynara error
* \ingroup Implementation
*/
- DecisionItem checkItemAccess(bool bus_type, const MatchItemAccess &item);
+ DecisionItem checkItemAccess(BusType bus_type, const MatchItemAccess &item);
template<typename T>
DecisionItem checkGroupPolicies(const NaivePolicyDb& policy_db,
/** Clears all db data, useful for reloading configuration
* during testing.
*/
- void clearDb(bool bus_type);
+ void clearDb(BusType bus_type);
- void updateGroupDb(bool bus_type, uid_t uid, gid_t gid);
+ void updateGroupDb(BusType bus_type, uid_t uid, gid_t gid);
/** Prints to stderr the structures and the amount of their memory */
- void printContent(const bool bus_type);
+ void printContent(BusType bus_type);
/** Checks access/open policy for given item
* \param[in] bus_type Bus type (system/session)
* \return Returns deny=0, allow=1 or cynara error
* \ingroup Implementation
*/
- DecisionResult check(bool bus_type,
+ DecisionResult check(BusType bus_type,
uid_t bus_owner,
uid_t uid,
gid_t gid,
* \ingroup Implementation
*/
template <typename T>
- DecisionResult check(bool bus_type,
+ DecisionResult check(BusType bus_type,
uid_t uid,
gid_t gid,
const char* const label,
}
bool XmlParser::isMainConfFile(const std::string& filename) {
- switch ((int)curr_bus) {
+ switch (curr_bus) {
case SYSTEM_BUS:
return (filename == SYSTEM_BUS_CONF_FILE_PRIMARY || filename == SYSTEM_BUS_CONF_FILE_SECONDARY);
case SESSION_BUS:
}
}
-int XmlParser::parsePolicy(bool bus, const std::string& fname) {
+int XmlParser::parsePolicy(BusType bus, const std::string& fname) {
tslog::log("XmlParser::parsePolicy called with filename: ", fname, "\n");
curr_bus = bus;
parsePolicyInternal(fname);
{
public:
/** Parses given config file for declared bus type */
- int parsePolicy(bool bus, const std::string& fname);
+ int parsePolicy(BusType bus_type, const std::string& fname);
void elementStart(const char *el, const char **attr);
bool ignore_always;
bool ignore_missing;
- bool curr_bus;
+ BusType curr_bus;
std::string current_text;
std::string curr_dir;
int ret_code;
#include <dbuspolicy1/libdbuspolicy1.h>
#include <linux/kdbus.h>
-#define SYSTEM_BUS 0
-#define SESSION_BUS 1
-
#define DBUSPOLICY1_EXPORT __attribute__ ((visibility("default")))
typedef uint8_t dbus_name_len;
return open(path, O_RDWR|O_NOCTTY|O_LARGEFILE|O_CLOEXEC);
}
-static int kdbus_hello(bool bus_type, uint64_t hello_flags, uint64_t attach_flags_send, uint64_t attach_flags_recv)
+static int kdbus_hello(BusType bus_type, uint64_t hello_flags, uint64_t attach_flags_send, uint64_t attach_flags_recv)
{
struct kdbus_cmd_hello* cmd;
struct kdbus_cmd_free cmd_free;
return false;
}
-static int bus_path_resolve(const char *bus_path, char *resolved_path, unsigned resolved_path_size, unsigned int *bus_type, uid_t *bus_owner)
+static int bus_path_resolve(const char *bus_path, char *resolved_path, unsigned resolved_path_size, BusType *bus_type, uid_t *bus_owner)
{
char *p;
const char user_suffix[] = "-user/bus";
DBUSPOLICY1_EXPORT void* dbuspolicy1_init(const char *bus_path)
{
- unsigned int bus_type = -1;
+ BusType bus_type = SESSION_BUS;
char resolved_path[PATH_MAX] = { 0 };
int rp, rs;
uid_t bus_owner = 0;
return NULL;
}
- if (bus_type)
- bus_type = SESSION_BUS;
-
pthread_mutex_lock(&g_mutex);
if (!init_once_done) {
init_once_done = true;
configuration = configuration;
}
-static bool configuration_bus_type(struct kconn const *configuration) { return configuration != g_conn; }
+static BusType configuration_bus_type(struct kconn const *configuration) { return configuration == g_conn ? SYSTEM_BUS : SESSION_BUS; }
union kdbus_cmd_union {
struct kdbus_cmd_info cmd_info;
union kdbus_cmd_union cmd;
};
-int kdbus_get_conn_info(bool bus_type, const char *destination, struct kdbus_cmd_param *info, __u64 flags)
+int kdbus_get_conn_info(BusType bus_type, const char *destination, struct kdbus_cmd_param *info, __u64 flags)
{
char const *label = NULL;
const char** k_names = info->k_names;
(void)requested_reply;
int r;
- bool bus_type = configuration_bus_type(configuration);
+ BusType bus_type = configuration_bus_type(configuration);
struct kdbus_cmd_param info = {
.free_offset = false,
.empty_names = true
(void)requested_reply;
int r;
- bool bus_type = configuration_bus_type(configuration);
+ BusType bus_type = configuration_bus_type(configuration);
struct kdbus_cmd_param info = {
.free_offset = false,
.empty_names = true
DBUSPOLICY1_EXPORT int dbuspolicy1_can_own(void* configuration, const char* const service)
{
int r;
- bool bus_type = configuration_bus_type(configuration);
+ BusType bus_type = configuration_bus_type(configuration);
__internal_enter();
r = __internal_can_own(bus_type, g_udesc.uid, g_udesc.gid, g_udesc.label, service);
__internal_exit();
#include "internal/internal.h"
#include <dbuspolicy1/libdbuspolicy1.h>
-#define SYSTEM_BUS 0
-#define SESSION_BUS 1
-
struct AccessTest {
bool expected_result;
uid_t user;
(unsigned long)t->user, (unsigned long)t->group, t->label, (int)t->expected_result, (int)result);
}
-void run_tests_for_bus(bool bus_type, const std::vector<AccessTest>& test_setup, int& i, bool& passed) {
+void run_tests_for_bus(BusType bus_type, const std::vector<AccessTest>& test_setup, int& i, bool& passed) {
for (const auto& test : test_setup) {
__internal_init_sup_group(bus_type, test.user, test.group);
bool res = __internal_can_open(bus_type, bus_owner, test.user, test.group, test.label);
unsigned i = 0;
bool flag = true;
bool ret = true;
- __internal_init(false, "tests/default_allow/system.conf");
+ __internal_init(SYSTEM_BUS, "tests/default_allow/system.conf");
for (i = 0; i < sizeof(method_tests)/sizeof(struct MethodTest); i++) {
if (method_tests[i].recv_send == MessageDirection::SEND)
{
- ret = __internal_can_send(false, method_tests[i].user, method_tests[i].group, method_tests[i].label, method_tests[i].name, method_tests[i].path, method_tests[i].interface, method_tests[i].member, static_cast<int>(method_tests[i].type));
+ ret = __internal_can_send(SYSTEM_BUS, method_tests[i].user, method_tests[i].group, method_tests[i].label, method_tests[i].name, method_tests[i].path, method_tests[i].interface, method_tests[i].member, static_cast<int>(method_tests[i].type));
} else if (method_tests[i].recv_send == MessageDirection::RECEIVE) {
- ret = __internal_can_recv(false, method_tests[i].user, method_tests[i].group, method_tests[i].label, method_tests[i].name, method_tests[i].path, method_tests[i].interface, method_tests[i].member, static_cast<int>(method_tests[i].type));
+ ret = __internal_can_recv(SYSTEM_BUS, method_tests[i].user, method_tests[i].group, method_tests[i].label, method_tests[i].name, method_tests[i].path, method_tests[i].interface, method_tests[i].member, static_cast<int>(method_tests[i].type));
}
if ( (int)((method_tests[i].expected_result)) != ret) {
printf("[ERROR][%d] method test failed: %d %d ", i, (int)((method_tests[i].expected_result)), ret);
unsigned i = 0;
bool flag = true;
bool ret = true;
- __internal_init(false, "tests/default_deny/system.conf");
+ __internal_init(SYSTEM_BUS, "tests/default_deny/system.conf");
for (i = 0; i < sizeof(ownership_tests)/sizeof(struct OwnershipTest); i++) {
- ret = __internal_can_own(false, ownership_tests[i].user, ownership_tests[i].group, ownership_tests[i].label, ownership_tests[i].service);
+ ret = __internal_can_own(SYSTEM_BUS, ownership_tests[i].user, ownership_tests[i].group, ownership_tests[i].label, ownership_tests[i].service);
if ( (int)((ownership_tests[i].expected_result)) != ret) {
printf("[ERROR][%d] ownership test failed: %d %d ", i, (int)((ownership_tests[i].expected_result)), ret);
ownershipTest_print(&ownership_tests[i], ret);
unsigned i = 0;
bool flag = true;
bool ret = true;
- __internal_init(false, "tests/default_allow/system.conf");
+ __internal_init(SYSTEM_BUS, "tests/default_allow/system.conf");
for (i = 0; i < sizeof(ownership_tests)/sizeof(struct OwnershipTest); i++) {
- ret = __internal_can_own(false, ownership_tests[i].user, ownership_tests[i].group, ownership_tests[i].label, ownership_tests[i].service);
+ ret = __internal_can_own(SYSTEM_BUS, ownership_tests[i].user, ownership_tests[i].group, ownership_tests[i].label, ownership_tests[i].service);
if ( (int)((ownership_tests[i].expected_result)) != ret) {
printf("[ERROR][%d] ownership test failed: %d %d ", i, (int)((ownership_tests[i].expected_result)), ret);
ownershipTest_print(&ownership_tests[i], ret);
bool flag = true;
bool ret = true;
- __internal_init(false, "tests/default_deny/system.conf");
+ __internal_init(SYSTEM_BUS, "tests/default_deny/system.conf");
for (i = 0; i < sizeof(tests)/sizeof(struct Test); i++) {
ret = __internal_can_send(SYSTEM_BUS, tests[i].user,
unsigned i = 0;
bool flag = true;
bool ret = true;
- __internal_init(false, "tests/default_allow/system.conf");
+ __internal_init(SYSTEM_BUS, "tests/default_allow/system.conf");
for (i = 0; i < sizeof(signal_tests)/sizeof(struct SignalTest); i++) {
- ret = __internal_can_send(false, signal_tests[i].user, signal_tests[i].group, signal_tests[i].label, signal_tests[i].dest, NULL, signal_tests[i].interface, NULL, DBUSPOLICY_MESSAGE_TYPE_SIGNAL);
+ ret = __internal_can_send(SYSTEM_BUS, signal_tests[i].user, signal_tests[i].group, signal_tests[i].label, signal_tests[i].dest, NULL, signal_tests[i].interface, NULL, DBUSPOLICY_MESSAGE_TYPE_SIGNAL);
if ( (int)((signal_tests[i].expected_result)) != ret) {
printf("[ERROR][%d] signal test failed: %d %d ", i, (int)((signal_tests[i].expected_result)), ret);
signalTest_print(&signal_tests[i], ret);