#define DBUSPOLICY_MESSAGE_TYPE_ERROR 3
#define DBUSPOLICY_MESSAGE_TYPE_SIGNAL 4
+#define DBUSPOLICY_RESULT_ALLOW 1
+#define DBUSPOLICY_RESULT_DENY 0
+#define DBUSPOLICY_RESULT_DEST_NOT_AVAILABLE -1
+#define DBUSPOLICY_RESULT_KDBUS_ERROR -2
+#define DBUSPOLICY_RESULT_CYNARA_ERROR -3
+
struct udesc;
/*!
std::cout << "Destination too long: "<<destination<<std::endl;
return false;
}
- return policy_checker.check(bus_type, user, group, label, ns, interface, member, path, static_cast<ldp_xml_parser::MessageType>(type), ldp_xml_parser::MessageDirection::SEND);
+ return static_cast<int>(policy_checker.check(bus_type, user, group, label, ns, interface, member, path, static_cast<ldp_xml_parser::MessageType>(type), ldp_xml_parser::MessageDirection::SEND));
}
int __internal_can_send_multi_dest(bool bus_type,
const char* const member,
int type)
{
- return policy_checker.check(bus_type, user, group, label, destination, interface, member, path, static_cast<ldp_xml_parser::MessageType>(type), ldp_xml_parser::MessageDirection::SEND);
+ return static_cast<int>(policy_checker.check(bus_type, user, group, label, destination, interface, member, path, static_cast<ldp_xml_parser::MessageType>(type), ldp_xml_parser::MessageDirection::SEND));
}
int __internal_can_recv(bool bus_type,
{
const char* names[KDBUS_CONN_MAX_NAMES+1];
const char** ns = get_strv(sender, names);
- return policy_checker.check(bus_type, user, group, label, ns, interface, member, path, static_cast<ldp_xml_parser::MessageType>(type), ldp_xml_parser::MessageDirection::RECEIVE);
+ return static_cast<int>(policy_checker.check(bus_type, user, group, label, ns, interface, member, path, static_cast<ldp_xml_parser::MessageType>(type), ldp_xml_parser::MessageDirection::RECEIVE));
}
int __internal_can_own(bool bus_type,
const char* const label,
const char* const service)
{
- return policy_checker.check(bus_type, user, group, label, service);
+ return static_cast<int>(policy_checker.check(bus_type, user, group, label, service));
}
return m_bus_db[type];
}
-bool NaivePolicyChecker::parseDecision(Decision decision,
+DecisionResult NaivePolicyChecker::parseDecision(Decision decision,
uid_t uid,
const char* label,
const char* privilege) {
switch (decision)
{
case Decision::ALLOW:
- return true;
+ return DecisionResult::ALLOW;
case Decision::ANY:
case Decision::DENY:
- return false;
+ return DecisionResult::DENY;
case Decision::CHECK:
+ {
std::snprintf(uid_str, sizeof(uid_str) - 1, "%lu", (unsigned long)uid);
- return ldp_cynara::Cynara::check(label, privilege, uid_str) == ldp_cynara::CynaraResult::ALLOW;
+ ldp_cynara::CynaraResult ret = ldp_cynara::Cynara::check(label, privilege, uid_str);
+ if (ret == ldp_cynara::CynaraResult::ALLOW)
+ return DecisionResult::ALLOW;
+ else if (ret == ldp_cynara::CynaraResult::DENY)
+ return DecisionResult::DENY;
+ else
+ return DecisionResult::CYNARA_ERROR;
+ }
}
- return false;
+ return DecisionResult::DENY;
}
NaivePolicyChecker::~NaivePolicyChecker() {
delete m_adapter;
}
-bool NaivePolicyChecker::checkItem(bool bus_type, uid_t uid, gid_t gid, const char* label, const Item& item) {
+DecisionResult NaivePolicyChecker::checkItem(bool bus_type, uid_t uid, gid_t gid, const char* label, const Item& item) {
NaivePolicyDb& policy_db = getPolicyDb(bus_type);
ItemType type = item.getType();
Decision ret = Decision::ANY;
if (ret != Decision::ANY)
return parseDecision(ret, uid, label, privilege);
else
- return false;
+ return DecisionResult::DENY;
}
-bool NaivePolicyChecker::check(bool bus_type,
+DecisionResult NaivePolicyChecker::check(bool bus_type,
uid_t uid,
gid_t gid,
const char* const label,
if (tslog::enabled())
std::cout << err.what() << std::endl;
}
- return false;
+ return DecisionResult::DENY;
}
-bool NaivePolicyChecker::check(bool bus_type,
+DecisionResult NaivePolicyChecker::check(bool bus_type,
uid_t uid,
gid_t gid,
const char* const label,
if (tslog::enabled())
std::cout << err.what() << std::endl;
}
- return false;
+ return DecisionResult::DENY;
}
Decision checkPolicy(const NaivePolicyDb::Policy& policy,
const Item& item,
const char*& privilege);
- bool parseDecision(Decision decision,
+ DecisionResult parseDecision(Decision decision,
uid_t uid,
const char* label,
const char* privilege);
- bool checkItem(bool bus_type,
+ DecisionResult checkItem(bool bus_type,
uid_t uid,
gid_t gid,
const char* label,
public:
~NaivePolicyChecker();
DbAdapter& generateAdapter();
- bool check(bool bus_type,
+ DecisionResult check(bool bus_type,
uid_t uid,
gid_t gid,
const char* const label,
const char* const name);
- bool check(bool bus_type,
+ DecisionResult check(bool bus_type,
uid_t uid,
gid_t gid,
const char* const label,
CHECK
};
+ enum class DecisionResult : int8_t {
+ CYNARA_ERROR = -3,
+ DENY = 0,
+ ALLOW
+ };
+
union PolicyTypeValue {
PolicyTypeValue();
PolicyTypeValue(ContextType type);
r = ioctl(g_conn[bus_type].fd, KDBUS_CMD_CONN_INFO, &cmd.cmd_info);
if (r < 0) {
- r = -errno;
+ if (errno == ENXIO || errno == ESRCH)
+ r = DBUSPOLICY_RESULT_DEST_NOT_AVAILABLE;
+ else
+ r = DBUSPOLICY_RESULT_KDBUS_ERROR;
goto end;
}