From: Adrian Szyndela <adrian.s@samsung.com>
Date: Tue, 14 Aug 2018 13:54:50 +0000 (+0200)
Subject: policychecker: modified 'Unconstrained allow' rule
X-Git-Tag: submit/tizen/20180808.030253~12
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=15ab63956560f4d994d3d22478d8877d98cc46e6;p=platform%2Fcore%2Fsystem%2Fdbus-tools.git

policychecker: modified 'Unconstrained allow' rule

Unconstrained allow rule was reporting any allow in context default
or mandatory.
Now, it reports those rules in both contexts that:
- allow send_type='method_call' but do not specify destination and interface;
- allow send_path but do not specify destination;
- allow receive_type='method_call' but do not specify sender and interface;
- allow receive_path but do not specify sender.
Additionally, in user and group context send_destination is required
when send_type="method_call" or send_path is present, and receive_sender
is required when receive_type="method_call" or receive_path is present.

Change-Id: Icd822bf4b3e2f105a07e80ca61415410faaeb00a
---

diff --git a/policychecker/rules.xsl b/policychecker/rules.xsl
index f159b6f..8a8d3f4 100644
--- a/policychecker/rules.xsl
+++ b/policychecker/rules.xsl
@@ -27,9 +27,33 @@
 	</sch:pattern>
 
 	<sch:pattern name="Unconstrained allow in default context (or mandatory)">
-		<!-- use true() to issue an error for each allow and not only once per policy -->
-		<sch:rule context="policy[@context = 'default']/allow | policy[@context = 'mandatory']/allow">
-			<sch:report test="true()">Unconstrained allows are not allowed in context default and context mandatory.</sch:report>
+		<!-- policy[@context] means that it applies to both default and mandatory contexts -->
+		<sch:rule context="policy[@context]/allow[@send_type='method_call']">
+			<sch:assert test="@send_destination">Unconstrained allows are not allowed in context default and context mandatory: missing send_destination, but send_type="method_call" is present.</sch:assert>
+			<sch:assert test="@send_interface">Unconstrained allows are not allowed in context default and context mandatory: missing send_interface, but send_type="method_call" is present.</sch:assert>
+		</sch:rule>
+		<sch:rule context="policy[@context]/allow[@send_path]">
+			<sch:assert test="@send_destination">Unconstrained allows are not allowed in context default and context mandatory: missing send_destination, but send_path is present.</sch:assert>
+		</sch:rule>
+		<sch:rule context="policy[@context]/allow[@receive_type='method_call']">
+			<sch:assert test="@receive_sender">Unconstrained allows are not allowed in context default and context mandatory: missing receive_sender, but receive_type="method_call" is present.</sch:assert>
+			<sch:assert test="@receive_interface">Unconstrained allows are not allowed in context default and context mandatory: missing receive_interface, but receive_type="method_call" is present.</sch:assert>
+		</sch:rule>
+		<sch:rule context="policy[@context]/allow[@receive_path]">
+			<sch:assert test="@receive_sender">Unconstrained allows are not allowed in context default and context mandatory: missing receive_sender, but receive_path is present.</sch:assert>
+		</sch:rule>
+		<!-- user and group contexts need at least send_destination -->
+		<sch:rule context="policy[@user]/allow[@send_type='method_call'] | policy[@group]/allow[@send_type='method_call']">
+			<sch:assert test="@send_destination">Unconstrained allows are not allowed in user or group context: missing send_destination, but send_type="method_call" is present.</sch:assert>
+		</sch:rule>
+		<sch:rule context="policy[@user]/allow[@send_path] | policy[@group]/allow[@send_path]">
+			<sch:assert test="@send_destination">Unconstrained allows are not allowed in user or group context: missing send_destination, but send_path is present.</sch:assert>
+		</sch:rule>
+		<sch:rule context="policy[@user]/allow[@receive_type='method_call'] | policy[@group]/allow[@receive_type='method_call']">
+			<sch:assert test="@receive_sender">Unconstrained allows are not allowed in user or group context: missing receive_sender, but receive_type="method_call" is present.</sch:assert>
+		</sch:rule>
+		<sch:rule context="policy[@user]/allow[@receive_path] | policy[@group]/allow[@receive_path]">
+			<sch:assert test="@receive_sender">Unconstrained allows are not allowed in user or group context: missing receive_sender, but receive_path is present.</sch:assert>
 		</sch:rule>
 	</sch:pattern>
 	<!-- additional rule -->