review.tizen.org Git - platform/upstream/dbus.git/log

installed-tests: declare that the output is in TAP format

For the ones written using GLib, the output is in TAP format if we
say --tap. For the one not written using GLib, the output is in TAP
and the command-line is ignored.

Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89846

test-shell, test-printf: produce TAP output like the other installable tests

Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89846

tests: provide g_test_skip() emulation for older GLib

We don't hard-depend on a new enough GLib to have g_test_skip();
if our GLib is older, fake it using g_test_message() and degrade to
reporting it as a pass rather than a skip.

Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89846

tests: avoid noise on stdout when not --verbose

This makes life easier for frameworks like LAVA that screen-scrape
test results.

g_test_message() is not displayed by default, but each test can be run
with either --tap or --verbose to get these messages displayed.

Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89846

CID 54766: Resource leak (RESOURCE_LEAK).

Variable original_argv going out of scope leaks the storage it points to.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90021
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Merge branch 'dbus-1.8'

Conflicts:
dbus/dbus-sysdeps-win.c

Fix 'dbus connection referencing issue in test-relay'.

The watches added on connection setup should be removed on shutdown.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90005
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Add newline to verbose output in _dbus_trace_ref().

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90004
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

cmake: Extend underlines below dbus version print on configure summary title.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89450
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Fix assorted compiler warnings on Windows.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89444
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
[rh: rebased because a few hunks have already been applied with commit
92c39d1d8a30110c5760bd8d5e695e26a8538d1a]

Rename _dbus_full_duplex_pipe() to more descriptive name _dbus_socketpair().

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89444
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

cmake: only set CMP0053, CMP0054 on CMake >= 3.1

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89450
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Fix of 'warning: variable ‘..‘ set but not used [-Wunused-but-set-variable]'.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89284
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Revert "Rename _dbus_full_duplex_pipe() to more descriptive name _dbus_socketpair()."

This reverts commit ee0e15366c8b1ea196ad63a8376c8b5299279386.

Revert "Use typedef DBusSocket for sockets fd's to avoid conversion warnings."

This reverts commit f9192688b6758d20e955adeb255399b79ba43a95.

cmake: opt-in to not implicitly expanding variables in if() (policy CMP0054)

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89450
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Revert "cmake: @VAR@ substitutions in set() are deprecated, use string(CONFIGURE) instead (policy CMP0053)"

This reverts commit 45f2e84a7de52f55fc1b41fefbc1b71a40d7a4eb.

Use typedef DBusSocket for sockets fd's to avoid conversion warnings.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89444

Rename _dbus_full_duplex_pipe() to more descriptive name _dbus_socketpair().

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89444

cmake: @VAR@ substitutions in set() are deprecated, use string(CONFIGURE) instead (policy CMP0053)

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89450
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

cmake: stop using deprecated LOCATION property (policy CMP0026)

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89450
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Fix cmake build system bug not generating versioned library name in case LT_REVISION is zero.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89450
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Add missing include file for cmake function check_include_files() (commit 2d2b5af)

dbus-print-message: conditionalize Unix FD handling on DBUS_UNIX

We close() the fd after we have printed it, but close() isn't
standard functionality on Windows. Unix FD-passing is never going
to work on non-Unix platforms anyway.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89428
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

dbus-monitor: use _dbus_get_real_time instead of gettimeofday

gettimeofday is implicitly declared (i.e. not in our #include'd header
files) when cross-compiling for on Windows. Now that fd.o#83115
has been fixed, using _dbus functions is not a problem.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89428
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Improve diagnostics when UpdateActivationEnvironment calls are rejected

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88812
Reviewed-by: Colin Walters <walters@verbum.org>
[smcv: rebased to not require the extra code initially on that bug]

Keep cmake generated defines for include files in sync with autotools.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=85418
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Move include file checks to ConfigureChecks.cmake for cmake build system.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=85418
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Add check to cmake build system if config.h.cmake is in sync with autotools.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=85418
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Keep include file checks in sync with autotools.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=85418
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Add cmake macro autoheaderchecks().

This macro prints out any include file defined as HAVE_..._H in the config
header template and not in the related cmake configure checks file.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=85418
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Fix broken cmake HAVE_SOCKLEN_T type finding check.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=17289
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Add missing header for _dbus_sleep_milliseconds() (commit 43d2455)

Add test-fdpass to cmake build system.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=17289
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

signal_handler: avoid signed/unsigned mismatch (-Wsign-compare)

We're ignoring the result of this write() to stderr anyway, because
if it failed... what would we do? Write to stderr? That wouldn't work
any better the second time :-)

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=17289
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Enable -Wsign-compare for cmake builds.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=17289
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Autotools: enable -Wsign-compare and optionally -Werror=sign-compare

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=17289
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

fd-passing test: numbers of things are unsigned (-Wsign-compare)

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=17289
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

_dbus_listen_systemd_sockets: fds are signed ints (-Wsign-compare)

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=17289
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Use new _dbus_string_get_length_uint() to avoid another -Wsign-compare

DBusString's length is signed for historical reasons: the right type
would have been size_t or some other unsigned type. We have a *lot*
of callers of _dbus_string_get_length(), so it is not really desirable
to do a flag-day switch; but we know that the length is always in the
range [0, INT_MAX] that is common to int and unsigned int, so we can
safely add an unsigned accessor.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=17289
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Drop duplicated function tool_millisleep() and use dbus_sleep_milliseconds() instead.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89284
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Fix warning 'conversion to ‘long unsigned int’ from ‘WriteResult’ may change the sign of the result [-Wsign-conversion]'.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89284
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Fix of 'warning: conversion to ‘dbus_bool_t‘ from ‘int‘ may change the sign of the result [-Wsign-conversion]'.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89284
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Fix of 'warning: unused variable ‘result‘ [-Wunused-variable]'.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89284
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Fix warning: conversion to 'DWORD' from 'int' may change the sign of the result [-Wsign-conversion].

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89284
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Trivial -Wsign-compare fixes.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=17289
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

belatedly bump version for 1.9.15

Make all time values signed longs instead of a mix of signed and unsigned, to avoid compiler complaints.

check_timeout() tries to use some unsigned long variables to
perform some intermediate calculations, then has to cast
back to signed long. As it happens, there's no real chance
of overflowing a signed long (it'll only happen if the current
time is within 49.7 days of rolling over, at which point you're
already pretty doomed), so we can make the calculations a bit
simpler, and also avoid the mixed-signedness arithmetic we'd
otherwise need to do.

Bug: https://bugs.freedesktop.org/attachment.cgi?id=18494
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Keep cmake defines GLIB_VERSION_... in sync with autotools.

This patch adds autotools related cmake macros autoinit() and autodefine().

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89284
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

prepare 1.9.14

Fix warning: 'the comparison will always evaluate as 'false' for the address of '....' will never be NULL [-Waddress]'

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89284
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Make include_dir non-existing directory, to not be an error.

Empty include directories were already not treated as failures.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280
Signed-off-by: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

NEWS

monitor test: don't block in main context if we already have messages

Functions like become_monitor() sometimes iterate the main context,
which could leave us with unprocessed messages in f->monitored.
We need to drain that queue of unprocessed messages (setting flags
accordingly, which might meet the loop's exit condition or cause
a break) before we are willing to block in the main context again.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89222
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>

test_init: convert SIGALRM into SIGABRT so we leave a core dump on timeout

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89222
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>

NEWS

dbus-monitor: Keep term 'dest' in --monitor output in sync with related watch expression.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88896
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
[smcv: rebase onto differently indented version of previous commit]
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

dbus-monitor: Add timestamp to --monitor mode.

Use cross platform function _dbus_get_real_time() for fetching current time.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88896
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
[smcv: use %ld to avoid needing casts; reinstate printing the timestamp;
libdbus-1 is sufficient now that fd.o#83115 is fixed; print timestamp for
non-literal dbus-send replies too]
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

dbus-monitor: Keep parameter list of method returns in --monitor mode in sync with --profile mode.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88896
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

dbus-monitor: convert remaining hard tabs to 8 space.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88896
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Actually commit cmake changes for dbus-launch

dbus-launch: if autolaunching, use XDG_RUNTIME_DIR/bus if available

This provides backwards-compatible autolaunching behaviour, as long
as dbus-launch inherits the XDG_RUNTIME_DIR (which it presumably did
if it's going to work at all, since it must also have inherited the
DISPLAY). In particular, we go through the motions of starting the
dbus-daemon, so that we can start the "babysitter" process that will
maintain the X11 window to store the bus address.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
[smcv: decorate _dbus_lookup_user_bus with DBUS_PRIVATE_EXPORT so we
can still call it after fixing fd.o#83115; update cmake to match Autotools]

dbus-launch: use libdbus to read the UUID

As a side benefit, this means that dbus-launch now understands
/etc/machine-id and not just /var/lib/dbus/machine-id.

Since machine_uuid comes out of libdbus allocated with dbus_malloc,
to avoid having to copy it from malloc-allocated to
dbus_malloc-allocated storage, it makes sense to change it to be
consistently dbus_malloc-allocated (particularly now that Bug #83115
has made use of internal symbols relatively painless). However, I'm
deliberately not changing the allocation model of any other strings
in dbus-launch right now; that's a larger yak-shaving exercise.

Add dbus-update-activation-environment tool

If OS builders (distributions) have chosen to use the per-user bus,
this provides two possible modes of operation for compatibility with
existing X session startup hooks.

A legacy-free system can just upload DISPLAY, XAUTHORITY and possibly
DBUS_SESSION_BUS_ADDRESS into dbus-daemon's and systemd's activation
environments, similar to
http://cgit.freedesktop.org/systemd/systemd/tree/xorg/50-systemd-user.sh
installed by systemd (but unlike systemctl,
dbus-update-activation-environment works for traditional
D-Bus-activated services, not just for systemd services).

A system where compatibility is required for environment variables
exported by snippets in /etc/X11/xinit/xinitrc.d (in Red Hat derivatives,
Gentoo, etc.) or /etc/X11/Xsession.d (Debian derivatives) can upload
the entire environment of the X session, minus some selected environment
variables which are specific to a login session (notably XDG_SESSION_ID).

In Debian, I plan to put the former in a new dbus-user-session package
that enables a user-session-centric mode of operation for D-Bus,
and the latter in the existing dbus-x11 package, with the intention that
dbus-x11 eventually becomes a tool for change-averse setups or goes
away entirely.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>

Optionally install systemd user units for a per-user bus

The socket path used here, $XDG_RUNTIME_DIR/bus, does not match
what was used in user-session-units, but is what Lennart recommended
on fd.o #61303, and is also what kdbus will use for its bus proxy.

Installation of these units switches D-Bus to a different model of
the system: instead of considering each login session (approximately,
each password typed in) to be its own session, the user-session model
is that all concurrent logins by the same user form one large session.
This allows the same bus to be shared by a graphical session, cron jobs,
tty/ssh sessions, screen/tmux sessions and so on.

Because this is a different world-view, it is compile-time optional:
OS builders can choose which world their OS will live in. The default
is still the login-session model used in earlier D-Bus releases,
but might change to the user-session model in future. Explicit
configuration is recommended.

In OSs that support both models (either for sysadmin flexibility or as
a transitional measure), the OS builder should enable the user bus
units, but split them off into a dpkg binary package, RPM subpackage etc.;
the sysadmin can choose whether to enable the user-session model by
choosing whether to install that package.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>

Add a regression test for connecting to XDG_RUNTIME_DIR/bus by default

This test requires the unix:runtime=yes sub-transport from Bug #61303.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>

On Unix platforms, try $XDG_RUNTIME_DIR/bus before default address

This is safe to do even on systems where there is a per-login-session
bus: the $XDG_RUNTIME_DIR/bus would just not exist there. This means
that OS builders can enable a per-user-session bus by merely providing
configuration to start it, without needing to rebuild the client library.

Based on a patch by Colin Walters, with these changes:

- factor out the actual XDG_RUNTIME_DIR bit into a function
- set error correctly on OOM
- do not try to use an XDG_RUNTIME_DIR/bus that belongs to a
different uid or is not a socket
- escape the path if it contains inconvenient characters
- coding style adjustments

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>

Add regression test for unix:runtime=yes

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61303
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>

Add support for unix:runtime=yes as an address mode

This is not used by default, but can be configured by OS builders (or
regression-test environments) if desired.

If used, this listens on $XDG_RUNTIME_DIR/bus, or fails if $XDG_RUNTIME_DIR
is not set. Fallback behaviour is unnecessary, because it is already
possible to use a string of semicolon-separated addresses like
<listen>unix:runtime=yes;unix:tmpdir=/tmp</listen>, resulting in
listening on either $XDG_RUNTIME_DIR/bus or /tmp/something.

We use a non-abstract socket here, because that is desirable for
use with Linux containers: abstract sockets are attached to the
network namespace, whereas non-abstract sockets are part of the
filesystem and can be bind-mounted between domains if necessary.
The major advantage of abstract sockets is that they do not need
cleanup, but the specification of XDG_RUNTIME_DIR guarantees to
provide cleanup anyway.

Based on prior work by Simon McVittie, Colin Walters and Alexander
Larsson.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61303
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>

marshalling tests: fix an incorrect use of memcmp

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89243
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

tests: reassure clang that oom() does in fact not return

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89243
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

tests: simplify Makefile.am now that libdbus is always dynamically linked

testutils_shared_if_possible_cppflags is now just a copy of AM_CPPFLAGS,
which is the default and does not need to be given explicitly, so
those lines can be removed.

Similarly, testutils_shared_if_possible_libs is just the
libdbus-testutils.la convenience library, so expand it and
remove the unnecessary variable.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Remove checks for dbus-glib from configure.ac

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Add versioned symbol support to cmake build system for linux platforms to keep in sync with autotools.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

NEWS

cmake: check for the necessary symbols for test-segfault.c

If we don't check for them, and you have core dumps enabled, then
running this test under cmake is really annoying, because it leaves
lots of core dumps none of which are actually a problem.

The equivalent Autotools change (which added the actual code that
this relies on) is commit ae50d46, from fd.o#83772.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Fix static linking with mingw

Now that we're normally linking libdbus-1 dynamically, we need to
use DBUS_STATIC_BUILD_CPPFLAGS in every Makefile that would normally
link it dynamically, but might link it statically if we are only
building static libraries.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Link dbus-daemon and dbus-daemon-lauch-helper against libdbus

The shared can be used by dbus-daemon and dbus-daemon-launch-helper by exporting
the private symbols needed, reducing the size of dbus by about 500k.
The private symbols are exposed under the version
LIBDBUS_PRIVATE_@VERSION_NUMBER@.

[Altered by Simon McVittie and Ralf Habacker to clear up some
problematic linking.]

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

On Unix platforms with gcc (or compatible), hide non-exported symbols

This changes the Linux behaviour to match the default situation
on Windows: symbols without DBUS_EXPORT or DBUS_PRIVATE_EXPORT
decoration are internal to libdbus-1, and cannot be used by
other programs, even within the dbus source tree.

This means the compiler/linker can optimize calls to those functions
by avoiding indirection through the PLT, which should improve
performance a little. However, the primary purpose of doing this is
that it means developers building libdbus on Linux are considerably
less likely to break it on Windows by mistake.

I'm deliberately not adding -fvisbility=hidden in CMake because the
complexity of doing so is unnecessary: Autotools is the recommended
way to build dbus for Unix, and the one Unix developers are going
to use in practice, unless they are specifically checking that they
haven't broken the CMake build.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Add DBUS_PRIVATE_EXPORT decoration to symbols used by dbus-daemon or tests

The rules are:

* symbols in libdbus-1 with neither decoration are private to libdbus-1
* symbols in libdbus-1 with DBUS_EXPORT are public API
* symbols in libdbus-1 with DBUS_PRIVATE_EXPORT are private to the
  dbus source package, but may be used by other programs in the dbus
  source tree, including tests
* symbols in libdbus-internal must not have DBUS_EXPORT or
  DBUS_PRIVATE_EXPORT, and should be used by as few things as possible

Thanks to Ralf Habacker for his contributions to this rather
large commit.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

tests: always use libdbus-internal for main loop, never dbus-glib

This gets rid of a potential circular dependency, which is annoying
when bootstrapping. It is nice to have the regression tests use
the shared libdbus, but we're about to make it possible to
do that anyway, even though some of them use internal symbols.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

sysdeps: try to avoid re-including config.h

Re-including config.h after we have already included glib.h breaks
the GLIB_VERSION_MAX_ALLOWED macro, and every .c file should be
including config.h anyway.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Remove some redundant inclusions

Both these files included dbus-test.h already.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

Remove <apparmor/> from default system.conf, session.conf

The AppArmor and SELinux modes both default to "enabled" (i.e.
enable it if and only if it is supported), so there is no need to
add their element to system.conf unless a system integrator wants
to set them to either required or disabled.

However, if we add <apparmor/> on upgrade from 1.9.10 to 1.9.12,
any subsequent attempts to reload bus configuration before the
next reboot will fail, because the dbus-daemon that is already
running does not support that element.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89231
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>

clarify NEWS

1.9.13

1.9.12

apparmor: Fix build failure with --disable-apparmor

The bus_apparmor_confinement_unref() function definition must exist even
when building with --disable-apparmor.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Revert "Add DBus method to return the AA context of a connection"

This reverts commit 24f1502e42b58a7c238779c023c6bfe870dc78cc,
which wasn't meant to go upstream (it's backwards compatibility
with older versions of this patchset).

Add DBus method to return the AA context of a connection

This is not intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.

[Altered by Simon McVittie: survive non-UTF-8 contexts which
would otherwise be a local denial of service, except that Ubuntu
inherits a non-fatal warnings patch from Debian; new commit message
taken from the Ubuntu changelog; do not emit unreachable code if
AppArmor is disabled.]

apparmor: tighten up terminology for context vs. label vs. profile

The thing returned by SO_PEERSEC (which we're calling LinuxSecurityLabel
within D-Bus) can have a different meaning for each LSM. In AppArmor
it's the AppArmor context, which is made up of an AppArmor label and an
optional confinement mode; the label further subdivides into one
or more profiles. See
https://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/2862
and subsequent commits for recent clarification of this terminology.

In practice, the part that dbus-daemon deals with is the label,
and occasionally also the mode.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>

Mediation of processes becoming a monitor

When an AppArmor confined process wants to become a monitor, a check is
performed to see if eavesdropping should be allowed.

The check is based on the connection's label and the bus type.

This patch reuses the bus_apparmor_allows_eavesdropping() hook.

An example AppArmor rule that would allow a process to become a monitor
on the system bus would be:

dbus eavesdrop bus=system,

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Mediation of processes eavesdropping

When an AppArmor confined process wants to eavesdrop on a bus, a check
is performed to see if the action should be allowed.

The check is based on the connection's label and the bus type.

This patch adds a new hook, which was not previously included in the
SELinux mediation, to mediate eavesdropping from
bus_driver_handle_add_match().

A new function is added to bus/signals.c to see if a match rule is an
eavesdropping rule since the rule flags field is private to signals.c.

An example AppArmor rule that would allow a process to eavesdrop on the
session bus would be:

dbus eavesdrop bus=session,

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Mediation of processes sending and receiving messages

When an AppArmor confined process wants to send or receive a message, a
check is performed to see if the action should be allowed.

When a message is going through dbus-daemon, there are two checks
performed at once. One for the sending process and one for the receiving
process.

The checks are based on the process's label, the bus type, destination,
path, interface, and member, as well as the peer's label and/or
destination name.

This allows for the traditional connection-based enforcement, as well as
any fine-grained filtering desired by the system administrator.

It is important to note that error and method_return messages are
allowed to cut down on the amount of rules needed. If a process was
allowed to send a message, it can receive error and method_return
messages.

An example AppArmor rule that would be needed to allow a process to call
the UpdateActivationEnvironment method of the session bus itself would be:

  dbus send bus=session path=/org/freedesktop/DBus
       interface=org.freedesktop.DBus member=UpdateActivationEnvironment
       peer=(name=org.freedesktop.DBus),

To receive any message on the system bus from a process confined by
the "confined-client" AppArmor profile:

  dbus receive bus=system peer=(label=confined-client),

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: John Johansen <john.johansen@canonical.com>
[tyhicks: Use BusAppArmorConfinement, bug fixes, cleanup, commit msg]
[tyhicks: Pass the message type to the AppArmor hook]
[tyhicks: Don't audit unrequested reply message denials]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
[smcv: when AA denies sending, don't label requested_reply as "matched rules"]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>

Do LSM checks after determining if the message is a requested reply

Move the call to bus_selinux_allows_send() after the call to
bus_connections_check_reply().

This allows LSMs to know if the message is a reply and whether or not it
was requested.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Mediation of processes that acquire well-known names

When an AppArmor confined process wants to acquire a well-known name, a
check is performed to see if the action should be allowed.

The check is based on the connection's label, the bus type, and the name
being requested.

An example AppArmor rule that would allow the name
"com.example.ExampleName" to be acquired on the system bus would be:

dbus bind bus=system name=com.example.ExampleName,

To let a process acquire any name on any bus, the rule would be:

dbus bind,

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: John Johansen <john.johansen@canonical.com>
[tyhicks: Use BusAppArmorConfinement, bug fixes, cleanup, commit msg]
[tyhicks: initialize reserved area at the start of the query string]
[tyhicks: Use empty string for NULL bustypes when building queries]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Store AppArmor label of connecting processes

When processes connect the bus, the AppArmor confinement context should
be stored for later use when checks are to be done during message
sending/receiving, acquire a name, and eavesdropping.

Code outside of apparmor.c will need to initialize and unreference the
confinement context, so bus_apparmor_confinement_unref() can no longer
be a static function.

[Move bus_apparmor_confinement_unref back to its old location for
a more reasonable diff -smcv]

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Store AppArmor label of bus during initialization

During dbus-daemon initialization, the AppArmor confinement context
should be stored for later use when checks are to be done on messages
to/from the bus itself.

AppArmor confinement contexts are documented in aa_getcon(2). They
contain a confinement string and a mode string. The confinement string
is typically the name of the AppArmor profile confining a given process.
The mode string gives the current enforcement mode of the process
confinement. For example, it may indicate that the confinement should be
enforced or it may indicate that the confinement should allow all
actions with the caveat that actions which would be denied should be
audited.

It is important to note that libapparmor mallocs a single buffer to
store the con and mode strings and separates them with a NUL terminator.
Because of this, only con should be freed.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
[smcv: use BUS_SET_OOM]
[smcv: dbus_set_error doesn't need extra newlines]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>

Initialize AppArmor mediation

When starting dbus-daemon, autodetect AppArmor kernel support and use
the results from parsing the busconfig to determine if mediation should
be enabled.

In the busconfig, "enabled" means that kernel support is autodetected
and, if available, AppArmor mediation occurs in dbus-daemon. In
"enabled" mode, if kernel support is not detected, mediation is
disabled. "disabled" means that mediation does not occur. "required"
means that kernel support must be detected for dbus-daemon to start.

Additionally, when libaudit support is built into dbus-daemon, the
AppArmor initialization routines set up the audit connection.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: John Johansen <john.johansen@canonical.com>
[tyhicks: Honor enforcement modes and detect AppArmor dbus rule support]
[tyhicks: fix unreachable return when AppArmor support is built]
[tyhicks: make bus_apparmor_full_init() able to raise a DBusError]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
[smcv: _bus_apparmor_aa_supports_dbus: document necessary kernel API guarantee]
[smcv: bus_apparmor_pre_init: distinguish between OOM and AppArmor not enabled]
[smcv: document why we open() and not just stat()]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>