Hyotaek Shim [Wed, 27 Jul 2016 08:33:33 +0000 (17:33 +0900)]
fix in system dbus.service (User=dbus, Group=dbus)
Change-Id: I5041323980664baecdde25a65230e7c6a3608bac
Hyotaek Shim [Wed, 20 Jul 2016 04:53:52 +0000 (13:53 +0900)]
Onlycap-related fix in system dbus.service (SmackProcessLabel=System)
Change-Id: I725049c020a107774f79cf2685c7505497b6723d
INSUN PYO [Tue, 19 Jul 2016 04:29:08 +0000 (13:29 +0900)]
[PATCH 1/2] kdbus: Fix the overflow for timeout calculation
The maximum value of unsigned long is
4294967295 which is too small
for storing nano second. It makes the overflow in calculation.
Use LLU instead of LU for timeout calculation.
======================================================================
Subject: [PATCH 2/2] kdbus: adjust the default value for timeout to 50 sec
This definition is used by the default value for timeout value.
But in the other places, 50 sec is used by default value for timeout,
instead of using it.
Let's align it with the others
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Idddaf3f095ad47206f8b6ac11bc46c43c3bc8bd3
Hyotaek Shim [Tue, 19 Jul 2016 01:44:09 +0000 (18:44 -0700)]
Merge "gvariant marshal: nested struct offset size accounts for fixed members" into tizen
Hyotaek Shim [Tue, 19 Jul 2016 01:42:50 +0000 (18:42 -0700)]
Merge "dbus-marshal-gavariant : Update offset bytes size whenever message is appended" into tizen
Karol Lewandowski [Mon, 11 Jul 2016 11:40:38 +0000 (13:40 +0200)]
cynara: Do not drop messages when sender connection is closed
Information about required sender credentials is cached in internal
structures at authentication stage.
Change-Id: Ibe0b3ba8b608728c11347d406c9ab2e4495cafc7
Konrad Lipinski [Thu, 7 Jul 2016 17:01:07 +0000 (19:01 +0200)]
gvariant marshal: nested struct offset size accounts for fixed members
Change-Id: Ib8c7876c9a0072bde28201cb754b26ed20bbf892
Jonghwa Lee [Tue, 5 Jul 2016 02:18:17 +0000 (11:18 +0900)]
dbus-marshal-gavariant : Update offset bytes size whenever message is appended
check_offsets_in_body_for_adding() is called only when former data is not fixed
sized data. If former written data is fixed size one (e.g. integer, boolean..)
it skips to update offset bytes size even message body size exceeds its limits.
It results invalid memory access on reciever-side.
This patch fixes it to update offset bytes size whenever message is appended.
Change-Id: I2b94955d40debc5129b5f3c193e197efb542141b
Signed-off-by: Jonghwa Lee <jonghwa3.lee@samsung.com>
INSUN PYO [Wed, 29 Jun 2016 04:32:55 +0000 (13:32 +0900)]
increase max_replies_per_connection to 1024 form 128
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I36556b8c5bc02a935a03e7cc18edb01633d1ae97
Hyotaek Shim [Tue, 28 Jun 2016 09:00:02 +0000 (02:00 -0700)]
Merge "bus check privilege : ignore dropping message about signal message when sender's connection is disconnected during checking privilege." into tizen
INSUN PYO [Tue, 28 Jun 2016 08:57:12 +0000 (17:57 +0900)]
bus check privilege : ignore dropping message about signal message when sender's connection is disconnected during checking privilege.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Ibbb6b63f3efecf450ea2c34fcd87477ceb1bcc2c
Hyotaek Shim [Tue, 28 Jun 2016 07:38:07 +0000 (16:38 +0900)]
to defend against a security attack of changing external PATH
Change-Id: I5d2149d71b1c593fc337052becefc68f3cf7265c
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Lukasz Skalski [Mon, 27 Jun 2016 09:38:36 +0000 (11:38 +0200)]
bus: fix bus_context_check_security_policy checking
Change-Id: I41ead9532676d201bdd3396652e2de573136ea60
INSUN PYO [Fri, 24 Jun 2016 06:24:17 +0000 (15:24 +0900)]
Bug fix for signal hash(bloom filter) operations in dbus-transport-kdbus
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I9ad96a0eebf938c24d2531486c117a7096112573
INSUN PYO [Thu, 23 Jun 2016 06:05:24 +0000 (15:05 +0900)]
policy: fix: add missing free #2
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Ibe6c2f780ecf4ea5ff549266b102546dce6d88d6
Hyotaek Shim [Thu, 23 Jun 2016 05:47:35 +0000 (22:47 -0700)]
Merge "policy: fix: add missing free" into tizen
INSUN PYO [Wed, 22 Jun 2016 04:11:18 +0000 (13:11 +0900)]
increate max_connections_per_user to 512 from 256
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Ifb592255396e295fd9b34e63b9ba5831e85f2601
Karol Lewandowski [Tue, 21 Jun 2016 16:03:27 +0000 (18:03 +0200)]
policy: fix: add missing free
Change-Id: I4a7cca5935c1bddbdd94a44ebec1c814670380bf
Hyotaek Shim [Fri, 17 Jun 2016 06:24:33 +0000 (15:24 +0900)]
activation: set children oom_score_adj to 0
Change-Id: Ida85bcb12ea8ce0a1af948fb0f1600ed21f3323e
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
INSUN PYO [Thu, 9 Jun 2016 07:06:11 +0000 (16:06 +0900)]
move pid file path of system dbus-daemon from /var/run/dbus/pid to /tmp/dbus_launch
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I5c8d33c56c84bbc00242109a0c10af5c2a7664fd
INSUN PYO [Thu, 9 Jun 2016 06:37:18 +0000 (15:37 +0900)]
Remove --nopidfile flags from system dbus-daemon
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I3ac61db553aa290288792f440e43c6dcd87add8e
Hyotaek Shim [Wed, 8 Jun 2016 06:20:39 +0000 (15:20 +0900)]
Removing some temp files
Change-Id: I4188c820422e41f9f7e3c41c0237c78eafc2c158
Hyotaek Shim [Wed, 8 Jun 2016 06:14:51 +0000 (15:14 +0900)]
Fix for smack error when dbus-daemon(session) accesses proc/cmdline
Change-Id: Ifadafc677821c6a8b0b747d31f1c4128533ce3ed
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Lukasz Skalski [Wed, 25 May 2016 12:46:10 +0000 (14:46 +0200)]
kdbus: always pack message header as as single PAYLOAD_VEC item
According to PORTING-DBUS1 document [1], the message header in its
entirety must be contained in a single PAYLOAD_VEC item. What's more,
in case of memfd transport, message footer (which contains body signature
and offsets size) has to be attached at the end of message as a yet another
PAYLOAD_VEC item.
[1] https://cgit.freedesktop.org/systemd/systemd/tree/src/libsystemd/sd-bus/PORTING-DBUS1
Change-Id: I282589c0641c1eb97f874fcfd6e3bee6ecacc8ae
sanghyeok.oh [Tue, 24 May 2016 10:24:01 +0000 (19:24 +0900)]
add license file for MIT license
add MIT license for dbus/dbus/dbus-server-launchd.c
Change-Id: I006a3efc8e4fa112dcb3ca95e7e9c2faccf54940
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
Adrian Szyndela [Tue, 24 May 2016 10:08:10 +0000 (03:08 -0700)]
Merge "kdbus: add '--enable-kdbus-sync-calls' configure switch" into tizen
Lukasz Skalski [Mon, 16 May 2016 11:20:03 +0000 (13:20 +0200)]
kdbus: add '--enable-kdbus-sync-calls' configure switch
To compile kdbus transport with native support for synchronous
calls, add '--enable-kdbus-sync-calls' flags to spec file.
Change-Id: Ibe76d32ee7d9d038825deeb98a0d5d72be201b98
Karol Lewandowski [Thu, 19 May 2016 14:14:10 +0000 (07:14 -0700)]
Merge "kdbus: add full support for synchronous method calls" into tizen
Karol Lewandowski [Thu, 19 May 2016 14:14:06 +0000 (07:14 -0700)]
Merge "transport: add initial support for synchronous calls" into tizen
Lukasz Skalski [Fri, 13 May 2016 14:08:36 +0000 (16:08 +0200)]
kdbus: increase kdbus receive pool size to 16M
Current kdbus receive pool size is too small (only 2MB - in GLib
we have 16MB). Due to quite specific 'pool layout' in kdbus module,
2MB was not enough for 512kB messages - according to kdbus docs:
"50% of a pool is always owned by the connection. It is reserved for
kernel queries, handling received messages and other tasks that are
under control of the pool owner. The other 50% of the pool are used
as incoming queue.
As we optionally support user-space based policies, we need fair
allocation schemes. Furthermore, resource utilization should be
maximized, so only minimal resources stay reserved. However, we need
to adapt to a dynamic number of users, as we cannot know how many
users will talk to a connection. Therefore, the current allocation
works like this:
We limit the number of bytes in a destination's pool per sending
user. The space available for a user is 33% of the unused pool space
(whereas the space used by the user itself is also treated as
'unused'). This way, we favor users coming first, but keep enough
pool space available for any following users. Given that messages are
dequeued in FIFO order, this should balance nicely if the number of
users grows. At the same time, this algorithm guarantees that the
space available to a connection is reduced dynamically, the more
concurrent users talk to a connection."
Change-Id: Iffddc018f0d8bf08451d12d305c8d392ed3e1f55
Lukasz Skalski [Fri, 13 May 2016 13:43:54 +0000 (15:43 +0200)]
kdbus: fix memfd kdbus items mapping
Change-Id: I48e9799e4fccaea2016cd77a92ebe971eeb1b660
sanghyeok.oh [Fri, 13 May 2016 02:40:16 +0000 (11:40 +0900)]
modified to check pending call completion
for blocking call(pending_call_block)
after acuire io path, check pending call completion before iteration(poll)
and wake up by any reason, but there are no reply, timeout is not reached, then retry polling,
next time, if it acquire io path, then just enter iteration(poll) without completion check,
for multi-threaded blocking call,
1. if first thread waiting io path(not 1st iteration),
2. second thread is polling,
3. reply message is arrived and this wake up seconds thread's polling,
4. first thread just enter polling until timeout
5. if there are no incoming event, then dead-lock until timeout.
Change-Id: Ifcfe53b7610996d1892519f4a69cf435aa395968
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
Lukasz Skalski [Wed, 11 May 2016 13:04:21 +0000 (15:04 +0200)]
kdbus: add full support for synchronous method calls
Change-Id: Ib7b2115ab6a3ea76f25915eaf153772d2fa1c02f
Hyotaek Shim [Mon, 9 May 2016 07:03:10 +0000 (00:03 -0700)]
Merge "Bug fix for kdbus_do_iteration() causing busy loop" into tizen
Lukasz Skalski [Fri, 6 May 2016 13:54:50 +0000 (15:54 +0200)]
transport: add initial support for synchronous calls
Change-Id: I641e09e8710d97e03ffdb467a35cff4c8889edc7
Lukasz Skalski [Wed, 4 May 2016 15:50:12 +0000 (17:50 +0200)]
policy: temporary workaround for libdbuspolicy parser issue
Change-Id: I04c508a6e14568ad6e28f687a433f6bde3f815f8
Lukasz Skalski [Thu, 28 Apr 2016 13:35:31 +0000 (15:35 +0200)]
kdbus: catch up with latest libdbuspolicy API changes
Change-Id: Ie68b9b9d88cb30f48341f7fcf8cc7caf01c06126
Hyotaek Shim [Thu, 28 Apr 2016 10:35:50 +0000 (19:35 +0900)]
Bug fix for kdbus_do_iteration() causing busy loop
Change-Id: I75a6267471b7fdff2d147514210726a3cec6c5dd
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Paweł Szewczyk [Fri, 22 Apr 2016 09:13:24 +0000 (11:13 +0200)]
fix some warnings
Change-Id: Iffc672d09b30447ba714e50d5ab182fd6370078f
Signed-off-by: Paweł Szewczyk <p.szewczyk@samsung.com>
Adrian Szyndela [Wed, 20 Apr 2016 14:06:33 +0000 (16:06 +0200)]
reduced number of warnings
Change-Id: I9e28b9eeaa185caa1eeea8e5d7f79feaaae7d799
Adrian Szyndela [Tue, 19 Apr 2016 10:37:40 +0000 (12:37 +0200)]
fix SVACE bugs
WGID 31177: strcpy/stpcpy->snprintf
WGID 31178: strcpy/stpcpy->snprintf
WGID 31179: strcpy/stpcpy->snprintf/strncpy
WGID 31180: use _dbus_strdup for string duplication
WGID 31183: sprintf->snprintf
WGID 31184: sprintf->snprintf
WGID 31185: sprintf->snprintf
WGID 31186: sprintf->snprintf
WGID 31200: added explanation and unified conditions
WGID 31210: added cast to __u64
all other sprintf->snprintf in dbus-transport-kdbus.c
Change-Id: I8a488d37ec8be66370cba7b88a464787dcfeefc3
Karol Lewandowski [Tue, 19 Apr 2016 11:23:37 +0000 (13:23 +0200)]
packaging: Integrate libdbus and dbus spec files
With dbus-1.10 depending on systemd code there is no benefit
in keeping separate spec files.
Change-Id: I3a9311e1730b51b3d4ff1dda513b564d19065aa9
Karol Lewandowski [Tue, 19 Apr 2016 11:00:12 +0000 (13:00 +0200)]
packaging: Remove dbus-x11 flavor
dbus-x11 is not used on tizen.org in any of available profiles.
Change-Id: I94205fbdb526a96202bd2f2165e6a5bcf2c2a080
Karol Lewandowski [Tue, 19 Apr 2016 10:45:06 +0000 (12:45 +0200)]
packaging: Remove documentation packages
Change-Id: I3b2ddc48b26819452ffa73d25d35177997c844b1
Adrian Szyndela [Tue, 19 Apr 2016 09:38:07 +0000 (11:38 +0200)]
Added a strategy for selecting default protocol type.
When a message is created, it is created without context
of a bus. Thus, we have to guess what type of protocol
is correct for the message. This commit introduces
a possibility to influence guessing.
An environment variable is introduced (DBUS_DEFAULT_PROTOCOL_STRATEGY),
with following values recognized:
* first-bus - messages created for type of first opened bus;
* last-bus - messages created for type of last opened bus;
* last-message - messages created for type of last sent message;
* dbus1 - messages created with dbus1 protocol;
* gvariant - messages created with GVariant protocol.
last-bus is a default strategy.
Change-Id: I2a185761973191ad5917bc2b6f4bfb2f4a3ed547
Adrian Szyndela [Mon, 18 Apr 2016 12:27:23 +0000 (14:27 +0200)]
fixed some compiler/Valgrind warnings
Change-Id: I5c9c0f7c5e50f89e69db9e5f000b181ebc98add6
Lukasz Skalski [Tue, 19 Apr 2016 09:10:09 +0000 (11:10 +0200)]
refactoring: org.freedesktop.DBus method handling simplifications
Change-Id: I4060e9ad4a6703cdcfdccd3bce69fd2b2c958031
Adrian Szyndela [Fri, 15 Apr 2016 11:24:50 +0000 (13:24 +0200)]
refactoring: bloom filters handling moved to low-level
Constructing bloom filters belongs to low level API now.
Change-Id: I95b524e91905029a1a040a95204e7008120cd89c
Adrian Szyndela [Fri, 15 Apr 2016 10:57:49 +0000 (12:57 +0200)]
refactoring: cleanup
String name to unique id conversion simplified.
Item names for debug strings simplified.
Change-Id: I934c6e3f64708db777dfdff2ffb4b4f5e7fa41a2
Adrian Szyndela [Fri, 15 Apr 2016 10:51:58 +0000 (12:51 +0200)]
refactoring: using local types where available
Change-Id: I91cb72a2c52d1d55fdfd8afb1e6599483d637ea1
Adrian Szyndela [Fri, 15 Apr 2016 09:41:18 +0000 (11:41 +0200)]
refactoring: low-level API types changed to low-level
Change-Id: I934800df6da5ad5fa34366683541782eb88daa9f
Adrian Szyndela [Fri, 15 Apr 2016 09:24:25 +0000 (11:24 +0200)]
refactoring: coding style
Change-Id: I2a39f9b86a5ebbde11ee496ecc40a6cc08e6a1a1
Adrian Szyndela [Thu, 14 Apr 2016 12:35:57 +0000 (14:35 +0200)]
fix for memleaks
Freeing non-converted message after conversion
Freeing string objects
Freeing unique name in kdbus transport at end-of-life
Freeing matchmaker in kdbus transport at end-of-life
Change-Id: Iae4e231c52b78af3efd5a8a366fc01e50b03feeb
Adrian Szyndela [Mon, 11 Apr 2016 12:31:59 +0000 (14:31 +0200)]
checking policy: don't check 'ins' if not a method call
Change-Id: I666bc6474475906aa0ca2de96e47bfaa2c402ce2
Adrian Szyndela [Thu, 18 Feb 2016 14:17:01 +0000 (15:17 +0100)]
Update to dbus-1.10.6
Note: from version 1.10 it's required to have systemd support to be enabled not
only in dbus-daemon code but also in libdbus. This is because maintainers removed
built-in systemd support code (dbus/sd-daemon.c) and now depend on libsystemd-
provided functionality.
Additionally, update pkgconfig name to libsystemd (as required by configure.ac)
Change-Id: I2056086a9281543695643ac31fd3ab8648a4d205
Hyotaek, Shim [Fri, 18 Mar 2016 06:21:43 +0000 (15:21 +0900)]
MOVe License patch (LGPL2.1+, BSD2.0 license files)
Signed-off-by: Hyotaek, Shim <hyotaek.shim@samsung.com>
Change-Id: Ie0e4364412bdf83cde0dd33faddef7a22b856f58
Adrian Szyndela [Tue, 15 Dec 2015 13:25:50 +0000 (14:25 +0100)]
add dbuspolicy support
Change-Id: I1bef17d3930a2ca626d3c002eaa10cf6f16c8aac
sanghyeok.oh [Thu, 4 Feb 2016 06:36:53 +0000 (15:36 +0900)]
dbus:modified to default allow own & send method_call for system bus
Change-Id: I439cfcbf9c8e44217f6a906836c579dd952b9ec7
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
Adrian Szyndela [Tue, 2 Feb 2016 13:27:50 +0000 (14:27 +0100)]
Fixed remarshalling and getting signature
A few fixes:
- remarshalling to GVariant lacked locking of messages. It caused
missing signature and offsets.
- dbus_message_get_signature returned signature with outer parentheses.
- removed unused param in _dbus_header_load_gvariant().
- editorial corrections in kdbus_decode_dbus_message().
Change-Id: I29ca21cef6769b725be0c98580f54313bda842c8
Adrian Szyndela [Mon, 25 Jan 2016 08:38:10 +0000 (09:38 +0100)]
Remembering last offset and position at the message level
In GVariant, offsets in structs are stored for every end
of variable-sized elements except the last one.
We never know if an element we just added is the last one.
Therefore, the offset may be added when next element is added.
However, some users use multiple iterators. This change fixes
it at the root level - last offset value and position is kept
in the message.
Change-Id: I954657424d9da075edb10e5630b27df5bca8f917
INSUN PYO [Mon, 18 Jan 2016 10:10:51 +0000 (19:10 +0900)]
Disable GVARIANT feature temporally
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I84cf169d64f59b6b2086ade14a827b252ab44b97
Adrian Szyndela [Thu, 7 Jan 2016 13:48:48 +0000 (14:48 +0100)]
Add kdbus transport
This reverts commit
197db0df78e0a9f82df4162885854f99ff749505,
which reverts commit
771f5155c9a393a242329988d56661a51fc04e6c.
Change-Id: I4133020c585a6f9b42f487ffae4d2005b25a1d08
sanghyeok.oh [Wed, 30 Dec 2015 07:12:18 +0000 (16:12 +0900)]
dbus:MOVe:modify license ID
Change-Id: Iea6db9311c918f99059bb98e8bd396b36387d902
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
Hyotaek, Shim [Wed, 16 Dec 2015 06:27:54 +0000 (15:27 +0900)]
Revert "Add kdbus transport"
This reverts commit
771f5155c9a393a242329988d56661a51fc04e6c.
Change-Id: I73b6adc6b76b63e972f7228c88c18dabda81b006
Adrian Szyndela [Fri, 30 Oct 2015 10:19:33 +0000 (11:19 +0100)]
Add kdbus transport
This commit introduces ABI break due to size change of DBusMessageIter
structure. Consequently, all packages depending on libdbus need to be rebuilt.
Other authors:
Paweł Szewczyk <p.szewczyk@samsung.com>
Karol Lewandowski <k.lewandowsk@samsung.com>
and possibly others
Change-Id: Ie04b34295c38e5aaac63982996fa9eddc97dd696
Lukasz Skalski [Wed, 23 Sep 2015 09:24:29 +0000 (11:24 +0200)]
Revert "Perform Cynara runtime policy checks by default"
This reverts commit
e8610297cf7031e94eb314a2e8c11246f4405403.
Change-Id: Ifb60464c705f5b4e92f02f9e809d23e982d31c3d
Signed-off-by: Lukasz Skalski <l.skalski@samsung.com>
Jacek Bukarewicz [Tue, 23 Jun 2015 09:08:48 +0000 (11:08 +0200)]
Perform Cynara runtime policy checks by default
This change introduces http://tizen.org/privilege/internal/dbus privilege
which is supposed to be available only to trusted system resources.
Checks for this privilege are used in place of certain allow rules to
make security policy more strict.
For system bus sending and receiving signals now requires
http://tizen.org/privilege/internal/dbus privilege. Requesting name
ownership and sending methods is still denied by default.
For session bus http://tizen.org/privilege/internal/dbus privilege
is now required for requesting name, calling methods, sending and receiving
signals.
Services are supposed to override these default settings to implement their
own security policy.
Change-Id: Ifb4a160bf6e0638404e0295a2e4fa3077efd881c
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
José Bollo [Wed, 29 Apr 2015 13:58:13 +0000 (15:58 +0200)]
packaging: remove character class negation for sed
When running the command sed provided by toybox, the expression
[^[:cntrl:]] is not understood, what forbids to detect DBUS and
cause further errors.
This patch removes this expression.
Change-Id: If30543fadddf8b6811e14b548a747be99612894b
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Jacek Bukarewicz [Fri, 20 Mar 2015 11:16:55 +0000 (12:16 +0100)]
Do not package libdbus-1.la file
Change-Id: I8de1d91e6ab3c891de9549bfb94ae637d7ff664a
Jacek Bukarewicz [Fri, 14 Nov 2014 09:47:29 +0000 (10:47 +0100)]
Add missing security manifests
Change-Id: I765c1f189a4496620e5edc8c02b3055db5b45c09
Jacek Bukarewicz [Tue, 3 Mar 2015 16:37:39 +0000 (17:37 +0100)]
Do not rely on Cynara cache when processing check rules
Cynara cache was required when processing messages that have been
blocked at the sender's message queue. Reliance on cache turned out to be
unacceptable due to the fact that some policies are not cacheable. For example
responses provided by Cynara askuser plugin might be single-use and thus cannot
be cached.
The solution is to attach deferred message to the message object when policy result
is unavailable. Upon next bus_check_privilege call use response from Cynara which
is saved in deferred message object.
Change-Id: I17152343540d7b8d13ad3540c25c043d57aa5949
Jacek Bukarewicz [Mon, 9 Feb 2015 15:25:31 +0000 (16:25 +0100)]
Fix several BusResult/dbus_bool_t mismatches
They were found by temporarily redefining BusResult in the following way:
typedef enum { BUS_RESULT_TRUE_E, BUS_RESULT_FALSE_E, BUS_RESULT_LATER_E } bus_result_t;
typedef struct { bus_result_t result; } BusResult;
#define BUS_RESULT_TRUE ((BusResult){BUS_RESULT_TRUE_E})
#define BUS_RESULT_FALSE ((BusResult){BUS_RESULT_FALSE_E})
#define BUS_RESULT_LATER ((BusResult){BUS_RESULT_LATER_E})
It doesn't compile because equality operator is not defined for structs.
Also, structs are not allowed in switch statement. However, some errors
indicated type mismatches which are now fixed.
Change-Id: I0eb5368359f342e0f4239a2ad95d34b9a8e10a23
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Jacek Bukarewicz [Thu, 27 Nov 2014 10:26:21 +0000 (11:26 +0100)]
Add <check own="..." > support
Policy result unavailability is handled like send rules - dispatching
messages from the sender is blocked and resumed when result becomes
available.
Handler of "RequestName" method needs to return BUS_RESULT_LATER when
policy result is not known therefore its return type is modified.
Since bus message handlers are put into function pointer array other
message handler function singatures are also affected.
Change-Id: I4c2cbd4585e41fccd8a30f825a8f0d342ab56755
Jacek Bukarewicz [Fri, 28 Nov 2014 11:39:33 +0000 (12:39 +0100)]
Handle receive rule result unavailability and message broadcasts
When message is sent to the addressed recipient and receive rule
result is unavailable we don't want to block the sender
as it most likely will be the privileged service, so instead we queue
it at the recipient. Any further messages sent to it will be queued to
maintain message order. Once the answer from Cynara arrives messages are
dispatched from the recipient queue. In such case full dispatch is
performed - messages are sent to addressed recipient and other
interested connections.
Messages sent to non-addressed recipients (eavesdroppers or broadcast
message recipients) are handled in a similar way. The difference is
that it is not full dispatch meaning message is sent to a single recipient.
Change-Id: Iecd5395f75a4c7811fa97247a37d8fc4d42e8814
Jacek Bukarewicz [Fri, 28 Nov 2014 11:07:39 +0000 (12:07 +0100)]
Disable message dispatching when send rule result is not known
When unicast message to addressed recipient is sent and policy result
is not available message dispatch from the sender is disabled.
This also means that any further messages from the given connection are
put into the incoming queue. If response is received message dispatching
is resumed. This time answer is expected to be in cache so the message is
processed synchronously.
Receive rule result unavailability is not yet handled - such messages are
rejected. Also, if message is sent to non-addressed recipient message
is silently dropped.
Change-Id: Ia45905baf667ca42f386c1def108eca190d615bb
Jacek Bukarewicz [Thu, 27 Nov 2014 17:11:05 +0000 (18:11 +0100)]
Integration of asynchronous security checks
This commit introduces basic framework for asynchronous policy
checks and Cynara integration code. Functions for checking security
policy can now return third value - BUS_RESULT_LATER denoting check
result unavailability. Whenever policy checker cannot decide on the
result of the check it is supposed to allocate DeferredMessage structure
that will be passed to the upper layers which can decide what should be
done in such situation.
Proper handling of such case will be implemented in subsequent commits.
Currently such return value results in message denial.
Change-Id: I324b6ab68442e493853d8fe219c7a37fbd831872
Patrick Ohly [Wed, 30 Jul 2014 08:00:59 +0000 (10:00 +0200)]
policy: add <check> element
The new <check> element is almost the same as <allow> and <deny>. The
difference is that it has an additional "privilege" parameter which
will be tested at runtime. Depending on the outcome of the check, the
rule turns into an allow or deny rule.
Executing these checks will be implemented separately. At the moment,
a <check> is basically the same as <deny>.
The representation of a rule grows by one additional pointer and needs
one additional bit to represent <check> in addition to <allow>/<deny>.
Reordering elements might mitigate this effect.
Change-Id: I25baa802fdf41413a78200273c3a0b17ae7f1cfa
Patrick Ohly [Fri, 20 Jun 2014 14:55:00 +0000 (16:55 +0200)]
GetConnectionCredentials - add smack support
A process should never change its Smack label while connected to
D-Bus. If it did, we would end up with race conditions around
permission checking. Therefore we can retrieve the Smack label once,
when the process connects, and use that label whenever it is needed.
A new public libdbus API also gets added: dbus_connection_get_smack_label()
This is primarily for dbus-daemon, but may also be useful for other applications
creating direct connections.
Change-Id: I16ec50a031809aab879a543ec2d7effd56768bf1
Rafal Krypa [Wed, 29 Oct 2014 10:39:37 +0000 (11:39 +0100)]
Drop capabilities in user dbus session
In the systemd user service file, drop all process capabilities. The
capabilities will be inherited from parent process (systemd --user). They
are meant to be inherited by launcher process, but are of no use for
dbus. Since they would give unneeded privileges to dbus, they should be
dropped.
Change-Id: I89a1a1b21d07380f68c9933aab272ebe2b08a889
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Patrick Ohly [Fri, 20 Jun 2014 13:29:53 +0000 (15:29 +0200)]
Update packaging to 1.8.2
Change-Id: I8c0bdcaa11802e992c43c629d3f413d21bd9d159
Stephane Desneux [Thu, 23 Oct 2014 11:21:39 +0000 (13:21 +0200)]
add a small script in /etc/profile.d/dbus.sh to export DBUS_SESSION_BUS_ADDRESS
If the dbus session address is not defined, this small script will try to
pick the address from the environment of the systemd --user process for the current
user.
Typically, this allows to log on a target through ssh, then run su - <user> and
have the same environment as the shells inside the user session.
Change-Id: Id6133077bf9943c4203f7d993b8942dc1455bef5
Signed-off-by: Stephane Desneux <stephane.desneux@open.eurogiciel.org>
Jacek Bukarewicz [Thu, 4 Sep 2014 08:50:59 +0000 (10:50 +0200)]
Make dbus-1 dependency provided by dbus
dbus-1 was originally provided by dbus package. Commit
8eeae5fd70
fixed circular dependency between dbus and systemd. It also moved
dbus-1 provision from dbus to dbus-devel probably by mistake.
Certain packages like gumd or polkit have explicit dependency on
dbus-1 which makes them install dbus-devel unnecessarily.
Change-Id: I77a6561eff6f8c6ce84d849df936dda2c290a4d2
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Ronan Le Martret [Wed, 29 Jan 2014 11:06:31 +0000 (12:06 +0100)]
dbus-x11 should not try to build into a pure wayland platform.
This package is designed for an X server platform.
In a system released, based exclusively on Wayland platform, it should be in a excluded status.
Tizen devel | Tizen release
_____________|______________
succeeded | succeeded
excluded | excluded
broken |
failed |
unresolvable |
blocked |
locked |
note:
- The disabled status is only
allowed for OBS administration.
Change-Id: I1495b66a2e32b580223229ead6bc66426ff680a6
Signed-off-by: Ronan Le Martret <ronan@fridu.net>
Adrian Negreanu [Mon, 25 Nov 2013 12:11:14 +0000 (14:11 +0200)]
libdbus:build-require pkg-config
otherwise, configure fails to find libsmack, which
happens to be the first lib searched with pkg-config
checking for _NSGetEnviron... no
checking for LIBSMACK... configure: error: libsmack is
required to enable smack support
error: Bad exit status from /var/tmp/rpm-tmp.VUiY9N
Change-Id: Ibf01a52ae6274503e2490f835fbd686e985807e8
Signed-off-by: Adrian Negreanu <adrian.m.negreanu@intel.com>
Patrick McCarty [Mon, 7 Oct 2013 19:39:15 +0000 (12:39 -0700)]
packaging: enable Smack support
Change-Id: Ib400feec8193bb5c98347b778e0aa92a30d954c3
Signed-off-by: Patrick McCarty <patrick.mccarty@linux.intel.com>
Chengwei Yang [Tue, 10 Sep 2013 10:26:16 +0000 (18:26 +0800)]
Install dbus directories
At previous, these directories owned by libdbus. However, the previous
commit
8eeae5f split libdbus into a separate .spec and doesn't install
these directoris.
These directoris are critical to dbus, for example, without
/etc/dbus-1/{system.d,session.d}, the dbus-daemon system bus and session
bus can not launch.
Change-Id: Ia98bd56171492c90e4a078b39adf08cc802cb955
Adrian Negreanu [Tue, 6 Aug 2013 12:02:04 +0000 (15:02 +0300)]
fix systemd->dbus->systemd circular dependency
extract libdbus and dbus-devel as separate packages
Change-Id: Ia097a2b3fee2911ee89000dd2d5762a112bf17f6
Signed-off-by: Adrian Negreanu <adrian.m.negreanu@intel.com>
Michael Leibowitz [Mon, 22 Jul 2013 12:56:06 +0000 (05:56 -0700)]
updating changelog
Brian McGillion [Mon, 6 Feb 2012 16:48:30 +0000 (18:48 +0200)]
Enforce smack policy from conf file
Brian McGillion [Mon, 6 Feb 2012 16:46:05 +0000 (18:46 +0200)]
Enable checking of smack context from DBus interface
Conflicts:
bus/driver.c
cmake/CMakeLists.txt
Change-Id: Ibc9d1ccb86c3b28d8df3a4becf33ba30234832d8
Alexandru Cornea [Fri, 28 Jun 2013 20:42:49 +0000 (23:42 +0300)]
resetting manifest requested domain to floor
Anas Nashif [Wed, 19 Jun 2013 10:16:37 +0000 (06:16 -0400)]
Update to dbus 1.6.12
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Simon McVittie [Wed, 19 Jun 2013 14:31:03 +0000 (15:31 +0100)]
update changelog
- TZPC-3044, CVE-2013-2168: fix local denial of service (backport from 1.6.12)
- TZPC-1971: make libdbus thread-safe by default (backport from 1.7.4/1.7.6)
Patrick McCarty [Fri, 7 Jun 2013 22:53:20 +0000 (15:53 -0700)]
packaging: ensure ownership for /var/lib/dbus
For x86_64 builds, %{_localstatedir}%{_libdir}/dbus expands to
/var/usr/lib64/dbus, which is incorrect.
This commit fixes the path in the spec to make sure the intended
directory, /var/lib/dbus, is created and owned by this package.
Change-Id: I60947c4e2c221ad2f83d01bd87dc76fc8f5e4433
Anas Nashif [Mon, 27 May 2013 03:43:02 +0000 (23:43 -0400)]
Update to 1.6.10
Anas Nashif [Sun, 26 May 2013 18:52:43 +0000 (14:52 -0400)]
update to 1.6.10
Simon McVittie [Tue, 16 Apr 2013 17:34:16 +0000 (18:34 +0100)]
Adapt for rebase onto upstream dbus-1.6.8 git tag
When building from git we need a BuildRequires on xmlto, since we can
no longer rely on the pre-generated HTML documentation from the tarball.
That pulls in libxslt-tools, which means dbus.devhelp is generated, so
the build fails because we weren't accounting for that; so explicitly
require libxslt-tools too (dbus uses it both via xmlto, and directly),
and package dbus.devhelp.
Change-Id: I7505fc6fd1e7c4fc23a53f349a4fdd18d88237ec
Anas Nashif [Thu, 28 Mar 2013 13:15:58 +0000 (06:15 -0700)]
Cleanup lib name in spec
Anas Nashif [Thu, 28 Mar 2013 13:15:12 +0000 (06:15 -0700)]
use libname directly
Anas Nashif [Fri, 22 Mar 2013 18:36:11 +0000 (11:36 -0700)]
Fixed package groups