From 04c24ab8c5d723b6b51f053388650815feb32c0e Mon Sep 17 00:00:00 2001
From: Adrian Szyndela <adrian.s@samsung.com>
Date: Thu, 10 Jan 2019 12:29:12 +0100
Subject: [PATCH] policychecker: allow signal rules if send_path is present

In case a rule contained send_path, we required it also to have
send_destination or send_destination_prefix.
However, a rule may be crafted for signals, which are broadcast,
therefore they don't have any destination at all.
This patch relaxes the requirement a bit, allowing rules
having send_path without send_destination under condition that
the rule contains send_interface and send_type='signal' attributes.

Change-Id: I99ff19271121f726df81e2aed8a124a78f7eadbc
---
 policychecker/rules.xsl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/policychecker/rules.xsl b/policychecker/rules.xsl
index d022d9c..0b408a5 100644
--- a/policychecker/rules.xsl
+++ b/policychecker/rules.xsl
@@ -73,7 +73,7 @@
 			<sch:assert test="@send_interface">Unconstrained allows are not allowed in context default and context mandatory: missing send_interface, but send_type="method_call" is present.</sch:assert>
 		</sch:rule>
 		<sch:rule context="policy[@context]/allow[@send_path]">
-			<sch:assert test="@send_destination or @send_destination_prefix">Unconstrained allows are not allowed in context default and context mandatory: missing send_destination or send_destination_prefix, but send_path is present.</sch:assert>
+			<sch:assert test="@send_destination or @send_destination_prefix or (@send_interface and @send_type='signal')">Unconstrained allows are not allowed in context default and context mandatory: missing send_destination or send_destination_prefix for non-signal, but send_path is present.</sch:assert>
 		</sch:rule>
 		<sch:rule context="policy[@context]/allow[@receive_type='method_call']">
 			<sch:assert test="@receive_sender">Unconstrained allows are not allowed in context default and context mandatory: missing receive_sender, but receive_type="method_call" is present.</sch:assert>
@@ -87,7 +87,7 @@
 			<sch:assert test="@send_destination or @send_destination_prefix">Unconstrained allows are not allowed in user or group context: missing send_destination or send_destination_prefix, but send_type="method_call" is present.</sch:assert>
 		</sch:rule>
 		<sch:rule context="policy[@user]/allow[@send_path] | policy[@group]/allow[@send_path]">
-			<sch:assert test="@send_destination or @send_destination_prefix">Unconstrained allows are not allowed in user or group context: missing send_destination or send_destination_prefix, but send_path is present.</sch:assert>
+			<sch:assert test="@send_destination or @send_destination_prefix or (@send_interface and @send_type='signal')">Unconstrained allows are not allowed in user or group context: missing send_destination or send_destination_prefix for non-signal, but send_path is present.</sch:assert>
 		</sch:rule>
 		<sch:rule context="policy[@user]/allow[@receive_type='method_call'] | policy[@group]/allow[@receive_type='method_call']">
 			<sch:assert test="@receive_sender">Unconstrained allows are not allowed in user or group context: missing receive_sender, but receive_type="method_call" is present.</sch:assert>
-- 
2.34.1