From 8ac2ebdb8d28f2bcff1617ff9346066f1d7d63aa Mon Sep 17 00:00:00 2001
From: Kay Sievers <kay@vrfy.org>
Date: Fri, 3 Jan 2014 23:52:12 +0100
Subject: [PATCH] require privileges to activate or monitor

---
 connection.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/connection.c b/connection.c
index b32b0cf..a7580c2 100644
--- a/connection.c
+++ b/connection.c
@@ -1470,10 +1470,17 @@ int kdbus_conn_new(struct kdbus_ep *ep,
 
 	BUG_ON(*c);
 
+	/* can't be activator and monitor at the same time */
 	if (hello->conn_flags & KDBUS_HELLO_ACTIVATOR &&
 	    hello->conn_flags & KDBUS_HELLO_MONITOR)
 		return -EINVAL;
 
+	/* only privileged connections can activate and monitor */
+	if ((hello->conn_flags & KDBUS_HELLO_ACTIVATOR ||
+	     hello->conn_flags & KDBUS_HELLO_MONITOR) &&
+		!kdbus_bus_uid_is_privileged(bus))
+		return -EPERM;
+
 	KDBUS_ITEM_FOREACH(item, hello, items) {
 		switch (item->type) {
 		case KDBUS_ITEM_NAME:
-- 
2.34.1