From aade880b674bfdd8491b4c3c7777907899119ed3 Mon Sep 17 00:00:00 2001
From: Kay Sievers <kay@vrfy.org>
Date: Fri, 27 Dec 2013 05:00:37 +0100
Subject: [PATCH] grant CAP_IPC_OWNER-like access to the owner of the bus

---
 connection.c | 8 ++++----
 internal.h   | 2 +-
 message.c    | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/connection.c b/connection.c
index f62a959..d1e61f0 100644
--- a/connection.c
+++ b/connection.c
@@ -398,8 +398,8 @@ static int kdbus_conn_queue_insert(struct kdbus_conn *conn,
 		goto exit_unlock;
 	}
 
-	if (!capable(CAP_IPC_OWNER) &&
-	    conn->msg_count > KDBUS_CONN_MAX_MSGS) {
+	if (conn->msg_count > KDBUS_CONN_MAX_MSGS &&
+	    !kdbus_bus_uid_is_privileged(conn->ep->bus)) {
 		ret = -ENOBUFS;
 		goto exit_unlock;
 	}
@@ -1481,7 +1481,7 @@ int kdbus_conn_new(struct kdbus_ep *ep,
 
 		case KDBUS_ITEM_CREDS:
 			/* privileged processes can impersonate somebody else */
-			if (!capable(CAP_IPC_OWNER))
+			if (!kdbus_bus_uid_is_privileged(bus))
 				return -EPERM;
 
 			if (item->size !=
@@ -1493,7 +1493,7 @@ int kdbus_conn_new(struct kdbus_ep *ep,
 
 		case KDBUS_ITEM_SECLABEL:
 			/* privileged processes can impersonate somebody else */
-			if (!capable(CAP_IPC_OWNER))
+			if (!kdbus_bus_uid_is_privileged(bus))
 				return -EPERM;
 
 			seclabel = item->str;
diff --git a/internal.h b/internal.h
index 689aa42..03f09ae 100644
--- a/internal.h
+++ b/internal.h
@@ -30,7 +30,7 @@
 #define KDBUS_MATCH_MAX_SIZE		SZ_32K		/* maximum size of match data */
 #define KDBUS_POLICY_MAX_SIZE		SZ_32K		/* maximum size of policy data */
 
-#define KDBUS_CONN_MAX_MSGS		64		/* maximum number of queued messages on the bus */
+#define KDBUS_CONN_MAX_MSGS		64		/* maximum number of queued messages per connection */
 #define KDBUS_CONN_MAX_NAMES		64		/* maximum number of well-known names */
 #define KDBUS_CONN_MAX_ALLOCATED_BYTES	SZ_64K		/* maximum number of allocated bytes on the bus */
 
diff --git a/message.c b/message.c
index 94cfc2c..0340b55 100644
--- a/message.c
+++ b/message.c
@@ -108,8 +108,8 @@ static int kdbus_msg_scan_items(struct kdbus_conn *conn,
 				return -EINVAL;
 
 			vecs_size += item->vec.size;
-			if (!capable(CAP_IPC_OWNER) &&
-			    vecs_size > KDBUS_MSG_MAX_PAYLOAD_VEC_SIZE)
+			if (vecs_size > KDBUS_MSG_MAX_PAYLOAD_VEC_SIZE &&
+			    !kdbus_bus_uid_is_privileged(conn->ep->bus))
 				return -EMSGSIZE;
 
 			/* \0-bytes records store only the alignment bytes */
-- 
2.34.1