From ef999c25049fffac00b3bf78f84e4cb05414e641 Mon Sep 17 00:00:00 2001 From: Kazimierz Krosman Date: Wed, 10 Aug 2016 13:02:04 +0200 Subject: [PATCH] Change in API to return internal errors by libdbuspolicy Libdbuspolicy now returns error codes via main API (check_out and check_int functions): DBUSPOLICY_RESULT_ALLOW 1 DBUSPOLICY_RESULT_DENY 0 DBUSPOLICY_RESULT_DEST_NOT_AVAILABLE -1 DBUSPOLICY_RESULT_KDBUS_ERROR -2 DBUSPOLICY_RESULT_CYNARA_ERROR -3 it is needed by gdbus and libdbus to make better descripted logs. Change-Id: I060de3ec0a767ee56dfd5ae8f6aa4475dd25ffa4 --- src/dbuspolicy1/libdbuspolicy1.h | 6 ++++++ src/internal/internal.cpp | 8 ++++---- src/internal/naive_policy_checker.cpp | 30 +++++++++++++++++++----------- src/internal/naive_policy_checker.hpp | 8 ++++---- src/internal/policy.hpp | 6 ++++++ src/libdbuspolicy1.c | 5 ++++- 6 files changed, 43 insertions(+), 20 deletions(-) diff --git a/src/dbuspolicy1/libdbuspolicy1.h b/src/dbuspolicy1/libdbuspolicy1.h index 1b15b19..14e5377 100644 --- a/src/dbuspolicy1/libdbuspolicy1.h +++ b/src/dbuspolicy1/libdbuspolicy1.h @@ -40,6 +40,12 @@ extern "C" { #define DBUSPOLICY_MESSAGE_TYPE_ERROR 3 #define DBUSPOLICY_MESSAGE_TYPE_SIGNAL 4 +#define DBUSPOLICY_RESULT_ALLOW 1 +#define DBUSPOLICY_RESULT_DENY 0 +#define DBUSPOLICY_RESULT_DEST_NOT_AVAILABLE -1 +#define DBUSPOLICY_RESULT_KDBUS_ERROR -2 +#define DBUSPOLICY_RESULT_CYNARA_ERROR -3 + struct udesc; /*! diff --git a/src/internal/internal.cpp b/src/internal/internal.cpp index b17cdec..84f25b1 100644 --- a/src/internal/internal.cpp +++ b/src/internal/internal.cpp @@ -105,7 +105,7 @@ int __internal_can_send(bool bus_type, std::cout << "Destination too long: "<(type), ldp_xml_parser::MessageDirection::SEND); + return static_cast(policy_checker.check(bus_type, user, group, label, ns, interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::SEND)); } int __internal_can_send_multi_dest(bool bus_type, @@ -118,7 +118,7 @@ int __internal_can_send_multi_dest(bool bus_type, const char* const member, int type) { - return policy_checker.check(bus_type, user, group, label, destination, interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::SEND); + return static_cast(policy_checker.check(bus_type, user, group, label, destination, interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::SEND)); } int __internal_can_recv(bool bus_type, @@ -133,7 +133,7 @@ int __internal_can_recv(bool bus_type, { const char* names[KDBUS_CONN_MAX_NAMES+1]; const char** ns = get_strv(sender, names); - return policy_checker.check(bus_type, user, group, label, ns, interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::RECEIVE); + return static_cast(policy_checker.check(bus_type, user, group, label, ns, interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::RECEIVE)); } int __internal_can_own(bool bus_type, @@ -142,5 +142,5 @@ int __internal_can_own(bool bus_type, const char* const label, const char* const service) { - return policy_checker.check(bus_type, user, group, label, service); + return static_cast(policy_checker.check(bus_type, user, group, label, service)); } diff --git a/src/internal/naive_policy_checker.cpp b/src/internal/naive_policy_checker.cpp index 6489a6d..bc2a75d 100644 --- a/src/internal/naive_policy_checker.cpp +++ b/src/internal/naive_policy_checker.cpp @@ -43,7 +43,7 @@ NaivePolicyDb& NaivePolicyChecker::getPolicyDb(bool type) { return m_bus_db[type]; } -bool NaivePolicyChecker::parseDecision(Decision decision, +DecisionResult NaivePolicyChecker::parseDecision(Decision decision, uid_t uid, const char* label, const char* privilege) { @@ -55,23 +55,31 @@ bool NaivePolicyChecker::parseDecision(Decision decision, switch (decision) { case Decision::ALLOW: - return true; + return DecisionResult::ALLOW; case Decision::ANY: case Decision::DENY: - return false; + return DecisionResult::DENY; case Decision::CHECK: + { std::snprintf(uid_str, sizeof(uid_str) - 1, "%lu", (unsigned long)uid); - return ldp_cynara::Cynara::check(label, privilege, uid_str) == ldp_cynara::CynaraResult::ALLOW; + ldp_cynara::CynaraResult ret = ldp_cynara::Cynara::check(label, privilege, uid_str); + if (ret == ldp_cynara::CynaraResult::ALLOW) + return DecisionResult::ALLOW; + else if (ret == ldp_cynara::CynaraResult::DENY) + return DecisionResult::DENY; + else + return DecisionResult::CYNARA_ERROR; + } } - return false; + return DecisionResult::DENY; } NaivePolicyChecker::~NaivePolicyChecker() { delete m_adapter; } -bool NaivePolicyChecker::checkItem(bool bus_type, uid_t uid, gid_t gid, const char* label, const Item& item) { +DecisionResult NaivePolicyChecker::checkItem(bool bus_type, uid_t uid, gid_t gid, const char* label, const Item& item) { NaivePolicyDb& policy_db = getPolicyDb(bus_type); ItemType type = item.getType(); Decision ret = Decision::ANY; @@ -105,10 +113,10 @@ bool NaivePolicyChecker::checkItem(bool bus_type, uid_t uid, gid_t gid, const ch if (ret != Decision::ANY) return parseDecision(ret, uid, label, privilege); else - return false; + return DecisionResult::DENY; } -bool NaivePolicyChecker::check(bool bus_type, +DecisionResult NaivePolicyChecker::check(bool bus_type, uid_t uid, gid_t gid, const char* const label, @@ -120,10 +128,10 @@ bool NaivePolicyChecker::check(bool bus_type, if (tslog::enabled()) std::cout << err.what() << std::endl; } - return false; + return DecisionResult::DENY; } -bool NaivePolicyChecker::check(bool bus_type, +DecisionResult NaivePolicyChecker::check(bool bus_type, uid_t uid, gid_t gid, const char* const label, @@ -140,5 +148,5 @@ bool NaivePolicyChecker::check(bool bus_type, if (tslog::enabled()) std::cout << err.what() << std::endl; } - return false; + return DecisionResult::DENY; } diff --git a/src/internal/naive_policy_checker.hpp b/src/internal/naive_policy_checker.hpp index 4f75466..7e351a3 100644 --- a/src/internal/naive_policy_checker.hpp +++ b/src/internal/naive_policy_checker.hpp @@ -29,11 +29,11 @@ namespace ldp_xml_parser Decision checkPolicy(const NaivePolicyDb::Policy& policy, const Item& item, const char*& privilege); - bool parseDecision(Decision decision, + DecisionResult parseDecision(Decision decision, uid_t uid, const char* label, const char* privilege); - bool checkItem(bool bus_type, + DecisionResult checkItem(bool bus_type, uid_t uid, gid_t gid, const char* label, @@ -41,12 +41,12 @@ namespace ldp_xml_parser public: ~NaivePolicyChecker(); DbAdapter& generateAdapter(); - bool check(bool bus_type, + DecisionResult check(bool bus_type, uid_t uid, gid_t gid, const char* const label, const char* const name); - bool check(bool bus_type, + DecisionResult check(bool bus_type, uid_t uid, gid_t gid, const char* const label, diff --git a/src/internal/policy.hpp b/src/internal/policy.hpp index aa93cc8..e76e3f2 100644 --- a/src/internal/policy.hpp +++ b/src/internal/policy.hpp @@ -63,6 +63,12 @@ namespace ldp_xml_parser CHECK }; + enum class DecisionResult : int8_t { + CYNARA_ERROR = -3, + DENY = 0, + ALLOW + }; + union PolicyTypeValue { PolicyTypeValue(); PolicyTypeValue(ContextType type); diff --git a/src/libdbuspolicy1.c b/src/libdbuspolicy1.c index 867ce2e..d37d285 100644 --- a/src/libdbuspolicy1.c +++ b/src/libdbuspolicy1.c @@ -314,7 +314,10 @@ DBUSPOLICY1_EXPORT int dbuspolicy1_check_out(void* configuration, r = ioctl(g_conn[bus_type].fd, KDBUS_CMD_CONN_INFO, &cmd.cmd_info); if (r < 0) { - r = -errno; + if (errno == ENXIO || errno == ESRCH) + r = DBUSPOLICY_RESULT_DEST_NOT_AVAILABLE; + else + r = DBUSPOLICY_RESULT_KDBUS_ERROR; goto end; } -- 2.7.4