1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* policy.c Bus security policy
4 * Copyright (C) 2003, 2004 Red Hat, Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
29 #include <dbus/dbus-list.h>
30 #include <dbus/dbus-hash.h>
31 #include <dbus/dbus-internals.h>
34 bus_policy_rule_new (BusPolicyRuleType type,
39 rule = dbus_new0 (BusPolicyRule, 1);
49 case BUS_POLICY_RULE_USER:
50 rule->d.user.uid = DBUS_UID_UNSET;
52 case BUS_POLICY_RULE_GROUP:
53 rule->d.group.gid = DBUS_GID_UNSET;
55 case BUS_POLICY_RULE_SEND:
56 rule->d.send.message_type = DBUS_MESSAGE_TYPE_INVALID;
58 /* allow rules default to TRUE (only requested replies allowed)
59 * deny rules default to FALSE (only unrequested replies denied)
61 rule->d.send.requested_reply = rule->allow;
63 case BUS_POLICY_RULE_RECEIVE:
64 rule->d.receive.message_type = DBUS_MESSAGE_TYPE_INVALID;
65 /* allow rules default to TRUE (only requested replies allowed)
66 * deny rules default to FALSE (only unrequested replies denied)
68 rule->d.receive.requested_reply = rule->allow;
70 case BUS_POLICY_RULE_OWN:
78 bus_policy_rule_ref (BusPolicyRule *rule)
80 _dbus_assert (rule->refcount > 0);
88 bus_policy_rule_unref (BusPolicyRule *rule)
90 _dbus_assert (rule->refcount > 0);
94 if (rule->refcount == 0)
98 case BUS_POLICY_RULE_SEND:
99 dbus_free (rule->d.send.path);
100 dbus_free (rule->d.send.interface);
101 dbus_free (rule->d.send.member);
102 dbus_free (rule->d.send.error);
103 dbus_free (rule->d.send.destination);
105 case BUS_POLICY_RULE_RECEIVE:
106 dbus_free (rule->d.receive.path);
107 dbus_free (rule->d.receive.interface);
108 dbus_free (rule->d.receive.member);
109 dbus_free (rule->d.receive.error);
110 dbus_free (rule->d.receive.origin);
112 case BUS_POLICY_RULE_OWN:
113 dbus_free (rule->d.own.service_name);
115 case BUS_POLICY_RULE_USER:
117 case BUS_POLICY_RULE_GROUP:
129 DBusList *default_rules; /**< Default policy rules */
130 DBusList *mandatory_rules; /**< Mandatory policy rules */
131 DBusHashTable *rules_by_uid; /**< per-UID policy rules */
132 DBusHashTable *rules_by_gid; /**< per-GID policy rules */
133 DBusList *at_console_true_rules; /**< console user policy rules where at_console="true"*/
134 DBusList *at_console_false_rules; /**< console user policy rules where at_console="false"*/
138 free_rule_func (void *data,
141 BusPolicyRule *rule = data;
143 bus_policy_rule_unref (rule);
147 free_rule_list_func (void *data)
149 DBusList **list = data;
151 if (list == NULL) /* DBusHashTable is on crack */
154 _dbus_list_foreach (list, free_rule_func, NULL);
156 _dbus_list_clear (list);
162 bus_policy_new (void)
166 policy = dbus_new0 (BusPolicy, 1);
170 policy->refcount = 1;
172 policy->rules_by_uid = _dbus_hash_table_new (DBUS_HASH_UINTPTR,
174 free_rule_list_func);
175 if (policy->rules_by_uid == NULL)
178 policy->rules_by_gid = _dbus_hash_table_new (DBUS_HASH_UINTPTR,
180 free_rule_list_func);
181 if (policy->rules_by_gid == NULL)
187 bus_policy_unref (policy);
192 bus_policy_ref (BusPolicy *policy)
194 _dbus_assert (policy->refcount > 0);
196 policy->refcount += 1;
202 bus_policy_unref (BusPolicy *policy)
204 _dbus_assert (policy->refcount > 0);
206 policy->refcount -= 1;
208 if (policy->refcount == 0)
210 _dbus_list_foreach (&policy->default_rules, free_rule_func, NULL);
211 _dbus_list_clear (&policy->default_rules);
213 _dbus_list_foreach (&policy->mandatory_rules, free_rule_func, NULL);
214 _dbus_list_clear (&policy->mandatory_rules);
216 _dbus_list_foreach (&policy->at_console_true_rules, free_rule_func, NULL);
217 _dbus_list_clear (&policy->at_console_true_rules);
219 _dbus_list_foreach (&policy->at_console_false_rules, free_rule_func, NULL);
220 _dbus_list_clear (&policy->at_console_false_rules);
222 if (policy->rules_by_uid)
224 _dbus_hash_table_unref (policy->rules_by_uid);
225 policy->rules_by_uid = NULL;
228 if (policy->rules_by_gid)
230 _dbus_hash_table_unref (policy->rules_by_gid);
231 policy->rules_by_gid = NULL;
239 add_list_to_client (DBusList **list,
240 BusClientPolicy *client)
244 link = _dbus_list_get_first_link (list);
247 BusPolicyRule *rule = link->data;
248 link = _dbus_list_get_next_link (list, link);
252 case BUS_POLICY_RULE_USER:
253 case BUS_POLICY_RULE_GROUP:
254 /* These aren't per-connection policies */
257 case BUS_POLICY_RULE_OWN:
258 case BUS_POLICY_RULE_SEND:
259 case BUS_POLICY_RULE_RECEIVE:
260 /* These are per-connection */
261 if (!bus_client_policy_append_rule (client, rule))
271 bus_policy_create_client_policy (BusPolicy *policy,
272 DBusConnection *connection,
275 BusClientPolicy *client;
277 dbus_bool_t at_console;
279 _dbus_assert (dbus_connection_get_is_authenticated (connection));
280 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
282 client = bus_client_policy_new ();
286 if (!add_list_to_client (&policy->default_rules,
290 /* we avoid the overhead of looking up user's groups
291 * if we don't have any group rules anyway
293 if (_dbus_hash_table_get_n_entries (policy->rules_by_gid) > 0)
295 unsigned long *groups;
299 if (!bus_connection_get_unix_groups (connection, &groups, &n_groups, error))
307 list = _dbus_hash_table_lookup_uintptr (policy->rules_by_gid,
312 if (!add_list_to_client (list, client))
325 if (dbus_connection_get_unix_user (connection, &uid))
327 if (_dbus_hash_table_get_n_entries (policy->rules_by_uid) > 0)
331 list = _dbus_hash_table_lookup_uintptr (policy->rules_by_uid,
336 if (!add_list_to_client (list, client))
341 /* Add console rules */
342 at_console = _dbus_unix_user_is_at_console (uid, error);
346 if (!add_list_to_client (&policy->at_console_true_rules, client))
349 else if (dbus_error_is_set (error) == TRUE)
353 else if (!add_list_to_client (&policy->at_console_false_rules, client))
359 if (!add_list_to_client (&policy->mandatory_rules,
363 bus_client_policy_optimize (client);
370 _DBUS_ASSERT_ERROR_IS_SET (error);
372 bus_client_policy_unref (client);
377 list_allows_user (dbus_bool_t def,
380 const unsigned long *group_ids,
388 link = _dbus_list_get_first_link (list);
391 BusPolicyRule *rule = link->data;
392 link = _dbus_list_get_next_link (list, link);
394 if (rule->type == BUS_POLICY_RULE_USER)
396 _dbus_verbose ("List %p user rule uid="DBUS_UID_FORMAT"\n",
397 list, rule->d.user.uid);
399 if (rule->d.user.uid == DBUS_UID_UNSET)
401 else if (rule->d.user.uid != uid)
404 else if (rule->type == BUS_POLICY_RULE_GROUP)
406 _dbus_verbose ("List %p group rule gid="DBUS_GID_FORMAT"\n",
407 list, rule->d.group.gid);
409 if (rule->d.group.gid == DBUS_GID_UNSET)
416 while (i < n_group_ids)
418 if (rule->d.group.gid == group_ids[i])
423 if (i == n_group_ids)
430 allowed = rule->allow;
437 bus_policy_allow_unix_user (BusPolicy *policy,
441 unsigned long *group_ids;
444 /* On OOM or error we always reject the user */
445 if (!_dbus_unix_groups_from_uid (uid, &group_ids, &n_group_ids))
447 _dbus_verbose ("Did not get any groups for UID %lu\n",
452 /* Default to "user owning bus" can connect */
453 allowed = _dbus_unix_user_is_process_owner (uid);
455 allowed = list_allows_user (allowed,
456 &policy->default_rules,
458 group_ids, n_group_ids);
460 allowed = list_allows_user (allowed,
461 &policy->mandatory_rules,
463 group_ids, n_group_ids);
465 dbus_free (group_ids);
467 _dbus_verbose ("UID %lu allowed = %d\n", uid, allowed);
472 /* For now this is never actually called because the default
473 * DBusConnection behavior of 'same user that owns the bus can
474 * connect' is all it would do. Set the windows user function in
475 * connection.c if the config file ever supports doing something
479 bus_policy_allow_windows_user (BusPolicy *policy,
480 const char *windows_sid)
482 /* Windows has no policies here since only the session bus
483 * is really used for now, so just checking that the
484 * connecting person is the same as the bus owner is fine.
486 return _dbus_windows_user_is_process_owner (windows_sid);
490 bus_policy_append_default_rule (BusPolicy *policy,
493 if (!_dbus_list_append (&policy->default_rules, rule))
496 bus_policy_rule_ref (rule);
502 bus_policy_append_mandatory_rule (BusPolicy *policy,
505 if (!_dbus_list_append (&policy->mandatory_rules, rule))
508 bus_policy_rule_ref (rule);
516 get_list (DBusHashTable *hash,
521 list = _dbus_hash_table_lookup_uintptr (hash, key);
525 list = dbus_new0 (DBusList*, 1);
529 if (!_dbus_hash_table_insert_uintptr (hash, key, list))
540 bus_policy_append_user_rule (BusPolicy *policy,
546 list = get_list (policy->rules_by_uid, uid);
551 if (!_dbus_list_append (list, rule))
554 bus_policy_rule_ref (rule);
560 bus_policy_append_group_rule (BusPolicy *policy,
566 list = get_list (policy->rules_by_gid, gid);
571 if (!_dbus_list_append (list, rule))
574 bus_policy_rule_ref (rule);
580 bus_policy_append_console_rule (BusPolicy *policy,
581 dbus_bool_t at_console,
586 if (!_dbus_list_append (&policy->at_console_true_rules, rule))
591 if (!_dbus_list_append (&policy->at_console_false_rules, rule))
595 bus_policy_rule_ref (rule);
602 append_copy_of_policy_list (DBusList **list,
603 DBusList **to_append)
610 /* Preallocate all our links */
611 link = _dbus_list_get_first_link (to_append);
614 if (!_dbus_list_append (&tmp_list, link->data))
616 _dbus_list_clear (&tmp_list);
620 link = _dbus_list_get_next_link (to_append, link);
623 /* Now append them */
624 while ((link = _dbus_list_pop_first_link (&tmp_list)))
626 bus_policy_rule_ref (link->data);
627 _dbus_list_append_link (list, link);
634 merge_id_hash (DBusHashTable *dest,
635 DBusHashTable *to_absorb)
639 _dbus_hash_iter_init (to_absorb, &iter);
640 while (_dbus_hash_iter_next (&iter))
642 unsigned long id = _dbus_hash_iter_get_uintptr_key (&iter);
643 DBusList **list = _dbus_hash_iter_get_value (&iter);
644 DBusList **target = get_list (dest, id);
649 if (!append_copy_of_policy_list (target, list))
657 bus_policy_merge (BusPolicy *policy,
658 BusPolicy *to_absorb)
660 /* FIXME Not properly atomic, but as used for configuration files we
661 * don't rely on it quite so much.
664 if (!append_copy_of_policy_list (&policy->default_rules,
665 &to_absorb->default_rules))
668 if (!append_copy_of_policy_list (&policy->mandatory_rules,
669 &to_absorb->mandatory_rules))
672 if (!append_copy_of_policy_list (&policy->at_console_true_rules,
673 &to_absorb->at_console_true_rules))
676 if (!append_copy_of_policy_list (&policy->at_console_false_rules,
677 &to_absorb->at_console_false_rules))
680 if (!merge_id_hash (policy->rules_by_uid,
681 to_absorb->rules_by_uid))
684 if (!merge_id_hash (policy->rules_by_gid,
685 to_absorb->rules_by_gid))
691 struct BusClientPolicy
699 bus_client_policy_new (void)
701 BusClientPolicy *policy;
703 policy = dbus_new0 (BusClientPolicy, 1);
707 policy->refcount = 1;
713 bus_client_policy_ref (BusClientPolicy *policy)
715 _dbus_assert (policy->refcount > 0);
717 policy->refcount += 1;
723 rule_unref_foreach (void *data,
726 BusPolicyRule *rule = data;
728 bus_policy_rule_unref (rule);
732 bus_client_policy_unref (BusClientPolicy *policy)
734 _dbus_assert (policy->refcount > 0);
736 policy->refcount -= 1;
738 if (policy->refcount == 0)
740 _dbus_list_foreach (&policy->rules,
744 _dbus_list_clear (&policy->rules);
751 remove_rules_by_type_up_to (BusClientPolicy *policy,
752 BusPolicyRuleType type,
757 link = _dbus_list_get_first_link (&policy->rules);
758 while (link != up_to)
760 BusPolicyRule *rule = link->data;
761 DBusList *next = _dbus_list_get_next_link (&policy->rules, link);
763 if (rule->type == type)
765 _dbus_list_remove_link (&policy->rules, link);
766 bus_policy_rule_unref (rule);
774 bus_client_policy_optimize (BusClientPolicy *policy)
778 /* The idea here is that if we have:
780 * <allow send_interface="foo.bar"/>
781 * <deny send_interface="*"/>
783 * (for example) the deny will always override the allow. So we
784 * delete the allow. Ditto for deny followed by allow, etc. This is
785 * a dumb thing to put in a config file, but the <include> feature
786 * of files allows for an "inheritance and override" pattern where
787 * it could make sense. If an included file wants to "start over"
788 * with a blanket deny, no point keeping the rules from the parent
792 _dbus_verbose ("Optimizing policy with %d rules\n",
793 _dbus_list_get_length (&policy->rules));
795 link = _dbus_list_get_first_link (&policy->rules);
800 dbus_bool_t remove_preceding;
802 next = _dbus_list_get_next_link (&policy->rules, link);
805 remove_preceding = FALSE;
807 _dbus_assert (rule != NULL);
811 case BUS_POLICY_RULE_SEND:
813 rule->d.send.message_type == DBUS_MESSAGE_TYPE_INVALID &&
814 rule->d.send.path == NULL &&
815 rule->d.send.interface == NULL &&
816 rule->d.send.member == NULL &&
817 rule->d.send.error == NULL &&
818 rule->d.send.destination == NULL;
820 case BUS_POLICY_RULE_RECEIVE:
822 rule->d.receive.message_type == DBUS_MESSAGE_TYPE_INVALID &&
823 rule->d.receive.path == NULL &&
824 rule->d.receive.interface == NULL &&
825 rule->d.receive.member == NULL &&
826 rule->d.receive.error == NULL &&
827 rule->d.receive.origin == NULL;
829 case BUS_POLICY_RULE_OWN:
831 rule->d.own.service_name == NULL;
833 case BUS_POLICY_RULE_USER:
834 case BUS_POLICY_RULE_GROUP:
835 _dbus_assert_not_reached ("invalid rule");
839 if (remove_preceding)
840 remove_rules_by_type_up_to (policy, rule->type,
846 _dbus_verbose ("After optimization, policy has %d rules\n",
847 _dbus_list_get_length (&policy->rules));
851 bus_client_policy_append_rule (BusClientPolicy *policy,
854 _dbus_verbose ("Appending rule %p with type %d to policy %p\n",
855 rule, rule->type, policy);
857 if (!_dbus_list_append (&policy->rules, rule))
860 bus_policy_rule_ref (rule);
866 bus_client_policy_check_can_send (BusClientPolicy *policy,
867 BusRegistry *registry,
868 dbus_bool_t requested_reply,
869 DBusConnection *receiver,
870 DBusMessage *message,
871 dbus_int32_t *toggles,
877 /* policy->rules is in the order the rules appeared
878 * in the config file, i.e. last rule that applies wins
881 _dbus_verbose (" (policy) checking send rules\n");
885 link = _dbus_list_get_first_link (&policy->rules);
888 BusPolicyRule *rule = link->data;
890 link = _dbus_list_get_next_link (&policy->rules, link);
892 /* Rule is skipped if it specifies a different
893 * message name from the message, or a different
894 * destination from the message
897 if (rule->type != BUS_POLICY_RULE_SEND)
899 _dbus_verbose (" (policy) skipping non-send rule\n");
903 if (rule->d.send.message_type != DBUS_MESSAGE_TYPE_INVALID)
905 if (dbus_message_get_type (message) != rule->d.send.message_type)
907 _dbus_verbose (" (policy) skipping rule for different message type\n");
912 /* If it's a reply, the requested_reply flag kicks in */
913 if (dbus_message_get_reply_serial (message) != 0)
915 /* for allow, requested_reply=true means the rule applies
916 * only when reply was requested. requested_reply=false means
919 if (!requested_reply && rule->allow && rule->d.send.requested_reply && !rule->d.send.eavesdrop)
921 _dbus_verbose (" (policy) skipping allow rule since it only applies to requested replies and does not allow eavesdropping\n");
925 /* for deny, requested_reply=false means the rule applies only
926 * when the reply was not requested. requested_reply=true means the
927 * rule always applies.
929 if (requested_reply && !rule->allow && !rule->d.send.requested_reply)
931 _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n");
936 if (rule->d.send.path != NULL)
938 if (dbus_message_get_path (message) != NULL &&
939 strcmp (dbus_message_get_path (message),
940 rule->d.send.path) != 0)
942 _dbus_verbose (" (policy) skipping rule for different path\n");
947 if (rule->d.send.interface != NULL)
949 /* The interface is optional in messages. For allow rules, if the message
950 * has no interface we want to skip the rule (and thus not allow);
951 * for deny rules, if the message has no interface we want to use the
952 * rule (and thus deny).
954 dbus_bool_t no_interface;
956 no_interface = dbus_message_get_interface (message) == NULL;
958 if ((no_interface && rule->allow) ||
960 strcmp (dbus_message_get_interface (message),
961 rule->d.send.interface) != 0))
963 _dbus_verbose (" (policy) skipping rule for different interface\n");
968 if (rule->d.send.member != NULL)
970 if (dbus_message_get_member (message) != NULL &&
971 strcmp (dbus_message_get_member (message),
972 rule->d.send.member) != 0)
974 _dbus_verbose (" (policy) skipping rule for different member\n");
979 if (rule->d.send.error != NULL)
981 if (dbus_message_get_error_name (message) != NULL &&
982 strcmp (dbus_message_get_error_name (message),
983 rule->d.send.error) != 0)
985 _dbus_verbose (" (policy) skipping rule for different error name\n");
990 if (rule->d.send.destination != NULL)
992 /* receiver can be NULL for messages that are sent to the
993 * message bus itself, we check the strings in that case as
994 * built-in services don't have a DBusConnection but messages
995 * to them have a destination service name.
997 if (receiver == NULL)
999 if (!dbus_message_has_destination (message,
1000 rule->d.send.destination))
1002 _dbus_verbose (" (policy) skipping rule because message dest is not %s\n",
1003 rule->d.send.destination);
1010 BusService *service;
1012 _dbus_string_init_const (&str, rule->d.send.destination);
1014 service = bus_registry_lookup (registry, &str);
1015 if (service == NULL)
1017 _dbus_verbose (" (policy) skipping rule because dest %s doesn't exist\n",
1018 rule->d.send.destination);
1022 if (!bus_service_has_owner (service, receiver))
1024 _dbus_verbose (" (policy) skipping rule because dest %s isn't owned by receiver\n",
1025 rule->d.send.destination);
1032 allowed = rule->allow;
1033 *log = rule->d.send.log;
1036 _dbus_verbose (" (policy) used rule, allow now = %d\n",
1043 /* See docs on what the args mean on bus_context_check_security_policy()
1047 bus_client_policy_check_can_receive (BusClientPolicy *policy,
1048 BusRegistry *registry,
1049 dbus_bool_t requested_reply,
1050 DBusConnection *sender,
1051 DBusConnection *addressed_recipient,
1052 DBusConnection *proposed_recipient,
1053 DBusMessage *message,
1054 dbus_int32_t *toggles)
1057 dbus_bool_t allowed;
1058 dbus_bool_t eavesdropping;
1061 addressed_recipient != proposed_recipient &&
1062 dbus_message_get_destination (message) != NULL;
1064 /* policy->rules is in the order the rules appeared
1065 * in the config file, i.e. last rule that applies wins
1068 _dbus_verbose (" (policy) checking receive rules, eavesdropping = %d\n", eavesdropping);
1072 link = _dbus_list_get_first_link (&policy->rules);
1073 while (link != NULL)
1075 BusPolicyRule *rule = link->data;
1077 link = _dbus_list_get_next_link (&policy->rules, link);
1079 if (rule->type != BUS_POLICY_RULE_RECEIVE)
1081 _dbus_verbose (" (policy) skipping non-receive rule\n");
1085 if (rule->d.receive.message_type != DBUS_MESSAGE_TYPE_INVALID)
1087 if (dbus_message_get_type (message) != rule->d.receive.message_type)
1089 _dbus_verbose (" (policy) skipping rule for different message type\n");
1094 /* for allow, eavesdrop=false means the rule doesn't apply when
1095 * eavesdropping. eavesdrop=true means always allow.
1097 if (eavesdropping && rule->allow && !rule->d.receive.eavesdrop)
1099 _dbus_verbose (" (policy) skipping allow rule since it doesn't apply to eavesdropping\n");
1103 /* for deny, eavesdrop=true means the rule applies only when
1104 * eavesdropping; eavesdrop=false means always deny.
1106 if (!eavesdropping && !rule->allow && rule->d.receive.eavesdrop)
1108 _dbus_verbose (" (policy) skipping deny rule since it only applies to eavesdropping\n");
1112 /* If it's a reply, the requested_reply flag kicks in */
1113 if (dbus_message_get_reply_serial (message) != 0)
1115 /* for allow, requested_reply=true means the rule applies
1116 * only when reply was requested. requested_reply=false means
1119 if (!requested_reply && rule->allow && rule->d.receive.requested_reply && !rule->d.receive.eavesdrop)
1121 _dbus_verbose (" (policy) skipping allow rule since it only applies to requested replies and does not allow eavesdropping\n");
1125 /* for deny, requested_reply=false means the rule applies only
1126 * when the reply was not requested. requested_reply=true means the
1127 * rule always applies.
1129 if (requested_reply && !rule->allow && !rule->d.receive.requested_reply)
1131 _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n");
1136 if (rule->d.receive.path != NULL)
1138 if (dbus_message_get_path (message) != NULL &&
1139 strcmp (dbus_message_get_path (message),
1140 rule->d.receive.path) != 0)
1142 _dbus_verbose (" (policy) skipping rule for different path\n");
1147 if (rule->d.receive.interface != NULL)
1149 /* The interface is optional in messages. For allow rules, if the message
1150 * has no interface we want to skip the rule (and thus not allow);
1151 * for deny rules, if the message has no interface we want to use the
1152 * rule (and thus deny).
1154 dbus_bool_t no_interface;
1156 no_interface = dbus_message_get_interface (message) == NULL;
1158 if ((no_interface && rule->allow) ||
1160 strcmp (dbus_message_get_interface (message),
1161 rule->d.receive.interface) != 0))
1163 _dbus_verbose (" (policy) skipping rule for different interface\n");
1168 if (rule->d.receive.member != NULL)
1170 if (dbus_message_get_member (message) != NULL &&
1171 strcmp (dbus_message_get_member (message),
1172 rule->d.receive.member) != 0)
1174 _dbus_verbose (" (policy) skipping rule for different member\n");
1179 if (rule->d.receive.error != NULL)
1181 if (dbus_message_get_error_name (message) != NULL &&
1182 strcmp (dbus_message_get_error_name (message),
1183 rule->d.receive.error) != 0)
1185 _dbus_verbose (" (policy) skipping rule for different error name\n");
1190 if (rule->d.receive.origin != NULL)
1192 /* sender can be NULL for messages that originate from the
1193 * message bus itself, we check the strings in that case as
1194 * built-in services don't have a DBusConnection but will
1195 * still set the sender on their messages.
1199 if (!dbus_message_has_sender (message,
1200 rule->d.receive.origin))
1202 _dbus_verbose (" (policy) skipping rule because message sender is not %s\n",
1203 rule->d.receive.origin);
1209 BusService *service;
1212 _dbus_string_init_const (&str, rule->d.receive.origin);
1214 service = bus_registry_lookup (registry, &str);
1216 if (service == NULL)
1218 _dbus_verbose (" (policy) skipping rule because origin %s doesn't exist\n",
1219 rule->d.receive.origin);
1223 if (!bus_service_has_owner (service, sender))
1225 _dbus_verbose (" (policy) skipping rule because origin %s isn't owned by sender\n",
1226 rule->d.receive.origin);
1233 allowed = rule->allow;
1236 _dbus_verbose (" (policy) used rule, allow now = %d\n",
1246 bus_rules_check_can_own (DBusList *rules,
1247 const DBusString *service_name)
1250 dbus_bool_t allowed;
1252 /* rules is in the order the rules appeared
1253 * in the config file, i.e. last rule that applies wins
1257 link = _dbus_list_get_first_link (&rules);
1258 while (link != NULL)
1260 BusPolicyRule *rule = link->data;
1262 link = _dbus_list_get_next_link (&rules, link);
1264 /* Rule is skipped if it specifies a different service name from
1268 if (rule->type != BUS_POLICY_RULE_OWN)
1271 if (!rule->d.own.prefix && rule->d.own.service_name != NULL)
1273 if (!_dbus_string_equal_c_str (service_name,
1274 rule->d.own.service_name))
1277 else if (rule->d.own.prefix)
1281 if (!_dbus_string_starts_with_c_str (service_name,
1282 rule->d.own.service_name))
1285 data = _dbus_string_get_const_data (service_name);
1286 next_char = data[strlen (rule->d.own.service_name)];
1287 if (next_char != '\0' && next_char != '.')
1292 allowed = rule->allow;
1299 bus_client_policy_check_can_own (BusClientPolicy *policy,
1300 const DBusString *service_name)
1302 return bus_rules_check_can_own (policy->rules, service_name);
1305 #ifdef DBUS_ENABLE_EMBEDDED_TESTS
1307 bus_policy_check_can_own (BusPolicy *policy,
1308 const DBusString *service_name)
1310 return bus_rules_check_can_own (policy->default_rules, service_name);
1312 #endif /* DBUS_ENABLE_EMBEDDED_TESTS */
projects / platform / upstream / dbus.git / blob