- Fixed owner id in kdbus policy set by daemon for well-known name - was euid of daemon, is euid of process
that asked for the name
- some optimalization - removing unnecessary function and repeated getters
- some identations corrected
Change-Id: I5c2295ec3c383c9bc67762f8c644bd880cee8e73
Signed-off-by: Radoslaw Pajak <r.pajak@samsung.com>
if(!dbus_message_get_args(message, NULL, DBUS_TYPE_STRING, &name, DBUS_TYPE_INVALID))
goto failed;
- if(!kdbus_get_connection_unix_user(connection, name, &uid, error))
+ if(!kdbus_get_unix_user(connection, name, &uid, error))
goto failed;
}
else
else
goto failed;
- if(kdbus_get_connection_unix_user(connection, name, &ulong_val, error))
+ if(kdbus_get_unix_user(connection, name, &ulong_val, error))
{
if (!_dbus_asv_add_uint32 (&array_iter, "UnixUserID", ulong_val))
goto oom;
BusTransaction *transaction;
_dbus_string_init_const(&daemon_name, DBUS_SERVICE_DBUS);
- if(!kdbus_register_policy (&daemon_name, connection))
- return FALSE;
+ if(!register_kdbus_policy(DBUS_SERVICE_DBUS, dbus_connection_get_transport(connection), geteuid()))
+ return FALSE;
if(kdbus_request_name(connection, &daemon_name, 0, 0) != DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER)
return FALSE;
return retval;
}
-dbus_bool_t kdbus_register_policy (const DBusString *service_name, DBusConnection* connection)
-{
- int fd;
-
- _dbus_transport_get_socket_fd(dbus_connection_get_transport(connection), &fd);
-
- return register_kdbus_policy(_dbus_string_get_const_data(service_name), fd);
-}
-
dbus_uint32_t kdbus_request_name(DBusConnection* connection, const DBusString *service_name, dbus_uint32_t flags, __u64 sender_id)
{
int fd;
/*
* Asks kdbus for uid of the owner of the name given in the message
*/
-dbus_bool_t kdbus_get_connection_unix_user(DBusConnection* connection, const char* name, unsigned long* uid, DBusError* error)
+dbus_bool_t kdbus_get_unix_user(DBusConnection* connection, const char* name, unsigned long* uid, DBusError* error)
{
- struct nameInfo info;
- int inter_ret;
- dbus_bool_t ret = FALSE;
+ struct nameInfo info;
+ int inter_ret;
+ dbus_bool_t ret = FALSE;
- inter_ret = kdbus_NameQuery(name, dbus_connection_get_transport(connection), &info);
- if(inter_ret == 0) //name found
- {
- _dbus_verbose("User id:%llu\n", (unsigned long long) info.userId);
- *uid = info.userId;
- return TRUE;
- }
- else if(inter_ret == -ENOENT) //name has no owner
- dbus_set_error (error, DBUS_ERROR_FAILED, "Could not get UID of name '%s': no such name", name);
- else
- {
- _dbus_verbose("kdbus error determining UID: err %d (%m)\n", errno);
- dbus_set_error (error, DBUS_ERROR_FAILED, "Could not determine UID for '%s'", name);
- }
+ inter_ret = kdbus_NameQuery(name, dbus_connection_get_transport(connection), &info);
+ if(inter_ret == 0) //name found
+ {
+ _dbus_verbose("User id:%llu\n", (unsigned long long) info.userId);
+ *uid = info.userId;
+ return TRUE;
+ }
+ else if(inter_ret == -ENOENT) //name has no owner
+ {
+ _dbus_verbose ("Name %s has no owner.\n", name);
+ dbus_set_error (error, DBUS_ERROR_FAILED, "Could not get UID of name '%s': no such name", name);
+ }
- return ret;
+ else
+ {
+ _dbus_verbose("kdbus error determining UID: err %d (%m)\n", errno);
+ dbus_set_error (error, DBUS_ERROR_FAILED, "Could not determine UID for '%s'", name);
+ }
+
+ return ret;
}
/*
_dbus_return_val_if_fail (connection != NULL, FALSE);
_dbus_return_val_if_fail (uid != NULL, FALSE);
- return kdbus_get_connection_unix_user(connection, bus_connection_get_name(connection), uid, NULL);
+ return kdbus_get_unix_user(connection, bus_connection_get_name(connection), uid, NULL);
}
/**
int fd;
BusTransaction *transaction;
DBusString name;
+ DBusTransport* transport;
+ unsigned long int euid;
transaction = bus_transaction_new (bus_connection_get_context(connection));
if (transaction == NULL)
if (!bus_activation_list_services (bus_connection_get_activation (connection), &services, &len))
return FALSE;
- _dbus_transport_get_socket_fd (dbus_connection_get_transport(connection), &fd);
+ transport = dbus_connection_get_transport(connection);
+ euid = geteuid();
+
+ if(!_dbus_transport_get_socket_fd (transport, &fd))
+ return FALSE;
+
_dbus_string_init(&name);
for(i=0; i<len; i++)
{
- if(!register_kdbus_policy(services[i], fd))
- goto out;
+ if(!register_kdbus_policy(services[i], transport, euid))
+ goto out;
if (request_kdbus_name(fd, services[i], (DBUS_NAME_FLAG_ALLOW_REPLACEMENT | KDBUS_NAME_STARTER) , 0) < 0)
goto out;
dbus_bool_t kdbus_remove_match (DBusConnection* connection, DBusMessage* message, DBusError* error);
int kdbus_get_name_owner(DBusConnection* connection, const char* name, char* owner);
-dbus_bool_t kdbus_get_connection_unix_user(DBusConnection* connection, const char* name, unsigned long* uid, DBusError* error);
+dbus_bool_t kdbus_get_unix_user(DBusConnection* connection, const char* name, unsigned long* uid, DBusError* error);
dbus_bool_t kdbus_get_connection_unix_process_id(DBusConnection* connection, const char* name, unsigned long* pid, DBusError* error);
dbus_bool_t kdbus_get_connection_unix_selinux_security_context(DBusConnection* connection, DBusMessage* message, DBusMessage* reply, DBusError* error);
#include "kdbus-d.h"
#include "dbus/kdbus.h"
+#include "dbus/kdbus-common.h"
#endif
struct BusService
__u64 sender_id;
const char* conn_unique_name;
DBusConnection* phantom;
+ unsigned long int uid;
if (!dbus_message_get_args (message, error,
DBUS_TYPE_STRING, &name,
_dbus_string_get_length (service_name)))
{
dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
- "Requested bus name \"%s\" is not valid",
- _dbus_string_get_const_data (service_name));
+ "Requested bus name \"%s\" is not valid", name);
_dbus_verbose ("Attempt to acquire invalid service name\n");
{
/* Not allowed; only base services can start with ':' */
dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
- "Cannot acquire a service starting with ':' such as \"%s\"",
- _dbus_string_get_const_data (service_name));
+ "Cannot acquire a service starting with ':' such as \"%s\"", name);
- _dbus_verbose ("Attempt to acquire invalid base service name \"%s\"",
- _dbus_string_get_const_data (service_name));
+ _dbus_verbose ("Attempt to acquire invalid base service name \"%s\"", name);
return FALSE;
}
}
if (!bus_client_policy_check_can_own (bus_connection_get_policy (phantom), service_name))
- {
- dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
- "Connection \"%s\" is not allowed to own the service \"%s\" due "
- "to security policies in the configuration file",
- conn_unique_name, _dbus_string_get_const_data (service_name));
- goto failed;
- }
+ {
+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+ "Connection \"%s\" is not allowed to own the service \"%s\" due "
+ "to security policies in the configuration file", conn_unique_name, name);
+ goto failed;
+ }
- if(!kdbus_register_policy(service_name, phantom))
+ if (!kdbus_get_unix_user(phantom, conn_unique_name, &uid, NULL))
+ goto failed;
+
+ if (!register_kdbus_policy(name, dbus_connection_get_transport(phantom), uid))
{
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"Kdbus error when setting policy for connection \"%s\" and service name \"%s\"",
- conn_unique_name, _dbus_string_get_const_data (service_name));
+ conn_unique_name, name);
goto failed;
}
- *result = kdbus_request_name(connection, service_name, flags, sender_id);
- if(*result == -EPERM)
- {
- dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
- "Kdbus not allowed %s to own the service \"%s\"",
- conn_unique_name, _dbus_string_get_const_data (service_name));
- goto failed;
- }
- else if(*result < 0)
- {
- dbus_set_error (error, DBUS_ERROR_FAILED , "Name \"%s\" could not be acquired", name);
- goto failed;
- }
+ *result = kdbus_request_name(connection, service_name, flags, sender_id);
+ if(*result == -EPERM)
+ {
+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+ "Kdbus not allowed %s to own the service \"%s\"",
+ conn_unique_name, _dbus_string_get_const_data (service_name));
+ goto failed;
+ }
+ else if(*result < 0)
+ {
+ dbus_set_error (error, DBUS_ERROR_FAILED , "Name \"%s\" could not be acquired", name);
+ goto failed;
+ }
- if((*result == DBUS_REQUEST_NAME_REPLY_IN_QUEUE) || (*result == DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER))
- {
- service = bus_registry_lookup (registry, service_name);
- if (service == NULL)
- {
- service = bus_registry_ensure (registry, service_name, phantom, flags,
+ if((*result == DBUS_REQUEST_NAME_REPLY_IN_QUEUE) || (*result == DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER))
+ {
+ service = bus_registry_lookup (registry, service_name);
+ if (service == NULL)
+ {
+ service = bus_registry_ensure (registry, service_name, phantom, flags,
transaction, error);
- if (service == NULL)
- goto failed2;
- }
- else
- {
- if (!bus_service_add_owner (service, phantom, flags, transaction, error))
- goto failed2;
- }
-
- activation = bus_context_get_activation (registry->context);
- retval = bus_activation_send_pending_auto_activation_messages (activation,
+ if (service == NULL)
+ goto failed2;
+ }
+ else
+ {
+ if (!bus_service_add_owner (service, phantom, flags, transaction, error))
+ goto failed2;
+ }
+
+ activation = bus_context_get_activation (registry->context);
+ retval = bus_activation_send_pending_auto_activation_messages (activation,
service,
transaction,
error);
- }
- else
- retval = TRUE;
+ }
+ else
+ retval = TRUE;
return retval;
return -1;
if(!bus_register_kdbus(name, (DBusTransportKdbus*)transport))
goto outH1;
- if(!register_kdbus_policy(name, ((DBusTransportKdbus*)transport)->fd))
+ if(!register_kdbus_policy(name, transport, geteuid()))
goto outH1;
sender = malloc (strlen(name) + 4);
static struct kdbus_policy *make_policy_name(const char *name)
{
- struct kdbus_policy *p;
- __u64 size;
-
- size = offsetof(struct kdbus_policy, name) + strlen(name) + 1;
- p = malloc(size);
- if (!p)
- return NULL;
- memset(p, 0, size);
- p->size = size;
- p->type = KDBUS_POLICY_NAME;
- strcpy(p->name, name);
-
- return p;
+ struct kdbus_policy *p;
+ __u64 size;
+
+ size = offsetof(struct kdbus_policy, name) + strlen(name) + 1;
+ p = malloc(size);
+ if (!p)
+ return NULL;
+ memset(p, 0, size);
+ p->size = size;
+ p->type = KDBUS_POLICY_NAME;
+ strcpy(p->name, name);
+
+ return p;
}
static struct kdbus_policy *make_policy_access(__u64 type, __u64 bits, __u64 id)
{
- struct kdbus_policy *p;
- __u64 size = sizeof(*p);
+ struct kdbus_policy *p;
+ __u64 size = sizeof(*p);
- p = malloc(size);
- if (!p)
- return NULL;
+ p = malloc(size);
+ if (!p)
+ return NULL;
- memset(p, 0, size);
- p->size = size;
- p->type = KDBUS_POLICY_ACCESS;
- p->access.type = type;
- p->access.bits = bits;
- p->access.id = id;
+ memset(p, 0, size);
+ p->size = size;
+ p->type = KDBUS_POLICY_ACCESS;
+ p->access.type = type;
+ p->access.bits = bits;
+ p->access.id = id;
- return p;
+ return p;
}
static void append_policy(struct kdbus_cmd_policy *cmd_policy, struct kdbus_policy *policy, __u64 max_size)
{
- struct kdbus_policy *dst = (struct kdbus_policy *) ((char *) cmd_policy + cmd_policy->size);
+ struct kdbus_policy *dst = (struct kdbus_policy *) ((char *) cmd_policy + cmd_policy->size);
- if (cmd_policy->size + policy->size > max_size)
- return;
+ if (cmd_policy->size + policy->size > max_size)
+ return;
- memcpy(dst, policy, policy->size);
- cmd_policy->size += KDBUS_ALIGN8(policy->size);
- free(policy);
+ memcpy(dst, policy, policy->size);
+ cmd_policy->size += KDBUS_ALIGN8(policy->size);
+ free(policy);
}
/**
* Name of the policy equals name on the bus.
*
* @param name name of the policy = name of the connection
- * @param fd - file descriptor of the connection
+ * @param transport - transport
+ * @param owner_uid - uid or euid of the process being owner of the name
*
* @returns #TRUE on success
*/
-dbus_bool_t register_kdbus_policy(const char* name, int fd)
+dbus_bool_t register_kdbus_policy(const char* name, DBusTransport *transport, unsigned long int owner_uid)
{
- struct kdbus_cmd_policy *cmd_policy;
- struct kdbus_policy *policy;
- int size = 0xffff;
+ struct kdbus_cmd_policy *cmd_policy;
+ struct kdbus_policy *policy;
+ int size = 0xffff;
+ int fd;
+
+ if(!_dbus_transport_get_socket_fd (transport, &fd))
+ return FALSE;
- cmd_policy = alloca(size);
- memset(cmd_policy, 0, size);
+ cmd_policy = alloca(size);
+ memset(cmd_policy, 0, size);
- policy = (struct kdbus_policy *) cmd_policy->policies;
- cmd_policy->size = offsetof(struct kdbus_cmd_policy, policies);
+ policy = (struct kdbus_policy *) cmd_policy->policies;
+ cmd_policy->size = offsetof(struct kdbus_cmd_policy, policies);
- policy = make_policy_name(name);
- append_policy(cmd_policy, policy, size);
+ policy = make_policy_name(name);
+ append_policy(cmd_policy, policy, size);
- policy = make_policy_access(KDBUS_POLICY_ACCESS_USER, KDBUS_POLICY_OWN, geteuid());
- append_policy(cmd_policy, policy, size);
+ policy = make_policy_access(KDBUS_POLICY_ACCESS_USER, KDBUS_POLICY_OWN, owner_uid);
+ append_policy(cmd_policy, policy, size);
- policy = make_policy_access(KDBUS_POLICY_ACCESS_WORLD, KDBUS_POLICY_RECV, 0);
- append_policy(cmd_policy, policy, size);
+ policy = make_policy_access(KDBUS_POLICY_ACCESS_WORLD, KDBUS_POLICY_RECV, 0);
+ append_policy(cmd_policy, policy, size);
- policy = make_policy_access(KDBUS_POLICY_ACCESS_WORLD, KDBUS_POLICY_SEND, 0);
- append_policy(cmd_policy, policy, size);
+ policy = make_policy_access(KDBUS_POLICY_ACCESS_WORLD, KDBUS_POLICY_SEND, 0);
+ append_policy(cmd_policy, policy, size);
- if (ioctl(fd, KDBUS_CMD_EP_POLICY_SET, cmd_policy) < 0)
- {
- _dbus_verbose ("Error setting policy: %m, %d\n", errno);
- return FALSE;
- }
+ if (ioctl(fd, KDBUS_CMD_EP_POLICY_SET, cmd_policy) < 0)
+ {
+ _dbus_verbose ("Error setting policy: %m, %d\n", errno);
+ return FALSE;
+ }
- _dbus_verbose("Policy %s set correctly\n", name);
- return TRUE;
+ _dbus_verbose("Policy %s set correctly\n", name);
+ return TRUE;
}
/**
*/
int request_kdbus_name(int fd, const char *name, const __u64 flags, __u64 id)
{
- struct kdbus_cmd_name *cmd_name;
-
- __u64 size = sizeof(*cmd_name) + strlen(name) + 1;
- __u64 flags_kdbus = 0;
-
- cmd_name = alloca(size);
-
- strcpy(cmd_name->name, name);
- cmd_name->size = size;
-
- if(flags & DBUS_NAME_FLAG_ALLOW_REPLACEMENT)
- flags_kdbus |= KDBUS_NAME_ALLOW_REPLACEMENT;
- if(!(flags & DBUS_NAME_FLAG_DO_NOT_QUEUE))
- flags_kdbus |= KDBUS_NAME_QUEUE;
- if(flags & DBUS_NAME_FLAG_REPLACE_EXISTING)
- flags_kdbus |= KDBUS_NAME_REPLACE_EXISTING;
- if(flags & KDBUS_NAME_STARTER)
- flags_kdbus |= KDBUS_NAME_STARTER;
-
- cmd_name->flags = flags_kdbus;
- cmd_name->id = id;
-// cmd_name->conn_flags = 0;
-
- _dbus_verbose("Request name - flags sent: 0x%llx !!!!!!!!!\n", cmd_name->flags);
-
- if (ioctl(fd, KDBUS_CMD_NAME_ACQUIRE, cmd_name))
- {
- _dbus_verbose ("error acquiring name '%s': %m, %d\n", name, errno);
- if(errno == EEXIST)
- return DBUS_REQUEST_NAME_REPLY_EXISTS;
- return -errno;
- }
-
- _dbus_verbose("Request name - received flag: 0x%llx !!!!!!!!!\n", cmd_name->flags);
-
- if(cmd_name->flags & KDBUS_NAME_IN_QUEUE)
- return DBUS_REQUEST_NAME_REPLY_IN_QUEUE;
- else
- return DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER;
- /*todo now 1 code is never returned - DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER
- * because kdbus never returns it now
- */
+ struct kdbus_cmd_name *cmd_name;
+
+ __u64 size = sizeof(*cmd_name) + strlen(name) + 1;
+ __u64 flags_kdbus = 0;
+
+ cmd_name = alloca(size);
+
+ strcpy(cmd_name->name, name);
+ cmd_name->size = size;
+
+ if(flags & DBUS_NAME_FLAG_ALLOW_REPLACEMENT)
+ flags_kdbus |= KDBUS_NAME_ALLOW_REPLACEMENT;
+ if(!(flags & DBUS_NAME_FLAG_DO_NOT_QUEUE))
+ flags_kdbus |= KDBUS_NAME_QUEUE;
+ if(flags & DBUS_NAME_FLAG_REPLACE_EXISTING)
+ flags_kdbus |= KDBUS_NAME_REPLACE_EXISTING;
+ if(flags & KDBUS_NAME_STARTER)
+ flags_kdbus |= KDBUS_NAME_STARTER;
+
+ cmd_name->flags = flags_kdbus;
+ cmd_name->id = id;
+ // cmd_name->conn_flags = 0;
+
+ _dbus_verbose("Request name - flags sent: 0x%llx !!!!!!!!!\n", cmd_name->flags);
+
+ if (ioctl(fd, KDBUS_CMD_NAME_ACQUIRE, cmd_name))
+ {
+ _dbus_verbose ("error acquiring name '%s': %m, %d\n", name, errno);
+ if(errno == EEXIST)
+ return DBUS_REQUEST_NAME_REPLY_EXISTS;
+ return -errno;
+ }
+
+ _dbus_verbose("Request name - received flag: 0x%llx !!!!!!!!!\n", cmd_name->flags);
+
+ if(cmd_name->flags & KDBUS_NAME_IN_QUEUE)
+ return DBUS_REQUEST_NAME_REPLY_IN_QUEUE;
+ else
+ return DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER;
+ /*todo now 1 code is never returned - DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER
+ * because kdbus never returns it now
+ */
}
/**
*/
int release_kdbus_name(int fd, const char *name, __u64 id)
{
- struct kdbus_cmd_name *cmd_name;
+ struct kdbus_cmd_name *cmd_name;
- __u64 size = sizeof(*cmd_name) + strlen(name) + 1;
+ __u64 size = sizeof(*cmd_name) + strlen(name) + 1;
- cmd_name = alloca(size);
- cmd_name->id = id;
- strcpy(cmd_name->name, name);
- cmd_name->size = size;
+ cmd_name = alloca(size);
+ cmd_name->id = id;
+ strcpy(cmd_name->name, name);
+ cmd_name->size = size;
- if (ioctl(fd, KDBUS_CMD_NAME_RELEASE, cmd_name))
- {
- if(errno == ESRCH)
- return DBUS_RELEASE_NAME_REPLY_NON_EXISTENT;
- else if (errno == EPERM)
- return DBUS_RELEASE_NAME_REPLY_NOT_OWNER;
- _dbus_verbose ("error releasing name '%s' for id:%llu. Error: %m, %d\n", name, (unsigned long long)id, errno);
- return -errno;
- }
+ if (ioctl(fd, KDBUS_CMD_NAME_RELEASE, cmd_name))
+ {
+ if(errno == ESRCH)
+ return DBUS_RELEASE_NAME_REPLY_NON_EXISTENT;
+ else if (errno == EPERM)
+ return DBUS_RELEASE_NAME_REPLY_NOT_OWNER;
+ _dbus_verbose ("error releasing name '%s' for id:%llu. Error: %m, %d\n", name, (unsigned long long)id, errno);
+ return -errno;
+ }
- _dbus_verbose("Name '%s' released\n", name);
+ _dbus_verbose("Name '%s' released\n", name);
- return DBUS_RELEASE_NAME_REPLY_RELEASED;
+ return DBUS_RELEASE_NAME_REPLY_RELEASED;
}
(typeof(part))(((uint8_t *)part) + KDBUS_ALIGN8((part)->size))
#define KDBUS_ITEM_SIZE(s) KDBUS_ALIGN8((s) + KDBUS_PART_HEADER_SIZE)
-dbus_bool_t register_kdbus_policy(const char* name, int fd);
+dbus_bool_t register_kdbus_policy(const char* name, DBusTransport *transport, unsigned long int uid);
int request_kdbus_name(int fd, const char *name, const __u64 flags, __u64 id);
int release_kdbus_name(int fd, const char *name, __u64 id);