diff options
author | Daniel Mack <zonque@gmail.com> | 2014-02-28 14:31:44 +0100 |
---|---|---|
committer | Daniel Mack <zonque@gmail.com> | 2014-03-07 19:41:11 +0100 |
commit | ae5bceda1f257c3c2122a02b077fdec6f417de9c (patch) | |
tree | 02b9714cdf1963bf5be1632ac4e2c234a804296f /policy.c | |
parent | 9761e6e084297e71e593db216a78ab949b533f66 (diff) | |
download | kdbus-bus-ae5bceda1f257c3c2122a02b077fdec6f417de9c.tar.gz kdbus-bus-ae5bceda1f257c3c2122a02b077fdec6f417de9c.tar.bz2 kdbus-bus-ae5bceda1f257c3c2122a02b077fdec6f417de9c.zip |
policy: rename item types to match new model (ABI break)
The new policy model has three levels of permissions:
* SEE: A name may be seen on the bus
* TALK: A name may be talked to (implies SEE)
* OWN: A name may be owned (implies TALK and SEE)
This commit adopts these new levels, but doesn't actually implement
them yet.
Diffstat (limited to 'policy.c')
-rw-r--r-- | policy.c | 74 |
1 files changed, 21 insertions, 53 deletions
@@ -67,7 +67,7 @@ struct kdbus_policy_db_cache_entry { */ struct kdbus_policy_db_entry_access { u8 type; /* USER, GROUP, WORLD */ - u8 bits; /* RECV, SEND, OWN */ + u8 bits; /* OWN, TALK, SEE */ u64 id; /* uid, gid, 0 */ struct list_head list; }; @@ -98,6 +98,19 @@ static void kdbus_policy_db_entry_free(struct kdbus_policy_db_entry *e) kfree(e); } +static struct kdbus_policy_db_entry * +__kdbus_policy_lookup(struct kdbus_policy_db *db, + const char *name, u32 hash) +{ + struct kdbus_policy_db_entry *e; + + hash_for_each_possible(db->entries_hash, e, hentry, hash) + if (strcmp(e->name, name) == 0) + return e; + + return NULL; +} + /** * kdbus_policy_db_free - drop a policy database reference * @db: The policy database @@ -181,58 +194,26 @@ static u64 kdbus_collect_entry_accesses(struct kdbus_policy_db_entry *db_entry, return access; } -static int __kdbus_policy_db_check_send_access(struct kdbus_policy_db *db, +static int __kdbus_policy_db_check_talk_access(struct kdbus_policy_db *db, struct kdbus_conn *conn_src, struct kdbus_conn *conn_dst) { struct kdbus_name_entry *name_entry; struct kdbus_policy_db_entry *e; - u64 access; - u32 hash; int ret = -EPERM; - /* - * Send access is granted if either the source connection has a - * matching SEND rule or the receiver connection has a matching - * RECV rule. - * Hence, we walk the list of the names registered for each - * connection. - */ mutex_lock(&conn_src->lock); list_for_each_entry(name_entry, &conn_src->names_list, conn_entry) { - hash = kdbus_str_hash(name_entry->name); - hash_for_each_possible(db->entries_hash, e, hentry, hash) { - if (strcmp(e->name, name_entry->name) != 0) - continue; - - access = kdbus_collect_entry_accesses(e, conn_src); - if (access & KDBUS_POLICY_SEND) { + u32 hash = kdbus_str_hash(name_entry->name); + e = __kdbus_policy_lookup(db, name_entry->name, hash); + if (e) { + u64 access = kdbus_collect_entry_accesses(e, conn_src); + if (access & (KDBUS_POLICY_TALK | KDBUS_POLICY_OWN)) ret = 0; - break; - } } } mutex_unlock(&conn_src->lock); - if (ret == 0) - return 0; - - mutex_lock(&conn_dst->lock); - list_for_each_entry(name_entry, &conn_dst->names_list, conn_entry) { - hash = kdbus_str_hash(name_entry->name); - hash_for_each_possible(db->entries_hash, e, hentry, hash) { - if (strcmp(e->name, name_entry->name) != 0) - continue; - - access = kdbus_collect_entry_accesses(e, conn_dst); - if (access & KDBUS_POLICY_RECV) { - ret = 0; - break; - } - } - } - mutex_unlock(&conn_dst->lock); - return ret; } @@ -292,7 +273,7 @@ int kdbus_policy_db_check_send_access(struct kdbus_policy_db *db, * a hash table entry if send access is granted. */ mutex_lock(&db->entries_lock); - ret = __kdbus_policy_db_check_send_access(db, conn_src, conn_dst); + ret = __kdbus_policy_db_check_talk_access(db, conn_src, conn_dst); if (ret == 0) { ce = kdbus_policy_cache_entry_new(conn_src, conn_dst); if (!ce) { @@ -332,19 +313,6 @@ void kdbus_policy_db_remove_conn(struct kdbus_policy_db *db, mutex_unlock(&db->cache_lock); } -static struct kdbus_policy_db_entry * -__kdbus_policy_lookup(struct kdbus_policy_db *db, - const char *name, u32 hash) -{ - struct kdbus_policy_db_entry *e; - - hash_for_each_possible(db->entries_hash, e, hentry, hash) - if (strcmp(e->name, name) == 0) - return e; - - return NULL; -} - /** * kdbus_policy_db_check_own_access() - check whether a policy is allowed * to own a name |