kdbus: disable all internal policy checkssubmit/tizen_ivi/20160217.000004submit/tizen_ivi/20160217.000000submit/tizen_common/20160218.142243submit/tizen/20160107.053914accepted/tizen/wearable/20160107.101858accepted/tizen/tv/20160107.101850accepted/tizen/mobile/20160107.101829accepted/tizen/ivi/20160218.024248

Change-Id: I5ef09ea4e4389ca41a6ef7afda31fe3a8d9bc507
Signed-off-by: Lukasz Skalski <l.skalski@samsung.com>

2 files changed, 23 insertions, 9 deletions

diff --git a/ipc/kdbus/connection.c b/ipc/kdbus/connection.c
index b3b081c27297..2d54105d6f20 100644
--- a/ipc/kdbus/connection.c
+++ b/ipc/kdbus/connection.c
@@ -53,6 +53,11 @@
 #define KDBUS_CONN_ACTIVE_BIAS	(INT_MIN + 2)
 #define KDBUS_CONN_ACTIVE_NEW	(INT_MIN + 1)
 
+/* Disable internal kdbus policy - possibilities of connections to own, see and
+ * talk to names are restricted by libdbuspolicy library and LSM hooks
+ */
+#define DISABLE_KDBUS_POLICY
+
 static struct kdbus_conn *kdbus_conn_new(struct kdbus_ep *ep, bool privileged,
 					 struct kdbus_cmd_hello *hello,
 					 const char *name,
@@ -1218,13 +1223,10 @@ static struct kdbus_reply *kdbus_conn_call(struct kdbus_conn *src,
 	if (ret)
 		goto exit;
 
-	/* Disable internal kdbus policy - possibilities of connections to own,
-	 * see and talk to well-known names are restricted by LSM hooks
 	if (!kdbus_conn_policy_talk(src, current_cred(), dst)) {
 		ret = -EPERM;
 		goto exit;
 	}
-	*/
 
 	wait = kdbus_reply_new(dst, src, &kmsg->msg, name, true);
 	if (IS_ERR(wait)) {
@@ -1303,12 +1305,9 @@ static int kdbus_conn_unicast(struct kdbus_conn *src, struct kdbus_kmsg *kmsg)
 		if (!kdbus_match_db_match_kmsg(dst->match_db, src, kmsg) ||
 		    !kdbus_conn_policy_talk(dst, NULL, src))
 			goto exit;
-        /* Disable internal kdbus policy - possibilities of connections to own,
-         * see and talk to well-known names are restricted by LSM hooks
 	} else if (!kdbus_conn_policy_talk(src, current_cred(), dst)) {
 		ret = -EPERM;
 		goto exit;
-	*/
 	} else if (kmsg->msg.flags & KDBUS_MSG_EXPECT_REPLY) {
 		wait = kdbus_reply_new(dst, src, &kmsg->msg, name, false);
 		if (IS_ERR(wait)) {
@@ -1475,6 +1474,10 @@ bool kdbus_conn_policy_own_name(struct kdbus_conn *conn,
 	unsigned int hash = kdbus_strhash(name);
 	int res;
 
+#ifdef DISABLE_KDBUS_POLICY
+	return true;
+#endif
+
 	if (!conn_creds)
 		conn_creds = conn->cred;
 
@@ -1507,6 +1510,11 @@ bool kdbus_conn_policy_talk(struct kdbus_conn *conn,
 			    const struct cred *conn_creds,
 			    struct kdbus_conn *to)
 {
+
+#ifdef DISABLE_KDBUS_POLICY
+	return true;
+#endif
+
 	if (!conn_creds)
 		conn_creds = conn->cred;
 
@@ -1543,6 +1551,10 @@ bool kdbus_conn_policy_see_name_unlocked(struct kdbus_conn *conn,
 {
 	int res;
 
+#ifdef DISABLE_KDBUS_POLICY
+	return true;
+#endif
+
 	/*
 	 * By default, all names are visible on a bus. SEE policies can only be
 	 * installed on custom endpoints, where by default no name is visible.
@@ -1573,6 +1585,11 @@ static bool kdbus_conn_policy_see(struct kdbus_conn *conn,
 				  const struct cred *conn_creds,
 				  struct kdbus_conn *whom)
 {
+
+#ifdef DISABLE_KDBUS_POLICY
+	return true;
+#endif
+
 	/*
 	 * By default, all names are visible on a bus, so a connection can
 	 * always see other connections. SEE policies can only be installed on
diff --git a/ipc/kdbus/names.c b/ipc/kdbus/names.c
index 90e0c016f66e..df99e4df815b 100644
--- a/ipc/kdbus/names.c
+++ b/ipc/kdbus/names.c
@@ -290,13 +290,10 @@ int kdbus_name_acquire(struct kdbus_name_registry *reg,
 
 	down_write(&reg->rwlock);
 
-        /* Disable internal kdbus policy - possibilities of connections to own,
-         * see and talk to well-known names are restricted by LSM hooks
 	if (!kdbus_conn_policy_own_name(conn, current_cred(), name)) {
 		ret = -EPERM;
 		goto exit_unlock;
 	}
-	*/
 
 	hash = kdbus_strhash(name);
 	e = kdbus_name_find(reg, hash, name);