summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksy Barcz <a.barcz@partner.samsung.com>2018-05-08 11:21:10 +0200
committerAdrian Szyndela <adrian.s@samsung.com>2018-06-05 09:37:52 +0200
commit9eec62592ff6b443bce5f3bd8dd3b67441691e5b (patch)
tree515b266f6e90792a2e2e9a94123479cdb2888b34
parent6b199fd8a3a01bf0246411dfc43955ee2108c61c (diff)
downloaddbus-9eec62592ff6b443bce5f3bd8dd3b67441691e5b.tar.gz
dbus-9eec62592ff6b443bce5f3bd8dd3b67441691e5b.tar.bz2
dbus-9eec62592ff6b443bce5f3bd8dd3b67441691e5b.zip
kdbus: check policy first, only then open kdbus
A process shouldn't hold an open kdbus descriptor, if according to security policy this process has no rights to open the bus at all. Corrected error message and code to be consistent with dbus-daemon. Change-Id: I8c138438a21736f9241addc9ed5a616f6be19442
Diffstat
-rwxr-xr-xdbus/dbus-transport-kdbus.c47
1 files changed, 22 insertions, 25 deletions
diff --git a/dbus/dbus-transport-kdbus.c b/dbus/dbus-transport-kdbus.c
index e8b333ad..73ebc45a 100755
--- a/dbus/dbus-transport-kdbus.c
+++ b/dbus/dbus-transport-kdbus.c
@@ -4288,20 +4288,6 @@ new_kdbus_transport (kdbus_t *kdbus,
return NULL;
}
-static dbus_bool_t
-initialize_policies (DBusTransportKdbus *transport, const char *path)
-{
- dbus_bool_t result = TRUE;
-
-#ifdef LIBDBUSPOLICY
- transport->policy = dbuspolicy1_init (path);
- if (NULL == transport->policy)
- result = FALSE;
-#endif
-
- return result;
-}
-
/**
* Connects to kdbus, creates and sets-up transport.
*
@@ -4318,6 +4304,9 @@ _dbus_transport_new_for_kdbus (const char *path,
DBusTransportKdbus *transport;
DBusString address;
kdbus_t *kdbus;
+#ifdef LIBDBUSPOLICY
+ void *policy;
+#endif
#ifdef DBUS_ENABLE_VERBOSE_MODE
const char *dbgenv = _dbus_getenv ("G_DBUS_DEBUG");
@@ -4351,6 +4340,17 @@ _dbus_transport_new_for_kdbus (const char *path,
goto failed_0;
}
+#ifdef LIBDBUSPOLICY
+ policy = dbuspolicy1_init (path);
+ if (NULL == policy)
+ {
+ dbus_set_error (error,
+ DBUS_ERROR_NO_REPLY,
+ "Did not receive a reply. Possible causes include: couldn't load dbus policy for kdbus transport or the message bus security policy blocked the reply.");
+ goto failed_0_with_kdbus;
+ }
+#endif
+
ret = _kdbus_open (kdbus, path);
if (ret < 0)
{
@@ -4359,7 +4359,7 @@ _dbus_transport_new_for_kdbus (const char *path,
"Failed to open file descriptor: %s: %s",
path,
_dbus_strerror (-ret));
- goto failed_0_with_kdbus;
+ goto failed_0_with_kdbus_and_policy;
}
_dbus_verbose ("Successfully connected to kdbus bus %s\n", path);
@@ -4370,16 +4370,9 @@ _dbus_transport_new_for_kdbus (const char *path,
dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
goto failed_1;
}
-
- if (!initialize_policies (transport, path))
- {
- dbus_set_error (error,
- DBUS_ERROR_FAILED,
- "Can't load dbus policy for kdbus transport");
- _kdbus_close (kdbus);
- transport_finalize ((DBusTransport*)transport);
- transport = NULL;
- }
+#ifdef LIBDBUSPOLICY
+ transport->policy = policy;
+#endif
_dbus_string_free (&address);
@@ -4387,6 +4380,10 @@ _dbus_transport_new_for_kdbus (const char *path,
failed_1:
_kdbus_close (kdbus);
+failed_0_with_kdbus_and_policy:
+#ifdef LIBDBUSPOLICY
+ dbuspolicy1_free (policy);
+#endif
failed_0_with_kdbus:
_kdbus_free (kdbus);
failed_0:
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 00:33:52 +0000