policy: add <check> element

The new <check> element is almost the same as <allow> and <deny>. The
difference is that it has an additional "privilege" parameter which
will be tested at runtime. Depending on the outcome of the check, the
rule turns into an allow or deny rule.

Executing these checks will be implemented separately. At the moment,
a <check> is basically the same as <deny>.

The representation of a rule grows by one additional pointer and needs
one additional bit to represent <check> in addition to <allow>/<deny>.
Reordering elements might mitigate this effect.

Change-Id: I25baa802fdf41413a78200273c3a0b17ae7f1cfa

5 files changed, 46 insertions, 0 deletions

diff --git a/test/Makefile.am b/test/Makefile.am
index b7f40bb0..1f4c8fe7 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -304,6 +304,7 @@ in_data = \
 	data/valid-config-files/debug-allow-all.conf.in \
 	data/valid-config-files/finite-timeout.conf.in \
 	data/valid-config-files/forbidding.conf.in \
+	data/valid-config-files/debug-check-some.conf.in \
 	data/valid-config-files/incoming-limit.conf.in \
 	data/valid-config-files/multi-user.conf.in \
 	data/valid-config-files/systemd-activation.conf.in \
diff --git a/test/data/invalid-config-files/badcheck-1.conf b/test/data/invalid-config-files/badcheck-1.conf
new file mode 100644
index 00000000..fad9f502
--- /dev/null
+++ b/test/data/invalid-config-files/badcheck-1.conf
@@ -0,0 +1,9 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <user>mybususer</user>
+  <listen>unix:path=/foo/bar</listen>
+  <policy context="default">
+    <allow privilege="foo" send_destination="*"/> <!-- extra privilege="foo" -->
+  </policy>
+</busconfig>
diff --git a/test/data/invalid-config-files/badcheck-2.conf b/test/data/invalid-config-files/badcheck-2.conf
new file mode 100644
index 00000000..63c7ef25
--- /dev/null
+++ b/test/data/invalid-config-files/badcheck-2.conf
@@ -0,0 +1,9 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <user>mybususer</user>
+  <listen>unix:path=/foo/bar</listen>
+  <policy context="default">
+    <check send_destination="*"/> <!-- missing privilege="foo" -->
+  </policy>
+</busconfig>
diff --git a/test/data/valid-config-files/check-1.conf b/test/data/valid-config-files/check-1.conf
new file mode 100644
index 00000000..ad714733
--- /dev/null
+++ b/test/data/valid-config-files/check-1.conf
@@ -0,0 +1,9 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <user>mybususer</user>
+  <listen>unix:path=/foo/bar</listen>
+  <policy context="default">
+    <check privilege="foo" send_destination="*"/>
+  </policy>
+</busconfig>
diff --git a/test/data/valid-config-files/debug-check-some.conf.in b/test/data/valid-config-files/debug-check-some.conf.in
new file mode 100644
index 00000000..47ee8548
--- /dev/null
+++ b/test/data/valid-config-files/debug-check-some.conf.in
@@ -0,0 +1,18 @@
+<!-- Bus that listens on a debug pipe and doesn't create any restrictions -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <listen>debug-pipe:name=test-server</listen>
+  <listen>@TEST_LISTEN@</listen>
+  <servicedir>@DBUS_TEST_DATA@/valid-service-files</servicedir>
+  <policy context="default">
+    <allow send_interface="*"/>
+    <allow receive_interface="*"/>
+    <allow own="*"/>
+    <allow user="*"/>
+
+    <deny send_interface="org.freedesktop.TestSuite" send_member="Echo"/>
+    <check privilege="foo" send_interface="org.freedesktop.TestSuite" send_member="Echo"/>
+  </policy>
+</busconfig>