summaryrefslogtreecommitdiff
path: root/bus/policy.c
diff options
context:
space:
mode:
Diffstat (limited to 'bus/policy.c')
-rw-r--r--bus/policy.c64
1 files changed, 62 insertions, 2 deletions
diff --git a/bus/policy.c b/bus/policy.c
index 24c0f06d..6e642951 100644
--- a/bus/policy.c
+++ b/bus/policy.c
@@ -30,6 +30,7 @@
#include <dbus/dbus-list.h>
#include <dbus/dbus-hash.h>
#include <dbus/dbus-internals.h>
+#include <dbus/dbus-message-internal.h>
BusPolicyRule*
bus_policy_rule_new (BusPolicyRuleType type,
@@ -71,6 +72,8 @@ bus_policy_rule_new (BusPolicyRuleType type,
break;
case BUS_POLICY_RULE_OWN:
break;
+ default:
+ _dbus_assert_not_reached ("invalid rule");
}
return rule;
@@ -118,6 +121,8 @@ bus_policy_rule_unref (BusPolicyRule *rule)
break;
case BUS_POLICY_RULE_GROUP:
break;
+ default:
+ _dbus_assert_not_reached ("invalid rule");
}
dbus_free (rule->privilege);
@@ -264,6 +269,9 @@ add_list_to_client (DBusList **list,
if (!bus_client_policy_append_rule (client, rule))
return FALSE;
break;
+
+ default:
+ _dbus_assert_not_reached ("invalid rule");
}
}
@@ -836,8 +844,11 @@ bus_client_policy_optimize (BusClientPolicy *policy)
remove_preceding =
rule->d.own.service_name == NULL;
break;
+
+ /* The other rule types don't appear in this list */
case BUS_POLICY_RULE_USER:
case BUS_POLICY_RULE_GROUP:
+ default:
_dbus_assert_not_reached ("invalid rule");
break;
}
@@ -1090,7 +1101,27 @@ bus_client_policy_check_can_send (DBusConnection *sender,
continue;
}
}
-
+
+ if (rule->d.send.broadcast != BUS_POLICY_TRISTATE_ANY)
+ {
+ if (dbus_message_get_destination (message) == NULL &&
+ dbus_message_get_type (message) == DBUS_MESSAGE_TYPE_SIGNAL)
+ {
+ /* it's a broadcast */
+ if (rule->d.send.broadcast == BUS_POLICY_TRISTATE_FALSE)
+ {
+ _dbus_verbose (" (policy) skipping rule because message is a broadcast\n");
+ continue;
+ }
+ }
+ /* else it isn't a broadcast: there is some destination */
+ else if (rule->d.send.broadcast == BUS_POLICY_TRISTATE_TRUE)
+ {
+ _dbus_verbose (" (policy) skipping rule because message is not a broadcast\n");
+ continue;
+ }
+ }
+
if (rule->d.send.destination != NULL)
{
if (!rule->d.send.destination_prefix)
@@ -1176,6 +1207,20 @@ bus_client_policy_check_can_send (DBusConnection *sender,
}
}
+ if (rule->d.send.min_fds > 0 ||
+ rule->d.send.max_fds < DBUS_MAXIMUM_MESSAGE_UNIX_FDS)
+ {
+ unsigned int n_fds = _dbus_message_get_n_unix_fds (message);
+
+ if (n_fds < rule->d.send.min_fds || n_fds > rule->d.send.max_fds)
+ {
+ _dbus_verbose (" (policy) skipping rule because message has %u fds "
+ "and that is outside range [%u,%u]",
+ n_fds, rule->d.send.min_fds, rule->d.send.max_fds);
+ continue;
+ }
+ }
+
/* Use this rule */
switch (rule->access)
{
@@ -1421,7 +1466,22 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
}
}
}
-
+
+ if (rule->d.receive.min_fds > 0 ||
+ rule->d.receive.max_fds < DBUS_MAXIMUM_MESSAGE_UNIX_FDS)
+ {
+ unsigned int n_fds = _dbus_message_get_n_unix_fds (message);
+
+ if (n_fds < rule->d.receive.min_fds || n_fds > rule->d.receive.max_fds)
+ {
+ _dbus_verbose (" (policy) skipping rule because message has %u fds "
+ "and that is outside range [%u,%u]",
+ n_fds, rule->d.receive.min_fds,
+ rule->d.receive.max_fds);
+ continue;
+ }
+ }
+
/* Use this rule */
switch (rule->access)
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 13:01:59 +0000