summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Herrmann <dh.herrmann@gmail.com>2015-01-11 14:13:19 +0100
committerDavid Herrmann <dh.herrmann@gmail.com>2015-01-11 14:18:29 +0100
commit0042d824e3616aaf2e3eec23d3b2e6aec7c0470c (patch)
treee9d121982239d984440c88a1f90aae6fc19327c4
parent24b759c5d79c1a4993c05c1ef7f44f9ff6d7f463 (diff)
bus-proxy: fix policy for expected/non-expected reply tags
dbus-1 distinguishes expected and non-expected replies. An expected reply is a reply that is sent as answer to a previously forwarded method-call before the timeout fires. Those replies are, by default, forwarded and DENY policy tags are ignored on them (unless explicitly stated otherwise). We don't track reply-windows in the bus-proxy as the kernel already does this. Furthermore, the kernel prohibits any non-expected replies (which breaks dbus-1, but it was an odd feature, anyway). Therefore, skip policy checks on replies and always let the kernel deal with it! To be correct, we should still process DENY tags marked as send_expected_reply=true (which is *NOT* the default!). However, so far we don't parse those attributes, and no-one really uses it, so lets not implement it for now. It's marked as TODO if anyone feels like fixing it.
-rw-r--r--src/bus-proxyd/bus-proxyd.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 4d0a265c66..3cbbab718b 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -992,6 +992,22 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
if (!policy)
return 0;
+ /*
+ * dbus-1 distinguishes expected and non-expected replies by tracking
+ * method-calls and timeouts. By default, DENY rules are *NEVER* applied
+ * on expected replies, unless explicitly specified. But we dont track
+ * method-calls, thus, we cannot know whether a reply is expected.
+ * Fortunately, the kdbus forbids non-expected replies, so we can safely
+ * ignore any policy on those and let the kernel deal with it.
+ *
+ * TODO: To be correct, we should only ignore policy-tags that are
+ * applied on non-expected replies. However, so far we don't parse those
+ * tags so we let everything pass. I haven't seen a DENY policy tag on
+ * expected-replies, ever, so don't bother..
+ */
+ if (m->reply_cookie > 0)
+ return 0;
+
if (from->is_kernel) {
uid_t sender_uid = UID_INVALID;
gid_t sender_gid = GID_INVALID;