summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-11-26 21:15:39 +0100
committerLennart Poettering <lennart@poettering.net>2014-11-26 21:15:39 +0100
commit278ebf8d26f0ebf9d63d8aa1b91a2adbdd8aa4e0 (patch)
tree0d67d0b6c40c3dc6631a68a37912408dc7cdfa97
parent55e189007c707fb827b8b287903c258de234bd12 (diff)
bus-policy: actually test messages against the newly added test.conf
-rw-r--r--src/bus-proxyd/bus-policy.c6
-rw-r--r--src/bus-proxyd/test-bus-policy.c19
2 files changed, 23 insertions, 2 deletions
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index ff6a3e4e19..d543bf9af4 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -627,7 +627,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
if (i->name && !streq_ptr(i->name, filter->name))
break;
- if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type))
+ if ((i->message_type != 0) && (i->message_type != filter->message_type))
break;
if (i->path && !streq_ptr(i->path, filter->path))
@@ -688,7 +688,7 @@ static int check_policy_items(PolicyItem *items, const struct policy_check_filte
* and the order of rules in policy definitions matters */
LIST_FOREACH(items, i, items) {
if (i->class != filter->class &&
- IN_SET(i->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX) != IN_SET(filter->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX))
+ !(i->class == POLICY_ITEM_OWN_PREFIX && filter->class == POLICY_ITEM_OWN))
continue;
r = check_policy_item(i, filter);
@@ -707,6 +707,8 @@ static int policy_check(Policy *p, const struct policy_check_filter *filter) {
assert(p);
assert(filter);
+ assert(IN_SET(filter->class, POLICY_ITEM_SEND, POLICY_ITEM_RECV, POLICY_ITEM_OWN, POLICY_ITEM_USER, POLICY_ITEM_GROUP));
+
/*
* The policy check is implemented by the following logic:
*
diff --git a/src/bus-proxyd/test-bus-policy.c b/src/bus-proxyd/test-bus-policy.c
index 3140e083c2..1c1d1ef9ed 100644
--- a/src/bus-proxyd/test-bus-policy.c
+++ b/src/bus-proxyd/test-bus-policy.c
@@ -157,6 +157,25 @@ int main(int argc, char *argv[]) {
assert_se(test_policy_load(&p, "test.conf") >= 0);
policy_dump(&p);
+
+ ucred.uid = 0;
+ assert_se(policy_check_own(&p, &ucred, "org.foo.FooService") == true);
+ assert_se(policy_check_own(&p, &ucred, "org.foo.FooService2") == false);
+ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == false);
+ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
+ assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
+ assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface2", "Member") == false);
+ assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService2", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
+
+ ucred.uid = 100;
+ assert_se(policy_check_own(&p, &ucred, "org.foo.FooService") == false);
+ assert_se(policy_check_own(&p, &ucred, "org.foo.FooService2") == false);
+ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == false);
+ assert_se(policy_check_send(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
+ assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
+ assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface2", "Member") == false);
+ assert_se(policy_check_recv(&p, &ucred, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService2", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
+
policy_free(&p);
return EXIT_SUCCESS;