diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-11-26 20:22:22 +0100 | 
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-11-26 20:22:22 +0100 | 
| commit | 3a9cca11042331fc053ac1aa6363603622f1188c (patch) | |
| tree | d63d2139f8d0d707511f1a4387fff95bbc9b3983 | |
| parent | cf226cfc24fec9d47a0c822188737656150356bb (diff) | |
bus-policy: steal a test case for prefix ownership from dbus1, and make sure it passes with the bus proxy enforcement
| -rw-r--r-- | Makefile.am | 3 | ||||
| -rw-r--r-- | src/bus-proxyd/bus-policy.c | 7 | ||||
| -rw-r--r-- | src/bus-proxyd/test-bus-policy.c | 16 | ||||
| -rw-r--r-- | test/bus-policy/check-own-rules.conf | 14 | 
4 files changed, 36 insertions, 4 deletions
| diff --git a/Makefile.am b/Makefile.am index b52ff8e77d..5545aa187c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1383,7 +1383,8 @@ EXTRA_DIST += \  	test/bus-policy/hello.conf \  	test/bus-policy/methods.conf \  	test/bus-policy/ownerships.conf \ -	test/bus-policy/signals.conf +	test/bus-policy/signals.conf \ +	test/bus-policy/check-own-rules.conf  EXTRA_DIST += \ diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c index cb0726aa3f..ff6a3e4e19 100644 --- a/src/bus-proxyd/bus-policy.c +++ b/src/bus-proxyd/bus-policy.c @@ -599,7 +599,7 @@ enum {  };  struct policy_check_filter { -        int class; +        PolicyItemClass class;          const struct ucred *ucred;          int message_type;          const char *name; @@ -651,7 +651,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi          case POLICY_ITEM_OWN_PREFIX:                  assert(filter->name); -                if (streq(i->name, "*") || service_name_startswith(i->name, filter->name)) +                if (streq(i->name, "*") || service_name_startswith(filter->name, i->name))                          return is_permissive(i);                  break; @@ -687,7 +687,8 @@ static int check_policy_items(PolicyItem *items, const struct policy_check_filte          /* Check all policies in a set - a broader one might be followed by a more specific one,           * and the order of rules in policy definitions matters */          LIST_FOREACH(items, i, items) { -                if (i->class != filter->class) +                if (i->class != filter->class && +                    IN_SET(i->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX) != IN_SET(filter->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX))                          continue;                  r = check_policy_item(i, filter); diff --git a/src/bus-proxyd/test-bus-policy.c b/src/bus-proxyd/test-bus-policy.c index c9a027e877..a4b7b6af08 100644 --- a/src/bus-proxyd/test-bus-policy.c +++ b/src/bus-proxyd/test-bus-policy.c @@ -131,5 +131,21 @@ int main(int argc, char *argv[]) {          policy_free(&p); +        /* dbus1 test file: ownership */ + +        assert_se(test_policy_load(&p, "check-own-rules.conf") >= 0); +        policy_dump(&p); + +        assert_se(policy_check_own(&p, &ucred, "org.freedesktop") == false); +        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystem") == false); +        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems") == true); +        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems.foo") == true); +        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems.foo.bar") == true); +        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems2") == false); +        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems2.foo") == false); +        assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems2.foo.bar") == false); + +        policy_free(&p); +          return EXIT_SUCCESS;  } diff --git a/test/bus-policy/check-own-rules.conf b/test/bus-policy/check-own-rules.conf new file mode 100644 index 0000000000..bc2f415fcb --- /dev/null +++ b/test/bus-policy/check-own-rules.conf @@ -0,0 +1,14 @@ +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> +  <user>mybususer</user> +  <listen>unix:path=/foo/bar</listen> +  <listen>tcp:port=1234</listen> +  <servicedir>/usr/share/foo</servicedir> +  <policy context="default"> +    <allow user="*"/> +    <deny own="*"/> +    <allow own_prefix="org.freedesktop.ManySystems"/> +  </policy> + +</busconfig> | 
