summaryrefslogtreecommitdiff
path: root/src/bus-proxyd/bus-policy.c
diff options
context:
space:
mode:
authorDaniel Mack <daniel@zonque.org>2014-10-09 13:26:53 +0200
committerDaniel Mack <daniel@zonque.org>2014-10-09 13:31:01 +0200
commitd46fbfb48deff83943355992e55f9ef4431ff5ef (patch)
tree8a9603e4569183cc311f660c00c67057c4fd5784 /src/bus-proxyd/bus-policy.c
parent374738d55b2bc4ab07c22f9a0be95a76de1c9478 (diff)
bus-policy: move name list iteration to policy users
We need to figure out which of the possible names satisfied the policy, so we cannot do the iteration in check_policy_item() but have to leave it to the users. Test cases amended accordingly.
Diffstat (limited to 'src/bus-proxyd/bus-policy.c')
-rw-r--r--src/bus-proxyd/bus-policy.c29
1 files changed, 10 insertions, 19 deletions
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index aea8541d50..625f5ddaee 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -602,14 +602,10 @@ struct policy_check_filter {
int class;
const struct ucred *ucred;
int message_type;
+ const char *name;
const char *interface;
const char *path;
- union {
- const char *name;
- const char *member;
- };
- char **names_strv;
- Hashmap *names_hash;
+ const char *member;
};
static int is_permissive(PolicyItem *i) {
@@ -628,13 +624,8 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
case POLICY_ITEM_SEND:
case POLICY_ITEM_RECV:
- if (i->name) {
- if (filter->names_hash && !hashmap_contains(filter->names_hash, i->name))
- break;
-
- if (filter->names_strv && !strv_contains(filter->names_strv, i->name))
- break;
- }
+ if (i->name && !streq_ptr(i->name, filter->name))
+ break;
if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type))
break;
@@ -651,14 +642,14 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
return is_permissive(i);
case POLICY_ITEM_OWN:
- assert(filter->member);
+ assert(filter->name);
if (streq(i->name, "*") || streq(i->name, filter->name))
return is_permissive(i);
break;
case POLICY_ITEM_OWN_PREFIX:
- assert(filter->member);
+ assert(filter->name);
if (streq(i->name, "*") || startswith(i->name, filter->name))
return is_permissive(i);
@@ -780,8 +771,8 @@ bool policy_check_hello(Policy *p, const struct ucred *ucred) {
bool policy_check_recv(Policy *p,
const struct ucred *ucred,
- Hashmap *names,
int message_type,
+ const char *name,
const char *path,
const char *interface,
const char *member) {
@@ -789,8 +780,8 @@ bool policy_check_recv(Policy *p,
struct policy_check_filter filter = {
.class = POLICY_ITEM_RECV,
.ucred = ucred,
- .names_hash = names,
.message_type = message_type,
+ .name = name,
.interface = interface,
.path = path,
.member = member,
@@ -801,8 +792,8 @@ bool policy_check_recv(Policy *p,
bool policy_check_send(Policy *p,
const struct ucred *ucred,
- char **names,
int message_type,
+ const char *name,
const char *path,
const char *interface,
const char *member) {
@@ -810,8 +801,8 @@ bool policy_check_send(Policy *p,
struct policy_check_filter filter = {
.class = POLICY_ITEM_SEND,
.ucred = ucred,
- .names_strv = names,
.message_type = message_type,
+ .name = name,
.interface = interface,
.path = path,
.member = member,