diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-11-26 23:14:13 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-11-27 22:02:12 +0100 |
| commit | 78f9b196ab9671ceb625cd2abf90629ed201c24f (patch) | |
| tree | a4555557014eb7d387e94fc9058d7c91f53f0bac /src/bus-proxyd/bus-policy.h | |
| parent | 9398f650939aec0d44ea7d20240502cafd667c29 (diff) | |
bus-proxy: beef up policy enforcement
- actually return permission errors to clients
- use the right ucreds field
- fix error paths when we cannot keep track of locally acquired names
due to OOM
- avoid unnecessary global variables
- log when the policy denies access
- enforce correct policy rule order
- always request all the metadata its we need to make decisions
Diffstat (limited to 'src/bus-proxyd/bus-policy.h')
| -rw-r--r-- | src/bus-proxyd/bus-policy.h | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/bus-proxyd/bus-policy.h b/src/bus-proxyd/bus-policy.h index 64fe1ffac5..933a53ceb5 100644 --- a/src/bus-proxyd/bus-policy.h +++ b/src/bus-proxyd/bus-policy.h @@ -76,17 +76,19 @@ typedef struct Policy { int policy_load(Policy *p, char **files); void policy_free(Policy *p); -bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name); -bool policy_check_hello(Policy *p, const struct ucred *ucred); +bool policy_check_own(Policy *p, uid_t uid, gid_t gid, const char *name); +bool policy_check_hello(Policy *p, uid_t uid, gid_t gid); bool policy_check_recv(Policy *p, - const struct ucred *ucred, + uid_t uid, + gid_t gid, int message_type, const char *name, const char *path, const char *interface, const char *member); bool policy_check_send(Policy *p, - const struct ucred *ucred, + uid_t uid, + gid_t gid, int message_type, const char *name, const char *path, |