summaryrefslogtreecommitdiff
path: root/src/bus-proxyd/bus-proxyd.c
diff options
context:
space:
mode:
authorDaniel Mack <daniel@zonque.org>2014-09-24 17:18:35 +0200
committerDaniel Mack <daniel@zonque.org>2014-11-11 14:14:01 +0100
commit8573b68fecc65a0cd285e4c5e288831856948e62 (patch)
treecb122b9f65aafca32c5c062dfe035ebbdfbac41b /src/bus-proxyd/bus-proxyd.c
parentac4eaf6dd4e314515f3595c2838b2da3231fa357 (diff)
bus-proxyd: enforce policy for Hello messages
Diffstat (limited to 'src/bus-proxyd/bus-proxyd.c')
-rw-r--r--src/bus-proxyd/bus-proxyd.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index aaa79243cf..a6554aba3b 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -997,7 +997,7 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) {
}
}
-static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hello) {
+static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *policy, const struct ucred *ucred, bool *got_hello) {
_cleanup_bus_message_unref_ sd_bus_message *n = NULL;
bool is_hello;
int r;
@@ -1029,6 +1029,11 @@ static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hell
return -EIO;
}
+ if (!policy_check_hello(policy, ucred)) {
+ log_error("Policy denied HELLO");
+ return -EPERM;
+ }
+
*got_hello = true;
if (!a->is_kernel)
@@ -1418,7 +1423,7 @@ int main(int argc, char *argv[]) {
goto finish;
}
- k = process_hello(a, b, m, &got_hello);
+ k = process_hello(a, b, m, &policy, &ucred, &got_hello);
if (k < 0) {
r = k;
log_error("Failed to process HELLO: %s", strerror(-r));