diff options
author | Daniel Mack <daniel@zonque.org> | 2014-09-24 17:18:35 +0200 |
---|---|---|
committer | Daniel Mack <daniel@zonque.org> | 2014-11-11 14:14:01 +0100 |
commit | 8573b68fecc65a0cd285e4c5e288831856948e62 (patch) | |
tree | cb122b9f65aafca32c5c062dfe035ebbdfbac41b /src/bus-proxyd/bus-proxyd.c | |
parent | ac4eaf6dd4e314515f3595c2838b2da3231fa357 (diff) |
bus-proxyd: enforce policy for Hello messages
Diffstat (limited to 'src/bus-proxyd/bus-proxyd.c')
-rw-r--r-- | src/bus-proxyd/bus-proxyd.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c index aaa79243cf..a6554aba3b 100644 --- a/src/bus-proxyd/bus-proxyd.c +++ b/src/bus-proxyd/bus-proxyd.c @@ -997,7 +997,7 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) { } } -static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hello) { +static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *policy, const struct ucred *ucred, bool *got_hello) { _cleanup_bus_message_unref_ sd_bus_message *n = NULL; bool is_hello; int r; @@ -1029,6 +1029,11 @@ static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hell return -EIO; } + if (!policy_check_hello(policy, ucred)) { + log_error("Policy denied HELLO"); + return -EPERM; + } + *got_hello = true; if (!a->is_kernel) @@ -1418,7 +1423,7 @@ int main(int argc, char *argv[]) { goto finish; } - k = process_hello(a, b, m, &got_hello); + k = process_hello(a, b, m, &policy, &ucred, &got_hello); if (k < 0) { r = k; log_error("Failed to process HELLO: %s", strerror(-r)); |