summaryrefslogtreecommitdiff
path: root/src/bus-proxyd/bus-xml-policy.c
diff options
context:
space:
mode:
authorDavid Herrmann <dh.herrmann@gmail.com>2015-01-11 15:27:18 +0100
committerDavid Herrmann <dh.herrmann@gmail.com>2015-01-11 15:27:18 +0100
commitb49c7806a395fd655edd19785f56874b28f5a24c (patch)
tree18d1555df0303ebf2542930fc8c2e434580ac045 /src/bus-proxyd/bus-xml-policy.c
parentb5cfc2b953fca74bf4c42a4e9e38abe72cc26493 (diff)
bus-proxy: print message direction in policy logs
Make sure to print "dbus-1 to kernel" or "kernel to dbus-1" in policy logs to better diagnose the situation.
Diffstat (limited to 'src/bus-proxyd/bus-xml-policy.c')
-rw-r--r--src/bus-proxyd/bus-xml-policy.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/src/bus-proxyd/bus-xml-policy.c b/src/bus-proxyd/bus-xml-policy.c
index 366adbd7ac..a5c4313327 100644
--- a/src/bus-proxyd/bus-xml-policy.c
+++ b/src/bus-proxyd/bus-xml-policy.c
@@ -837,7 +837,8 @@ bool policy_check_recv(Policy *p,
const char *name,
const char *path,
const char *interface,
- const char *member) {
+ const char *member,
+ bool dbus_to_kernel) {
struct policy_check_filter filter = {
.class = POLICY_ITEM_RECV,
@@ -857,8 +858,9 @@ bool policy_check_recv(Policy *p,
verdict = policy_check(p, &filter);
log_full(LOG_AUTH | (verdict != ALLOW ? LOG_WARNING : LOG_DEBUG),
- "Receive permission check for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s path=%s interface=%s member=%s: %s",
- uid, gid, bus_message_type_to_string(message_type), strna(name), strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
+ "Receive permission check %s for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s path=%s interface=%s member=%s: %s",
+ dbus_to_kernel ? "dbus-1 to kernel" : "kernel to dbus-1", uid, gid, bus_message_type_to_string(message_type), strna(name),
+ strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
return verdict == ALLOW;
}
@@ -870,7 +872,8 @@ bool policy_check_send(Policy *p,
const char *name,
const char *path,
const char *interface,
- const char *member) {
+ const char *member,
+ bool dbus_to_kernel) {
struct policy_check_filter filter = {
.class = POLICY_ITEM_SEND,
@@ -890,8 +893,9 @@ bool policy_check_send(Policy *p,
verdict = policy_check(p, &filter);
log_full(LOG_AUTH | (verdict != ALLOW ? LOG_WARNING : LOG_DEBUG),
- "Send permission check for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s path=%s interface=%s member=%s: %s",
- uid, gid, bus_message_type_to_string(message_type), strna(name), strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
+ "Send permission check %s for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s path=%s interface=%s member=%s: %s",
+ dbus_to_kernel ? "dbus-1 to kernel" : "kernel to dbus-1", uid, gid, bus_message_type_to_string(message_type), strna(name),
+ strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
return verdict == ALLOW;
}