diff options
author | David Herrmann <dh.herrmann@gmail.com> | 2015-01-11 14:13:19 +0100 |
---|---|---|
committer | David Herrmann <dh.herrmann@gmail.com> | 2015-01-11 14:18:29 +0100 |
commit | 0042d824e3616aaf2e3eec23d3b2e6aec7c0470c (patch) | |
tree | e9d121982239d984440c88a1f90aae6fc19327c4 /src/bus-proxyd | |
parent | 24b759c5d79c1a4993c05c1ef7f44f9ff6d7f463 (diff) |
bus-proxy: fix policy for expected/non-expected reply tags
dbus-1 distinguishes expected and non-expected replies. An expected reply
is a reply that is sent as answer to a previously forwarded method-call
before the timeout fires. Those replies are, by default, forwarded and
DENY policy tags are ignored on them (unless explicitly stated otherwise).
We don't track reply-windows in the bus-proxy as the kernel already does
this. Furthermore, the kernel prohibits any non-expected replies (which
breaks dbus-1, but it was an odd feature, anyway).
Therefore, skip policy checks on replies and always let the kernel deal
with it!
To be correct, we should still process DENY tags marked as
send_expected_reply=true (which is *NOT* the default!). However, so far we
don't parse those attributes, and no-one really uses it, so lets not
implement it for now. It's marked as TODO if anyone feels like fixing it.
Diffstat (limited to 'src/bus-proxyd')
-rw-r--r-- | src/bus-proxyd/bus-proxyd.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c index 4d0a265c66..3cbbab718b 100644 --- a/src/bus-proxyd/bus-proxyd.c +++ b/src/bus-proxyd/bus-proxyd.c @@ -992,6 +992,22 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p if (!policy) return 0; + /* + * dbus-1 distinguishes expected and non-expected replies by tracking + * method-calls and timeouts. By default, DENY rules are *NEVER* applied + * on expected replies, unless explicitly specified. But we dont track + * method-calls, thus, we cannot know whether a reply is expected. + * Fortunately, the kdbus forbids non-expected replies, so we can safely + * ignore any policy on those and let the kernel deal with it. + * + * TODO: To be correct, we should only ignore policy-tags that are + * applied on non-expected replies. However, so far we don't parse those + * tags so we let everything pass. I haven't seen a DENY policy tag on + * expected-replies, ever, so don't bother.. + */ + if (m->reply_cookie > 0) + return 0; + if (from->is_kernel) { uid_t sender_uid = UID_INVALID; gid_t sender_gid = GID_INVALID; |