summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-11-26 20:22:22 +0100
committerLennart Poettering <lennart@poettering.net>2014-11-26 20:22:22 +0100
commit3a9cca11042331fc053ac1aa6363603622f1188c (patch)
treed63d2139f8d0d707511f1a4387fff95bbc9b3983 /src
parentcf226cfc24fec9d47a0c822188737656150356bb (diff)
bus-policy: steal a test case for prefix ownership from dbus1, and make sure it passes with the bus proxy enforcement
Diffstat (limited to 'src')
-rw-r--r--src/bus-proxyd/bus-policy.c7
-rw-r--r--src/bus-proxyd/test-bus-policy.c16
2 files changed, 20 insertions, 3 deletions
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index cb0726aa3f..ff6a3e4e19 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -599,7 +599,7 @@ enum {
};
struct policy_check_filter {
- int class;
+ PolicyItemClass class;
const struct ucred *ucred;
int message_type;
const char *name;
@@ -651,7 +651,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
case POLICY_ITEM_OWN_PREFIX:
assert(filter->name);
- if (streq(i->name, "*") || service_name_startswith(i->name, filter->name))
+ if (streq(i->name, "*") || service_name_startswith(filter->name, i->name))
return is_permissive(i);
break;
@@ -687,7 +687,8 @@ static int check_policy_items(PolicyItem *items, const struct policy_check_filte
/* Check all policies in a set - a broader one might be followed by a more specific one,
* and the order of rules in policy definitions matters */
LIST_FOREACH(items, i, items) {
- if (i->class != filter->class)
+ if (i->class != filter->class &&
+ IN_SET(i->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX) != IN_SET(filter->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX))
continue;
r = check_policy_item(i, filter);
diff --git a/src/bus-proxyd/test-bus-policy.c b/src/bus-proxyd/test-bus-policy.c
index c9a027e877..a4b7b6af08 100644
--- a/src/bus-proxyd/test-bus-policy.c
+++ b/src/bus-proxyd/test-bus-policy.c
@@ -131,5 +131,21 @@ int main(int argc, char *argv[]) {
policy_free(&p);
+ /* dbus1 test file: ownership */
+
+ assert_se(test_policy_load(&p, "check-own-rules.conf") >= 0);
+ policy_dump(&p);
+
+ assert_se(policy_check_own(&p, &ucred, "org.freedesktop") == false);
+ assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystem") == false);
+ assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems") == true);
+ assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems.foo") == true);
+ assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems.foo.bar") == true);
+ assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems2") == false);
+ assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems2.foo") == false);
+ assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems2.foo.bar") == false);
+
+ policy_free(&p);
+
return EXIT_SUCCESS;
}