summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDaniel Mack <daniel@zonque.org>2014-09-24 17:24:20 +0200
committerDaniel Mack <daniel@zonque.org>2014-11-11 14:14:01 +0100
commitf0a4c7391c7c682b658974b82390d332197740e2 (patch)
tree11510cf2c7a0aa677bebf61347d62935ed4ef42b /src
parent8573b68fecc65a0cd285e4c5e288831856948e62 (diff)
bus-proxyd: enforce policy for name ownership
Diffstat (limited to 'src')
-rw-r--r--src/bus-proxyd/bus-proxyd.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index a6554aba3b..2f26f81a36 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -509,7 +509,7 @@ static int peer_is_privileged(sd_bus *bus, sd_bus_message *m) {
return false;
}
-static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) {
+static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *policy, const struct ucred *ucred) {
int r;
assert(a);
@@ -859,6 +859,9 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) {
if (r < 0)
return synthetic_reply_method_errno(m, r, NULL);
+ if (!policy_check_own(policy, ucred, name))
+ return synthetic_reply_method_errno(m, -EPERM, NULL);
+
if (!service_name_is_valid(name))
return synthetic_reply_method_errno(m, -EINVAL, NULL);
if ((flags & ~(BUS_NAME_ALLOW_REPLACEMENT|BUS_NAME_REPLACE_EXISTING|BUS_NAME_DO_NOT_QUEUE)) != 0)
@@ -1440,7 +1443,7 @@ int main(int argc, char *argv[]) {
goto finish;
}
- k = process_driver(a, b, m);
+ k = process_driver(a, b, m, &policy, &ucred);
if (k < 0) {
r = k;
log_error("Failed to process driver calls: %s", strerror(-r));