diff options
author | Daniel Mack <daniel@zonque.org> | 2014-09-24 17:24:20 +0200 |
---|---|---|
committer | Daniel Mack <daniel@zonque.org> | 2014-11-11 14:14:01 +0100 |
commit | f0a4c7391c7c682b658974b82390d332197740e2 (patch) | |
tree | 11510cf2c7a0aa677bebf61347d62935ed4ef42b /src | |
parent | 8573b68fecc65a0cd285e4c5e288831856948e62 (diff) |
bus-proxyd: enforce policy for name ownership
Diffstat (limited to 'src')
-rw-r--r-- | src/bus-proxyd/bus-proxyd.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c index a6554aba3b..2f26f81a36 100644 --- a/src/bus-proxyd/bus-proxyd.c +++ b/src/bus-proxyd/bus-proxyd.c @@ -509,7 +509,7 @@ static int peer_is_privileged(sd_bus *bus, sd_bus_message *m) { return false; } -static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) { +static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *policy, const struct ucred *ucred) { int r; assert(a); @@ -859,6 +859,9 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) { if (r < 0) return synthetic_reply_method_errno(m, r, NULL); + if (!policy_check_own(policy, ucred, name)) + return synthetic_reply_method_errno(m, -EPERM, NULL); + if (!service_name_is_valid(name)) return synthetic_reply_method_errno(m, -EINVAL, NULL); if ((flags & ~(BUS_NAME_ALLOW_REPLACEMENT|BUS_NAME_REPLACE_EXISTING|BUS_NAME_DO_NOT_QUEUE)) != 0) @@ -1440,7 +1443,7 @@ int main(int argc, char *argv[]) { goto finish; } - k = process_driver(a, b, m); + k = process_driver(a, b, m, &policy, &ucred); if (k < 0) { r = k; log_error("Failed to process driver calls: %s", strerror(-r)); |