summaryrefslogtreecommitdiff
path: root/src/bus-proxyd
diff options
context:
space:
mode:
Diffstat (limited to 'src/bus-proxyd')
-rw-r--r--src/bus-proxyd/bus-proxyd.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index aaa79243cf..a6554aba3b 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -997,7 +997,7 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) {
}
}
-static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hello) {
+static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *policy, const struct ucred *ucred, bool *got_hello) {
_cleanup_bus_message_unref_ sd_bus_message *n = NULL;
bool is_hello;
int r;
@@ -1029,6 +1029,11 @@ static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hell
return -EIO;
}
+ if (!policy_check_hello(policy, ucred)) {
+ log_error("Policy denied HELLO");
+ return -EPERM;
+ }
+
*got_hello = true;
if (!a->is_kernel)
@@ -1418,7 +1423,7 @@ int main(int argc, char *argv[]) {
goto finish;
}
- k = process_hello(a, b, m, &got_hello);
+ k = process_hello(a, b, m, &policy, &ucred, &got_hello);
if (k < 0) {
r = k;
log_error("Failed to process HELLO: %s", strerror(-r));