From 8573b68fecc65a0cd285e4c5e288831856948e62 Mon Sep 17 00:00:00 2001
From: Daniel Mack <daniel@zonque.org>
Date: Wed, 24 Sep 2014 17:18:35 +0200
Subject: bus-proxyd: enforce policy for Hello messages

---
 src/bus-proxyd/bus-proxyd.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src/bus-proxyd')

diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index aaa79243cf..a6554aba3b 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -997,7 +997,7 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) {
         }
 }
 
-static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hello) {
+static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *policy, const struct ucred *ucred, bool *got_hello) {
         _cleanup_bus_message_unref_ sd_bus_message *n = NULL;
         bool is_hello;
         int r;
@@ -1029,6 +1029,11 @@ static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hell
                 return -EIO;
         }
 
+        if (!policy_check_hello(policy, ucred)) {
+                log_error("Policy denied HELLO");
+                return -EPERM;
+        }
+
         *got_hello = true;
 
         if (!a->is_kernel)
@@ -1418,7 +1423,7 @@ int main(int argc, char *argv[]) {
                                 goto finish;
                         }
 
-                        k = process_hello(a, b, m, &got_hello);
+                        k = process_hello(a, b, m, &policy, &ucred, &got_hello);
                         if (k < 0) {
                                 r = k;
                                 log_error("Failed to process HELLO: %s", strerror(-r));
-- 
cgit v1.2.3-54-g00ecf