bus-policy: steal a test case for prefix ownership from dbus1, and make sure it passes with the bus proxy enforcement
This commit is contained in:
parent
cf226cfc24
commit
3a9cca1104
|
@ -1383,7 +1383,8 @@ EXTRA_DIST += \
|
|||
test/bus-policy/hello.conf \
|
||||
test/bus-policy/methods.conf \
|
||||
test/bus-policy/ownerships.conf \
|
||||
test/bus-policy/signals.conf
|
||||
test/bus-policy/signals.conf \
|
||||
test/bus-policy/check-own-rules.conf
|
||||
|
||||
|
||||
EXTRA_DIST += \
|
||||
|
|
|
@ -599,7 +599,7 @@ enum {
|
|||
};
|
||||
|
||||
struct policy_check_filter {
|
||||
int class;
|
||||
PolicyItemClass class;
|
||||
const struct ucred *ucred;
|
||||
int message_type;
|
||||
const char *name;
|
||||
|
@ -651,7 +651,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
|
|||
case POLICY_ITEM_OWN_PREFIX:
|
||||
assert(filter->name);
|
||||
|
||||
if (streq(i->name, "*") || service_name_startswith(i->name, filter->name))
|
||||
if (streq(i->name, "*") || service_name_startswith(filter->name, i->name))
|
||||
return is_permissive(i);
|
||||
break;
|
||||
|
||||
|
@ -687,7 +687,8 @@ static int check_policy_items(PolicyItem *items, const struct policy_check_filte
|
|||
/* Check all policies in a set - a broader one might be followed by a more specific one,
|
||||
* and the order of rules in policy definitions matters */
|
||||
LIST_FOREACH(items, i, items) {
|
||||
if (i->class != filter->class)
|
||||
if (i->class != filter->class &&
|
||||
IN_SET(i->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX) != IN_SET(filter->class, POLICY_ITEM_OWN, POLICY_ITEM_OWN_PREFIX))
|
||||
continue;
|
||||
|
||||
r = check_policy_item(i, filter);
|
||||
|
|
|
@ -131,5 +131,21 @@ int main(int argc, char *argv[]) {
|
|||
|
||||
policy_free(&p);
|
||||
|
||||
/* dbus1 test file: ownership */
|
||||
|
||||
assert_se(test_policy_load(&p, "check-own-rules.conf") >= 0);
|
||||
policy_dump(&p);
|
||||
|
||||
assert_se(policy_check_own(&p, &ucred, "org.freedesktop") == false);
|
||||
assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystem") == false);
|
||||
assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems") == true);
|
||||
assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems.foo") == true);
|
||||
assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems.foo.bar") == true);
|
||||
assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems2") == false);
|
||||
assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems2.foo") == false);
|
||||
assert_se(policy_check_own(&p, &ucred, "org.freedesktop.ManySystems2.foo.bar") == false);
|
||||
|
||||
policy_free(&p);
|
||||
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
||||
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||
<busconfig>
|
||||
<user>mybususer</user>
|
||||
<listen>unix:path=/foo/bar</listen>
|
||||
<listen>tcp:port=1234</listen>
|
||||
<servicedir>/usr/share/foo</servicedir>
|
||||
<policy context="default">
|
||||
<allow user="*"/>
|
||||
<deny own="*"/>
|
||||
<allow own_prefix="org.freedesktop.ManySystems"/>
|
||||
</policy>
|
||||
|
||||
</busconfig>
|
Loading…
Reference in New Issue