X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=meta-security%2Frecipes-core%2Fdbus-cynara%2Fdbus-cynara%2F0003-Handle-unavailability-of-policy-results-for-broadcas.patch;h=1c2ab2bcb209f0b811a618f5b9c503c2e40b763b;hb=3045563d9eb21cfa7450a911dc038f1ee9710de0;hp=b797064ecb0fe24e373ca00010b6181c67e3cf48;hpb=e6b8d4b9aebcc39cb5274fe61e913a1df069bb40;p=AGL%2Fmeta-agl.git diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch index b797064ec..1c2ab2bcb 100644 --- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch +++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch @@ -1,8 +1,8 @@ -From 8c5fd05f7b2f14ac0f4423cae300f60c6bb51c74 Mon Sep 17 00:00:00 2001 +From fdc3d7086c8f7a623e3da80e559708545b9201fc Mon Sep 17 00:00:00 2001 From: Jacek Bukarewicz Date: Fri, 28 Nov 2014 12:39:33 +0100 -Subject: [PATCH 3/5] Handle unavailability of policy results for broadcasts - and receive rules +Subject: Handle unavailability of policy results for broadcasts and receive + rules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -19,30 +19,18 @@ Messages sent to non-addressed recipients (eavesdroppers or broadcast message recipients) are handled in a similar way. The difference is that it is not full dispatch meaning message is sent to a single recipient. -Change-Id: Iecd5395f75a4c7811fa97247a37d8fc4d42e8814 - Cherry picked from 1e231194610892dd4360224998d91336097b05a1 by Jose Bollo +Updated for dbus 1.10.20 by Scott Murray and José Bollo + Signed-off-by: José Bollo ---- - bus/activation.c | 4 +- - bus/bus.c | 50 +++++++-- - bus/bus.h | 19 ++++ - bus/check.c | 307 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - bus/check.h | 25 +++++ - bus/connection.c | 169 ++++++++++++++++++++++++++++-- - bus/connection.h | 19 +++- - bus/dispatch.c | 121 ++++++++++++++++++---- - bus/dispatch.h | 11 +- - bus/driver.c | 2 +- - bus/policy.c | 6 ++ - 11 files changed, 686 insertions(+), 47 deletions(-) +Signed-off-by: Scott Murray diff --git a/bus/activation.c b/bus/activation.c -index 343d3f22..11bd8386 100644 +index 005047f..ffdc6fc 100644 --- a/bus/activation.c +++ b/bus/activation.c -@@ -1198,7 +1198,7 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation +@@ -1259,7 +1259,7 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation res = bus_dispatch_matches (transaction, entry->connection, addressed_recipient, @@ -51,20 +39,20 @@ index 343d3f22..11bd8386 100644 if (res == BUS_RESULT_FALSE) { /* If permission is denied, we just want to return the error -@@ -2085,7 +2085,7 @@ bus_activation_activate_service (BusActivation *activation, - entry->systemd_service); +@@ -2137,7 +2137,7 @@ bus_activation_activate_service (BusActivation *activation, + bus_connection_get_loginfo (connection)); /* Wonderful, systemd is connected, let's just send the msg */ - res = bus_dispatch_matches (activation_transaction, NULL, bus_service_get_primary_owners_connection (service), -- message, error); -+ message, NULL, error); + res = bus_dispatch_matches (activation_transaction, NULL, +- systemd, message, error); ++ systemd, message, NULL, error); if (res == BUS_RESULT_TRUE) retval = TRUE; diff --git a/bus/bus.c b/bus/bus.c -index c4008505..911e2340 100644 +index 237efe3..5bb5637 100644 --- a/bus/bus.c +++ b/bus/bus.c -@@ -1796,17 +1796,9 @@ bus_context_check_security_policy (BusContext *context, +@@ -1800,17 +1800,9 @@ bus_context_check_security_policy (BusContext *context, } /* See if limits on size have been exceeded */ @@ -84,7 +72,7 @@ index c4008505..911e2340 100644 /* Record that we will allow a reply here in the future (don't * bother if the recipient is the bus or this is an eavesdropping -@@ -1861,3 +1853,41 @@ bus_context_check_all_watches (BusContext *context) +@@ -1869,3 +1861,41 @@ bus_context_check_all_watches (BusContext *context) _dbus_server_toggle_all_watches (server, enabled); } } @@ -127,10 +115,10 @@ index c4008505..911e2340 100644 + return TRUE; +} diff --git a/bus/bus.h b/bus/bus.h -index dab7791f..445165c9 100644 +index 82c32c8..1b08f7c 100644 --- a/bus/bus.h +++ b/bus/bus.h -@@ -158,4 +158,23 @@ BusResult bus_context_check_security_policy (BusContext +@@ -164,4 +164,23 @@ BusResult bus_context_check_security_policy (BusContext BusDeferredMessage **deferred_message); void bus_context_check_all_watches (BusContext *context); @@ -155,7 +143,7 @@ index dab7791f..445165c9 100644 + #endif /* BUS_BUS_H */ diff --git a/bus/check.c b/bus/check.c -index 4b8a6994..b8833349 100644 +index 4b8a699..f3d283f 100644 --- a/bus/check.c +++ b/bus/check.c @@ -49,6 +49,9 @@ typedef struct BusDeferredMessage @@ -370,7 +358,7 @@ index 4b8a6994..b8833349 100644 + deferred_message->sender, + deferred_message->addressed_recipient, + deferred_message->proposed_recipient, -+ deferred_message->message, NULL, ++ deferred_message->message, NULL, NULL, + &deferred_message2); + + if (result == BUS_RESULT_LATER) @@ -511,7 +499,7 @@ index 4b8a6994..b8833349 100644 } + diff --git a/bus/check.h b/bus/check.h -index d1775497..9c13c184 100644 +index d177549..9c13c18 100644 --- a/bus/check.h +++ b/bus/check.h @@ -64,12 +64,37 @@ BusDeferredMessage *bus_deferred_message_new (DBusMessage *messag @@ -553,7 +541,7 @@ index d1775497..9c13c184 100644 extern BusResult (*bus_check_test_override) (DBusConnection *connection, const char *privilege); diff --git a/bus/connection.c b/bus/connection.c -index eea50ecd..1c0bdffb 100644 +index b348d42..ee93384 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -31,11 +31,13 @@ @@ -587,7 +575,7 @@ index eea50ecd..1c0bdffb 100644 bus_dispatch_remove_connection (connection); /* no more watching */ -@@ -2264,7 +2269,7 @@ bus_transaction_capture (BusTransaction *transaction, +@@ -2307,7 +2312,7 @@ bus_transaction_capture (BusTransaction *transaction, { DBusConnection *recipient = link->data; @@ -596,7 +584,7 @@ index eea50ecd..1c0bdffb 100644 goto out; } -@@ -2317,6 +2322,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, +@@ -2361,6 +2366,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, { DBusError error = DBUS_ERROR_INIT; BusResult res; @@ -604,17 +592,16 @@ index eea50ecd..1c0bdffb 100644 /* We have to set the sender to the driver, and have * to check security policy since it was not done in -@@ -2357,7 +2363,8 @@ bus_transaction_send_from_driver (BusTransaction *transaction, +@@ -2401,7 +2407,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, res = bus_context_check_security_policy (bus_transaction_get_context (transaction), transaction, - NULL, connection, connection, message, &error, -- NULL); -+ &deferred_message); -+ + NULL, connection, connection, message, NULL, +- &error, NULL); ++ &error, &deferred_message); if (res == BUS_RESULT_FALSE) { - if (!bus_transaction_capture_error_reply (transaction, &error, message)) -@@ -2374,18 +2381,20 @@ bus_transaction_send_from_driver (BusTransaction *transaction, + if (!bus_transaction_capture_error_reply (transaction, connection, +@@ -2419,18 +2425,20 @@ bus_transaction_send_from_driver (BusTransaction *transaction, } else if (res == BUS_RESULT_LATER) { @@ -639,7 +626,7 @@ index eea50ecd..1c0bdffb 100644 { MessageToSend *to_send; BusConnectionData *d; -@@ -2411,7 +2420,28 @@ bus_transaction_send (BusTransaction *transaction, +@@ -2456,7 +2464,28 @@ bus_transaction_send (BusTransaction *transaction, d = BUS_CONNECTION_DATA (connection); _dbus_assert (d != NULL); @@ -669,7 +656,7 @@ index eea50ecd..1c0bdffb 100644 to_send = dbus_new (MessageToSend, 1); if (to_send == NULL) { -@@ -2663,6 +2693,131 @@ bus_transaction_add_cancel_hook (BusTransaction *transaction, +@@ -2708,6 +2737,131 @@ bus_transaction_add_cancel_hook (BusTransaction *transaction, return TRUE; } @@ -802,10 +789,10 @@ index eea50ecd..1c0bdffb 100644 bus_connections_get_n_active (BusConnections *connections) { diff --git a/bus/connection.h b/bus/connection.h -index a6e5dfde..46e883e6 100644 +index 71078ea..97dae96 100644 --- a/bus/connection.h +++ b/bus/connection.h -@@ -83,6 +83,22 @@ dbus_bool_t bus_connection_preallocate_oom_error (DBusConnection *connection); +@@ -85,6 +85,22 @@ dbus_bool_t bus_connection_preallocate_oom_error (DBusConnection *connection); void bus_connection_send_oom_error (DBusConnection *connection, DBusMessage *in_reply_to); @@ -828,7 +815,7 @@ index a6e5dfde..46e883e6 100644 /* called by signals.c */ dbus_bool_t bus_connection_add_match_rule (DBusConnection *connection, BusMatchRule *rule); -@@ -135,7 +151,8 @@ BusTransaction* bus_transaction_new (BusContext * +@@ -137,7 +153,8 @@ BusTransaction* bus_transaction_new (BusContext * BusContext* bus_transaction_get_context (BusTransaction *transaction); dbus_bool_t bus_transaction_send (BusTransaction *transaction, DBusConnection *connection, @@ -837,9 +824,9 @@ index a6e5dfde..46e883e6 100644 + dbus_bool_t deferred_dispatch); dbus_bool_t bus_transaction_capture (BusTransaction *transaction, DBusConnection *connection, - DBusMessage *message); + DBusConnection *addressed_recipient, diff --git a/bus/dispatch.c b/bus/dispatch.c -index 7353501b..e32c9263 100644 +index 50a22a3..7d30ce4 100644 --- a/bus/dispatch.c +++ b/bus/dispatch.c @@ -33,6 +33,7 @@ @@ -850,16 +837,16 @@ index 7353501b..e32c9263 100644 #include "test.h" #include #include -@@ -76,7 +77,7 @@ send_one_message (DBusConnection *connection, - message, +@@ -77,7 +78,7 @@ send_one_message (DBusConnection *connection, + NULL, &stack_error, &deferred_message); - if (result != BUS_RESULT_TRUE) + if (result == BUS_RESULT_FALSE) { - if (!bus_transaction_capture_error_reply (transaction, &stack_error, - message)) -@@ -111,9 +112,19 @@ send_one_message (DBusConnection *connection, + if (!bus_transaction_capture_error_reply (transaction, sender, + &stack_error, message)) +@@ -112,9 +113,19 @@ send_one_message (DBusConnection *connection, return TRUE; /* don't send it but don't return an error either */ } @@ -880,7 +867,7 @@ index 7353501b..e32c9263 100644 { BUS_SET_OOM (error); return FALSE; -@@ -123,11 +134,12 @@ send_one_message (DBusConnection *connection, +@@ -124,11 +135,12 @@ send_one_message (DBusConnection *connection, } BusResult @@ -898,17 +885,19 @@ index 7353501b..e32c9263 100644 { DBusError tmp_error; BusConnections *connections; -@@ -151,17 +163,78 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -137,7 +149,6 @@ bus_dispatch_matches (BusTransaction *transaction, + DBusList *link; + BusContext *context; + BusDeferredMessage *deferred_message; +- BusResult res; + + _DBUS_ASSERT_ERROR_IS_CLEAR (error); + +@@ -153,16 +164,80 @@ bus_dispatch_matches (BusTransaction *transaction, /* First, send the message to the addressed_recipient, if there is one. */ if (addressed_recipient != NULL) { -- BusResult res; - res = bus_context_check_security_policy (context, transaction, -- sender, addressed_recipient, -- addressed_recipient, -- message, error, -- &deferred_message); -- if (res == BUS_RESULT_FALSE) + BusResult result; + /* To maintain message order message needs to be appended at the recipient if there are already + * deferred messages and we are not doing deferred dispatch @@ -960,9 +949,12 @@ index 7353501b..e32c9263 100644 + result = BUS_RESULT_LATER; + + if (result == BUS_RESULT_LATER) -+ result = bus_context_check_security_policy(context, transaction, -+ sender, addressed_recipient, addressed_recipient, message, error, -+ &deferred_message); ++ result = bus_context_check_security_policy (context, transaction, + sender, addressed_recipient, + addressed_recipient, + message, NULL, error, + &deferred_message); +- if (res == BUS_RESULT_FALSE) + + if (result == BUS_RESULT_FALSE) return BUS_RESULT_FALSE; @@ -985,7 +977,7 @@ index 7353501b..e32c9263 100644 status = bus_deferred_message_get_status(deferred_message); if (status & BUS_DEFERRED_MESSAGE_CHECK_SEND) -@@ -172,13 +245,18 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -173,13 +248,18 @@ bus_dispatch_matches (BusTransaction *transaction, } else if (status & BUS_DEFERRED_MESSAGE_CHECK_RECEIVE) { @@ -1008,7 +1000,7 @@ index 7353501b..e32c9263 100644 return BUS_RESULT_FALSE; } } -@@ -195,7 +273,8 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -196,7 +276,8 @@ bus_dispatch_matches (BusTransaction *transaction, } /* Dispatch the message */ @@ -1018,7 +1010,7 @@ index 7353501b..e32c9263 100644 { BUS_SET_OOM (error); return BUS_RESULT_FALSE; -@@ -495,7 +574,7 @@ bus_dispatch (DBusConnection *connection, +@@ -534,7 +615,7 @@ bus_dispatch (DBusConnection *connection, * match rules. */ if (BUS_RESULT_LATER == bus_dispatch_matches (transaction, connection, addressed_recipient, @@ -1028,7 +1020,7 @@ index 7353501b..e32c9263 100644 /* Roll back and dispatch the message once the policy result is available */ bus_transaction_cancel_and_free (transaction); diff --git a/bus/dispatch.h b/bus/dispatch.h -index afba6a24..f6102e80 100644 +index afba6a2..f6102e8 100644 --- a/bus/dispatch.h +++ b/bus/dispatch.h @@ -29,10 +29,11 @@ @@ -1049,11 +1041,11 @@ index afba6a24..f6102e80 100644 #endif /* BUS_DISPATCH_H */ diff --git a/bus/driver.c b/bus/driver.c -index a5823d4d..5acdd62a 100644 +index f414f64..d89a658 100644 --- a/bus/driver.c +++ b/bus/driver.c -@@ -261,7 +261,7 @@ bus_driver_send_service_owner_changed (const char *service_name, - if (!bus_transaction_capture (transaction, NULL, message)) +@@ -254,7 +254,7 @@ bus_driver_send_service_owner_changed (const char *service_name, + if (!bus_transaction_capture (transaction, NULL, NULL, message)) goto oom; - res = bus_dispatch_matches (transaction, NULL, NULL, message, error); @@ -1062,10 +1054,10 @@ index a5823d4d..5acdd62a 100644 retval = TRUE; else diff --git a/bus/policy.c b/bus/policy.c -index bcade176..47bd1a24 100644 +index 7ee1ce5..b1fab0d 100644 --- a/bus/policy.c +++ b/bus/policy.c -@@ -1071,6 +1071,9 @@ bus_client_policy_check_can_send (DBusConnection *sender, +@@ -1121,6 +1121,9 @@ bus_client_policy_check_can_send (DBusConnection *sender, result = bus_check_privilege(check, message, sender, addressed_recipient, receiver, privilege, BUS_DEFERRED_MESSAGE_CHECK_SEND, deferred_message); @@ -1075,7 +1067,7 @@ index bcade176..47bd1a24 100644 } else privilege = NULL; -@@ -1305,6 +1308,9 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1370,6 +1373,9 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, result = bus_check_privilege(check, message, sender, addressed_recipient, proposed_recipient, privilege, BUS_DEFERRED_MESSAGE_CHECK_RECEIVE, deferred_message); @@ -1086,5 +1078,5 @@ index bcade176..47bd1a24 100644 else privilege = NULL; -- -2.14.3 +2.17.2