dbus-cynara: Fix upgrading to dbus-1.12.10

author Jose Bollo <jose.bollo@iot.bzh>

Wed, 10 Apr 2019 13:24:12 +0000 (15:24 +0200)

committer Jan-Simon Moeller <jsmoeller@linuxfoundation.org>

Wed, 19 Jun 2019 13:05:28 +0000 (13:05 +0000)
author Jose Bollo <jose.bollo@iot.bzh>
Wed, 10 Apr 2019 13:24:12 +0000 (15:24 +0200)
committer Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Wed, 19 Jun 2019 13:05:28 +0000 (13:05 +0000)
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch

index d04c60c..3dbfa8a 100644 (file)
--- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch
+++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch
@@ -1,7 +1,7 @@
-From 8f69153081140fa4c347ab1729c348ec77b309ec Mon Sep 17 00:00:00 2001
+From 6c498a9b0f4122d1ac49d603f9968b6d85830cdb Mon Sep 17 00:00:00 2001
  From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
  Date: Thu, 27 Nov 2014 18:11:05 +0100
  From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
  Date: Thu, 27 Nov 2014 18:11:05 +0100
-Subject: [PATCH 1/5] Integration of Cynara asynchronous security checks
+Subject: Integration of Cynara asynchronous security checks
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
@@ -19,7 +19,7 @@ Currently such return value results in message denial.
  Cherry picked from 4dcfb02f17247ff9de966b62182cd2e08f301238
  by José Bollo.
  
  Cherry picked from 4dcfb02f17247ff9de966b62182cd2e08f301238
  by José Bollo.
  
-Updated for dbus 1.10.20 by Scott Murray.
+Updated for dbus 1.10.20 by Scott Murray and José Bollo
  
  Change-Id: I9bcbce34577e5dc2a3cecf6233a0a2b0e43e1108
  Signed-off-by: José Bollo <jose.bollo@iot.bzh>
  
  Change-Id: I9bcbce34577e5dc2a3cecf6233a0a2b0e43e1108
  Signed-off-by: José Bollo <jose.bollo@iot.bzh>
@@ -64,10 +64,18 @@ index 9ae3071..46afb31 100644
         desktop-file.h                          \
         $(DIR_WATCH_SOURCE)                     \
  diff --git a/bus/activation.c b/bus/activation.c
         desktop-file.h                          \
         $(DIR_WATCH_SOURCE)                     \
  diff --git a/bus/activation.c b/bus/activation.c
-index 6f009f5..451179d 100644
+index 6f009f5..f8a02eb 100644
  --- a/bus/activation.c
  +++ b/bus/activation.c
  --- a/bus/activation.c
  +++ b/bus/activation.c
-@@ -1795,7 +1795,8 @@ bus_activation_activate_service (BusActivation  *activation,
+@@ -1788,14 +1788,15 @@ bus_activation_activate_service (BusActivation  *activation,
+ 
+   if (auto_activation &&
+       entry != NULL &&
+-      !bus_context_check_security_policy (activation->context,
++      BUS_RESULT_TRUE != bus_context_check_security_policy (activation->context,
+         transaction,
+         connection, /* sender */
+         NULL, /* addressed recipient */
           NULL, /* proposed recipient */
           activation_message,
           entry,
           NULL, /* proposed recipient */
           activation_message,
           entry,
@@ -750,7 +758,7 @@ index 382a014..9e026d1 100644
     ELEMENT_PIDFILE,
     ELEMENT_SERVICEDIR,
  diff --git a/bus/config-parser.c b/bus/config-parser.c
     ELEMENT_PIDFILE,
     ELEMENT_SERVICEDIR,
  diff --git a/bus/config-parser.c b/bus/config-parser.c
-index be27d38..b54b0e4 100644
+index be27d38..b5f1dd1 100644
  --- a/bus/config-parser.c
  +++ b/bus/config-parser.c
  @@ -1318,7 +1318,7 @@ append_rule_from_element (BusConfigParser   *parser,
  --- a/bus/config-parser.c
  +++ b/bus/config-parser.c
  @@ -1318,7 +1318,7 @@ append_rule_from_element (BusConfigParser   *parser,
@@ -823,7 +831,7 @@ index be27d38..b54b0e4 100644
           return FALSE;
   
  -      rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, allow); 
           return FALSE;
   
  -      rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, allow); 
-+      rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, access); 
++      rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, access);
         if (rule == NULL)
           goto nomem;
         
         if (rule == NULL)
           goto nomem;
         
@@ -832,7 +840,7 @@ index be27d38..b54b0e4 100644
           return FALSE;
   
  -      rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, allow); 
           return FALSE;
   
  -      rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, allow); 
-+      rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, access); 
++      rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, access);
         if (rule == NULL)
           goto nomem;
   
         if (rule == NULL)
           goto nomem;
   
@@ -958,7 +966,7 @@ index be27d38..b54b0e4 100644
       {
         _DBUS_ASSERT_ERROR_IS_SET (&error);
  diff --git a/bus/connection.c b/bus/connection.c
       {
         _DBUS_ASSERT_ERROR_IS_SET (&error);
  diff --git a/bus/connection.c b/bus/connection.c
-index 53605fa..deebde3 100644
+index 53605fa..b348d42 100644
  --- a/bus/connection.c
  +++ b/bus/connection.c
  @@ -36,6 +36,10 @@
  --- a/bus/connection.c
  +++ b/bus/connection.c
  @@ -36,6 +36,10 @@
@@ -1080,7 +1088,7 @@ index 53605fa..deebde3 100644
   
     /* We have to set the sender to the driver, and have
      * to check security policy since it was not done in
   
     /* We have to set the sender to the driver, and have
      * to check security policy since it was not done in
-@@ -2370,10 +2398,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+@@ -2370,10 +2398,11 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
      * if we're actively capturing messages, it's nice to log that we
      * tried to send it and did not allow ourselves to do so.
      */
      * if we're actively capturing messages, it's nice to log that we
      * tried to send it and did not allow ourselves to do so.
      */
@@ -1090,14 +1098,13 @@ index 53605fa..deebde3 100644
  -                                          message, NULL, &error))
  +  res = bus_context_check_security_policy (bus_transaction_get_context (transaction),
  +                                           transaction,
  -                                          message, NULL, &error))
  +  res = bus_context_check_security_policy (bus_transaction_get_context (transaction),
  +                                           transaction,
-+                                           NULL, connection, connection,
-+                                           message, NULL, &error,
-+                                           NULL);
++                                           NULL, connection, connection, message, NULL,
++                                           &error, NULL);
  +  if (res == BUS_RESULT_FALSE)
       {
         if (!bus_transaction_capture_error_reply (transaction, connection,
                                                   &error, message))
  +  if (res == BUS_RESULT_FALSE)
       {
         if (!bus_transaction_capture_error_reply (transaction, connection,
                                                   &error, message))
-@@ -2388,6 +2418,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+@@ -2388,6 +2417,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
         dbus_error_free (&error);
         return TRUE;
       }
         dbus_error_free (&error);
         return TRUE;
       }
@@ -1556,7 +1563,7 @@ index 0000000..c4728bb
  +                                       BusDeferredMessageStatus check_type,
  +                                       BusDeferredMessage **deferred_message);
  diff --git a/bus/dispatch.c b/bus/dispatch.c
  +                                       BusDeferredMessageStatus check_type,
  +                                       BusDeferredMessage **deferred_message);
  diff --git a/bus/dispatch.c b/bus/dispatch.c
-index 19228be..7e51bc1 100644
+index 19228be..d3867f7 100644
  --- a/bus/dispatch.c
  +++ b/bus/dispatch.c
  @@ -25,6 +25,7 @@
  --- a/bus/dispatch.c
  +++ b/bus/dispatch.c
  @@ -25,6 +25,7 @@
@@ -1588,15 +1595,16 @@ index 19228be..7e51bc1 100644
       {
         if (!bus_transaction_capture_error_reply (transaction, sender,
                                                   &stack_error, message))
       {
         if (!bus_transaction_capture_error_reply (transaction, sender,
                                                   &stack_error, message))
-@@ -130,6 +135,7 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -130,6 +135,8 @@ bus_dispatch_matches (BusTransaction *transaction,
     BusMatchmaker *matchmaker;
     DBusList *link;
     BusContext *context;
  +  BusDeferredMessage *deferred_message;
     BusMatchmaker *matchmaker;
     DBusList *link;
     BusContext *context;
  +  BusDeferredMessage *deferred_message;
++  BusResult res;
   
     _DBUS_ASSERT_ERROR_IS_CLEAR (error);
   
   
     _DBUS_ASSERT_ERROR_IS_CLEAR (error);
   
-@@ -145,11 +151,21 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -145,11 +152,20 @@ bus_dispatch_matches (BusTransaction *transaction,
     /* First, send the message to the addressed_recipient, if there is one. */
     if (addressed_recipient != NULL)
       {
     /* First, send the message to the addressed_recipient, if there is one. */
     if (addressed_recipient != NULL)
       {
@@ -1604,7 +1612,6 @@ index 19228be..7e51bc1 100644
  -                                              sender, addressed_recipient,
  -                                              addressed_recipient,
  -                                              message, NULL, error))
  -                                              sender, addressed_recipient,
  -                                              addressed_recipient,
  -                                              message, NULL, error))
-+      BusResult res;
  +      res = bus_context_check_security_policy (context, transaction,
  +                                               sender, addressed_recipient,
  +                                               addressed_recipient,
  +      res = bus_context_check_security_policy (context, transaction,
  +                                               sender, addressed_recipient,
  +                                               addressed_recipient,
@@ -1622,7 +1629,7 @@ index 19228be..7e51bc1 100644
   
         if (dbus_message_contains_unix_fds (message) &&
             !dbus_connection_can_send_type (addressed_recipient,
   
         if (dbus_message_contains_unix_fds (message) &&
             !dbus_connection_can_send_type (addressed_recipient,
-@@ -374,19 +390,32 @@ bus_dispatch (DBusConnection *connection,
+@@ -374,19 +390,31 @@ bus_dispatch (DBusConnection *connection,
     if (service_name &&
         strcmp (service_name, DBUS_SERVICE_DBUS) == 0) /* to bus driver */
       {
     if (service_name &&
         strcmp (service_name, DBUS_SERVICE_DBUS) == 0) /* to bus driver */
       {
@@ -1639,9 +1646,8 @@ index 19228be..7e51bc1 100644
  -                                              connection, NULL, NULL, message,
  -                                              NULL, &error))
  +      res = bus_context_check_security_policy (context, transaction,
  -                                              connection, NULL, NULL, message,
  -                                              NULL, &error))
  +      res = bus_context_check_security_policy (context, transaction,
-+                                               connection, NULL, NULL, message,
-+                                               NULL, &error,
-+                                               &deferred_message);
++                                               connection, NULL, NULL, message, NULL,
++                                               &error, &deferred_message);
  +      if (res == BUS_RESULT_FALSE)
           {
             _dbus_verbose ("Security policy rejected message\n");
  +      if (res == BUS_RESULT_FALSE)
           {
             _dbus_verbose ("Security policy rejected message\n");
@@ -2039,7 +2045,7 @@ index a37be80..7ee1ce5 100644
   
     return allowed;
  diff --git a/bus/policy.h b/bus/policy.h
   
     return allowed;
  diff --git a/bus/policy.h b/bus/policy.h
-index ec43ffa..f306a3c 100644
+index ec43ffa..f839d23 100644
  --- a/bus/policy.h
  +++ b/bus/policy.h
  @@ -46,6 +46,14 @@ typedef enum
  --- a/bus/policy.h
  +++ b/bus/policy.h
  @@ -46,6 +46,14 @@ typedef enum
@@ -2083,49 +2089,38 @@ index ec43ffa..f306a3c 100644
   BusClientPolicy* bus_client_policy_ref               (BusClientPolicy  *policy);
   void             bus_client_policy_unref             (BusClientPolicy  *policy);
  -dbus_bool_t      bus_client_policy_check_can_send    (BusClientPolicy  *policy,
   BusClientPolicy* bus_client_policy_ref               (BusClientPolicy  *policy);
   void             bus_client_policy_unref             (BusClientPolicy  *policy);
  -dbus_bool_t      bus_client_policy_check_can_send    (BusClientPolicy  *policy,
--                                                      BusRegistry      *registry,
--                                                      dbus_bool_t       requested_reply,
--                                                      DBusConnection   *receiver,
--                                                      DBusMessage      *message,
--                                                      dbus_int32_t     *toggles,
++BusResult        bus_client_policy_check_can_send    (DBusConnection   *sender,
++                                                      BusClientPolicy  *policy,
+                                                       BusRegistry      *registry,
+                                                       dbus_bool_t       requested_reply,
++                                                      DBusConnection   *addressed_recipient,
+                                                       DBusConnection   *receiver,
+                                                       DBusMessage      *message,
+                                                       dbus_int32_t     *toggles,
  -                                                      dbus_bool_t      *log);
  -dbus_bool_t      bus_client_policy_check_can_receive (BusClientPolicy  *policy,
  -                                                      dbus_bool_t      *log);
  -dbus_bool_t      bus_client_policy_check_can_receive (BusClientPolicy  *policy,
--                                                      BusRegistry      *registry,
--                                                      dbus_bool_t       requested_reply,
--                                                      DBusConnection   *sender,
--                                                      DBusConnection   *addressed_recipient,
--                                                      DBusConnection   *proposed_recipient,
--                                                      DBusMessage      *message,
--                                                      dbus_int32_t     *toggles);
-+BusResult        bus_client_policy_check_can_send    (DBusConnection      *sender,
-+                                                      BusClientPolicy     *policy,
-+                                                      BusRegistry         *registry,
-+                                                      dbus_bool_t          requested_reply,
-+                                                      DBusConnection      *addressed_recipient,
-+                                                      DBusConnection      *receiver,
-+                                                      DBusMessage         *message,
-+                                                      dbus_int32_t        *toggles,
-+                                                      dbus_bool_t         *log,
-+                                                      const char         **privilege_param,
++                                                      dbus_bool_t      *log,
++                                                      const char      **privilege_param,
  +                                                      BusDeferredMessage **deferred_message);
  +                                                      BusDeferredMessage **deferred_message);
-+BusResult        bus_client_policy_check_can_receive (BusClientPolicy     *policy,
-+                                                      BusRegistry         *registry,
-+                                                      dbus_bool_t          requested_reply,
-+                                                      DBusConnection      *sender,
-+                                                      DBusConnection      *addressed_recipient,
-+                                                      DBusConnection      *proposed_recipient,
-+                                                      DBusMessage         *message,
-+                                                      dbus_int32_t        *toggles,
-+                                                      const char         **privilege_param,
++BusResult        bus_client_policy_check_can_receive (BusClientPolicy  *policy,
+                                                       BusRegistry      *registry,
+                                                       dbus_bool_t       requested_reply,
+                                                       DBusConnection   *sender,
+                                                       DBusConnection   *addressed_recipient,
+                                                       DBusConnection   *proposed_recipient,
+                                                       DBusMessage      *message,
+-                                                      dbus_int32_t     *toggles);
++                                                      dbus_int32_t     *toggles,
++                                                      const char      **privilege_param,
  +                                                      BusDeferredMessage **deferred_message);
   dbus_bool_t      bus_client_policy_check_can_own     (BusClientPolicy  *policy,
                                                         const DBusString *service_name);
   dbus_bool_t      bus_client_policy_append_rule       (BusClientPolicy  *policy,
  diff --git a/configure.ac b/configure.ac
  +                                                      BusDeferredMessage **deferred_message);
   dbus_bool_t      bus_client_policy_check_can_own     (BusClientPolicy  *policy,
                                                         const DBusString *service_name);
   dbus_bool_t      bus_client_policy_append_rule       (BusClientPolicy  *policy,
  diff --git a/configure.ac b/configure.ac
-index 80671b2..d975b04 100644
+index 81028ba..f21d1b2 100644
  --- a/configure.ac
  +++ b/configure.ac
  --- a/configure.ac
  +++ b/configure.ac
-@@ -1761,6 +1761,17 @@ AC_ARG_ENABLE([user-session],
+@@ -1770,6 +1770,17 @@ AC_ARG_ENABLE([user-session],
   AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION],
     [test "x$enable_user_session" = xyes])
   
   AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION],
     [test "x$enable_user_session" = xyes])
   
@@ -2143,7 +2138,7 @@ index 80671b2..d975b04 100644
   AC_CONFIG_FILES([
   Doxyfile
   dbus/Version
   AC_CONFIG_FILES([
   Doxyfile
   dbus/Version
-@@ -1843,6 +1854,7 @@ echo "
+@@ -1852,6 +1863,7 @@ echo "
           Building bus stats API:   ${enable_stats}
           Building SELinux support: ${have_selinux}
           Building AppArmor support: ${have_apparmor}
           Building bus stats API:   ${enable_stats}
           Building SELinux support: ${have_selinux}
           Building AppArmor support: ${have_apparmor}
@@ -2232,3 +2227,6 @@ index 0000000..47ee854
  +    <check privilege="foo" send_interface="org.freedesktop.TestSuite" send_member="Echo"/>
  +  </policy>
  +</busconfig>
  +    <check privilege="foo" send_interface="org.freedesktop.TestSuite" send_member="Echo"/>
  +  </policy>
  +</busconfig>
+-- 
+2.17.2
+
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch

index 4fd7551..ebbd531 100644 (file)
--- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch
+++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch
@@ -1,8 +1,7 @@
-From 9bea6ec0497391b6af41daca18d7868af2656cef Mon Sep 17 00:00:00 2001
+From aae977a0c4bb1c25640c7056166fbc4e76ef1db6 Mon Sep 17 00:00:00 2001
  From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
  Date: Fri, 28 Nov 2014 12:07:39 +0100
  From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
  Date: Fri, 28 Nov 2014 12:07:39 +0100
-Subject: [PATCH 2/5] Disable message dispatching when send rule result is not
- known
+Subject: Disable message dispatching when send rule result is not known
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
@@ -17,18 +16,16 @@ Receive rule result unavailability is not yet handled - such messages are
  rejected. Also, if message is sent to non-addressed recipient and policy result
  is unknown, message is silently dropped.
  
  rejected. Also, if message is sent to non-addressed recipient and policy result
  is unknown, message is silently dropped.
  
-Change-Id: I57eccbf973525fd51369c7d4e58908292f44da80
-
  Cherry-picked from b1b87ad9f20b2052c28431b48e81073078a745ce
  by Jose Bollo.
  
  Cherry-picked from b1b87ad9f20b2052c28431b48e81073078a745ce
  by Jose Bollo.
  
-Updated for dbus 1.12.10 by Scott Murray.
+Updated for dbus 1.10.20 by Scott Murray and José Bollo
  
  Signed-off-by: José Bollo <jose.bollo@iot.bzh>
  Signed-off-by: Scott Murray <scott.murray@konsulko.com>
  
  diff --git a/bus/activation.c b/bus/activation.c
  
  Signed-off-by: José Bollo <jose.bollo@iot.bzh>
  Signed-off-by: Scott Murray <scott.murray@konsulko.com>
  
  diff --git a/bus/activation.c b/bus/activation.c
-index 451179d..5f02153 100644
+index f8a02eb..005047f 100644
  --- a/bus/activation.c
  +++ b/bus/activation.c
  @@ -32,6 +32,7 @@
  --- a/bus/activation.c
  +++ b/bus/activation.c
  @@ -32,6 +32,7 @@
@@ -153,9 +150,8 @@ index 451179d..5f02153 100644
                                  bus_connection_get_loginfo (connection));
                 /* Wonderful, systemd is connected, let's just send the msg */
  -              retval = bus_dispatch_matches (activation_transaction, NULL,
                                  bus_connection_get_loginfo (connection));
                 /* Wonderful, systemd is connected, let's just send the msg */
  -              retval = bus_dispatch_matches (activation_transaction, NULL,
--                                             systemd, message, error);
  +              res = bus_dispatch_matches (activation_transaction, NULL,
  +              res = bus_dispatch_matches (activation_transaction, NULL,
-+                                          systemd, message, error);
+                                              systemd, message, error);
  +
  +              if (res == BUS_RESULT_TRUE)
  +                retval = TRUE;
  +
  +              if (res == BUS_RESULT_TRUE)
  +                retval = TRUE;
@@ -377,7 +373,7 @@ index 57a4c45..77aed62 100644
   typedef struct BusCynara
   {
  diff --git a/bus/dispatch.c b/bus/dispatch.c
   typedef struct BusCynara
   {
  diff --git a/bus/dispatch.c b/bus/dispatch.c
-index 7e51bc1..0250b53 100644
+index d3867f7..50a22a3 100644
  --- a/bus/dispatch.c
  +++ b/bus/dispatch.c
  @@ -35,6 +35,7 @@
  --- a/bus/dispatch.c
  +++ b/bus/dispatch.c
  @@ -35,6 +35,7 @@
@@ -472,7 +468,7 @@ index 7e51bc1..0250b53 100644
   }
   
   static DBusHandlerResult
   }
   
   static DBusHandlerResult
-@@ -410,10 +427,12 @@ bus_dispatch (DBusConnection *connection,
+@@ -409,10 +426,12 @@ bus_dispatch (DBusConnection *connection,
           }
         else if (res == BUS_RESULT_LATER)
           {
           }
         else if (res == BUS_RESULT_LATER)
           {
@@ -489,7 +485,7 @@ index 7e51bc1..0250b53 100644
             goto out;
           }
   
             goto out;
           }
   
-@@ -515,8 +534,14 @@ bus_dispatch (DBusConnection *connection,
+@@ -514,8 +533,14 @@ bus_dispatch (DBusConnection *connection,
      * addressed_recipient == NULL), and match it against other connections'
      * match rules.
      */
      * addressed_recipient == NULL), and match it against other connections'
      * match rules.
      */
@@ -506,7 +502,7 @@ index 7e51bc1..0250b53 100644
   
    out:
     if (dbus_error_is_set (&error))
   
    out:
     if (dbus_error_is_set (&error))
-@@ -5061,9 +5086,132 @@ bus_dispatch_test_conf_fail (const DBusString *test_data_dir,
+@@ -5060,9 +5085,132 @@ bus_dispatch_test_conf_fail (const DBusString *test_data_dir,
   }
   #endif
   
   }
   #endif
   
@@ -709,7 +705,7 @@ index 4835732..94b1c95 100644
   DBUS_PRIVATE_EXPORT
   void _dbus_connection_get_stats (DBusConnection *connection,
  diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c
   DBUS_PRIVATE_EXPORT
   void _dbus_connection_get_stats (DBusConnection *connection,
  diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c
-index c525b6d..f1b0ea0 100644
+index c525b6d..958968c 100644
  --- a/dbus/dbus-connection.c
  +++ b/dbus/dbus-connection.c
  @@ -311,7 +311,8 @@ struct DBusConnection
  --- a/dbus/dbus-connection.c
  +++ b/dbus/dbus-connection.c
  @@ -311,7 +311,8 @@ struct DBusConnection
@@ -851,7 +847,7 @@ index c525b6d..f1b0ea0 100644
     HAVE_LOCK_CHECK (connection);
  -  
  -  if (connection->n_incoming > 0)
     HAVE_LOCK_CHECK (connection);
  -  
  -  if (connection->n_incoming > 0)
-+  if (connection->dispatch_disabled && dbus_connection_get_is_connected(connection))
++  if (connection->dispatch_disabled && _dbus_connection_get_is_connected_unlocked(connection))
  +    return DBUS_DISPATCH_COMPLETE;
  +  else if (connection->n_incoming > 0)
       return DBUS_DISPATCH_DATA_REMAINS;
  +    return DBUS_DISPATCH_COMPLETE;
  +  else if (connection->n_incoming > 0)
       return DBUS_DISPATCH_DATA_REMAINS;
@@ -948,3 +944,6 @@ index 7ab9103..e5bfbed 100644
   } DBusHandlerResult;
   
   /* Bus names */
   } DBusHandlerResult;
   
   /* Bus names */
+-- 
+2.17.2
+
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch

index 7f17bd0..1c2ab2b 100644 (file)
--- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch
+++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch
@@ -1,8 +1,8 @@
-From 8c5fd05f7b2f14ac0f4423cae300f60c6bb51c74 Mon Sep 17 00:00:00 2001
+From fdc3d7086c8f7a623e3da80e559708545b9201fc Mon Sep 17 00:00:00 2001
  From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
  Date: Fri, 28 Nov 2014 12:39:33 +0100
  From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
  Date: Fri, 28 Nov 2014 12:39:33 +0100
-Subject: [PATCH 3/5] Handle unavailability of policy results for broadcasts
- and receive rules
+Subject: Handle unavailability of policy results for broadcasts and receive
+ rules
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
@@ -19,17 +19,15 @@ Messages sent to non-addressed recipients (eavesdroppers or broadcast
  message recipients) are handled in a similar way. The difference is
  that it is not full dispatch meaning message is sent to a single recipient.
  
  message recipients) are handled in a similar way. The difference is
  that it is not full dispatch meaning message is sent to a single recipient.
  
-Change-Id: Iecd5395f75a4c7811fa97247a37d8fc4d42e8814
-
  Cherry picked from 1e231194610892dd4360224998d91336097b05a1 by Jose Bollo
  
  Cherry picked from 1e231194610892dd4360224998d91336097b05a1 by Jose Bollo
  
-Updated for dbus 1.12.10 by Scott Murray.
+Updated for dbus 1.10.20 by Scott Murray and José Bollo
  
  Signed-off-by: José Bollo <jose.bollo@iot.bzh>
  Signed-off-by: Scott Murray <scott.murray@konsulko.com>
  
  diff --git a/bus/activation.c b/bus/activation.c
  
  Signed-off-by: José Bollo <jose.bollo@iot.bzh>
  Signed-off-by: Scott Murray <scott.murray@konsulko.com>
  
  diff --git a/bus/activation.c b/bus/activation.c
-index 5f02153..f2981e1 100644
+index 005047f..ffdc6fc 100644
  --- a/bus/activation.c
  +++ b/bus/activation.c
  @@ -1259,7 +1259,7 @@ bus_activation_send_pending_auto_activation_messages (BusActivation  *activation
  --- a/bus/activation.c
  +++ b/bus/activation.c
  @@ -1259,7 +1259,7 @@ bus_activation_send_pending_auto_activation_messages (BusActivation  *activation
@@ -45,8 +43,8 @@ index 5f02153..f2981e1 100644
                                  bus_connection_get_loginfo (connection));
                 /* Wonderful, systemd is connected, let's just send the msg */
                 res = bus_dispatch_matches (activation_transaction, NULL,
                                  bus_connection_get_loginfo (connection));
                 /* Wonderful, systemd is connected, let's just send the msg */
                 res = bus_dispatch_matches (activation_transaction, NULL,
--                                          systemd, message, error);
-+                                          systemd, message, NULL, error);
+-                                             systemd, message, error);
++                                             systemd, message, NULL, error);
   
                 if (res == BUS_RESULT_TRUE)
                   retval = TRUE;
   
                 if (res == BUS_RESULT_TRUE)
                   retval = TRUE;
@@ -543,7 +541,7 @@ index d177549..9c13c18 100644
   extern BusResult (*bus_check_test_override) (DBusConnection *connection,
                                                  const char *privilege);
  diff --git a/bus/connection.c b/bus/connection.c
   extern BusResult (*bus_check_test_override) (DBusConnection *connection,
                                                  const char *privilege);
  diff --git a/bus/connection.c b/bus/connection.c
-index deebde3..f9e563b 100644
+index b348d42..ee93384 100644
  --- a/bus/connection.c
  +++ b/bus/connection.c
  @@ -31,11 +31,13 @@
  --- a/bus/connection.c
  +++ b/bus/connection.c
  @@ -31,11 +31,13 @@
@@ -594,17 +592,16 @@ index deebde3..f9e563b 100644
   
     /* We have to set the sender to the driver, and have
      * to check security policy since it was not done in
   
     /* We have to set the sender to the driver, and have
      * to check security policy since it was not done in
-@@ -2402,7 +2408,8 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+@@ -2401,7 +2407,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+   res = bus_context_check_security_policy (bus_transaction_get_context (transaction),
                                              transaction,
                                              transaction,
-                                            NULL, connection, connection,
-                                            message, NULL, &error,
--                                           NULL);
-+                                           &deferred_message);
-+
+                                            NULL, connection, connection, message, NULL,
+-                                           &error, NULL);
++                                           &error, &deferred_message);
     if (res == BUS_RESULT_FALSE)
       {
         if (!bus_transaction_capture_error_reply (transaction, connection,
     if (res == BUS_RESULT_FALSE)
       {
         if (!bus_transaction_capture_error_reply (transaction, connection,
-@@ -2420,18 +2427,20 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+@@ -2419,18 +2425,20 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
       }
     else if (res == BUS_RESULT_LATER)
       {
       }
     else if (res == BUS_RESULT_LATER)
       {
@@ -629,7 +626,7 @@ index deebde3..f9e563b 100644
   {
     MessageToSend *to_send;
     BusConnectionData *d;
   {
     MessageToSend *to_send;
     BusConnectionData *d;
-@@ -2457,7 +2466,28 @@ bus_transaction_send (BusTransaction *transaction,
+@@ -2456,7 +2464,28 @@ bus_transaction_send (BusTransaction *transaction,
     
     d = BUS_CONNECTION_DATA (connection);
     _dbus_assert (d != NULL);
     
     d = BUS_CONNECTION_DATA (connection);
     _dbus_assert (d != NULL);
@@ -659,7 +656,7 @@ index deebde3..f9e563b 100644
     to_send = dbus_new (MessageToSend, 1);
     if (to_send == NULL)
       {
     to_send = dbus_new (MessageToSend, 1);
     if (to_send == NULL)
       {
-@@ -2709,6 +2739,131 @@ bus_transaction_add_cancel_hook (BusTransaction               *transaction,
+@@ -2708,6 +2737,131 @@ bus_transaction_add_cancel_hook (BusTransaction               *transaction,
     return TRUE;
   }
   
     return TRUE;
   }
   
@@ -829,7 +826,7 @@ index 71078ea..97dae96 100644
                                                     DBusConnection               *connection,
                                                     DBusConnection               *addressed_recipient,
  diff --git a/bus/dispatch.c b/bus/dispatch.c
                                                     DBusConnection               *connection,
                                                     DBusConnection               *addressed_recipient,
  diff --git a/bus/dispatch.c b/bus/dispatch.c
-index 0250b53..1bdcbf0 100644
+index 50a22a3..7d30ce4 100644
  --- a/bus/dispatch.c
  +++ b/bus/dispatch.c
  @@ -33,6 +33,7 @@
  --- a/bus/dispatch.c
  +++ b/bus/dispatch.c
  @@ -33,6 +33,7 @@
@@ -888,17 +885,19 @@ index 0250b53..1bdcbf0 100644
   {
     DBusError tmp_error;
     BusConnections *connections;
   {
     DBusError tmp_error;
     BusConnections *connections;
-@@ -152,17 +164,78 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -137,7 +149,6 @@ bus_dispatch_matches (BusTransaction *transaction,
+   DBusList *link;
+   BusContext *context;
+   BusDeferredMessage *deferred_message;
+-  BusResult res;
+ 
+   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+ 
+@@ -153,16 +164,80 @@ bus_dispatch_matches (BusTransaction *transaction,
     /* First, send the message to the addressed_recipient, if there is one. */
     if (addressed_recipient != NULL)
       {
     /* First, send the message to the addressed_recipient, if there is one. */
     if (addressed_recipient != NULL)
       {
--      BusResult res;
  -      res = bus_context_check_security_policy (context, transaction,
  -      res = bus_context_check_security_policy (context, transaction,
--                                               sender, addressed_recipient,
--                                               addressed_recipient,
--                                               message, NULL, error,
--                                               &deferred_message);
--      if (res == BUS_RESULT_FALSE)
  +      BusResult result;
  +      /* To maintain message order message needs to be appended at the recipient if there are already
  +       *  deferred messages and we are not doing deferred dispatch
  +      BusResult result;
  +      /* To maintain message order message needs to be appended at the recipient if there are already
  +       *  deferred messages and we are not doing deferred dispatch
@@ -950,9 +949,12 @@ index 0250b53..1bdcbf0 100644
  +        result = BUS_RESULT_LATER;
  +
  +      if (result == BUS_RESULT_LATER)
  +        result = BUS_RESULT_LATER;
  +
  +      if (result == BUS_RESULT_LATER)
-+        result = bus_context_check_security_policy(context, transaction,
-+            sender, addressed_recipient, addressed_recipient, message, NULL, error,
-+            &deferred_message);
++        result = bus_context_check_security_policy (context, transaction,
+                                                sender, addressed_recipient,
+                                                addressed_recipient,
+                                                message, NULL, error,
+                                                &deferred_message);
+-      if (res == BUS_RESULT_FALSE)
  +
  +      if (result == BUS_RESULT_FALSE)
           return BUS_RESULT_FALSE;
  +
  +      if (result == BUS_RESULT_FALSE)
           return BUS_RESULT_FALSE;
@@ -975,7 +977,7 @@ index 0250b53..1bdcbf0 100644
             status = bus_deferred_message_get_status(deferred_message);
   
             if (status & BUS_DEFERRED_MESSAGE_CHECK_SEND)
             status = bus_deferred_message_get_status(deferred_message);
   
             if (status & BUS_DEFERRED_MESSAGE_CHECK_SEND)
-@@ -173,13 +246,18 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -173,13 +248,18 @@ bus_dispatch_matches (BusTransaction *transaction,
               }
             else if (status & BUS_DEFERRED_MESSAGE_CHECK_RECEIVE)
               {
               }
             else if (status & BUS_DEFERRED_MESSAGE_CHECK_RECEIVE)
               {
@@ -998,7 +1000,7 @@ index 0250b53..1bdcbf0 100644
                 return BUS_RESULT_FALSE;
               }
           }
                 return BUS_RESULT_FALSE;
               }
           }
-@@ -196,7 +274,8 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -196,7 +276,8 @@ bus_dispatch_matches (BusTransaction *transaction,
           }
   
         /* Dispatch the message */
           }
   
         /* Dispatch the message */
@@ -1008,7 +1010,7 @@ index 0250b53..1bdcbf0 100644
           {
             BUS_SET_OOM (error);
             return BUS_RESULT_FALSE;
           {
             BUS_SET_OOM (error);
             return BUS_RESULT_FALSE;
-@@ -535,7 +614,7 @@ bus_dispatch (DBusConnection *connection,
+@@ -534,7 +615,7 @@ bus_dispatch (DBusConnection *connection,
      * match rules.
      */
     if (BUS_RESULT_LATER == bus_dispatch_matches (transaction, connection, addressed_recipient,
      * match rules.
      */
     if (BUS_RESULT_LATER == bus_dispatch_matches (transaction, connection, addressed_recipient,
@@ -1075,3 +1077,6 @@ index 7ee1ce5..b1fab0d 100644
       }
     else
         privilege = NULL;
       }
     else
         privilege = NULL;
+-- 
+2.17.2
+
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch

index bde7852..9cb744d 100644 (file)
--- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch
+++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch
@@ -1,7 +1,7 @@
-From 5bf7f759a738a451ea70732731d9a1b3e064353b Mon Sep 17 00:00:00 2001
+From e7ae85429aa3e6d80df13b3a5a492d9ccbf42518 Mon Sep 17 00:00:00 2001
  From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
  Date: Thu, 27 Nov 2014 11:26:21 +0100
  From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
  Date: Thu, 27 Nov 2014 11:26:21 +0100
-Subject: [PATCH 4/5] Add own rule result unavailability handling
+Subject: Add own rule result unavailability handling
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
@@ -15,20 +15,18 @@ policy result is not known therefore its return type is modified.
  Since bus message handlers are put into function pointer array other
  message handler function singatures are also affected.
  
  Since bus message handlers are put into function pointer array other
  message handler function singatures are also affected.
  
-Change-Id: I4c2cbd4585e41fccd8a30f825a8f0d342ab56755
-
  Cherry-picked from 35ef89cd6777ea2430077fc621d21bd01df92349 by Jose.bollo
  
  Cherry-picked from 35ef89cd6777ea2430077fc621d21bd01df92349 by Jose.bollo
  
-Updated for dbus 1.12.10 by Scott Murray.
+Updated for dbus 1.10.20 by Scott Murray and José Bollo
  
  Signed-off-by: José Bollo <jose.bollo@iot.bzh>
  Signed-off-by: Scott Murray <scott.murray@konsulko.com>
  
  diff --git a/bus/dispatch.c b/bus/dispatch.c
  
  Signed-off-by: José Bollo <jose.bollo@iot.bzh>
  Signed-off-by: Scott Murray <scott.murray@konsulko.com>
  
  diff --git a/bus/dispatch.c b/bus/dispatch.c
-index 1bdcbf0..625add5 100644
+index 7d30ce4..4b84c21 100644
  --- a/bus/dispatch.c
  +++ b/bus/dispatch.c
  --- a/bus/dispatch.c
  +++ b/bus/dispatch.c
-@@ -516,8 +516,17 @@ bus_dispatch (DBusConnection *connection,
+@@ -517,8 +517,17 @@ bus_dispatch (DBusConnection *connection,
           }
   
         _dbus_verbose ("Giving message to %s\n", DBUS_SERVICE_DBUS);
           }
   
         _dbus_verbose ("Giving message to %s\n", DBUS_SERVICE_DBUS);
@@ -48,7 +46,7 @@ index 1bdcbf0..625add5 100644
     else if (!bus_connection_is_active (connection)) /* clients must talk to bus driver first */
       {
  diff --git a/bus/driver.c b/bus/driver.c
     else if (!bus_connection_is_active (connection)) /* clients must talk to bus driver first */
       {
  diff --git a/bus/driver.c b/bus/driver.c
-index d89a658..5ee60cb 100644
+index d89a658..aaeb3b2 100644
  --- a/bus/driver.c
  +++ b/bus/driver.c
  @@ -420,7 +420,7 @@ create_unique_client_name (BusRegistry *registry,
  --- a/bus/driver.c
  +++ b/bus/driver.c
  @@ -420,7 +420,7 @@ create_unique_client_name (BusRegistry *registry,
@@ -798,7 +796,71 @@ index d89a658..5ee60cb 100644
       _DBUS_ASSERT_ERROR_IS_CLEAR (error);
     else
       _DBUS_ASSERT_ERROR_IS_SET (error);
       _DBUS_ASSERT_ERROR_IS_CLEAR (error);
     else
       _DBUS_ASSERT_ERROR_IS_SET (error);
-@@ -2389,10 +2394,10 @@ typedef struct
+@@ -2281,7 +2286,7 @@ out:
+   return ret;
+ }
+ 
+-static dbus_bool_t
++static BusResult
+ bus_driver_handle_get_machine_id (DBusConnection *connection,
+                                   BusTransaction *transaction,
+                                   DBusMessage *message,
+@@ -2296,7 +2301,7 @@ bus_driver_handle_get_machine_id (DBusConnection *connection,
+   if (!_dbus_string_init (&uuid))
+     {
+       BUS_SET_OOM (error);
+-      return FALSE;
++      return BUS_RESULT_FALSE;
+     }
+ 
+   if (!_dbus_get_local_machine_uuid_encoded (&uuid, error))
+@@ -2321,7 +2326,7 @@ bus_driver_handle_get_machine_id (DBusConnection *connection,
+ 
+   _dbus_string_free (&uuid);
+   dbus_message_unref (reply);
+-  return TRUE;
++  return BUS_RESULT_TRUE;
+ 
+ oom:
+   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+@@ -2335,29 +2340,30 @@ fail:
+     dbus_message_unref (reply);
+ 
+   _dbus_string_free (&uuid);
+-  return FALSE;
++  return BUS_RESULT_FALSE;
+ }
+ 
+-static dbus_bool_t
++static BusResult
+ bus_driver_handle_ping (DBusConnection *connection,
+                         BusTransaction *transaction,
+                         DBusMessage *message,
+                         DBusError *error)
+ {
+-  return bus_driver_send_ack_reply (connection, transaction, message, error);
++  return bus_driver_send_ack_reply (connection, transaction, message, error) == TRUE
++               ? BUS_RESULT_TRUE : BUS_RESULT_FALSE;
+ }
+ 
+-static dbus_bool_t bus_driver_handle_get (DBusConnection *connection,
++static BusResult bus_driver_handle_get (DBusConnection *connection,
+                                           BusTransaction *transaction,
+                                           DBusMessage *message,
+                                           DBusError *error);
+ 
+-static dbus_bool_t bus_driver_handle_get_all (DBusConnection *connection,
++static BusResult bus_driver_handle_get_all (DBusConnection *connection,
+                                               BusTransaction *transaction,
+                                               DBusMessage *message,
+                                               DBusError *error);
+ 
+-static dbus_bool_t bus_driver_handle_set (DBusConnection *connection,
++static BusResult bus_driver_handle_set (DBusConnection *connection,
+                                           BusTransaction *transaction,
+                                           DBusMessage *message,
+                                           DBusError *error);
+@@ -2389,10 +2395,10 @@ typedef struct
     const char *name;
     const char *in_args;
     const char *out_args;
     const char *name;
     const char *in_args;
     const char *out_args;
@@ -813,7 +875,7 @@ index d89a658..5ee60cb 100644
     MethodFlags flags;
   } MessageHandler;
   
     MethodFlags flags;
   } MessageHandler;
   
-@@ -2511,7 +2516,7 @@ static const PropertyHandler dbus_property_handlers[] = {
+@@ -2511,7 +2517,7 @@ static const PropertyHandler dbus_property_handlers[] = {
     { NULL, NULL, NULL }
   };
   
     { NULL, NULL, NULL }
   };
   
@@ -822,7 +884,7 @@ index d89a658..5ee60cb 100644
       BusTransaction *, DBusMessage *, DBusError *);
   
   static const MessageHandler properties_message_handlers[] = {
       BusTransaction *, DBusMessage *, DBusError *);
   
   static const MessageHandler properties_message_handlers[] = {
-@@ -2763,7 +2768,7 @@ bus_driver_generate_introspect_string (DBusString *xml,
+@@ -2763,7 +2769,7 @@ bus_driver_generate_introspect_string (DBusString *xml,
     return TRUE;
   }
   
     return TRUE;
   }
   
@@ -831,7 +893,7 @@ index d89a658..5ee60cb 100644
   bus_driver_handle_introspect (DBusConnection *connection,
                                 BusTransaction *transaction,
                                 DBusMessage    *message,
   bus_driver_handle_introspect (DBusConnection *connection,
                                 BusTransaction *transaction,
                                 DBusMessage    *message,
-@@ -2784,13 +2789,13 @@ bus_driver_handle_introspect (DBusConnection *connection,
+@@ -2784,13 +2790,13 @@ bus_driver_handle_introspect (DBusConnection *connection,
                                DBUS_TYPE_INVALID))
       {
         _DBUS_ASSERT_ERROR_IS_SET (error);
                                DBUS_TYPE_INVALID))
       {
         _DBUS_ASSERT_ERROR_IS_SET (error);
@@ -847,7 +909,7 @@ index d89a658..5ee60cb 100644
       }
   
     is_canonical_path = dbus_message_has_path (message, DBUS_PATH_DBUS);
       }
   
     is_canonical_path = dbus_message_has_path (message, DBUS_PATH_DBUS);
-@@ -2815,7 +2820,7 @@ bus_driver_handle_introspect (DBusConnection *connection,
+@@ -2815,7 +2821,7 @@ bus_driver_handle_introspect (DBusConnection *connection,
     dbus_message_unref (reply);
     _dbus_string_free (&xml);
   
     dbus_message_unref (reply);
     _dbus_string_free (&xml);
   
@@ -856,7 +918,7 @@ index d89a658..5ee60cb 100644
   
    oom:
     BUS_SET_OOM (error);
   
    oom:
     BUS_SET_OOM (error);
-@@ -2825,10 +2830,10 @@ bus_driver_handle_introspect (DBusConnection *connection,
+@@ -2825,10 +2831,42 @@ bus_driver_handle_introspect (DBusConnection *connection,
   
     _dbus_string_free (&xml);
   
   
     _dbus_string_free (&xml);
   
@@ -864,12 +926,43 @@ index d89a658..5ee60cb 100644
  +  return BUS_RESULT_FALSE;
   }
   
  +  return BUS_RESULT_FALSE;
   }
   
--dbus_bool_t
++/*
++ * Set @error and return FALSE if the message is not directed to the
++ * dbus-daemon by its canonical object path. This is hardening against
++ * system services with poorly-written security policy files, which
++ * might allow sending dangerously broad equivalence classes of messages
++ * such as "anything with this assumed-to-be-safe object path".
++ *
++ * dbus-daemon is unusual in that it normally ignores the object path
++ * of incoming messages; we need to keep that behaviour for the "read"
++ * read-only method calls like GetConnectionUnixUser for backwards
++ * compatibility, but it seems safer to be more restrictive for things
++ * intended to be root-only or privileged-developers-only.
++ *
++ * It is possible that there are other system services with the same
++ * quirk as dbus-daemon.
++ */
+ dbus_bool_t
++bus_driver_check_message_is_for_us (DBusMessage *message,
++                                    DBusError   *error)
++{
++  if (!dbus_message_has_path (message, DBUS_PATH_DBUS))
++    {
++      dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
++          "Method '%s' is only available at the canonical object path '%s'",
++          dbus_message_get_member (message), DBUS_PATH_DBUS);
++
++      return FALSE;
++    }
++
++  return TRUE;
++}
++
  +BusResult
   bus_driver_handle_message (DBusConnection *connection,
                              BusTransaction *transaction,
                            DBusMessage    *message,
  +BusResult
   bus_driver_handle_message (DBusConnection *connection,
                              BusTransaction *transaction,
                            DBusMessage    *message,
-@@ -2839,6 +2844,7 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2839,6 +2877,7 @@ bus_driver_handle_message (DBusConnection *connection,
     const MessageHandler *mh;
     dbus_bool_t found_interface = FALSE;
     dbus_bool_t is_canonical_path;
     const MessageHandler *mh;
     dbus_bool_t found_interface = FALSE;
     dbus_bool_t is_canonical_path;
@@ -877,7 +970,7 @@ index d89a658..5ee60cb 100644
   
     _DBUS_ASSERT_ERROR_IS_CLEAR (error);
   
   
     _DBUS_ASSERT_ERROR_IS_CLEAR (error);
   
-@@ -2854,7 +2860,7 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2854,7 +2893,7 @@ bus_driver_handle_message (DBusConnection *connection,
                                                     transaction,
                                                     message,
                                                     error))
                                                     transaction,
                                                     message,
                                                     error))
@@ -886,7 +979,7 @@ index d89a658..5ee60cb 100644
   
         context = bus_connection_get_context (connection);
         systemd = bus_driver_get_owner_of_name (connection,
   
         context = bus_connection_get_context (connection);
         systemd = bus_driver_get_owner_of_name (connection,
-@@ -2871,7 +2877,7 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2871,7 +2910,7 @@ bus_driver_handle_message (DBusConnection *connection,
                              attacker ? attacker : "(unauthenticated)",
                              bus_connection_get_loginfo (connection));
             /* ignore it */
                              attacker ? attacker : "(unauthenticated)",
                              bus_connection_get_loginfo (connection));
             /* ignore it */
@@ -895,7 +988,7 @@ index d89a658..5ee60cb 100644
           }
   
         if (!bus_context_get_systemd_activation (context))
           }
   
         if (!bus_context_get_systemd_activation (context))
-@@ -2879,16 +2885,16 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2879,16 +2918,16 @@ bus_driver_handle_message (DBusConnection *connection,
             bus_context_log (context, DBUS_SYSTEM_LOG_WARNING,
                              "Ignoring unexpected ActivationFailure message "
                              "while not using systemd activation");
             bus_context_log (context, DBUS_SYSTEM_LOG_WARNING,
                              "Ignoring unexpected ActivationFailure message "
                              "while not using systemd activation");
@@ -915,7 +1008,7 @@ index d89a658..5ee60cb 100644
       }
   
     /* may be NULL, which means "any interface will do" */
       }
   
     /* may be NULL, which means "any interface will do" */
-@@ -2953,20 +2959,27 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2953,20 +2992,27 @@ bus_driver_handle_message (DBusConnection *connection,
                                 name, dbus_message_get_signature (message),
                                 mh->in_args);
                 _DBUS_ASSERT_ERROR_IS_SET (error);
                                 name, dbus_message_get_signature (message),
                                 mh->in_args);
                 _DBUS_ASSERT_ERROR_IS_SET (error);
@@ -948,7 +1041,7 @@ index d89a658..5ee60cb 100644
               }
           }
       }
               }
           }
       }
-@@ -2978,7 +2991,7 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2978,7 +3024,7 @@ bus_driver_handle_message (DBusConnection *connection,
                     "%s does not understand message %s",
                     DBUS_SERVICE_DBUS, name);
   
                     "%s does not understand message %s",
                     DBUS_SERVICE_DBUS, name);
   
@@ -957,6 +1050,115 @@ index d89a658..5ee60cb 100644
   }
   
   void
   }
   
   void
+@@ -3099,7 +3145,7 @@ interface_handler_find_property (const InterfaceHandler *ih,
+   return NULL;
+ }
+ 
+-static dbus_bool_t
++static BusResult
+ bus_driver_handle_get (DBusConnection *connection,
+                        BusTransaction *transaction,
+                        DBusMessage    *message,
+@@ -3120,18 +3166,18 @@ bus_driver_handle_get (DBusConnection *connection,
+                               DBUS_TYPE_STRING, &iface,
+                               DBUS_TYPE_STRING, &prop,
+                               DBUS_TYPE_INVALID))
+-    return FALSE;
++    return BUS_RESULT_FALSE;
+ 
+   /* We only implement Properties on /org/freedesktop/DBus so far. */
+   ih = bus_driver_find_interface (iface, TRUE, error);
+ 
+   if (ih == NULL)
+-    return FALSE;
++    return BUS_RESULT_FALSE;
+ 
+   handler = interface_handler_find_property (ih, prop, error);
+ 
+   if (handler == NULL)
+-    return FALSE;
++    return BUS_RESULT_FALSE;
+ 
+   context = bus_transaction_get_context (transaction);
+ 
+@@ -3159,17 +3205,17 @@ bus_driver_handle_get (DBusConnection *connection,
+     goto oom;
+ 
+   dbus_message_unref (reply);
+-  return TRUE;
++  return BUS_RESULT_TRUE;
+ 
+ oom:
+   if (reply != NULL)
+     dbus_message_unref (reply);
+ 
+   BUS_SET_OOM (error);
+-  return FALSE;
++  return BUS_RESULT_FALSE;
+ }
+ 
+-static dbus_bool_t
++static BusResult
+ bus_driver_handle_get_all (DBusConnection *connection,
+                            BusTransaction *transaction,
+                            DBusMessage    *message,
+@@ -3188,13 +3234,13 @@ bus_driver_handle_get_all (DBusConnection *connection,
+   if (!dbus_message_get_args (message, error,
+                               DBUS_TYPE_STRING, &iface,
+                               DBUS_TYPE_INVALID))
+-    return FALSE;
++    return BUS_RESULT_FALSE;
+ 
+   /* We only implement Properties on /org/freedesktop/DBus so far. */
+   ih = bus_driver_find_interface (iface, TRUE, error);
+ 
+   if (ih == NULL)
+-    return FALSE;
++    return BUS_RESULT_FALSE;
+ 
+   context = bus_transaction_get_context (transaction);
+ 
+@@ -3229,7 +3275,7 @@ bus_driver_handle_get_all (DBusConnection *connection,
+     goto oom;
+ 
+   dbus_message_unref (reply);
+-  return TRUE;
++  return BUS_RESULT_TRUE;
+ 
+ oom_abandon_message:
+   _dbus_asv_abandon (&reply_iter, &array_iter);
+@@ -3239,10 +3285,10 @@ oom:
+     dbus_message_unref (reply);
+ 
+   BUS_SET_OOM (error);
+-  return FALSE;
++  return BUS_RESULT_FALSE;
+ }
+ 
+-static dbus_bool_t
++static BusResult
+ bus_driver_handle_set (DBusConnection *connection,
+                        BusTransaction *transaction,
+                        DBusMessage    *message,
+@@ -3271,15 +3317,15 @@ bus_driver_handle_set (DBusConnection *connection,
+   ih = bus_driver_find_interface (iface, TRUE, error);
+ 
+   if (ih == NULL)
+-    return FALSE;
++    return BUS_RESULT_FALSE;
+ 
+   handler = interface_handler_find_property (ih, prop, error);
+ 
+   if (handler == NULL)
+-    return FALSE;
++    return BUS_RESULT_FALSE;
+ 
+   /* We don't implement any properties that can be set yet. */
+   dbus_set_error (error, DBUS_ERROR_PROPERTY_READ_ONLY,
+                   "Property '%s.%s' cannot be set", iface, prop);
+-  return FALSE;
++  return BUS_RESULT_FALSE;
+ }
  diff --git a/bus/driver.h b/bus/driver.h
  index ac1289d..183c28b 100644
  --- a/bus/driver.h
  diff --git a/bus/driver.h b/bus/driver.h
  index ac1289d..183c28b 100644
  --- a/bus/driver.h
@@ -1061,12 +1263,12 @@ index b1fab0d..27b66d1 100644
   #endif /* DBUS_ENABLE_EMBEDDED_TESTS */
   
  diff --git a/bus/policy.h b/bus/policy.h
   #endif /* DBUS_ENABLE_EMBEDDED_TESTS */
   
  diff --git a/bus/policy.h b/bus/policy.h
-index f306a3c..39d7cc5 100644
+index f839d23..28ce8f2 100644
  --- a/bus/policy.h
  +++ b/bus/policy.h
  --- a/bus/policy.h
  +++ b/bus/policy.h
-@@ -182,8 +182,10 @@ BusResult        bus_client_policy_check_can_receive (BusClientPolicy     *polic
-                                                       dbus_int32_t        *toggles,
-                                                       const char         **privilege_param,
+@@ -182,8 +182,10 @@ BusResult        bus_client_policy_check_can_receive (BusClientPolicy  *policy,
+                                                       dbus_int32_t     *toggles,
+                                                       const char      **privilege_param,
                                                         BusDeferredMessage **deferred_message);
  -dbus_bool_t      bus_client_policy_check_can_own     (BusClientPolicy  *policy,
  -                                                      const DBusString *service_name);
                                                         BusDeferredMessage **deferred_message);
  -dbus_bool_t      bus_client_policy_check_can_own     (BusClientPolicy  *policy,
  -                                                      const DBusString *service_name);
@@ -1168,7 +1370,7 @@ index 056dd9f..3df3dd7 100644
                                              dbus_uint32_t                flags,
                                              dbus_uint32_t               *result,
  diff --git a/bus/stats.c b/bus/stats.c
                                              dbus_uint32_t                flags,
                                              dbus_uint32_t               *result,
  diff --git a/bus/stats.c b/bus/stats.c
-index 1582255..4ba72d6 100644
+index 1582255..c25be98 100644
  --- a/bus/stats.c
  +++ b/bus/stats.c
  @@ -36,7 +36,7 @@
  --- a/bus/stats.c
  +++ b/bus/stats.c
  @@ -36,7 +36,7 @@
@@ -1180,7 +1382,17 @@ index 1582255..4ba72d6 100644
   bus_stats_handle_get_stats (DBusConnection *connection,
                               BusTransaction *transaction,
                               DBusMessage    *message,
   bus_stats_handle_get_stats (DBusConnection *connection,
                               BusTransaction *transaction,
                               DBusMessage    *message,
-@@ -104,17 +104,17 @@ bus_stats_handle_get_stats (DBusConnection *connection,
+@@ -51,6 +51,9 @@ bus_stats_handle_get_stats (DBusConnection *connection,
+ 
+   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+ 
++  if (!bus_driver_check_message_is_for_us (message, error))
++    return BUS_RESULT_FALSE;
++
+   context = bus_transaction_get_context (transaction);
+   connections = bus_context_get_connections (context);
+ 
+@@ -104,17 +107,17 @@ bus_stats_handle_get_stats (DBusConnection *connection,
       goto oom;
   
     dbus_message_unref (reply);
       goto oom;
   
     dbus_message_unref (reply);
@@ -1201,7 +1413,7 @@ index 1582255..4ba72d6 100644
   bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,
                                          BusTransaction *transaction,
                                          DBusMessage    *message,
   bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,
                                          BusTransaction *transaction,
                                          DBusMessage    *message,
-@@ -209,7 +209,7 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,
+@@ -209,7 +212,7 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,
       goto oom;
   
     dbus_message_unref (reply);
       goto oom;
   
     dbus_message_unref (reply);
@@ -1210,7 +1422,7 @@ index 1582255..4ba72d6 100644
   
   oom:
     BUS_SET_OOM (error);
   
   oom:
     BUS_SET_OOM (error);
-@@ -218,11 +218,11 @@ failed:
+@@ -218,11 +221,11 @@ failed:
     if (reply != NULL)
       dbus_message_unref (reply);
   
     if (reply != NULL)
       dbus_message_unref (reply);
   
@@ -1224,7 +1436,7 @@ index 1582255..4ba72d6 100644
   bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
                                         BusTransaction *transaction,
                                         DBusMessage    *message,
   bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
                                         BusTransaction *transaction,
                                         DBusMessage    *message,
-@@ -246,7 +246,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
+@@ -246,7 +249,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
     matchmaker = bus_context_get_matchmaker (context);
   
     if (!bus_registry_list_services (registry, &services, &services_len))
     matchmaker = bus_context_get_matchmaker (context);
   
     if (!bus_registry_list_services (registry, &services, &services_len))
@@ -1233,7 +1445,7 @@ index 1582255..4ba72d6 100644
   
     reply = dbus_message_new_method_return (message);
     if (reply == NULL)
   
     reply = dbus_message_new_method_return (message);
     if (reply == NULL)
-@@ -325,7 +325,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
+@@ -325,7 +328,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
   
     dbus_message_unref (reply);
     dbus_free_string_array (services);
   
     dbus_message_unref (reply);
     dbus_free_string_array (services);
@@ -1242,7 +1454,7 @@ index 1582255..4ba72d6 100644
   
   oom:
     if (reply != NULL)
   
   oom:
     if (reply != NULL)
-@@ -334,7 +334,7 @@ oom:
+@@ -334,7 +337,7 @@ oom:
     dbus_free_string_array (services);
   
     BUS_SET_OOM (error);
     dbus_free_string_array (services);
   
     BUS_SET_OOM (error);
@@ -1276,3 +1488,6 @@ index dcb022c..683fa17 100644
                                                     BusTransaction *transaction,
                                                     DBusMessage    *message,
                                                     DBusError      *error);
                                                     BusTransaction *transaction,
                                                     DBusMessage    *message,
                                                     DBusError      *error);
+-- 
+2.17.2
+
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch

index 6cc7c19..8ce441b 100644 (file)
--- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch
+++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch
@@ -1,7 +1,7 @@
-From 92a373a6dbb1c7cd7c9824167aac232f3e0daebd Mon Sep 17 00:00:00 2001
+From 69ba571e0daa0a7a9aa6c6b5be5d3338a89d144a Mon Sep 17 00:00:00 2001
  From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
  Date: Tue, 23 Jun 2015 11:08:48 +0200
  From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
  Date: Tue, 23 Jun 2015 11:08:48 +0200
-Subject: [PATCH 5/5] Perform Cynara runtime policy checks by default
+Subject: Perform Cynara runtime policy checks by default
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
@@ -22,16 +22,67 @@ signals.
  Services are supposed to override these default settings to implement their
  own security policy.
  
  Services are supposed to override these default settings to implement their
  own security policy.
  
-Change-Id: Ifb4a160bf6e0638404e0295a2e4fa3077efd881c
-Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
-
  Cherry picked from e8610297cf7031e94eb314a2e8c11246f4405403 by Jose Bollo
  
  Cherry picked from e8610297cf7031e94eb314a2e8c11246f4405403 by Jose Bollo
  
-Updated for dbus 1.12.10 by Scott Murray.
+Updated for dbus 1.10.20 by Scott Murray and José Bollo
  
  
+Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
  Signed-off-by: José Bollo <jose.bollo@iot.bzh>
  Signed-off-by: Scott Murray <scott.murray@konsulko.com>
  
  Signed-off-by: José Bollo <jose.bollo@iot.bzh>
  Signed-off-by: Scott Murray <scott.murray@konsulko.com>
  
+diff --git a/bus/activation.c b/bus/activation.c
+index ffdc6fc..6a95b95 100644
+--- a/bus/activation.c
++++ b/bus/activation.c
+@@ -1837,22 +1837,32 @@ bus_activation_activate_service (BusActivation  *activation,
+     }
+ 
+   if (auto_activation &&
+-      entry != NULL &&
+-      BUS_RESULT_TRUE != bus_context_check_security_policy (activation->context,
+-        transaction,
+-        connection, /* sender */
+-        NULL, /* addressed recipient */
+-        NULL, /* proposed recipient */
+-        activation_message,
+-        entry,
+-        error,
+-        NULL))
+-    {
+-      _DBUS_ASSERT_ERROR_IS_SET (error);
+-      _dbus_verbose ("activation not authorized: %s: %s\n",
+-          error != NULL ? error->name : "(error ignored)",
+-          error != NULL ? error->message : "(error ignored)");
+-      return FALSE;
++      entry != NULL)
++   {
++      BusResult result;
++
++      result = bus_context_check_security_policy (activation->context,
++                      transaction,
++                      connection, /* sender */
++                      NULL, /* addressed recipient */
++                      NULL, /* proposed recipient */
++                      activation_message,
++                      entry,
++                      error,
++                      NULL);
++      if (result == BUS_RESULT_FALSE)
++        {
++          _DBUS_ASSERT_ERROR_IS_SET (error);
++          _dbus_verbose ("activation not authorized: %s: %s\n",
++              error != NULL ? error->name : "(error ignored)",
++              error != NULL ? error->message : "(error ignored)");
++          return FALSE;
++        }
++      if (result == BUS_RESULT_LATER)
++        {
++          /* TODO */
++          _dbus_verbose ("ALERT FIX ME!!!!!!!!!!!!!!!");
++        }
+     }
+ 
+   /* Bypass the registry lookup if we're auto-activating, bus_dispatch would not
  diff --git a/bus/session.conf.in b/bus/session.conf.in
  index affa7f1..157dfb4 100644
  --- a/bus/session.conf.in
  diff --git a/bus/session.conf.in b/bus/session.conf.in
  index affa7f1..157dfb4 100644
  --- a/bus/session.conf.in
@@ -119,3 +170,6 @@ index f139b55..19d0c04 100644
       <!-- But disallow some specific bus services -->
       <deny send_destination="org.freedesktop.DBus"
             send_interface="org.freedesktop.DBus"
       <!-- But disallow some specific bus services -->
       <deny send_destination="org.freedesktop.DBus"
             send_interface="org.freedesktop.DBus"
+-- 
+2.17.2
+
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0006-Fix-gcc-8-warnings.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0006-Fix-gcc-8-warnings.patch

new file mode 100644 (file)

index 0000000..30fac96
--- /dev/null
+++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0006-Fix-gcc-8-warnings.patch
@@ -0,0 +1,134 @@
+From 988958f40a2e0575df3d4d48101612713737a5db Mon Sep 17 00:00:00 2001
+From: Jose Bollo <jose.bollo@iot.bzh>
+Date: Wed, 29 May 2019 16:32:50 +0200
+Subject: Fix gcc 8 warnings
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Compiling with -Werror isn't possible without adaptation
+of the code.
+
+Signed-off-by: José Bollo <jose.bollo@iot.bzh>
+
+diff --git a/bus/config-parser-trivial.c b/bus/config-parser-trivial.c
+index dd65c6d..23dedb4 100644
+--- a/bus/config-parser-trivial.c
++++ b/bus/config-parser-trivial.c
+@@ -194,6 +194,7 @@ bus_config_parser_start_element (BusConfigParser   *parser,
+     case ELEMENT_POLICY:
+     case ELEMENT_LIMIT:
+     case ELEMENT_ALLOW:
++    case ELEMENT_CHECK:
+     case ELEMENT_DENY:
+     case ELEMENT_FORK:
+     case ELEMENT_PIDFILE:
+@@ -316,6 +317,7 @@ bus_config_parser_content (BusConfigParser   *parser,
+     case ELEMENT_POLICY:
+     case ELEMENT_LIMIT:
+     case ELEMENT_ALLOW:
++    case ELEMENT_CHECK:
+     case ELEMENT_DENY:
+     case ELEMENT_FORK:
+     case ELEMENT_PIDFILE:
+diff --git a/bus/config-parser.c b/bus/config-parser.c
+index b5f1dd1..7f91469 100644
+--- a/bus/config-parser.c
++++ b/bus/config-parser.c
+@@ -3408,6 +3408,7 @@ elements_equal (const Element *a,
+     case ELEMENT_LISTEN:
+     case ELEMENT_AUTH:
+     case ELEMENT_ALLOW:
++    case ELEMENT_CHECK:
+     case ELEMENT_DENY:
+     case ELEMENT_FORK:
+     case ELEMENT_PIDFILE:
+diff --git a/bus/desktop-file.c b/bus/desktop-file.c
+index 4459858..4a27ee3 100644
+--- a/bus/desktop-file.c
++++ b/bus/desktop-file.c
+@@ -382,7 +382,7 @@ is_valid_section_name (const char *name)
+ 
+   while (*name)
+     {
+-      if (!((*name >= 'A' && *name <= 'Z') || (*name >= 'a' || *name <= 'z') ||
++      if (!((*name >= ' ' && *name <= '~' && *name != '[' && *name != ']') ||
+           *name == '\n' || *name == '\t'))
+       return FALSE;
+       
+diff --git a/bus/driver.h b/bus/driver.h
+index 183c28b..05e9886 100644
+--- a/bus/driver.h
++++ b/bus/driver.h
+@@ -66,5 +66,7 @@ dbus_bool_t bus_driver_send_ack_reply     (DBusConnection  *connection,
+                                            BusTransaction  *transaction,
+                                            DBusMessage     *message,
+                                            DBusError       *error);
++dbus_bool_t bus_driver_check_message_is_for_us (DBusMessage *message,
++                                                DBusError   *error);
+ 
+ #endif /* BUS_DRIVER_H */
+diff --git a/bus/policy.c b/bus/policy.c
+index 27b66d1..c4c3d4b 100644
+--- a/bus/policy.c
++++ b/bus/policy.c
+@@ -1098,6 +1098,7 @@ bus_client_policy_check_can_send (DBusConnection      *sender,
+         case BUS_POLICY_RULE_ACCESS_ALLOW:
+           result = BUS_RESULT_TRUE;
+           break;
++        default:
+         case BUS_POLICY_RULE_ACCESS_DENY:
+           result = BUS_RESULT_FALSE;
+           break;
+@@ -1350,6 +1351,7 @@ bus_client_policy_check_can_receive (BusClientPolicy     *policy,
+         case BUS_POLICY_RULE_ACCESS_ALLOW:
+           result = BUS_RESULT_TRUE;
+           break;
++        default:
+         case BUS_POLICY_RULE_ACCESS_DENY:
+           result = BUS_RESULT_FALSE;
+           break;
+@@ -1443,6 +1445,7 @@ bus_rules_check_can_own (DBusList *rules,
+       case BUS_POLICY_RULE_ACCESS_ALLOW:
+         result = BUS_RESULT_TRUE;
+         break;
++      default:
+       case BUS_POLICY_RULE_ACCESS_DENY:
+         result = BUS_RESULT_FALSE;
+         break;
+diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
+index 565e089..b96c735 100644
+--- a/dbus/dbus-sysdeps-unix.c
++++ b/dbus/dbus-sysdeps-unix.c
+@@ -4364,7 +4364,11 @@ _dbus_daemon_unpublish_session_bus_address (void)
+ dbus_bool_t
+ _dbus_get_is_errno_eagain_or_ewouldblock (int e)
+ {
++#if EAGAIN != EWOULDBLOCK
+   return e == EAGAIN || e == EWOULDBLOCK;
++#else
++  return e == EAGAIN;
++#endif
+ }
+ 
+ /**
+diff --git a/tools/dbus-send.c b/tools/dbus-send.c
+index 6fb65fe..d853b39 100644
+--- a/tools/dbus-send.c
++++ b/tools/dbus-send.c
+@@ -293,10 +293,12 @@ main (int argc, char *argv[])
+             {
+               is_bus = TRUE;
+             }
++#if 0
+           else if (arg[2] == 'p') /* peer */
+             {
+               is_bus = FALSE;
+             }
++#endif
+           else /* address; keeping backwards compatibility */
+             {
+               is_bus = FALSE;
+-- 
+2.17.2
+
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara_1.12.10.bb b/meta-security/recipes-core/dbus-cynara/dbus-cynara_1.12.10.bb

index 2b494be..c54c594 100644 (file)
--- a/meta-security/recipes-core/dbus-cynara/dbus-cynara_1.12.10.bb
+++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara_1.12.10.bb
@@ -9,6 +9,7 @@ SRC_URI_append = "\
     file://0003-Handle-unavailability-of-policy-results-for-broadcas.patch \
     file://0004-Add-own-rule-result-unavailability-handling.patch \
     file://0005-Perform-Cynara-runtime-policy-checks-by-default.patch \
     file://0003-Handle-unavailability-of-policy-results-for-broadcas.patch \
     file://0004-Add-own-rule-result-unavailability-handling.patch \
     file://0005-Perform-Cynara-runtime-policy-checks-by-default.patch \
+   file://0006-Fix-gcc-8-warnings.patch \
  "
  
  DEPENDS += "cynara smack"
  "
  
  DEPENDS += "cynara smack"
author	Jose Bollo <jose.bollo@iot.bzh>
	Wed, 10 Apr 2019 13:24:12 +0000 (15:24 +0200)
committer	Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
	Wed, 19 Jun 2019 13:05:28 +0000 (13:05 +0000)
meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch		patch \| blob \| history
meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch		patch \| blob \| history
meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch		patch \| blob \| history
meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch		patch \| blob \| history
meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch		patch \| blob \| history
meta-security/recipes-core/dbus-cynara/dbus-cynara/0006-Fix-gcc-8-warnings.patch	[new file with mode: 0644]	patch \| blob
meta-security/recipes-core/dbus-cynara/dbus-cynara_1.12.10.bb		patch \| blob \| history