-From 8f69153081140fa4c347ab1729c348ec77b309ec Mon Sep 17 00:00:00 2001
+From 6c498a9b0f4122d1ac49d603f9968b6d85830cdb Mon Sep 17 00:00:00 2001
From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Date: Thu, 27 Nov 2014 18:11:05 +0100
-Subject: [PATCH 1/5] Integration of Cynara asynchronous security checks
+Subject: Integration of Cynara asynchronous security checks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cherry picked from 4dcfb02f17247ff9de966b62182cd2e08f301238
by José Bollo.
-Updated for dbus 1.10.20 by Scott Murray.
+Updated for dbus 1.10.20 by Scott Murray and José Bollo
Change-Id: I9bcbce34577e5dc2a3cecf6233a0a2b0e43e1108
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
desktop-file.h \
$(DIR_WATCH_SOURCE) \
diff --git a/bus/activation.c b/bus/activation.c
-index 6f009f5..451179d 100644
+index 6f009f5..f8a02eb 100644
--- a/bus/activation.c
+++ b/bus/activation.c
-@@ -1795,7 +1795,8 @@ bus_activation_activate_service (BusActivation *activation,
+@@ -1788,14 +1788,15 @@ bus_activation_activate_service (BusActivation *activation,
+
+ if (auto_activation &&
+ entry != NULL &&
+- !bus_context_check_security_policy (activation->context,
++ BUS_RESULT_TRUE != bus_context_check_security_policy (activation->context,
+ transaction,
+ connection, /* sender */
+ NULL, /* addressed recipient */
NULL, /* proposed recipient */
activation_message,
entry,
ELEMENT_PIDFILE,
ELEMENT_SERVICEDIR,
diff --git a/bus/config-parser.c b/bus/config-parser.c
-index be27d38..b54b0e4 100644
+index be27d38..b5f1dd1 100644
--- a/bus/config-parser.c
+++ b/bus/config-parser.c
@@ -1318,7 +1318,7 @@ append_rule_from_element (BusConfigParser *parser,
return FALSE;
- rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, allow);
-+ rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, access);
++ rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, access);
if (rule == NULL)
goto nomem;
return FALSE;
- rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, allow);
-+ rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, access);
++ rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, access);
if (rule == NULL)
goto nomem;
{
_DBUS_ASSERT_ERROR_IS_SET (&error);
diff --git a/bus/connection.c b/bus/connection.c
-index 53605fa..deebde3 100644
+index 53605fa..b348d42 100644
--- a/bus/connection.c
+++ b/bus/connection.c
@@ -36,6 +36,10 @@
/* We have to set the sender to the driver, and have
* to check security policy since it was not done in
-@@ -2370,10 +2398,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+@@ -2370,10 +2398,11 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
* if we're actively capturing messages, it's nice to log that we
* tried to send it and did not allow ourselves to do so.
*/
- message, NULL, &error))
+ res = bus_context_check_security_policy (bus_transaction_get_context (transaction),
+ transaction,
-+ NULL, connection, connection,
-+ message, NULL, &error,
-+ NULL);
++ NULL, connection, connection, message, NULL,
++ &error, NULL);
+ if (res == BUS_RESULT_FALSE)
{
if (!bus_transaction_capture_error_reply (transaction, connection,
&error, message))
-@@ -2388,6 +2418,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+@@ -2388,6 +2417,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
dbus_error_free (&error);
return TRUE;
}
+ BusDeferredMessageStatus check_type,
+ BusDeferredMessage **deferred_message);
diff --git a/bus/dispatch.c b/bus/dispatch.c
-index 19228be..7e51bc1 100644
+index 19228be..d3867f7 100644
--- a/bus/dispatch.c
+++ b/bus/dispatch.c
@@ -25,6 +25,7 @@
{
if (!bus_transaction_capture_error_reply (transaction, sender,
&stack_error, message))
-@@ -130,6 +135,7 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -130,6 +135,8 @@ bus_dispatch_matches (BusTransaction *transaction,
BusMatchmaker *matchmaker;
DBusList *link;
BusContext *context;
+ BusDeferredMessage *deferred_message;
++ BusResult res;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-@@ -145,11 +151,21 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -145,11 +152,20 @@ bus_dispatch_matches (BusTransaction *transaction,
/* First, send the message to the addressed_recipient, if there is one. */
if (addressed_recipient != NULL)
{
- sender, addressed_recipient,
- addressed_recipient,
- message, NULL, error))
-+ BusResult res;
+ res = bus_context_check_security_policy (context, transaction,
+ sender, addressed_recipient,
+ addressed_recipient,
if (dbus_message_contains_unix_fds (message) &&
!dbus_connection_can_send_type (addressed_recipient,
-@@ -374,19 +390,32 @@ bus_dispatch (DBusConnection *connection,
+@@ -374,19 +390,31 @@ bus_dispatch (DBusConnection *connection,
if (service_name &&
strcmp (service_name, DBUS_SERVICE_DBUS) == 0) /* to bus driver */
{
- connection, NULL, NULL, message,
- NULL, &error))
+ res = bus_context_check_security_policy (context, transaction,
-+ connection, NULL, NULL, message,
-+ NULL, &error,
-+ &deferred_message);
++ connection, NULL, NULL, message, NULL,
++ &error, &deferred_message);
+ if (res == BUS_RESULT_FALSE)
{
_dbus_verbose ("Security policy rejected message\n");
return allowed;
diff --git a/bus/policy.h b/bus/policy.h
-index ec43ffa..f306a3c 100644
+index ec43ffa..f839d23 100644
--- a/bus/policy.h
+++ b/bus/policy.h
@@ -46,6 +46,14 @@ typedef enum
BusClientPolicy* bus_client_policy_ref (BusClientPolicy *policy);
void bus_client_policy_unref (BusClientPolicy *policy);
-dbus_bool_t bus_client_policy_check_can_send (BusClientPolicy *policy,
-- BusRegistry *registry,
-- dbus_bool_t requested_reply,
-- DBusConnection *receiver,
-- DBusMessage *message,
-- dbus_int32_t *toggles,
++BusResult bus_client_policy_check_can_send (DBusConnection *sender,
++ BusClientPolicy *policy,
+ BusRegistry *registry,
+ dbus_bool_t requested_reply,
++ DBusConnection *addressed_recipient,
+ DBusConnection *receiver,
+ DBusMessage *message,
+ dbus_int32_t *toggles,
- dbus_bool_t *log);
-dbus_bool_t bus_client_policy_check_can_receive (BusClientPolicy *policy,
-- BusRegistry *registry,
-- dbus_bool_t requested_reply,
-- DBusConnection *sender,
-- DBusConnection *addressed_recipient,
-- DBusConnection *proposed_recipient,
-- DBusMessage *message,
-- dbus_int32_t *toggles);
-+BusResult bus_client_policy_check_can_send (DBusConnection *sender,
-+ BusClientPolicy *policy,
-+ BusRegistry *registry,
-+ dbus_bool_t requested_reply,
-+ DBusConnection *addressed_recipient,
-+ DBusConnection *receiver,
-+ DBusMessage *message,
-+ dbus_int32_t *toggles,
-+ dbus_bool_t *log,
-+ const char **privilege_param,
++ dbus_bool_t *log,
++ const char **privilege_param,
+ BusDeferredMessage **deferred_message);
-+BusResult bus_client_policy_check_can_receive (BusClientPolicy *policy,
-+ BusRegistry *registry,
-+ dbus_bool_t requested_reply,
-+ DBusConnection *sender,
-+ DBusConnection *addressed_recipient,
-+ DBusConnection *proposed_recipient,
-+ DBusMessage *message,
-+ dbus_int32_t *toggles,
-+ const char **privilege_param,
++BusResult bus_client_policy_check_can_receive (BusClientPolicy *policy,
+ BusRegistry *registry,
+ dbus_bool_t requested_reply,
+ DBusConnection *sender,
+ DBusConnection *addressed_recipient,
+ DBusConnection *proposed_recipient,
+ DBusMessage *message,
+- dbus_int32_t *toggles);
++ dbus_int32_t *toggles,
++ const char **privilege_param,
+ BusDeferredMessage **deferred_message);
dbus_bool_t bus_client_policy_check_can_own (BusClientPolicy *policy,
const DBusString *service_name);
dbus_bool_t bus_client_policy_append_rule (BusClientPolicy *policy,
diff --git a/configure.ac b/configure.ac
-index 80671b2..d975b04 100644
+index 81028ba..f21d1b2 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1761,6 +1761,17 @@ AC_ARG_ENABLE([user-session],
+@@ -1770,6 +1770,17 @@ AC_ARG_ENABLE([user-session],
AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION],
[test "x$enable_user_session" = xyes])
AC_CONFIG_FILES([
Doxyfile
dbus/Version
-@@ -1843,6 +1854,7 @@ echo "
+@@ -1852,6 +1863,7 @@ echo "
Building bus stats API: ${enable_stats}
Building SELinux support: ${have_selinux}
Building AppArmor support: ${have_apparmor}
+ <check privilege="foo" send_interface="org.freedesktop.TestSuite" send_member="Echo"/>
+ </policy>
+</busconfig>
+--
+2.17.2
+
-From 9bea6ec0497391b6af41daca18d7868af2656cef Mon Sep 17 00:00:00 2001
+From aae977a0c4bb1c25640c7056166fbc4e76ef1db6 Mon Sep 17 00:00:00 2001
From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Date: Fri, 28 Nov 2014 12:07:39 +0100
-Subject: [PATCH 2/5] Disable message dispatching when send rule result is not
- known
+Subject: Disable message dispatching when send rule result is not known
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
rejected. Also, if message is sent to non-addressed recipient and policy result
is unknown, message is silently dropped.
-Change-Id: I57eccbf973525fd51369c7d4e58908292f44da80
-
Cherry-picked from b1b87ad9f20b2052c28431b48e81073078a745ce
by Jose Bollo.
-Updated for dbus 1.12.10 by Scott Murray.
+Updated for dbus 1.10.20 by Scott Murray and José Bollo
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
diff --git a/bus/activation.c b/bus/activation.c
-index 451179d..5f02153 100644
+index f8a02eb..005047f 100644
--- a/bus/activation.c
+++ b/bus/activation.c
@@ -32,6 +32,7 @@
bus_connection_get_loginfo (connection));
/* Wonderful, systemd is connected, let's just send the msg */
- retval = bus_dispatch_matches (activation_transaction, NULL,
-- systemd, message, error);
+ res = bus_dispatch_matches (activation_transaction, NULL,
-+ systemd, message, error);
+ systemd, message, error);
+
+ if (res == BUS_RESULT_TRUE)
+ retval = TRUE;
typedef struct BusCynara
{
diff --git a/bus/dispatch.c b/bus/dispatch.c
-index 7e51bc1..0250b53 100644
+index d3867f7..50a22a3 100644
--- a/bus/dispatch.c
+++ b/bus/dispatch.c
@@ -35,6 +35,7 @@
}
static DBusHandlerResult
-@@ -410,10 +427,12 @@ bus_dispatch (DBusConnection *connection,
+@@ -409,10 +426,12 @@ bus_dispatch (DBusConnection *connection,
}
else if (res == BUS_RESULT_LATER)
{
goto out;
}
-@@ -515,8 +534,14 @@ bus_dispatch (DBusConnection *connection,
+@@ -514,8 +533,14 @@ bus_dispatch (DBusConnection *connection,
* addressed_recipient == NULL), and match it against other connections'
* match rules.
*/
out:
if (dbus_error_is_set (&error))
-@@ -5061,9 +5086,132 @@ bus_dispatch_test_conf_fail (const DBusString *test_data_dir,
+@@ -5060,9 +5085,132 @@ bus_dispatch_test_conf_fail (const DBusString *test_data_dir,
}
#endif
DBUS_PRIVATE_EXPORT
void _dbus_connection_get_stats (DBusConnection *connection,
diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c
-index c525b6d..f1b0ea0 100644
+index c525b6d..958968c 100644
--- a/dbus/dbus-connection.c
+++ b/dbus/dbus-connection.c
@@ -311,7 +311,8 @@ struct DBusConnection
HAVE_LOCK_CHECK (connection);
-
- if (connection->n_incoming > 0)
-+ if (connection->dispatch_disabled && dbus_connection_get_is_connected(connection))
++ if (connection->dispatch_disabled && _dbus_connection_get_is_connected_unlocked(connection))
+ return DBUS_DISPATCH_COMPLETE;
+ else if (connection->n_incoming > 0)
return DBUS_DISPATCH_DATA_REMAINS;
} DBusHandlerResult;
/* Bus names */
+--
+2.17.2
+
-From 8c5fd05f7b2f14ac0f4423cae300f60c6bb51c74 Mon Sep 17 00:00:00 2001
+From fdc3d7086c8f7a623e3da80e559708545b9201fc Mon Sep 17 00:00:00 2001
From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Date: Fri, 28 Nov 2014 12:39:33 +0100
-Subject: [PATCH 3/5] Handle unavailability of policy results for broadcasts
- and receive rules
+Subject: Handle unavailability of policy results for broadcasts and receive
+ rules
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
message recipients) are handled in a similar way. The difference is
that it is not full dispatch meaning message is sent to a single recipient.
-Change-Id: Iecd5395f75a4c7811fa97247a37d8fc4d42e8814
-
Cherry picked from 1e231194610892dd4360224998d91336097b05a1 by Jose Bollo
-Updated for dbus 1.12.10 by Scott Murray.
+Updated for dbus 1.10.20 by Scott Murray and José Bollo
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
diff --git a/bus/activation.c b/bus/activation.c
-index 5f02153..f2981e1 100644
+index 005047f..ffdc6fc 100644
--- a/bus/activation.c
+++ b/bus/activation.c
@@ -1259,7 +1259,7 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation
bus_connection_get_loginfo (connection));
/* Wonderful, systemd is connected, let's just send the msg */
res = bus_dispatch_matches (activation_transaction, NULL,
-- systemd, message, error);
-+ systemd, message, NULL, error);
+- systemd, message, error);
++ systemd, message, NULL, error);
if (res == BUS_RESULT_TRUE)
retval = TRUE;
extern BusResult (*bus_check_test_override) (DBusConnection *connection,
const char *privilege);
diff --git a/bus/connection.c b/bus/connection.c
-index deebde3..f9e563b 100644
+index b348d42..ee93384 100644
--- a/bus/connection.c
+++ b/bus/connection.c
@@ -31,11 +31,13 @@
/* We have to set the sender to the driver, and have
* to check security policy since it was not done in
-@@ -2402,7 +2408,8 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+@@ -2401,7 +2407,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+ res = bus_context_check_security_policy (bus_transaction_get_context (transaction),
transaction,
- NULL, connection, connection,
- message, NULL, &error,
-- NULL);
-+ &deferred_message);
-+
+ NULL, connection, connection, message, NULL,
+- &error, NULL);
++ &error, &deferred_message);
if (res == BUS_RESULT_FALSE)
{
if (!bus_transaction_capture_error_reply (transaction, connection,
-@@ -2420,18 +2427,20 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+@@ -2419,18 +2425,20 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
}
else if (res == BUS_RESULT_LATER)
{
{
MessageToSend *to_send;
BusConnectionData *d;
-@@ -2457,7 +2466,28 @@ bus_transaction_send (BusTransaction *transaction,
+@@ -2456,7 +2464,28 @@ bus_transaction_send (BusTransaction *transaction,
d = BUS_CONNECTION_DATA (connection);
_dbus_assert (d != NULL);
to_send = dbus_new (MessageToSend, 1);
if (to_send == NULL)
{
-@@ -2709,6 +2739,131 @@ bus_transaction_add_cancel_hook (BusTransaction *transaction,
+@@ -2708,6 +2737,131 @@ bus_transaction_add_cancel_hook (BusTransaction *transaction,
return TRUE;
}
DBusConnection *connection,
DBusConnection *addressed_recipient,
diff --git a/bus/dispatch.c b/bus/dispatch.c
-index 0250b53..1bdcbf0 100644
+index 50a22a3..7d30ce4 100644
--- a/bus/dispatch.c
+++ b/bus/dispatch.c
@@ -33,6 +33,7 @@
{
DBusError tmp_error;
BusConnections *connections;
-@@ -152,17 +164,78 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -137,7 +149,6 @@ bus_dispatch_matches (BusTransaction *transaction,
+ DBusList *link;
+ BusContext *context;
+ BusDeferredMessage *deferred_message;
+- BusResult res;
+
+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+@@ -153,16 +164,80 @@ bus_dispatch_matches (BusTransaction *transaction,
/* First, send the message to the addressed_recipient, if there is one. */
if (addressed_recipient != NULL)
{
-- BusResult res;
- res = bus_context_check_security_policy (context, transaction,
-- sender, addressed_recipient,
-- addressed_recipient,
-- message, NULL, error,
-- &deferred_message);
-- if (res == BUS_RESULT_FALSE)
+ BusResult result;
+ /* To maintain message order message needs to be appended at the recipient if there are already
+ * deferred messages and we are not doing deferred dispatch
+ result = BUS_RESULT_LATER;
+
+ if (result == BUS_RESULT_LATER)
-+ result = bus_context_check_security_policy(context, transaction,
-+ sender, addressed_recipient, addressed_recipient, message, NULL, error,
-+ &deferred_message);
++ result = bus_context_check_security_policy (context, transaction,
+ sender, addressed_recipient,
+ addressed_recipient,
+ message, NULL, error,
+ &deferred_message);
+- if (res == BUS_RESULT_FALSE)
+
+ if (result == BUS_RESULT_FALSE)
return BUS_RESULT_FALSE;
status = bus_deferred_message_get_status(deferred_message);
if (status & BUS_DEFERRED_MESSAGE_CHECK_SEND)
-@@ -173,13 +246,18 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -173,13 +248,18 @@ bus_dispatch_matches (BusTransaction *transaction,
}
else if (status & BUS_DEFERRED_MESSAGE_CHECK_RECEIVE)
{
return BUS_RESULT_FALSE;
}
}
-@@ -196,7 +274,8 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -196,7 +276,8 @@ bus_dispatch_matches (BusTransaction *transaction,
}
/* Dispatch the message */
{
BUS_SET_OOM (error);
return BUS_RESULT_FALSE;
-@@ -535,7 +614,7 @@ bus_dispatch (DBusConnection *connection,
+@@ -534,7 +615,7 @@ bus_dispatch (DBusConnection *connection,
* match rules.
*/
if (BUS_RESULT_LATER == bus_dispatch_matches (transaction, connection, addressed_recipient,
}
else
privilege = NULL;
+--
+2.17.2
+
-From 5bf7f759a738a451ea70732731d9a1b3e064353b Mon Sep 17 00:00:00 2001
+From e7ae85429aa3e6d80df13b3a5a492d9ccbf42518 Mon Sep 17 00:00:00 2001
From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Date: Thu, 27 Nov 2014 11:26:21 +0100
-Subject: [PATCH 4/5] Add own rule result unavailability handling
+Subject: Add own rule result unavailability handling
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since bus message handlers are put into function pointer array other
message handler function singatures are also affected.
-Change-Id: I4c2cbd4585e41fccd8a30f825a8f0d342ab56755
-
Cherry-picked from 35ef89cd6777ea2430077fc621d21bd01df92349 by Jose.bollo
-Updated for dbus 1.12.10 by Scott Murray.
+Updated for dbus 1.10.20 by Scott Murray and José Bollo
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
diff --git a/bus/dispatch.c b/bus/dispatch.c
-index 1bdcbf0..625add5 100644
+index 7d30ce4..4b84c21 100644
--- a/bus/dispatch.c
+++ b/bus/dispatch.c
-@@ -516,8 +516,17 @@ bus_dispatch (DBusConnection *connection,
+@@ -517,8 +517,17 @@ bus_dispatch (DBusConnection *connection,
}
_dbus_verbose ("Giving message to %s\n", DBUS_SERVICE_DBUS);
else if (!bus_connection_is_active (connection)) /* clients must talk to bus driver first */
{
diff --git a/bus/driver.c b/bus/driver.c
-index d89a658..5ee60cb 100644
+index d89a658..aaeb3b2 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -420,7 +420,7 @@ create_unique_client_name (BusRegistry *registry,
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
else
_DBUS_ASSERT_ERROR_IS_SET (error);
-@@ -2389,10 +2394,10 @@ typedef struct
+@@ -2281,7 +2286,7 @@ out:
+ return ret;
+ }
+
+-static dbus_bool_t
++static BusResult
+ bus_driver_handle_get_machine_id (DBusConnection *connection,
+ BusTransaction *transaction,
+ DBusMessage *message,
+@@ -2296,7 +2301,7 @@ bus_driver_handle_get_machine_id (DBusConnection *connection,
+ if (!_dbus_string_init (&uuid))
+ {
+ BUS_SET_OOM (error);
+- return FALSE;
++ return BUS_RESULT_FALSE;
+ }
+
+ if (!_dbus_get_local_machine_uuid_encoded (&uuid, error))
+@@ -2321,7 +2326,7 @@ bus_driver_handle_get_machine_id (DBusConnection *connection,
+
+ _dbus_string_free (&uuid);
+ dbus_message_unref (reply);
+- return TRUE;
++ return BUS_RESULT_TRUE;
+
+ oom:
+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+@@ -2335,29 +2340,30 @@ fail:
+ dbus_message_unref (reply);
+
+ _dbus_string_free (&uuid);
+- return FALSE;
++ return BUS_RESULT_FALSE;
+ }
+
+-static dbus_bool_t
++static BusResult
+ bus_driver_handle_ping (DBusConnection *connection,
+ BusTransaction *transaction,
+ DBusMessage *message,
+ DBusError *error)
+ {
+- return bus_driver_send_ack_reply (connection, transaction, message, error);
++ return bus_driver_send_ack_reply (connection, transaction, message, error) == TRUE
++ ? BUS_RESULT_TRUE : BUS_RESULT_FALSE;
+ }
+
+-static dbus_bool_t bus_driver_handle_get (DBusConnection *connection,
++static BusResult bus_driver_handle_get (DBusConnection *connection,
+ BusTransaction *transaction,
+ DBusMessage *message,
+ DBusError *error);
+
+-static dbus_bool_t bus_driver_handle_get_all (DBusConnection *connection,
++static BusResult bus_driver_handle_get_all (DBusConnection *connection,
+ BusTransaction *transaction,
+ DBusMessage *message,
+ DBusError *error);
+
+-static dbus_bool_t bus_driver_handle_set (DBusConnection *connection,
++static BusResult bus_driver_handle_set (DBusConnection *connection,
+ BusTransaction *transaction,
+ DBusMessage *message,
+ DBusError *error);
+@@ -2389,10 +2395,10 @@ typedef struct
const char *name;
const char *in_args;
const char *out_args;
MethodFlags flags;
} MessageHandler;
-@@ -2511,7 +2516,7 @@ static const PropertyHandler dbus_property_handlers[] = {
+@@ -2511,7 +2517,7 @@ static const PropertyHandler dbus_property_handlers[] = {
{ NULL, NULL, NULL }
};
BusTransaction *, DBusMessage *, DBusError *);
static const MessageHandler properties_message_handlers[] = {
-@@ -2763,7 +2768,7 @@ bus_driver_generate_introspect_string (DBusString *xml,
+@@ -2763,7 +2769,7 @@ bus_driver_generate_introspect_string (DBusString *xml,
return TRUE;
}
bus_driver_handle_introspect (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -2784,13 +2789,13 @@ bus_driver_handle_introspect (DBusConnection *connection,
+@@ -2784,13 +2790,13 @@ bus_driver_handle_introspect (DBusConnection *connection,
DBUS_TYPE_INVALID))
{
_DBUS_ASSERT_ERROR_IS_SET (error);
}
is_canonical_path = dbus_message_has_path (message, DBUS_PATH_DBUS);
-@@ -2815,7 +2820,7 @@ bus_driver_handle_introspect (DBusConnection *connection,
+@@ -2815,7 +2821,7 @@ bus_driver_handle_introspect (DBusConnection *connection,
dbus_message_unref (reply);
_dbus_string_free (&xml);
oom:
BUS_SET_OOM (error);
-@@ -2825,10 +2830,10 @@ bus_driver_handle_introspect (DBusConnection *connection,
+@@ -2825,10 +2831,42 @@ bus_driver_handle_introspect (DBusConnection *connection,
_dbus_string_free (&xml);
+ return BUS_RESULT_FALSE;
}
--dbus_bool_t
++/*
++ * Set @error and return FALSE if the message is not directed to the
++ * dbus-daemon by its canonical object path. This is hardening against
++ * system services with poorly-written security policy files, which
++ * might allow sending dangerously broad equivalence classes of messages
++ * such as "anything with this assumed-to-be-safe object path".
++ *
++ * dbus-daemon is unusual in that it normally ignores the object path
++ * of incoming messages; we need to keep that behaviour for the "read"
++ * read-only method calls like GetConnectionUnixUser for backwards
++ * compatibility, but it seems safer to be more restrictive for things
++ * intended to be root-only or privileged-developers-only.
++ *
++ * It is possible that there are other system services with the same
++ * quirk as dbus-daemon.
++ */
+ dbus_bool_t
++bus_driver_check_message_is_for_us (DBusMessage *message,
++ DBusError *error)
++{
++ if (!dbus_message_has_path (message, DBUS_PATH_DBUS))
++ {
++ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
++ "Method '%s' is only available at the canonical object path '%s'",
++ dbus_message_get_member (message), DBUS_PATH_DBUS);
++
++ return FALSE;
++ }
++
++ return TRUE;
++}
++
+BusResult
bus_driver_handle_message (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -2839,6 +2844,7 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2839,6 +2877,7 @@ bus_driver_handle_message (DBusConnection *connection,
const MessageHandler *mh;
dbus_bool_t found_interface = FALSE;
dbus_bool_t is_canonical_path;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-@@ -2854,7 +2860,7 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2854,7 +2893,7 @@ bus_driver_handle_message (DBusConnection *connection,
transaction,
message,
error))
context = bus_connection_get_context (connection);
systemd = bus_driver_get_owner_of_name (connection,
-@@ -2871,7 +2877,7 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2871,7 +2910,7 @@ bus_driver_handle_message (DBusConnection *connection,
attacker ? attacker : "(unauthenticated)",
bus_connection_get_loginfo (connection));
/* ignore it */
}
if (!bus_context_get_systemd_activation (context))
-@@ -2879,16 +2885,16 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2879,16 +2918,16 @@ bus_driver_handle_message (DBusConnection *connection,
bus_context_log (context, DBUS_SYSTEM_LOG_WARNING,
"Ignoring unexpected ActivationFailure message "
"while not using systemd activation");
}
/* may be NULL, which means "any interface will do" */
-@@ -2953,20 +2959,27 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2953,20 +2992,27 @@ bus_driver_handle_message (DBusConnection *connection,
name, dbus_message_get_signature (message),
mh->in_args);
_DBUS_ASSERT_ERROR_IS_SET (error);
}
}
}
-@@ -2978,7 +2991,7 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2978,7 +3024,7 @@ bus_driver_handle_message (DBusConnection *connection,
"%s does not understand message %s",
DBUS_SERVICE_DBUS, name);
}
void
+@@ -3099,7 +3145,7 @@ interface_handler_find_property (const InterfaceHandler *ih,
+ return NULL;
+ }
+
+-static dbus_bool_t
++static BusResult
+ bus_driver_handle_get (DBusConnection *connection,
+ BusTransaction *transaction,
+ DBusMessage *message,
+@@ -3120,18 +3166,18 @@ bus_driver_handle_get (DBusConnection *connection,
+ DBUS_TYPE_STRING, &iface,
+ DBUS_TYPE_STRING, &prop,
+ DBUS_TYPE_INVALID))
+- return FALSE;
++ return BUS_RESULT_FALSE;
+
+ /* We only implement Properties on /org/freedesktop/DBus so far. */
+ ih = bus_driver_find_interface (iface, TRUE, error);
+
+ if (ih == NULL)
+- return FALSE;
++ return BUS_RESULT_FALSE;
+
+ handler = interface_handler_find_property (ih, prop, error);
+
+ if (handler == NULL)
+- return FALSE;
++ return BUS_RESULT_FALSE;
+
+ context = bus_transaction_get_context (transaction);
+
+@@ -3159,17 +3205,17 @@ bus_driver_handle_get (DBusConnection *connection,
+ goto oom;
+
+ dbus_message_unref (reply);
+- return TRUE;
++ return BUS_RESULT_TRUE;
+
+ oom:
+ if (reply != NULL)
+ dbus_message_unref (reply);
+
+ BUS_SET_OOM (error);
+- return FALSE;
++ return BUS_RESULT_FALSE;
+ }
+
+-static dbus_bool_t
++static BusResult
+ bus_driver_handle_get_all (DBusConnection *connection,
+ BusTransaction *transaction,
+ DBusMessage *message,
+@@ -3188,13 +3234,13 @@ bus_driver_handle_get_all (DBusConnection *connection,
+ if (!dbus_message_get_args (message, error,
+ DBUS_TYPE_STRING, &iface,
+ DBUS_TYPE_INVALID))
+- return FALSE;
++ return BUS_RESULT_FALSE;
+
+ /* We only implement Properties on /org/freedesktop/DBus so far. */
+ ih = bus_driver_find_interface (iface, TRUE, error);
+
+ if (ih == NULL)
+- return FALSE;
++ return BUS_RESULT_FALSE;
+
+ context = bus_transaction_get_context (transaction);
+
+@@ -3229,7 +3275,7 @@ bus_driver_handle_get_all (DBusConnection *connection,
+ goto oom;
+
+ dbus_message_unref (reply);
+- return TRUE;
++ return BUS_RESULT_TRUE;
+
+ oom_abandon_message:
+ _dbus_asv_abandon (&reply_iter, &array_iter);
+@@ -3239,10 +3285,10 @@ oom:
+ dbus_message_unref (reply);
+
+ BUS_SET_OOM (error);
+- return FALSE;
++ return BUS_RESULT_FALSE;
+ }
+
+-static dbus_bool_t
++static BusResult
+ bus_driver_handle_set (DBusConnection *connection,
+ BusTransaction *transaction,
+ DBusMessage *message,
+@@ -3271,15 +3317,15 @@ bus_driver_handle_set (DBusConnection *connection,
+ ih = bus_driver_find_interface (iface, TRUE, error);
+
+ if (ih == NULL)
+- return FALSE;
++ return BUS_RESULT_FALSE;
+
+ handler = interface_handler_find_property (ih, prop, error);
+
+ if (handler == NULL)
+- return FALSE;
++ return BUS_RESULT_FALSE;
+
+ /* We don't implement any properties that can be set yet. */
+ dbus_set_error (error, DBUS_ERROR_PROPERTY_READ_ONLY,
+ "Property '%s.%s' cannot be set", iface, prop);
+- return FALSE;
++ return BUS_RESULT_FALSE;
+ }
diff --git a/bus/driver.h b/bus/driver.h
index ac1289d..183c28b 100644
--- a/bus/driver.h
#endif /* DBUS_ENABLE_EMBEDDED_TESTS */
diff --git a/bus/policy.h b/bus/policy.h
-index f306a3c..39d7cc5 100644
+index f839d23..28ce8f2 100644
--- a/bus/policy.h
+++ b/bus/policy.h
-@@ -182,8 +182,10 @@ BusResult bus_client_policy_check_can_receive (BusClientPolicy *polic
- dbus_int32_t *toggles,
- const char **privilege_param,
+@@ -182,8 +182,10 @@ BusResult bus_client_policy_check_can_receive (BusClientPolicy *policy,
+ dbus_int32_t *toggles,
+ const char **privilege_param,
BusDeferredMessage **deferred_message);
-dbus_bool_t bus_client_policy_check_can_own (BusClientPolicy *policy,
- const DBusString *service_name);
dbus_uint32_t flags,
dbus_uint32_t *result,
diff --git a/bus/stats.c b/bus/stats.c
-index 1582255..4ba72d6 100644
+index 1582255..c25be98 100644
--- a/bus/stats.c
+++ b/bus/stats.c
@@ -36,7 +36,7 @@
bus_stats_handle_get_stats (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -104,17 +104,17 @@ bus_stats_handle_get_stats (DBusConnection *connection,
+@@ -51,6 +51,9 @@ bus_stats_handle_get_stats (DBusConnection *connection,
+
+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
++ if (!bus_driver_check_message_is_for_us (message, error))
++ return BUS_RESULT_FALSE;
++
+ context = bus_transaction_get_context (transaction);
+ connections = bus_context_get_connections (context);
+
+@@ -104,17 +107,17 @@ bus_stats_handle_get_stats (DBusConnection *connection,
goto oom;
dbus_message_unref (reply);
bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -209,7 +209,7 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,
+@@ -209,7 +212,7 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,
goto oom;
dbus_message_unref (reply);
oom:
BUS_SET_OOM (error);
-@@ -218,11 +218,11 @@ failed:
+@@ -218,11 +221,11 @@ failed:
if (reply != NULL)
dbus_message_unref (reply);
bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -246,7 +246,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
+@@ -246,7 +249,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
matchmaker = bus_context_get_matchmaker (context);
if (!bus_registry_list_services (registry, &services, &services_len))
reply = dbus_message_new_method_return (message);
if (reply == NULL)
-@@ -325,7 +325,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
+@@ -325,7 +328,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
dbus_message_unref (reply);
dbus_free_string_array (services);
oom:
if (reply != NULL)
-@@ -334,7 +334,7 @@ oom:
+@@ -334,7 +337,7 @@ oom:
dbus_free_string_array (services);
BUS_SET_OOM (error);
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
+--
+2.17.2
+
-From 92a373a6dbb1c7cd7c9824167aac232f3e0daebd Mon Sep 17 00:00:00 2001
+From 69ba571e0daa0a7a9aa6c6b5be5d3338a89d144a Mon Sep 17 00:00:00 2001
From: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Date: Tue, 23 Jun 2015 11:08:48 +0200
-Subject: [PATCH 5/5] Perform Cynara runtime policy checks by default
+Subject: Perform Cynara runtime policy checks by default
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Services are supposed to override these default settings to implement their
own security policy.
-Change-Id: Ifb4a160bf6e0638404e0295a2e4fa3077efd881c
-Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
-
Cherry picked from e8610297cf7031e94eb314a2e8c11246f4405403 by Jose Bollo
-Updated for dbus 1.12.10 by Scott Murray.
+Updated for dbus 1.10.20 by Scott Murray and José Bollo
+Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
+diff --git a/bus/activation.c b/bus/activation.c
+index ffdc6fc..6a95b95 100644
+--- a/bus/activation.c
++++ b/bus/activation.c
+@@ -1837,22 +1837,32 @@ bus_activation_activate_service (BusActivation *activation,
+ }
+
+ if (auto_activation &&
+- entry != NULL &&
+- BUS_RESULT_TRUE != bus_context_check_security_policy (activation->context,
+- transaction,
+- connection, /* sender */
+- NULL, /* addressed recipient */
+- NULL, /* proposed recipient */
+- activation_message,
+- entry,
+- error,
+- NULL))
+- {
+- _DBUS_ASSERT_ERROR_IS_SET (error);
+- _dbus_verbose ("activation not authorized: %s: %s\n",
+- error != NULL ? error->name : "(error ignored)",
+- error != NULL ? error->message : "(error ignored)");
+- return FALSE;
++ entry != NULL)
++ {
++ BusResult result;
++
++ result = bus_context_check_security_policy (activation->context,
++ transaction,
++ connection, /* sender */
++ NULL, /* addressed recipient */
++ NULL, /* proposed recipient */
++ activation_message,
++ entry,
++ error,
++ NULL);
++ if (result == BUS_RESULT_FALSE)
++ {
++ _DBUS_ASSERT_ERROR_IS_SET (error);
++ _dbus_verbose ("activation not authorized: %s: %s\n",
++ error != NULL ? error->name : "(error ignored)",
++ error != NULL ? error->message : "(error ignored)");
++ return FALSE;
++ }
++ if (result == BUS_RESULT_LATER)
++ {
++ /* TODO */
++ _dbus_verbose ("ALERT FIX ME!!!!!!!!!!!!!!!");
++ }
+ }
+
+ /* Bypass the registry lookup if we're auto-activating, bus_dispatch would not
diff --git a/bus/session.conf.in b/bus/session.conf.in
index affa7f1..157dfb4 100644
--- a/bus/session.conf.in
<!-- But disallow some specific bus services -->
<deny send_destination="org.freedesktop.DBus"
send_interface="org.freedesktop.DBus"
+--
+2.17.2
+
--- /dev/null
+From 988958f40a2e0575df3d4d48101612713737a5db Mon Sep 17 00:00:00 2001
+From: Jose Bollo <jose.bollo@iot.bzh>
+Date: Wed, 29 May 2019 16:32:50 +0200
+Subject: Fix gcc 8 warnings
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Compiling with -Werror isn't possible without adaptation
+of the code.
+
+Signed-off-by: José Bollo <jose.bollo@iot.bzh>
+
+diff --git a/bus/config-parser-trivial.c b/bus/config-parser-trivial.c
+index dd65c6d..23dedb4 100644
+--- a/bus/config-parser-trivial.c
++++ b/bus/config-parser-trivial.c
+@@ -194,6 +194,7 @@ bus_config_parser_start_element (BusConfigParser *parser,
+ case ELEMENT_POLICY:
+ case ELEMENT_LIMIT:
+ case ELEMENT_ALLOW:
++ case ELEMENT_CHECK:
+ case ELEMENT_DENY:
+ case ELEMENT_FORK:
+ case ELEMENT_PIDFILE:
+@@ -316,6 +317,7 @@ bus_config_parser_content (BusConfigParser *parser,
+ case ELEMENT_POLICY:
+ case ELEMENT_LIMIT:
+ case ELEMENT_ALLOW:
++ case ELEMENT_CHECK:
+ case ELEMENT_DENY:
+ case ELEMENT_FORK:
+ case ELEMENT_PIDFILE:
+diff --git a/bus/config-parser.c b/bus/config-parser.c
+index b5f1dd1..7f91469 100644
+--- a/bus/config-parser.c
++++ b/bus/config-parser.c
+@@ -3408,6 +3408,7 @@ elements_equal (const Element *a,
+ case ELEMENT_LISTEN:
+ case ELEMENT_AUTH:
+ case ELEMENT_ALLOW:
++ case ELEMENT_CHECK:
+ case ELEMENT_DENY:
+ case ELEMENT_FORK:
+ case ELEMENT_PIDFILE:
+diff --git a/bus/desktop-file.c b/bus/desktop-file.c
+index 4459858..4a27ee3 100644
+--- a/bus/desktop-file.c
++++ b/bus/desktop-file.c
+@@ -382,7 +382,7 @@ is_valid_section_name (const char *name)
+
+ while (*name)
+ {
+- if (!((*name >= 'A' && *name <= 'Z') || (*name >= 'a' || *name <= 'z') ||
++ if (!((*name >= ' ' && *name <= '~' && *name != '[' && *name != ']') ||
+ *name == '\n' || *name == '\t'))
+ return FALSE;
+
+diff --git a/bus/driver.h b/bus/driver.h
+index 183c28b..05e9886 100644
+--- a/bus/driver.h
++++ b/bus/driver.h
+@@ -66,5 +66,7 @@ dbus_bool_t bus_driver_send_ack_reply (DBusConnection *connection,
+ BusTransaction *transaction,
+ DBusMessage *message,
+ DBusError *error);
++dbus_bool_t bus_driver_check_message_is_for_us (DBusMessage *message,
++ DBusError *error);
+
+ #endif /* BUS_DRIVER_H */
+diff --git a/bus/policy.c b/bus/policy.c
+index 27b66d1..c4c3d4b 100644
+--- a/bus/policy.c
++++ b/bus/policy.c
+@@ -1098,6 +1098,7 @@ bus_client_policy_check_can_send (DBusConnection *sender,
+ case BUS_POLICY_RULE_ACCESS_ALLOW:
+ result = BUS_RESULT_TRUE;
+ break;
++ default:
+ case BUS_POLICY_RULE_ACCESS_DENY:
+ result = BUS_RESULT_FALSE;
+ break;
+@@ -1350,6 +1351,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
+ case BUS_POLICY_RULE_ACCESS_ALLOW:
+ result = BUS_RESULT_TRUE;
+ break;
++ default:
+ case BUS_POLICY_RULE_ACCESS_DENY:
+ result = BUS_RESULT_FALSE;
+ break;
+@@ -1443,6 +1445,7 @@ bus_rules_check_can_own (DBusList *rules,
+ case BUS_POLICY_RULE_ACCESS_ALLOW:
+ result = BUS_RESULT_TRUE;
+ break;
++ default:
+ case BUS_POLICY_RULE_ACCESS_DENY:
+ result = BUS_RESULT_FALSE;
+ break;
+diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
+index 565e089..b96c735 100644
+--- a/dbus/dbus-sysdeps-unix.c
++++ b/dbus/dbus-sysdeps-unix.c
+@@ -4364,7 +4364,11 @@ _dbus_daemon_unpublish_session_bus_address (void)
+ dbus_bool_t
+ _dbus_get_is_errno_eagain_or_ewouldblock (int e)
+ {
++#if EAGAIN != EWOULDBLOCK
+ return e == EAGAIN || e == EWOULDBLOCK;
++#else
++ return e == EAGAIN;
++#endif
+ }
+
+ /**
+diff --git a/tools/dbus-send.c b/tools/dbus-send.c
+index 6fb65fe..d853b39 100644
+--- a/tools/dbus-send.c
++++ b/tools/dbus-send.c
+@@ -293,10 +293,12 @@ main (int argc, char *argv[])
+ {
+ is_bus = TRUE;
+ }
++#if 0
+ else if (arg[2] == 'p') /* peer */
+ {
+ is_bus = FALSE;
+ }
++#endif
+ else /* address; keeping backwards compatibility */
+ {
+ is_bus = FALSE;
+--
+2.17.2
+
file://0003-Handle-unavailability-of-policy-results-for-broadcas.patch \
file://0004-Add-own-rule-result-unavailability-handling.patch \
file://0005-Perform-Cynara-runtime-policy-checks-by-default.patch \
+ file://0006-Fix-gcc-8-warnings.patch \
"
DEPENDS += "cynara smack"
Code Review / AGL / meta-agl.git / commitdiff