diff options
| author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2016-11-21 20:56:55 +0000 |
|---|---|---|
| committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2016-11-28 12:11:41 +0000 |
| commit | 373cc47c7c50adb1b624526cfa452d52954621a5 (patch) | |
| tree | f27305cd14ef4727a79572145c47d9f79f959ec8 /test/sd-activation.c | |
| parent | 5503511f91a66f0888937690e95d85100bcde4e4 (diff) | |
| download | dbus-373cc47c7c50adb1b624526cfa452d52954621a5.tar.gz | |
Do not auto-activate services if we could not send a message
We specifically do not check recipient policies, because
the recipient policy is based on properties of the
recipient process (in particular, its uid), which we do
not necessarily know until we have already started it.
In this initial implementation we do not check LSMs either,
because we cannot know what LSM context the recipient process
is going to have. However, LSM support will need to be added
to make this feature useful, because StartServiceByName is
normally allowed in non-LSM environments, and is more
powerful than auto-activation anyway.
The StartServiceByName method does not go through this check,
because if access to that method has been granted, then
it's somewhat obvious that you can start arbitrary services.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98666
Diffstat (limited to 'test/sd-activation.c')
| -rw-r--r-- | test/sd-activation.c | 38 |
1 files changed, 3 insertions, 35 deletions
diff --git a/test/sd-activation.c b/test/sd-activation.c index 6d529870..9b2a5bb5 100644 --- a/test/sd-activation.c +++ b/test/sd-activation.c @@ -575,44 +575,12 @@ test_deny_send (Fixture *f, dbus_connection_send (f->caller, m, NULL); dbus_message_unref (m); - /* The fake systemd connects to the bus. */ - f->systemd = test_connect_to_bus (f->ctx, f->address); - if (!dbus_connection_add_filter (f->systemd, systemd_filter, f, NULL)) - g_error ("OOM"); - f->systemd_filter_added = TRUE; - f->systemd_name = dbus_bus_get_unique_name (f->systemd); - take_well_known_name (f, f->systemd, "org.freedesktop.systemd1"); - - /* It gets its activation request. */ - while (f->caller_message == NULL && f->systemd_message == NULL) - test_main_context_iterate (f->ctx, TRUE); - - g_assert (f->caller_message == NULL); - g_assert (f->systemd_message != NULL); - - m = f->systemd_message; - f->systemd_message = NULL; - assert_signal (m, DBUS_SERVICE_DBUS, DBUS_PATH_DBUS, - "org.freedesktop.systemd1.Activator", "ActivationRequest", "s", - "org.freedesktop.systemd1"); - dbus_message_unref (m); - - /* systemd starts the activatable service. */ - f->activated = test_connect_to_bus (f->ctx, f->address); - if (!dbus_connection_add_filter (f->activated, activated_filter, - f, NULL)) - g_error ("OOM"); - f->activated_filter_added = TRUE; - f->activated_name = dbus_bus_get_unique_name (f->activated); - take_well_known_name (f, f->activated, "com.example.SendDenied"); + /* Even before the fake systemd connects to the bus, we get an error + * back: activation is not allowed. */ - /* We re-do the message matching, and now the message is - * forbidden by the receive policy. */ - while (f->activated_message == NULL && f->caller_message == NULL) + while (f->caller_message == NULL) test_main_context_iterate (f->ctx, TRUE); - g_assert (f->activated_message == NULL); - m = f->caller_message; f->caller_message = NULL; assert_error_reply (m, DBUS_SERVICE_DBUS, f->caller_name, |