diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-07-23 09:28:45 -0400 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-07-23 09:29:02 -0400 |
commit | a6c97fc460e1e6bfd491262530057f876f6b20d1 (patch) | |
tree | c2f2d4860fe421d48d4491b83bd01cf8aca88a2b | |
parent | 4bc5d27b942afa83cc3d95debd2ad48d42ac07a8 (diff) | |
download | systemd-a6c97fc460e1e6bfd491262530057f876f6b20d1.tar.gz |
Drop bus-policy bits
-rw-r--r-- | src/core/bus-policy.c | 180 | ||||
-rw-r--r-- | src/core/bus-policy.h | 64 | ||||
-rw-r--r-- | src/core/meson.build | 2 | ||||
-rw-r--r-- | test/bus-policy/check-own-rules.conf | 14 | ||||
-rw-r--r-- | test/bus-policy/hello.conf | 14 | ||||
-rw-r--r-- | test/bus-policy/many-rules.conf | 61 | ||||
-rw-r--r-- | test/bus-policy/methods.conf | 17 | ||||
-rw-r--r-- | test/bus-policy/ownerships.conf | 24 | ||||
-rw-r--r-- | test/bus-policy/signals.conf | 15 | ||||
-rw-r--r-- | test/bus-policy/test.conf | 20 | ||||
-rw-r--r-- | test/meson.build | 7 |
11 files changed, 0 insertions, 418 deletions
diff --git a/src/core/bus-policy.c b/src/core/bus-policy.c deleted file mode 100644 index 4907c268e8..0000000000 --- a/src/core/bus-policy.c +++ /dev/null @@ -1,180 +0,0 @@ -/*** - This file is part of systemd. - - Copyright 2014 Daniel Mack - - systemd is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation; either version 2.1 of the License, or - (at your option) any later version. - - systemd is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with systemd; If not, see <http://www.gnu.org/licenses/>. -***/ - -#include <stdlib.h> - -#include "alloc-util.h" -#include "bus-kernel.h" -#include "bus-policy.h" -#include "kdbus.h" -#include "string-table.h" -#include "user-util.h" -#include "util.h" - -int bus_kernel_translate_access(BusPolicyAccess access) { - assert(access >= 0); - assert(access < _BUS_POLICY_ACCESS_MAX); - - switch (access) { - - case BUS_POLICY_ACCESS_SEE: - return KDBUS_POLICY_SEE; - - case BUS_POLICY_ACCESS_TALK: - return KDBUS_POLICY_TALK; - - case BUS_POLICY_ACCESS_OWN: - return KDBUS_POLICY_OWN; - - default: - assert_not_reached("Unknown policy access"); - } -} - -int bus_kernel_translate_policy(const BusNamePolicy *policy, struct kdbus_item *item) { - int r; - - assert(policy); - assert(item); - - switch (policy->type) { - - case BUSNAME_POLICY_TYPE_USER: { - const char *user = policy->name; - uid_t uid; - - r = get_user_creds(&user, &uid, NULL, NULL, NULL); - if (r < 0) - return r; - - item->policy_access.type = KDBUS_POLICY_ACCESS_USER; - item->policy_access.id = uid; - break; - } - - case BUSNAME_POLICY_TYPE_GROUP: { - const char *group = policy->name; - gid_t gid; - - r = get_group_creds(&group, &gid); - if (r < 0) - return r; - - item->policy_access.type = KDBUS_POLICY_ACCESS_GROUP; - item->policy_access.id = gid; - break; - } - - default: - assert_not_reached("Unknown policy type"); - } - - item->policy_access.access = bus_kernel_translate_access(policy->access); - - return 0; -} - -int bus_kernel_make_starter( - int fd, - const char *name, - bool activating, - bool accept_fd, - BusNamePolicy *policy, - BusPolicyAccess world_policy) { - - struct kdbus_cmd_free cmd_free = { .size = sizeof(cmd_free) }; - struct kdbus_cmd_hello *hello; - struct kdbus_item *n; - size_t policy_cnt = 0; - BusNamePolicy *po; - size_t size; - int r; - - assert(fd >= 0); - assert(name); - - LIST_FOREACH(policy, po, policy) - policy_cnt++; - - if (world_policy >= 0) - policy_cnt++; - - size = offsetof(struct kdbus_cmd_hello, items) + - ALIGN8(offsetof(struct kdbus_item, str) + strlen(name) + 1) + - policy_cnt * ALIGN8(offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access)); - - hello = alloca0_align(size, 8); - - n = hello->items; - strcpy(n->str, name); - n->size = offsetof(struct kdbus_item, str) + strlen(n->str) + 1; - n->type = KDBUS_ITEM_NAME; - n = KDBUS_ITEM_NEXT(n); - - LIST_FOREACH(policy, po, policy) { - n->type = KDBUS_ITEM_POLICY_ACCESS; - n->size = offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access); - - r = bus_kernel_translate_policy(po, n); - if (r < 0) - return r; - - n = KDBUS_ITEM_NEXT(n); - } - - if (world_policy >= 0) { - n->type = KDBUS_ITEM_POLICY_ACCESS; - n->size = offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access); - n->policy_access.type = KDBUS_POLICY_ACCESS_WORLD; - n->policy_access.access = bus_kernel_translate_access(world_policy); - } - - hello->size = size; - hello->flags = - (activating ? KDBUS_HELLO_ACTIVATOR : KDBUS_HELLO_POLICY_HOLDER) | - (accept_fd ? KDBUS_HELLO_ACCEPT_FD : 0); - hello->pool_size = KDBUS_POOL_SIZE; - hello->attach_flags_send = _KDBUS_ATTACH_ANY; - hello->attach_flags_recv = _KDBUS_ATTACH_ANY; - - if (ioctl(fd, KDBUS_CMD_HELLO, hello) < 0) { - if (errno == ENOTTY) /* Major API change */ - return -ESOCKTNOSUPPORT; - return -errno; - } - - /* not interested in any output values */ - cmd_free.offset = hello->offset; - (void) ioctl(fd, KDBUS_CMD_FREE, &cmd_free); - - /* The higher 32bit of the bus_flags fields are considered - * 'incompatible flags'. Refuse them all for now. */ - if (hello->bus_flags > 0xFFFFFFFFULL) - return -ESOCKTNOSUPPORT; - - return fd; -} - -static const char* const bus_policy_access_table[_BUS_POLICY_ACCESS_MAX] = { - [BUS_POLICY_ACCESS_SEE] = "see", - [BUS_POLICY_ACCESS_TALK] = "talk", - [BUS_POLICY_ACCESS_OWN] = "own", -}; - -DEFINE_STRING_TABLE_LOOKUP(bus_policy_access, BusPolicyAccess); diff --git a/src/core/bus-policy.h b/src/core/bus-policy.h deleted file mode 100644 index 5b2c4d5953..0000000000 --- a/src/core/bus-policy.h +++ /dev/null @@ -1,64 +0,0 @@ -#pragma once - -/*** - This file is part of systemd. - - Copyright 2014 Daniel Mack - - systemd is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation; either version 2.1 of the License, or - (at your option) any later version. - - systemd is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with systemd; If not, see <http://www.gnu.org/licenses/>. -***/ - -#include "kdbus.h" -#include "list.h" -#include "macro.h" - -typedef struct BusNamePolicy BusNamePolicy; - -typedef enum BusPolicyAccess { - BUS_POLICY_ACCESS_SEE, - BUS_POLICY_ACCESS_TALK, - BUS_POLICY_ACCESS_OWN, - _BUS_POLICY_ACCESS_MAX, - _BUS_POLICY_ACCESS_INVALID = -1 -} BusPolicyAccess; - -typedef enum BusNamePolicyType { - BUSNAME_POLICY_TYPE_USER, - BUSNAME_POLICY_TYPE_GROUP, - _BUSNAME_POLICY_TYPE_MAX, - _BUSNAME_POLICY_TYPE_INVALID = -1 -} BusNamePolicyType; - -struct BusNamePolicy { - BusNamePolicyType type; - BusPolicyAccess access; - - char *name; - - LIST_FIELDS(BusNamePolicy, policy); -}; - -int bus_kernel_translate_access(BusPolicyAccess access); -int bus_kernel_translate_policy(const BusNamePolicy *policy, struct kdbus_item *item); - -const char* bus_policy_access_to_string(BusPolicyAccess i) _const_; -BusPolicyAccess bus_policy_access_from_string(const char *s) _pure_; - -int bus_kernel_make_starter( - int fd, - const char *name, - bool activating, - bool accept_fd, - BusNamePolicy *policy, - BusPolicyAccess world_policy); diff --git a/src/core/meson.build b/src/core/meson.build index eb9d74b649..569eed9cad 100644 --- a/src/core/meson.build +++ b/src/core/meson.build @@ -15,8 +15,6 @@ libcore_la_sources = ''' service.h socket.c socket.h - bus-policy.c - bus-policy.h target.c target.h device.c diff --git a/test/bus-policy/check-own-rules.conf b/test/bus-policy/check-own-rules.conf deleted file mode 100644 index bc2f415fcb..0000000000 --- a/test/bus-policy/check-own-rules.conf +++ /dev/null @@ -1,14 +0,0 @@ -<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" - "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> -<busconfig> - <user>mybususer</user> - <listen>unix:path=/foo/bar</listen> - <listen>tcp:port=1234</listen> - <servicedir>/usr/share/foo</servicedir> - <policy context="default"> - <allow user="*"/> - <deny own="*"/> - <allow own_prefix="org.freedesktop.ManySystems"/> - </policy> - -</busconfig> diff --git a/test/bus-policy/hello.conf b/test/bus-policy/hello.conf deleted file mode 100644 index af09893de6..0000000000 --- a/test/bus-policy/hello.conf +++ /dev/null @@ -1,14 +0,0 @@ -<?xml version="1.0"?> <!--*-nxml-*--> -<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" - "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> - -<busconfig> - - <policy context="default"> - <allow user="*"/> - - <deny user="1"/> - <deny group="1"/> - </policy> - -</busconfig> diff --git a/test/bus-policy/many-rules.conf b/test/bus-policy/many-rules.conf deleted file mode 100644 index 70dd538c11..0000000000 --- a/test/bus-policy/many-rules.conf +++ /dev/null @@ -1,61 +0,0 @@ -<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" - "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> -<busconfig> - <user>mybususer</user> - <listen>unix:path=/foo/bar</listen> - <listen>tcp:port=1234</listen> - <includedir>basic.d</includedir> - <standard_session_servicedirs /> - <servicedir>/usr/share/foo</servicedir> - <include ignore_missing="yes">nonexistent.conf</include> - <policy context="default"> - <allow user="*"/> - <deny send_interface="org.freedesktop.System" send_member="Reboot"/> - <deny receive_interface="org.freedesktop.System" receive_member="Reboot"/> - <deny send_path="/foo/bar/SystemObjectThing" send_member="Reboot"/> - <deny own="org.freedesktop.System"/> - <deny own_prefix="org.freedesktop.ManySystems"/> - <deny send_destination="org.freedesktop.System"/> - <deny receive_sender="org.freedesktop.System"/> - <deny user="root"/> - <deny group="bin"/> - <allow send_type="error"/> - <allow send_type="method_call"/> - <allow send_type="method_return"/> - <allow send_type="signal"/> - <deny send_destination="org.freedesktop.Bar" send_interface="org.freedesktop.Foo"/> - <deny send_destination="org.freedesktop.Bar" send_interface="org.freedesktop.Foo" send_type="method_call"/> - </policy> - - <policy context="mandatory"> - <allow user="*"/> - <deny send_interface="org.freedesktop.System" send_member="Reboot"/> - <deny receive_interface="org.freedesktop.System" receive_member="Reboot"/> - <deny send_path="/foo/bar/SystemObjectThing" send_member="Reboot"/> - <deny own="org.freedesktop.System"/> - <deny own_prefix="org.freedesktop.ManySystems"/> - <deny send_destination="org.freedesktop.System"/> - <deny receive_sender="org.freedesktop.System"/> - <deny user="root"/> - <deny group="bin"/> - <allow send_type="error"/> - <allow send_type="method_call"/> - <allow send_type="method_return"/> - <allow send_type="signal"/> - <deny send_destination="org.freedesktop.Bar" send_interface="org.freedesktop.Foo"/> - <deny send_destination="org.freedesktop.Bar" send_interface="org.freedesktop.Foo" send_type="method_call"/> - </policy> - - <limit name="max_incoming_bytes">5000</limit> - <limit name="max_outgoing_bytes">5000</limit> - <limit name="max_message_size">300</limit> - <limit name="service_start_timeout">5000</limit> - <limit name="auth_timeout">6000</limit> - <limit name="max_completed_connections">50</limit> - <limit name="max_incomplete_connections">80</limit> - <limit name="max_connections_per_user">64</limit> - <limit name="max_pending_service_starts">64</limit> - <limit name="max_names_per_connection">256</limit> - <limit name="max_match_rules_per_connection">512</limit> - -</busconfig> diff --git a/test/bus-policy/methods.conf b/test/bus-policy/methods.conf deleted file mode 100644 index 4bc38f9151..0000000000 --- a/test/bus-policy/methods.conf +++ /dev/null @@ -1,17 +0,0 @@ -<?xml version="1.0"?> <!--*-nxml-*--> -<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" - "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> - -<busconfig> - - <policy context="default"> - <deny send_type="method_call"/> - - <deny send_destination="org.test.test1"/> - <allow send_destination="org.test.test1" send_interface="org.test.int1"/> - <allow send_destination="org.test.test1" send_interface="org.test.int2"/> - - <allow receive_sender="org.test.test3" receive_interface="org.test.int3" receive_member="Member111"/> - </policy> - -</busconfig> diff --git a/test/bus-policy/ownerships.conf b/test/bus-policy/ownerships.conf deleted file mode 100644 index bc3a230a26..0000000000 --- a/test/bus-policy/ownerships.conf +++ /dev/null @@ -1,24 +0,0 @@ -<?xml version="1.0"?> <!--*-nxml-*--> -<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" - "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> - -<busconfig> - - <policy context="default"> - <allow own="org.test.test1"/> - </policy> - - <policy context="mandatory"> - <deny own="org.test.test3"/> - </policy> - - <policy user="root"> - <allow own="org.test.test2"/> - <allow own="org.test.test3"/> - </policy> - - <policy user="1"> - <allow own="org.test.test4"/> - </policy> - -</busconfig> diff --git a/test/bus-policy/signals.conf b/test/bus-policy/signals.conf deleted file mode 100644 index 440e3fe6d0..0000000000 --- a/test/bus-policy/signals.conf +++ /dev/null @@ -1,15 +0,0 @@ -<?xml version="1.0"?> <!--*-nxml-*--> -<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" - "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> - -<busconfig> - - <policy context="default"> - <allow send_type="signal"/> - </policy> - - <policy user="1"> - <deny send_type="signal"/> - </policy> - -</busconfig> diff --git a/test/bus-policy/test.conf b/test/bus-policy/test.conf deleted file mode 100644 index ee6afcdfbb..0000000000 --- a/test/bus-policy/test.conf +++ /dev/null @@ -1,20 +0,0 @@ -<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" - "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> -<busconfig> - <!-- The following demonstrates how to punch holes in a default deny-all - policy so that a particular user can own a service, and other - connections can get messages from it --> - - <!-- Only root can own the FooService service, and - this user can only send the one kind of message --> - <policy user="root"> - <allow own="org.foo.FooService"/> - <allow send_interface="org.foo.FooBroadcastInterface"/> - </policy> - - <!-- Allow any connection to receive the message, but - only if the message is sent by the owner of FooService --> - <policy context="default"> - <allow receive_interface="org.foo.FooBroadcastInterface" receive_sender="org.foo.FooService"/> - </policy> -</busconfig> diff --git a/test/meson.build b/test/meson.build index a5d78fb87b..c16ca92702 100644 --- a/test/meson.build +++ b/test/meson.build @@ -126,13 +126,6 @@ test_data_files = ''' test-execute/exec-read-only-path-succeed.service test-execute/exec-privatedevices-yes-capability-sys-rawio.service test-execute/exec-privatedevices-no-capability-sys-rawio.service - bus-policy/hello.conf - bus-policy/methods.conf - bus-policy/ownerships.conf - bus-policy/signals.conf - bus-policy/check-own-rules.conf - bus-policy/many-rules.conf - bus-policy/test.conf hwdb/10-bad.hwdb journal-data/journal-1.txt journal-data/journal-2.txt |