Lines Matching full:policy
2 /* policy.c Bus security policy
24 #include "policy.h"
128 DBusList *default_rules; /**< Default policy rules */
129 DBusList *mandatory_rules; /**< Mandatory policy rules */
130 DBusHashTable *rules_by_uid; /**< per-UID policy rules */
131 DBusHashTable *rules_by_gid; /**< per-GID policy rules */
132 DBusList *at_console_true_rules; /**< console user policy rules where at_console="true"*/
133 DBusList *at_console_false_rules; /**< console user policy rules where at_console="false"*/
163 BusPolicy *policy;
165 policy = dbus_new0 (BusPolicy, 1);
166 if (policy == NULL)
169 policy->refcount = 1;
171 policy->rules_by_uid = _dbus_hash_table_new (DBUS_HASH_ULONG,
174 if (policy->rules_by_uid == NULL)
177 policy->rules_by_gid = _dbus_hash_table_new (DBUS_HASH_ULONG,
180 if (policy->rules_by_gid == NULL)
183 return policy;
186 bus_policy_unref (policy);
191 bus_policy_ref (BusPolicy *policy)
193 _dbus_assert (policy->refcount > 0);
195 policy->refcount += 1;
197 return policy;
201 bus_policy_unref (BusPolicy *policy)
203 _dbus_assert (policy->refcount > 0);
205 policy->refcount -= 1;
207 if (policy->refcount == 0)
209 _dbus_list_foreach (&policy->default_rules, free_rule_func, NULL);
210 _dbus_list_clear (&policy->default_rules);
212 _dbus_list_foreach (&policy->mandatory_rules, free_rule_func, NULL);
213 _dbus_list_clear (&policy->mandatory_rules);
215 _dbus_list_foreach (&policy->at_console_true_rules, free_rule_func, NULL);
216 _dbus_list_clear (&policy->at_console_true_rules);
218 _dbus_list_foreach (&policy->at_console_false_rules, free_rule_func, NULL);
219 _dbus_list_clear (&policy->at_console_false_rules);
221 if (policy->rules_by_uid)
223 _dbus_hash_table_unref (policy->rules_by_uid);
224 policy->rules_by_uid = NULL;
227 if (policy->rules_by_gid)
229 _dbus_hash_table_unref (policy->rules_by_gid);
230 policy->rules_by_gid = NULL;
233 dbus_free (policy);
270 bus_policy_create_client_policy (BusPolicy *policy,
285 if (!add_list_to_client (&policy->default_rules,
292 if (_dbus_hash_table_get_n_entries (policy->rules_by_gid) > 0)
306 list = _dbus_hash_table_lookup_ulong (policy->rules_by_gid,
327 "No user ID known for connection, cannot determine security policy\n");
331 if (_dbus_hash_table_get_n_entries (policy->rules_by_uid) > 0)
335 list = _dbus_hash_table_lookup_ulong (policy->rules_by_uid,
350 if (!add_list_to_client (&policy->at_console_true_rules, client))
357 else if (!add_list_to_client (&policy->at_console_false_rules, client))
362 if (!add_list_to_client (&policy->mandatory_rules,
440 bus_policy_allow_user (BusPolicy *policy,
461 &policy->default_rules,
466 &policy->mandatory_rules,
478 bus_policy_append_default_rule (BusPolicy *policy,
481 if (!_dbus_list_append (&policy->default_rules, rule))
490 bus_policy_append_mandatory_rule (BusPolicy *policy,
493 if (!_dbus_list_append (&policy->mandatory_rules, rule))
528 bus_policy_append_user_rule (BusPolicy *policy,
534 list = get_list (policy->rules_by_uid, uid);
548 bus_policy_append_group_rule (BusPolicy *policy,
554 list = get_list (policy->rules_by_gid, gid);
568 bus_policy_append_console_rule (BusPolicy *policy,
574 if (!_dbus_list_append (&policy->at_console_true_rules, rule))
579 if (!_dbus_list_append (&policy->at_console_false_rules, rule))
645 bus_policy_merge (BusPolicy *policy,
652 if (!append_copy_of_policy_list (&policy->default_rules,
656 if (!append_copy_of_policy_list (&policy->mandatory_rules,
660 if (!append_copy_of_policy_list (&policy->at_console_true_rules,
664 if (!append_copy_of_policy_list (&policy->at_console_false_rules,
668 if (!merge_id_hash (policy->rules_by_uid,
672 if (!merge_id_hash (policy->rules_by_gid,
689 BusClientPolicy *policy;
691 policy = dbus_new0 (BusClientPolicy, 1);
692 if (policy == NULL)
695 policy->refcount = 1;
697 return policy;
701 bus_client_policy_ref (BusClientPolicy *policy)
703 _dbus_assert (policy->refcount > 0);
705 policy->refcount += 1;
707 return policy;
720 bus_client_policy_unref (BusClientPolicy *policy)
722 _dbus_assert (policy->refcount > 0);
724 policy->refcount -= 1;
726 if (policy->refcount == 0)
728 _dbus_list_foreach (&policy->rules,
732 _dbus_list_clear (&policy->rules);
734 dbus_free (policy);
739 remove_rules_by_type_up_to (BusClientPolicy *policy,
745 link = _dbus_list_get_first_link (&policy->rules);
749 DBusList *next = _dbus_list_get_next_link (&policy->rules, link);
753 _dbus_list_remove_link (&policy->rules, link);
762 bus_client_policy_optimize (BusClientPolicy *policy)
780 _dbus_verbose ("Optimizing policy with %d rules\n",
781 _dbus_list_get_length (&policy->rules));
783 link = _dbus_list_get_first_link (&policy->rules);
790 next = _dbus_list_get_next_link (&policy->rules, link);
828 remove_rules_by_type_up_to (policy, rule->type,
834 _dbus_verbose ("After optimization, policy has %d rules\n",
835 _dbus_list_get_length (&policy->rules));
839 bus_client_policy_append_rule (BusClientPolicy *policy,
842 _dbus_verbose ("Appending rule %p with type %d to policy %p\n",
843 rule, rule->type, policy);
845 if (!_dbus_list_append (&policy->rules, rule))
854 bus_client_policy_check_can_send (BusClientPolicy *policy,
863 /* policy->rules is in the order the rules appeared
867 _dbus_verbose (" (policy) checking send rules\n");
870 link = _dbus_list_get_first_link (&policy->rules);
875 link = _dbus_list_get_next_link (&policy->rules, link);
884 _dbus_verbose (" (policy) skipping non-send rule\n");
892 _dbus_verbose (" (policy) skipping rule for different message type\n");
906 _dbus_verbose (" (policy) skipping allow rule since it only applies to requested replies\n");
916 _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n");
927 _dbus_verbose (" (policy) skipping rule for different path\n");
938 _dbus_verbose (" (policy) skipping rule for different interface\n");
949 _dbus_verbose (" (policy) skipping rule for different member\n");
960 _dbus_verbose (" (policy) skipping rule for different error name\n");
977 _dbus_verbose (" (policy) skipping rule because message dest is not %s\n",
992 _dbus_verbose (" (policy) skipping rule because dest %s doesn't exist\n",
999 _dbus_verbose (" (policy) skipping rule because dest %s isn't owned by receiver\n",
1009 _dbus_verbose (" (policy) used rule, allow now = %d\n",
1020 bus_client_policy_check_can_receive (BusClientPolicy *policy,
1036 /* policy->rules is in the order the rules appeared
1040 _dbus_verbose (" (policy) checking receive rules, eavesdropping = %d\n", eavesdropping);
1043 link = _dbus_list_get_first_link (&policy->rules);
1048 link = _dbus_list_get_next_link (&policy->rules, link);
1052 _dbus_verbose (" (policy) skipping non-receive rule\n");
1060 _dbus_verbose (" (policy) skipping rule for different message type\n");
1070 _dbus_verbose (" (policy) skipping allow rule since it doesn't apply to eavesdropping\n");
1079 _dbus_verbose (" (policy) skipping deny rule since it only applies to eavesdropping\n");
1092 _dbus_verbose (" (policy) skipping allow rule since it only applies to requested replies\n");
1102 _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n");
1113 _dbus_verbose (" (policy) skipping rule for different path\n");
1124 _dbus_verbose (" (policy) skipping rule for different interface\n");
1135 _dbus_verbose (" (policy) skipping rule for different member\n");
1146 _dbus_verbose (" (policy) skipping rule for different error name\n");
1163 _dbus_verbose (" (policy) skipping rule because message sender is not %s\n",
1179 _dbus_verbose (" (policy) skipping rule because origin %s doesn't exist\n",
1186 policy) skipping rule because origin %s isn't owned by sender\n",
1196 _dbus_verbose (" (policy) used rule, allow now = %d\n",
1204 bus_client_policy_check_can_own (BusClientPolicy *policy,
1211 /* policy->rules is in the order the rules appeared
1216 link = _dbus_list_get_first_link (&policy->rules);
1221 link = _dbus_list_get_next_link (&policy->rules, link);
