1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ 2 /* policy.h Bus security policy 3 * 4 * Copyright (C) 2003 Red Hat, Inc. 5 * 6 * Licensed under the Academic Free License version 2.1 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 21 * 22 */ 23 24 #ifndef BUS_POLICY_H 25 #define BUS_POLICY_H 26 27 #include <dbus/dbus.h> 28 #include <dbus/dbus-string.h> 29 #include <dbus/dbus-list.h> 30 #include <dbus/dbus-sysdeps.h> 31 #include "bus.h" 32 33 typedef enum 34 { 35 BUS_POLICY_RULE_SEND, 36 BUS_POLICY_RULE_RECEIVE, 37 BUS_POLICY_RULE_OWN, 38 BUS_POLICY_RULE_USER, 39 BUS_POLICY_RULE_GROUP 40 } BusPolicyRuleType; 41 42 /** determines whether the rule affects a connection, or some global item */ 43 #define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \ 44 (rule)->type == BUS_POLICY_RULE_GROUP)) 45 46 struct BusPolicyRule 47 { 48 int refcount; 49 50 BusPolicyRuleType type; 51 52 unsigned int allow : 1; /**< #TRUE if this allows, #FALSE if it denies */ 53 54 union 55 { 56 struct 57 { 58 /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */ 59 int message_type; 60 /* any of these can be NULL meaning "any" */ 61 char *path; 62 char *interface; 63 char *member; 64 char *error; 65 char *destination; 66 unsigned int eavesdrop : 1; 67 unsigned int requested_reply : 1; 68 unsigned int log : 1; 69 } send; 70 71 struct 72 { 73 /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */ 74 int message_type; 75 /* any of these can be NULL meaning "any" */ 76 char *path; 77 char *interface; 78 char *member; 79 char *error; 80 char *origin; 81 unsigned int eavesdrop : 1; 82 unsigned int requested_reply : 1; 83 } receive; 84 85 struct 86 { 87 /* can be NULL meaning "any" */ 88 char *service_name; 89 } own; 90 91 struct 92 { 93 /* can be DBUS_UID_UNSET meaning "any" */ 94 dbus_uid_t uid; 95 } user; 96 97 struct 98 { 99 /* can be DBUS_GID_UNSET meaning "any" */ 100 dbus_gid_t gid; 101 } group; 102 103 } d; 104 }; 105 106 BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type, 107 dbus_bool_t allow); 108 BusPolicyRule* bus_policy_rule_ref (BusPolicyRule *rule); 109 void bus_policy_rule_unref (BusPolicyRule *rule); 110 111 BusPolicy* bus_policy_new (void); 112 BusPolicy* bus_policy_ref (BusPolicy *policy); 113 void bus_policy_unref (BusPolicy *policy); 114 BusClientPolicy* bus_policy_create_client_policy (BusPolicy *policy, 115 DBusConnection *connection, 116 DBusError *error); 117 dbus_bool_t bus_policy_allow_unix_user (BusPolicy *policy, 118 unsigned long uid); 119 dbus_bool_t bus_policy_allow_windows_user (BusPolicy *policy, 120 const char *windows_sid); 121 dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy, 122 BusPolicyRule *rule); 123 dbus_bool_t bus_policy_append_mandatory_rule (BusPolicy *policy, 124 BusPolicyRule *rule); 125 dbus_bool_t bus_policy_append_user_rule (BusPolicy *policy, 126 dbus_uid_t uid, 127 BusPolicyRule *rule); 128 dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy, 129 dbus_gid_t gid, 130 BusPolicyRule *rule); 131 dbus_bool_t bus_policy_append_console_rule (BusPolicy *policy, 132 dbus_bool_t at_console, 133 BusPolicyRule *rule); 134 135 dbus_bool_t bus_policy_merge (BusPolicy *policy, 136 BusPolicy *to_absorb); 137 138 BusClientPolicy* bus_client_policy_new (void); 139 BusClientPolicy* bus_client_policy_ref (BusClientPolicy *policy); 140 void bus_client_policy_unref (BusClientPolicy *policy); 141 dbus_bool_t bus_client_policy_check_can_send (BusClientPolicy *policy, 142 BusRegistry *registry, 143 dbus_bool_t requested_reply, 144 DBusConnection *receiver, 145 DBusMessage *message, 146 dbus_int32_t *toggles, 147 dbus_bool_t *log); 148 dbus_bool_t bus_client_policy_check_can_receive (BusClientPolicy *policy, 149 BusRegistry *registry, 150 dbus_bool_t requested_reply, 151 DBusConnection *sender, 152 DBusConnection *addressed_recipient, 153 DBusConnection *proposed_recipient, 154 DBusMessage *message, 155 dbus_int32_t *toggles); 156 dbus_bool_t bus_client_policy_check_can_own (BusClientPolicy *policy, 157 DBusConnection *connection, 158 const DBusString *service_name); 159 dbus_bool_t bus_client_policy_append_rule (BusClientPolicy *policy, 160 BusPolicyRule *rule); 161 void bus_client_policy_optimize (BusClientPolicy *policy); 162 163 164 #endif /* BUS_POLICY_H */ 165
