1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ 2 /* policy.h Bus security policy 3 * 4 * Copyright (C) 2003 Red Hat, Inc. 5 * 6 * Licensed under the Academic Free License version 2.1 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 21 * 22 */ 23 24 #ifndef BUS_POLICY_H 25 #define BUS_POLICY_H 26 27 #include <dbus/dbus.h> 28 #include <dbus/dbus-string.h> 29 #include <dbus/dbus-list.h> 30 #include <dbus/dbus-sysdeps.h> 31 #include "bus.h" 32 33 typedef enum 34 { 35 BUS_POLICY_RULE_SEND, 36 BUS_POLICY_RULE_RECEIVE, 37 BUS_POLICY_RULE_OWN, 38 BUS_POLICY_RULE_USER, 39 BUS_POLICY_RULE_GROUP 40 } BusPolicyRuleType; 41 42 /** determines whether the rule affects a connection, or some global item */ 43 #define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \ 44 (rule)->type == BUS_POLICY_RULE_GROUP)) 45 46 struct BusPolicyRule 47 { 48 int refcount; 49 50 BusPolicyRuleType type; 51 52 unsigned int allow : 1; /**< #TRUE if this allows, #FALSE if it denies */ 53 54 union 55 { 56 struct 57 { 58 /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */ 59 int message_type; 60 /* any of these can be NULL meaning "any" */ 61 char *path; 62 char *interface; 63 char *member; 64 char *error; 65 char *destination; 66 unsigned int eavesdrop : 1; 67 unsigned int requested_reply : 1; 68 unsigned int log : 1; 69 } send; 70 71 struct 72 { 73 /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */ 74 int message_type; 75 /* any of these can be NULL meaning "any" */ 76 char *path; 77 char *interface; 78 char *member; 79 char *error; 80 char *origin; 81 unsigned int eavesdrop : 1; 82 unsigned int requested_reply : 1; 83 } receive; 84 85 struct 86 { 87 /* can be NULL meaning "any" */ 88 char *service_name; 89 /* if prefix is set, any name starting with service_name can be owned */ 90 unsigned int prefix : 1; 91 } own; 92 93 struct 94 { 95 /* can be DBUS_UID_UNSET meaning "any" */ 96 dbus_uid_t uid; 97 } user; 98 99 struct 100 { 101 /* can be DBUS_GID_UNSET meaning "any" */ 102 dbus_gid_t gid; 103 } group; 104 105 } d; 106 }; 107 108 BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type, 109 dbus_bool_t allow); 110 BusPolicyRule* bus_policy_rule_ref (BusPolicyRule *rule); 111 void bus_policy_rule_unref (BusPolicyRule *rule); 112 113 BusPolicy* bus_policy_new (void); 114 BusPolicy* bus_policy_ref (BusPolicy *policy); 115 void bus_policy_unref (BusPolicy *policy); 116 BusClientPolicy* bus_policy_create_client_policy (BusPolicy *policy, 117 DBusConnection *connection, 118 DBusError *error); 119 dbus_bool_t bus_policy_allow_unix_user (BusPolicy *policy, 120 unsigned long uid); 121 dbus_bool_t bus_policy_allow_windows_user (BusPolicy *policy, 122 const char *windows_sid); 123 dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy, 124 BusPolicyRule *rule); 125 dbus_bool_t bus_policy_append_mandatory_rule (BusPolicy *policy, 126 BusPolicyRule *rule); 127 dbus_bool_t bus_policy_append_user_rule (BusPolicy *policy, 128 dbus_uid_t uid, 129 BusPolicyRule *rule); 130 dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy, 131 dbus_gid_t gid, 132 BusPolicyRule *rule); 133 dbus_bool_t bus_policy_append_console_rule (BusPolicy *policy, 134 dbus_bool_t at_console, 135 BusPolicyRule *rule); 136 137 dbus_bool_t bus_policy_merge (BusPolicy *policy, 138 BusPolicy *to_absorb); 139 140 BusClientPolicy* bus_client_policy_new (void); 141 BusClientPolicy* bus_client_policy_ref (BusClientPolicy *policy); 142 void bus_client_policy_unref (BusClientPolicy *policy); 143 dbus_bool_t bus_client_policy_check_can_send (BusClientPolicy *policy, 144 BusRegistry *registry, 145 dbus_bool_t requested_reply, 146 DBusConnection *receiver, 147 DBusMessage *message, 148 dbus_int32_t *toggles, 149 dbus_bool_t *log); 150 dbus_bool_t bus_client_policy_check_can_receive (BusClientPolicy *policy, 151 BusRegistry *registry, 152 dbus_bool_t requested_reply, 153 DBusConnection *sender, 154 DBusConnection *addressed_recipient, 155 DBusConnection *proposed_recipient, 156 DBusMessage *message, 157 dbus_int32_t *toggles); 158 dbus_bool_t bus_client_policy_check_can_own (BusClientPolicy *policy, 159 const DBusString *service_name); 160 dbus_bool_t bus_client_policy_append_rule (BusClientPolicy *policy, 161 BusPolicyRule *rule); 162 void bus_client_policy_optimize (BusClientPolicy *policy); 163 164 #ifdef DBUS_BUILD_TESTS 165 dbus_bool_t bus_policy_check_can_own (BusPolicy *policy, 166 const DBusString *service_name); 167 #endif 168 169 #endif /* BUS_POLICY_H */ 170
