diff options
author | Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2019-04-09 18:20:38 +0200 |
---|---|---|
committer | Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2019-04-09 18:24:36 +0200 |
commit | 99cef05b4c32c401868c7f487784130e607ca74c (patch) | |
tree | 21c978e2209cddafd44e8b850eaa53dde7ed7553 /meta-security/recipes-core/dbus-cynara | |
parent | 0f1670b4b635d54c744a3e697be169957f321808 (diff) | |
parent | ffa9f4476251778974c77e35d924c20b29bf2792 (diff) |
Merge remote-tracking branch 'origin/sandbox/sdesneux/thud-upgrade'
Update the core distro to YP 2.6 'thud'.
Bug-AGL: SPEC-1837
Change-Id: I5a753503c4ca15bcb0d4f0f30c4a91e7d50ab024
Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
Diffstat (limited to 'meta-security/recipes-core/dbus-cynara')
-rw-r--r-- | meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch | 389 | ||||
-rw-r--r-- | meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch | 104 | ||||
-rw-r--r-- | meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch | 117 | ||||
-rw-r--r-- | meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch | 305 | ||||
-rw-r--r-- | meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch | 22 | ||||
-rw-r--r-- | meta-security/recipes-core/dbus-cynara/dbus-cynara_1.12.10.bb (renamed from meta-security/recipes-core/dbus-cynara/dbus-cynara_1.10.20.bb) | 2 | ||||
-rw-r--r-- | meta-security/recipes-core/dbus-cynara/dbus_%.bbappend | 1 |
7 files changed, 410 insertions, 530 deletions
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch index 6a7e8a39d..d04c60cd9 100644 --- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch +++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch @@ -19,46 +19,17 @@ Currently such return value results in message denial. Cherry picked from 4dcfb02f17247ff9de966b62182cd2e08f301238 by José Bollo. +Updated for dbus 1.10.20 by Scott Murray. + Change-Id: I9bcbce34577e5dc2a3cecf6233a0a2b0e43e1108 Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - bus/Makefile.am | 6 + - bus/bus.c | 136 +++++--- - bus/bus.h | 32 +- - bus/check.c | 217 ++++++++++++ - bus/check.h | 68 ++++ - bus/config-parser-common.c | 6 + - bus/config-parser-common.h | 1 + - bus/config-parser.c | 71 +++- - bus/connection.c | 56 ++- - bus/connection.h | 4 + - bus/cynara.c | 374 +++++++++++++++++++++ - bus/cynara.h | 37 ++ - bus/dispatch.c | 44 ++- - bus/policy.c | 193 +++++++---- - bus/policy.h | 51 ++- - configure.ac | 12 + - test/Makefile.am | 1 + - test/data/invalid-config-files/badcheck-1.conf | 9 + - test/data/invalid-config-files/badcheck-2.conf | 9 + - test/data/valid-config-files/check-1.conf | 9 + - .../valid-config-files/debug-check-some.conf.in | 18 + - tools/dbus-send.c | 2 +- - 22 files changed, 1193 insertions(+), 163 deletions(-) - create mode 100644 bus/check.c - create mode 100644 bus/check.h - create mode 100644 bus/cynara.c - create mode 100644 bus/cynara.h - create mode 100644 test/data/invalid-config-files/badcheck-1.conf - create mode 100644 test/data/invalid-config-files/badcheck-2.conf - create mode 100644 test/data/valid-config-files/check-1.conf - create mode 100644 test/data/valid-config-files/debug-check-some.conf.in +Signed-off-by: Scott Murray <scott.murray@konsulko.com> diff --git a/bus/Makefile.am b/bus/Makefile.am -index 33af09b0..3f57cc48 100644 +index 9ae3071..46afb31 100644 --- a/bus/Makefile.am +++ b/bus/Makefile.am -@@ -9,6 +9,7 @@ DBUS_BUS_LIBS = \ +@@ -13,6 +13,7 @@ DBUS_BUS_LIBS = \ $(THREAD_LIBS) \ $(ADT_LIBS) \ $(NETWORK_libs) \ @@ -66,7 +37,7 @@ index 33af09b0..3f57cc48 100644 $(NULL) DBUS_LAUNCHER_LIBS = \ -@@ -24,6 +25,7 @@ AM_CPPFLAGS = \ +@@ -30,6 +31,7 @@ AM_CPPFLAGS = \ $(APPARMOR_CFLAGS) \ -DDBUS_SYSTEM_CONFIG_FILE=\""$(dbusdatadir)/system.conf"\" \ -DDBUS_COMPILATION \ @@ -74,15 +45,16 @@ index 33af09b0..3f57cc48 100644 $(NULL) # if assertions are enabled, improve backtraces -@@ -82,12 +84,16 @@ BUS_SOURCES= \ +@@ -90,6 +92,8 @@ BUS_SOURCES= \ audit.h \ bus.c \ bus.h \ + check.c \ + check.h \ + config-loader-expat.c \ config-parser.c \ config-parser.h \ - config-parser-common.c \ +@@ -97,6 +101,8 @@ BUS_SOURCES= \ config-parser-common.h \ connection.c \ connection.h \ @@ -91,19 +63,33 @@ index 33af09b0..3f57cc48 100644 desktop-file.c \ desktop-file.h \ $(DIR_WATCH_SOURCE) \ +diff --git a/bus/activation.c b/bus/activation.c +index 6f009f5..451179d 100644 +--- a/bus/activation.c ++++ b/bus/activation.c +@@ -1795,7 +1795,8 @@ bus_activation_activate_service (BusActivation *activation, + NULL, /* proposed recipient */ + activation_message, + entry, +- error)) ++ error, ++ NULL)) + { + _DBUS_ASSERT_ERROR_IS_SET (error); + _dbus_verbose ("activation not authorized: %s: %s\n", diff --git a/bus/bus.c b/bus/bus.c -index fd4ab9e4..c4008505 100644 +index 30ce4e1..237efe3 100644 --- a/bus/bus.c +++ b/bus/bus.c -@@ -37,6 +37,7 @@ +@@ -38,6 +38,7 @@ #include "apparmor.h" #include "audit.h" #include "dir-watch.h" +#include "check.h" + #include <dbus/dbus-auth.h> #include <dbus/dbus-list.h> #include <dbus/dbus-hash.h> - #include <dbus/dbus-credentials.h> -@@ -65,6 +66,7 @@ struct BusContext +@@ -67,6 +68,7 @@ struct BusContext BusRegistry *registry; BusPolicy *policy; BusMatchmaker *matchmaker; @@ -111,7 +97,7 @@ index fd4ab9e4..c4008505 100644 BusLimits limits; DBusRLimit *initial_fd_limit; unsigned int fork : 1; -@@ -988,6 +990,10 @@ bus_context_new (const DBusString *config_file, +@@ -1003,6 +1005,10 @@ bus_context_new (const DBusString *config_file, parser = NULL; } @@ -122,7 +108,7 @@ index fd4ab9e4..c4008505 100644 dbus_server_free_data_slot (&server_data_slot); return context; -@@ -1112,6 +1118,12 @@ bus_context_unref (BusContext *context) +@@ -1127,6 +1133,12 @@ bus_context_unref (BusContext *context) bus_context_shutdown (context); @@ -135,7 +121,7 @@ index fd4ab9e4..c4008505 100644 if (context->connections) { bus_connections_unref (context->connections); -@@ -1241,6 +1253,12 @@ bus_context_get_loop (BusContext *context) +@@ -1256,6 +1268,12 @@ bus_context_get_loop (BusContext *context) return context->loop; } @@ -148,7 +134,7 @@ index fd4ab9e4..c4008505 100644 dbus_bool_t bus_context_allow_unix_user (BusContext *context, unsigned long uid) -@@ -1456,6 +1474,7 @@ complain_about_message (BusContext *context, +@@ -1451,6 +1469,7 @@ complain_about_message (BusContext *context, DBusConnection *proposed_recipient, dbus_bool_t requested_reply, dbus_bool_t log, @@ -156,7 +142,7 @@ index fd4ab9e4..c4008505 100644 DBusError *error) { DBusError stack_error = DBUS_ERROR_INIT; -@@ -1485,7 +1504,8 @@ complain_about_message (BusContext *context, +@@ -1480,7 +1499,8 @@ complain_about_message (BusContext *context, dbus_set_error (&stack_error, error_name, "%s, %d matched rules; type=\"%s\", sender=\"%s\" (%s) " "interface=\"%s\" member=\"%s\" error name=\"%s\" " @@ -166,7 +152,7 @@ index fd4ab9e4..c4008505 100644 complaint, matched_rules, dbus_message_type_to_string (dbus_message_get_type (message)), -@@ -1496,7 +1516,8 @@ complain_about_message (BusContext *context, +@@ -1491,7 +1511,8 @@ complain_about_message (BusContext *context, nonnull (dbus_message_get_error_name (message), "(unset)"), requested_reply, nonnull (dbus_message_get_destination (message), DBUS_SERVICE_DBUS), @@ -176,26 +162,21 @@ index fd4ab9e4..c4008505 100644 /* If we hit OOM while setting the error, this will syslog "out of memory" * which is itself an indication that something is seriously wrong */ -@@ -1520,14 +1541,15 @@ complain_about_message (BusContext *context, +@@ -1519,7 +1540,7 @@ complain_about_message (BusContext *context, * NULL for addressed_recipient may mean the bus driver, or may mean * no destination was specified in the message (e.g. a signal). */ -dbus_bool_t --bus_context_check_security_policy (BusContext *context, -- BusTransaction *transaction, -- DBusConnection *sender, -- DBusConnection *addressed_recipient, -- DBusConnection *proposed_recipient, -- DBusMessage *message, -- DBusError *error) +BusResult -+bus_context_check_security_policy (BusContext *context, -+ BusTransaction *transaction, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ DBusMessage *message, -+ DBusError *error, + bus_context_check_security_policy (BusContext *context, + BusTransaction *transaction, + DBusConnection *sender, +@@ -1527,7 +1548,8 @@ bus_context_check_security_policy (BusContext *context, + DBusConnection *proposed_recipient, + DBusMessage *message, + BusActivationEntry *activation_entry, +- DBusError *error) ++ DBusError *error, + BusDeferredMessage **deferred_message) { const char *src, *dest; @@ -208,7 +189,7 @@ index fd4ab9e4..c4008505 100644 type = dbus_message_get_type (message); src = dbus_message_get_sender (message); -@@ -1564,7 +1587,7 @@ bus_context_check_security_policy (BusContext *context, +@@ -1565,7 +1588,7 @@ bus_context_check_security_policy (BusContext *context, dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "Message bus will not accept messages of unknown type\n"); @@ -217,7 +198,7 @@ index fd4ab9e4..c4008505 100644 } requested_reply = FALSE; -@@ -1594,7 +1617,7 @@ bus_context_check_security_policy (BusContext *context, +@@ -1595,7 +1618,7 @@ bus_context_check_security_policy (BusContext *context, if (dbus_error_is_set (&error2)) { dbus_move_error (&error2, error); @@ -226,7 +207,7 @@ index fd4ab9e4..c4008505 100644 } } } -@@ -1621,11 +1644,11 @@ bus_context_check_security_policy (BusContext *context, +@@ -1624,11 +1647,11 @@ bus_context_check_security_policy (BusContext *context, complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, "An SELinux policy prevents this sender from sending this " "message to this recipient", @@ -240,16 +221,16 @@ index fd4ab9e4..c4008505 100644 } /* next verify AppArmor access controls. If allowed then -@@ -1642,7 +1665,7 @@ bus_context_check_security_policy (BusContext *context, - dest ? dest : DBUS_SERVICE_DBUS, +@@ -1646,7 +1669,7 @@ bus_context_check_security_policy (BusContext *context, src ? src : DBUS_SERVICE_DBUS, + activation_entry, error)) - return FALSE; + return BUS_RESULT_FALSE; if (!bus_connection_is_active (sender)) { -@@ -1656,7 +1679,7 @@ bus_context_check_security_policy (BusContext *context, +@@ -1660,7 +1683,7 @@ bus_context_check_security_policy (BusContext *context, { _dbus_verbose ("security check allowing %s message\n", "Hello"); @@ -258,7 +239,7 @@ index fd4ab9e4..c4008505 100644 } else { -@@ -1667,7 +1690,7 @@ bus_context_check_security_policy (BusContext *context, +@@ -1671,7 +1694,7 @@ bus_context_check_security_policy (BusContext *context, "Client tried to send a message other than %s without being registered", "Hello"); @@ -267,7 +248,7 @@ index fd4ab9e4..c4008505 100644 } } } -@@ -1716,20 +1739,29 @@ bus_context_check_security_policy (BusContext *context, +@@ -1720,20 +1743,29 @@ bus_context_check_security_policy (BusContext *context, (proposed_recipient == NULL && recipient_policy == NULL)); log = FALSE; @@ -311,7 +292,7 @@ index fd4ab9e4..c4008505 100644 if (log) { -@@ -1738,23 +1770,29 @@ bus_context_check_security_policy (BusContext *context, +@@ -1742,23 +1774,29 @@ bus_context_check_security_policy (BusContext *context, complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, "Would reject message", toggles, message, sender, proposed_recipient, requested_reply, @@ -355,7 +336,7 @@ index fd4ab9e4..c4008505 100644 } /* See if limits on size have been exceeded */ -@@ -1764,10 +1802,10 @@ bus_context_check_security_policy (BusContext *context, +@@ -1768,10 +1806,10 @@ bus_context_check_security_policy (BusContext *context, { complain_about_message (context, DBUS_ERROR_LIMITS_EXCEEDED, "Rejected: destination has a full message queue", @@ -368,7 +349,7 @@ index fd4ab9e4..c4008505 100644 } /* Record that we will allow a reply here in the future (don't -@@ -1784,11 +1822,11 @@ bus_context_check_security_policy (BusContext *context, +@@ -1792,11 +1830,11 @@ bus_context_check_security_policy (BusContext *context, message, error)) { _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n"); @@ -383,13 +364,13 @@ index fd4ab9e4..c4008505 100644 void diff --git a/bus/bus.h b/bus/bus.h -index 3fab59ff..dab7791f 100644 +index 2e0de82..82c32c8 100644 --- a/bus/bus.h +++ b/bus/bus.h -@@ -44,6 +44,22 @@ typedef struct BusOwner BusOwner; - typedef struct BusTransaction BusTransaction; +@@ -45,6 +45,22 @@ typedef struct BusTransaction BusTransaction; typedef struct BusMatchmaker BusMatchmaker; typedef struct BusMatchRule BusMatchRule; + typedef struct BusActivationEntry BusActivationEntry; +typedef struct BusCheck BusCheck; +typedef struct BusDeferredMessage BusDeferredMessage; +typedef struct BusCynara BusCynara; @@ -409,7 +390,7 @@ index 3fab59ff..dab7791f 100644 typedef struct { -@@ -97,6 +113,7 @@ BusConnections* bus_context_get_connections (BusContext +@@ -101,6 +117,7 @@ BusConnections* bus_context_get_connections (BusContext BusActivation* bus_context_get_activation (BusContext *context); BusMatchmaker* bus_context_get_matchmaker (BusContext *context); DBusLoop* bus_context_get_loop (BusContext *context); @@ -417,31 +398,27 @@ index 3fab59ff..dab7791f 100644 dbus_bool_t bus_context_allow_unix_user (BusContext *context, unsigned long uid); dbus_bool_t bus_context_allow_windows_user (BusContext *context, -@@ -131,13 +148,14 @@ void bus_context_log_and_set_error (BusContext +@@ -136,14 +153,15 @@ void bus_context_log_and_set_error (BusContext const char *name, const char *msg, ...) _DBUS_GNUC_PRINTF (5, 6); -dbus_bool_t bus_context_check_security_policy (BusContext *context, -- BusTransaction *transaction, -- DBusConnection *sender, -- DBusConnection *addressed_recipient, -- DBusConnection *proposed_recipient, -- DBusMessage *message, ++BusResult bus_context_check_security_policy (BusContext *context, + BusTransaction *transaction, + DBusConnection *sender, + DBusConnection *addressed_recipient, + DBusConnection *proposed_recipient, + DBusMessage *message, + BusActivationEntry *activation_entry, - DBusError *error); -+BusResult bus_context_check_security_policy (BusContext *context, -+ BusTransaction *transaction, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ DBusMessage *message, -+ DBusError *error, ++ DBusError *error, + BusDeferredMessage **deferred_message); void bus_context_check_all_watches (BusContext *context); #endif /* BUS_BUS_H */ diff --git a/bus/check.c b/bus/check.c new file mode 100644 -index 00000000..5b72d31c +index 0000000..5b72d31 --- /dev/null +++ b/bus/check.c @@ -0,0 +1,217 @@ @@ -664,7 +641,7 @@ index 00000000..5b72d31c +} diff --git a/bus/check.h b/bus/check.h new file mode 100644 -index 00000000..c3fcaf90 +index 0000000..c3fcaf9 --- /dev/null +++ b/bus/check.h @@ -0,0 +1,68 @@ @@ -737,7 +714,7 @@ index 00000000..c3fcaf90 + BusResult result); +#endif /* BUS_CHECK_H */ diff --git a/bus/config-parser-common.c b/bus/config-parser-common.c -index 5db6b289..ea25f5e6 100644 +index c1c4191..e2f253d 100644 --- a/bus/config-parser-common.c +++ b/bus/config-parser-common.c @@ -75,6 +75,10 @@ bus_config_parser_element_name_to_type (const char *name) @@ -761,7 +738,7 @@ index 5db6b289..ea25f5e6 100644 return "fork"; case ELEMENT_PIDFILE: diff --git a/bus/config-parser-common.h b/bus/config-parser-common.h -index 382a0141..9e026d10 100644 +index 382a014..9e026d1 100644 --- a/bus/config-parser-common.h +++ b/bus/config-parser-common.h @@ -36,6 +36,7 @@ typedef enum @@ -773,10 +750,10 @@ index 382a0141..9e026d10 100644 ELEMENT_PIDFILE, ELEMENT_SERVICEDIR, diff --git a/bus/config-parser.c b/bus/config-parser.c -index d9f6042c..a8c4ca5d 100644 +index be27d38..b54b0e4 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c -@@ -1172,7 +1172,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1318,7 +1318,7 @@ append_rule_from_element (BusConfigParser *parser, const char *element_name, const char **attribute_names, const char **attribute_values, @@ -785,15 +762,15 @@ index d9f6042c..a8c4ca5d 100644 DBusError *error) { const char *log; -@@ -1195,6 +1195,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1360,6 +1360,7 @@ append_rule_from_element (BusConfigParser *parser, const char *own_prefix; const char *user; const char *group; + const char *privilege; BusPolicyRule *rule; - -@@ -1222,6 +1223,7 @@ append_rule_from_element (BusConfigParser *parser, + +@@ -1390,6 +1391,7 @@ append_rule_from_element (BusConfigParser *parser, "user", &user, "group", &group, "log", &log, @@ -801,15 +778,15 @@ index d9f6042c..a8c4ca5d 100644 NULL)) return FALSE; -@@ -1230,6 +1232,7 @@ append_rule_from_element (BusConfigParser *parser, - receive_interface || receive_member || receive_error || receive_sender || - receive_type || receive_path || eavesdrop || - send_requested_reply || receive_requested_reply || +@@ -1422,6 +1424,7 @@ append_rule_from_element (BusConfigParser *parser, + + if (!(any_send_attribute || + any_receive_attribute || + privilege || own || own_prefix || user || group)) { dbus_set_error (error, DBUS_ERROR_FAILED, -@@ -1246,7 +1249,30 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1438,7 +1441,30 @@ append_rule_from_element (BusConfigParser *parser, element_name); return FALSE; } @@ -841,25 +818,25 @@ index d9f6042c..a8c4ca5d 100644 /* Allowed combinations of elements are: * * base, must be all send or all receive: -@@ -1420,7 +1446,7 @@ append_rule_from_element (BusConfigParser *parser, - return FALSE; - } - +@@ -1589,7 +1615,7 @@ append_rule_from_element (BusConfigParser *parser, + error)) + return FALSE; + - rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, allow); -+ rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, access); ++ rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, access); if (rule == NULL) goto nomem; -@@ -1502,7 +1528,7 @@ append_rule_from_element (BusConfigParser *parser, - return FALSE; - } - +@@ -1694,7 +1720,7 @@ append_rule_from_element (BusConfigParser *parser, + error)) + return FALSE; + - rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, allow); -+ rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, access); ++ rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, access); if (rule == NULL) goto nomem; -@@ -1532,7 +1558,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1726,7 +1752,7 @@ append_rule_from_element (BusConfigParser *parser, } else if (own || own_prefix) { @@ -868,7 +845,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1558,7 +1584,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1752,7 +1778,7 @@ append_rule_from_element (BusConfigParser *parser, { if (IS_WILDCARD (user)) { @@ -877,7 +854,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1573,7 +1599,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1767,7 +1793,7 @@ append_rule_from_element (BusConfigParser *parser, if (_dbus_parse_unix_user_from_config (&username, &uid)) { @@ -886,7 +863,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1590,7 +1616,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1784,7 +1810,7 @@ append_rule_from_element (BusConfigParser *parser, { if (IS_WILDCARD (group)) { @@ -895,7 +872,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1605,7 +1631,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1799,7 +1825,7 @@ append_rule_from_element (BusConfigParser *parser, if (_dbus_parse_unix_group_from_config (&groupname, &gid)) { @@ -904,7 +881,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1629,6 +1655,10 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1823,6 +1849,10 @@ append_rule_from_element (BusConfigParser *parser, _dbus_assert (pe != NULL); _dbus_assert (pe->type == ELEMENT_POLICY); @@ -915,7 +892,7 @@ index d9f6042c..a8c4ca5d 100644 switch (pe->d.policy.type) { case POLICY_IGNORED: -@@ -1703,7 +1733,7 @@ start_policy_child (BusConfigParser *parser, +@@ -1898,7 +1928,7 @@ start_policy_child (BusConfigParser *parser, { if (!append_rule_from_element (parser, element_name, attribute_names, attribute_values, @@ -924,7 +901,7 @@ index d9f6042c..a8c4ca5d 100644 return FALSE; if (push_element (parser, ELEMENT_ALLOW) == NULL) -@@ -1718,7 +1748,7 @@ start_policy_child (BusConfigParser *parser, +@@ -1913,7 +1943,7 @@ start_policy_child (BusConfigParser *parser, { if (!append_rule_from_element (parser, element_name, attribute_names, attribute_values, @@ -933,7 +910,7 @@ index d9f6042c..a8c4ca5d 100644 return FALSE; if (push_element (parser, ELEMENT_DENY) == NULL) -@@ -1727,6 +1757,21 @@ start_policy_child (BusConfigParser *parser, +@@ -1922,6 +1952,21 @@ start_policy_child (BusConfigParser *parser, return FALSE; } @@ -955,7 +932,7 @@ index d9f6042c..a8c4ca5d 100644 return TRUE; } else -@@ -2088,6 +2133,7 @@ bus_config_parser_end_element (BusConfigParser *parser, +@@ -2284,6 +2329,7 @@ bus_config_parser_end_element (BusConfigParser *parser, case ELEMENT_POLICY: case ELEMENT_ALLOW: case ELEMENT_DENY: @@ -963,7 +940,7 @@ index d9f6042c..a8c4ca5d 100644 case ELEMENT_FORK: case ELEMENT_SYSLOG: case ELEMENT_KEEP_UMASK: -@@ -2397,6 +2443,7 @@ bus_config_parser_content (BusConfigParser *parser, +@@ -2600,6 +2646,7 @@ bus_config_parser_content (BusConfigParser *parser, case ELEMENT_POLICY: case ELEMENT_ALLOW: case ELEMENT_DENY: @@ -971,7 +948,7 @@ index d9f6042c..a8c4ca5d 100644 case ELEMENT_FORK: case ELEMENT_SYSLOG: case ELEMENT_KEEP_UMASK: -@@ -2862,6 +2909,8 @@ do_load (const DBusString *full_path, +@@ -3127,6 +3174,8 @@ do_load (const DBusString *full_path, dbus_error_init (&error); parser = bus_config_load (full_path, TRUE, NULL, &error); @@ -981,7 +958,7 @@ index d9f6042c..a8c4ca5d 100644 { _DBUS_ASSERT_ERROR_IS_SET (&error); diff --git a/bus/connection.c b/bus/connection.c -index 02d6c220..eea50ecd 100644 +index 53605fa..deebde3 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -36,6 +36,10 @@ @@ -1061,7 +1038,7 @@ index 02d6c220..eea50ecd 100644 } static void -@@ -451,6 +458,10 @@ free_connection_data (void *data) +@@ -448,6 +455,10 @@ free_connection_data (void *data) dbus_free (d->name); @@ -1072,7 +1049,7 @@ index 02d6c220..eea50ecd 100644 dbus_free (d); } -@@ -1063,6 +1074,22 @@ bus_connection_get_policy (DBusConnection *connection) +@@ -1078,6 +1089,22 @@ bus_connection_get_policy (DBusConnection *connection) return d->policy; } @@ -1095,7 +1072,7 @@ index 02d6c220..eea50ecd 100644 static dbus_bool_t foreach_active (BusConnections *connections, BusConnectionForeachFunction function, -@@ -2289,6 +2316,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, +@@ -2333,6 +2360,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, DBusMessage *message) { DBusError error = DBUS_ERROR_INIT; @@ -1103,22 +1080,24 @@ index 02d6c220..eea50ecd 100644 /* We have to set the sender to the driver, and have * to check security policy since it was not done in -@@ -2326,9 +2354,11 @@ bus_transaction_send_from_driver (BusTransaction *transaction, +@@ -2370,10 +2398,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction, * if we're actively capturing messages, it's nice to log that we * tried to send it and did not allow ourselves to do so. */ - if (!bus_context_check_security_policy (bus_transaction_get_context (transaction), - transaction, -- NULL, connection, connection, message, &error)) +- NULL, connection, connection, +- message, NULL, &error)) + res = bus_context_check_security_policy (bus_transaction_get_context (transaction), + transaction, -+ NULL, connection, connection, message, &error, ++ NULL, connection, connection, ++ message, NULL, &error, + NULL); + if (res == BUS_RESULT_FALSE) { - if (!bus_transaction_capture_error_reply (transaction, &error, message)) - { -@@ -2342,6 +2372,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction, + if (!bus_transaction_capture_error_reply (transaction, connection, + &error, message)) +@@ -2388,6 +2418,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction, dbus_error_free (&error); return TRUE; } @@ -1132,7 +1111,7 @@ index 02d6c220..eea50ecd 100644 return bus_transaction_send (transaction, connection, message); } diff --git a/bus/connection.h b/bus/connection.h -index 8c68d0a0..a6e5dfde 100644 +index 9e253ae..71078ea 100644 --- a/bus/connection.h +++ b/bus/connection.h @@ -31,6 +31,7 @@ @@ -1143,7 +1122,7 @@ index 8c68d0a0..a6e5dfde 100644 BusConnections* bus_connections_new (BusContext *context); BusConnections* bus_connections_ref (BusConnections *connections); -@@ -122,6 +123,9 @@ dbus_bool_t bus_connection_be_monitor (DBusConnection *connection, +@@ -124,6 +125,9 @@ dbus_bool_t bus_connection_be_monitor (DBusConnection *connection, BusTransaction *transaction, DBusList **rules, DBusError *error); @@ -1155,7 +1134,7 @@ index 8c68d0a0..a6e5dfde 100644 diff --git a/bus/cynara.c b/bus/cynara.c new file mode 100644 -index 00000000..57a4c45c +index 0000000..57a4c45 --- /dev/null +++ b/bus/cynara.c @@ -0,0 +1,374 @@ @@ -1535,7 +1514,7 @@ index 00000000..57a4c45c +#endif /* DBUS_ENABLE_CYNARA */ diff --git a/bus/cynara.h b/bus/cynara.h new file mode 100644 -index 00000000..c4728bb7 +index 0000000..c4728bb --- /dev/null +++ b/bus/cynara.h @@ -0,0 +1,37 @@ @@ -1577,7 +1556,7 @@ index 00000000..c4728bb7 + BusDeferredMessageStatus check_type, + BusDeferredMessage **deferred_message); diff --git a/bus/dispatch.c b/bus/dispatch.c -index edfa1b44..05be3bdf 100644 +index 19228be..7e51bc1 100644 --- a/bus/dispatch.c +++ b/bus/dispatch.c @@ -25,6 +25,7 @@ @@ -1588,7 +1567,7 @@ index edfa1b44..05be3bdf 100644 #include "connection.h" #include "driver.h" #include "services.h" -@@ -64,13 +65,17 @@ send_one_message (DBusConnection *connection, +@@ -64,14 +65,18 @@ send_one_message (DBusConnection *connection, DBusError *error) { DBusError stack_error = DBUS_ERROR_INIT; @@ -1601,14 +1580,15 @@ index edfa1b44..05be3bdf 100644 addressed_recipient, connection, message, + NULL, - &stack_error)) + &stack_error, + &deferred_message); + if (result != BUS_RESULT_TRUE) { - if (!bus_transaction_capture_error_reply (transaction, &stack_error, - message)) -@@ -129,6 +134,7 @@ bus_dispatch_matches (BusTransaction *transaction, + if (!bus_transaction_capture_error_reply (transaction, sender, + &stack_error, message)) +@@ -130,6 +135,7 @@ bus_dispatch_matches (BusTransaction *transaction, BusMatchmaker *matchmaker; DBusList *link; BusContext *context; @@ -1616,19 +1596,19 @@ index edfa1b44..05be3bdf 100644 _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -144,11 +150,21 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -145,11 +151,21 @@ bus_dispatch_matches (BusTransaction *transaction, /* First, send the message to the addressed_recipient, if there is one. */ if (addressed_recipient != NULL) { - if (!bus_context_check_security_policy (context, transaction, - sender, addressed_recipient, - addressed_recipient, -- message, error)) +- message, NULL, error)) + BusResult res; + res = bus_context_check_security_policy (context, transaction, + sender, addressed_recipient, + addressed_recipient, -+ message, error, ++ message, NULL, error, + &deferred_message); + if (res == BUS_RESULT_FALSE) return FALSE; @@ -1642,16 +1622,25 @@ index edfa1b44..05be3bdf 100644 if (dbus_message_contains_unix_fds (message) && !dbus_connection_can_send_type (addressed_recipient, -@@ -379,12 +395,24 @@ bus_dispatch (DBusConnection *connection, +@@ -374,19 +390,32 @@ bus_dispatch (DBusConnection *connection, if (service_name && strcmp (service_name, DBUS_SERVICE_DBUS) == 0) /* to bus driver */ { -- if (!bus_context_check_security_policy (context, transaction, -- connection, NULL, NULL, message, &error)) + BusDeferredMessage *deferred_message; + BusResult res; ++ + if (!bus_transaction_capture (transaction, connection, NULL, message)) + { + BUS_SET_OOM (&error); + goto out; + } + +- if (!bus_context_check_security_policy (context, transaction, +- connection, NULL, NULL, message, +- NULL, &error)) + res = bus_context_check_security_policy (context, transaction, -+ connection, NULL, NULL, message, &error, ++ connection, NULL, NULL, message, ++ NULL, &error, + &deferred_message); + if (res == BUS_RESULT_FALSE) { @@ -1670,7 +1659,7 @@ index edfa1b44..05be3bdf 100644 _dbus_verbose ("Giving message to %s\n", DBUS_SERVICE_DBUS); if (!bus_driver_handle_message (connection, transaction, message, &error)) diff --git a/bus/policy.c b/bus/policy.c -index 082f3853..bcade176 100644 +index a37be80..7ee1ce5 100644 --- a/bus/policy.c +++ b/bus/policy.c @@ -22,6 +22,7 @@ @@ -1681,7 +1670,7 @@ index 082f3853..bcade176 100644 #include "policy.h" #include "services.h" #include "test.h" -@@ -32,7 +33,7 @@ +@@ -33,7 +34,7 @@ BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type, @@ -1690,7 +1679,7 @@ index 082f3853..bcade176 100644 { BusPolicyRule *rule; -@@ -42,7 +43,7 @@ bus_policy_rule_new (BusPolicyRuleType type, +@@ -43,7 +44,7 @@ bus_policy_rule_new (BusPolicyRuleType type, rule->type = type; rule->refcount = 1; @@ -1699,7 +1688,7 @@ index 082f3853..bcade176 100644 switch (rule->type) { -@@ -54,18 +55,19 @@ bus_policy_rule_new (BusPolicyRuleType type, +@@ -55,18 +56,19 @@ bus_policy_rule_new (BusPolicyRuleType type, break; case BUS_POLICY_RULE_SEND: rule->d.send.message_type = DBUS_MESSAGE_TYPE_INVALID; @@ -1722,9 +1711,9 @@ index 082f3853..bcade176 100644 break; case BUS_POLICY_RULE_OWN: break; -@@ -117,7 +119,8 @@ bus_policy_rule_unref (BusPolicyRule *rule) - case BUS_POLICY_RULE_GROUP: - break; +@@ -122,7 +124,8 @@ bus_policy_rule_unref (BusPolicyRule *rule) + default: + _dbus_assert_not_reached ("invalid rule"); } - + @@ -1732,7 +1721,7 @@ index 082f3853..bcade176 100644 dbus_free (rule); } } -@@ -427,7 +430,10 @@ list_allows_user (dbus_bool_t def, +@@ -435,7 +438,10 @@ list_allows_user (dbus_bool_t def, else continue; @@ -1744,7 +1733,7 @@ index 082f3853..bcade176 100644 } return allowed; -@@ -862,18 +868,23 @@ bus_client_policy_append_rule (BusClientPolicy *policy, +@@ -873,18 +879,23 @@ bus_client_policy_append_rule (BusClientPolicy *policy, return TRUE; } @@ -1778,7 +1767,7 @@ index 082f3853..bcade176 100644 /* policy->rules is in the order the rules appeared * in the config file, i.e. last rule that applies wins */ -@@ -881,7 +892,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -892,7 +903,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, _dbus_verbose (" (policy) checking send rules\n"); *toggles = 0; @@ -1787,7 +1776,7 @@ index 082f3853..bcade176 100644 link = _dbus_list_get_first_link (&policy->rules); while (link != NULL) { -@@ -912,13 +923,14 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -923,13 +934,14 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, /* If it's a reply, the requested_reply flag kicks in */ if (dbus_message_get_reply_serial (message) != 0) { @@ -1807,7 +1796,7 @@ index 082f3853..bcade176 100644 continue; } -@@ -926,7 +938,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -937,7 +949,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, * when the reply was not requested. requested_reply=true means the * rule always applies. */ @@ -1816,7 +1805,7 @@ index 082f3853..bcade176 100644 { _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n"); continue; -@@ -949,13 +961,15 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -960,13 +972,15 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, /* The interface is optional in messages. For allow rules, if the message * has no interface we want to skip the rule (and thus not allow); * for deny rules, if the message has no interface we want to use the @@ -1834,7 +1823,7 @@ index 082f3853..bcade176 100644 (!no_interface && strcmp (dbus_message_get_interface (message), rule->d.send.interface) != 0)) -@@ -1029,33 +1043,63 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -1079,33 +1093,63 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, } /* Use this rule */ @@ -1912,7 +1901,7 @@ index 082f3853..bcade176 100644 eavesdropping = addressed_recipient != proposed_recipient && -@@ -1068,7 +1112,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1118,7 +1162,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, _dbus_verbose (" (policy) checking receive rules, eavesdropping = %d\n", eavesdropping); *toggles = 0; @@ -1921,7 +1910,7 @@ index 082f3853..bcade176 100644 link = _dbus_list_get_first_link (&policy->rules); while (link != NULL) { -@@ -1091,19 +1135,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1141,19 +1185,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, } } @@ -1948,7 +1937,7 @@ index 082f3853..bcade176 100644 { _dbus_verbose (" (policy) skipping deny rule since it only applies to eavesdropping\n"); continue; -@@ -1112,13 +1158,14 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1162,13 +1208,14 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, /* If it's a reply, the requested_reply flag kicks in */ if (dbus_message_get_reply_serial (message) != 0) { @@ -1968,7 +1957,7 @@ index 082f3853..bcade176 100644 continue; } -@@ -1126,7 +1173,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1176,7 +1223,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, * when the reply was not requested. requested_reply=true means the * rule always applies. */ @@ -1977,7 +1966,7 @@ index 082f3853..bcade176 100644 { _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n"); continue; -@@ -1149,13 +1196,13 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1199,13 +1246,13 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, /* The interface is optional in messages. For allow rules, if the message * has no interface we want to skip the rule (and thus not allow); * for deny rules, if the message has no interface we want to use the @@ -1993,9 +1982,9 @@ index 082f3853..bcade176 100644 (!no_interface && strcmp (dbus_message_get_interface (message), rule->d.receive.interface) != 0)) -@@ -1230,14 +1277,42 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1295,14 +1342,42 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, } - + /* Use this rule */ - allowed = rule->allow; + switch (rule->access) @@ -2040,7 +2029,7 @@ index 082f3853..bcade176 100644 } -@@ -1289,7 +1364,7 @@ bus_rules_check_can_own (DBusList *rules, +@@ -1354,7 +1429,7 @@ bus_rules_check_can_own (DBusList *rules, } /* Use this rule */ @@ -2050,12 +2039,12 @@ index 082f3853..bcade176 100644 return allowed; diff --git a/bus/policy.h b/bus/policy.h -index d1d3e72b..e9f193af 100644 +index ec43ffa..f306a3c 100644 --- a/bus/policy.h +++ b/bus/policy.h -@@ -39,6 +39,14 @@ typedef enum - BUS_POLICY_RULE_GROUP - } BusPolicyRuleType; +@@ -46,6 +46,14 @@ typedef enum + BUS_POLICY_TRISTATE_TRUE + } BusPolicyTristate; +typedef enum +{ @@ -2068,7 +2057,7 @@ index d1d3e72b..e9f193af 100644 /** determines whether the rule affects a connection, or some global item */ #define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \ (rule)->type == BUS_POLICY_RULE_GROUP)) -@@ -49,8 +57,9 @@ struct BusPolicyRule +@@ -56,8 +64,9 @@ struct BusPolicyRule BusPolicyRuleType type; @@ -2080,7 +2069,7 @@ index d1d3e72b..e9f193af 100644 union { struct -@@ -106,7 +115,7 @@ struct BusPolicyRule +@@ -118,7 +127,7 @@ struct BusPolicyRule }; BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type, @@ -2089,7 +2078,7 @@ index d1d3e72b..e9f193af 100644 BusPolicyRule* bus_policy_rule_ref (BusPolicyRule *rule); void bus_policy_rule_unref (BusPolicyRule *rule); -@@ -140,21 +149,27 @@ dbus_bool_t bus_policy_merge (BusPolicy *policy, +@@ -152,21 +161,27 @@ dbus_bool_t bus_policy_merge (BusPolicy *policy, BusClientPolicy* bus_client_policy_new (void); BusClientPolicy* bus_client_policy_ref (BusClientPolicy *policy); void bus_client_policy_unref (BusClientPolicy *policy); @@ -2133,10 +2122,10 @@ index d1d3e72b..e9f193af 100644 const DBusString *service_name); dbus_bool_t bus_client_policy_append_rule (BusClientPolicy *policy, diff --git a/configure.ac b/configure.ac -index 71e3515c..f3a2ffc1 100644 +index 80671b2..d975b04 100644 --- a/configure.ac +++ b/configure.ac -@@ -1873,6 +1873,17 @@ AC_ARG_ENABLE([user-session], +@@ -1761,6 +1761,17 @@ AC_ARG_ENABLE([user-session], AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION], [test "x$enable_user_session" = xyes]) @@ -2154,7 +2143,7 @@ index 71e3515c..f3a2ffc1 100644 AC_CONFIG_FILES([ Doxyfile dbus/Version -@@ -1952,6 +1963,7 @@ echo " +@@ -1843,6 +1854,7 @@ echo " Building bus stats API: ${enable_stats} Building SELinux support: ${have_selinux} Building AppArmor support: ${have_apparmor} @@ -2163,20 +2152,20 @@ index 71e3515c..f3a2ffc1 100644 Building kqueue support: ${have_kqueue} Building systemd support: ${have_systemd} diff --git a/test/Makefile.am b/test/Makefile.am -index 914dd7f2..86882537 100644 +index 6a6e1a3..ce84dbc 100644 --- a/test/Makefile.am +++ b/test/Makefile.am -@@ -341,6 +341,7 @@ in_data = \ +@@ -439,6 +439,7 @@ in_data = \ data/valid-config-files/debug-allow-all.conf.in \ data/valid-config-files/finite-timeout.conf.in \ data/valid-config-files/forbidding.conf.in \ + data/valid-config-files/debug-check-some.conf.in \ data/valid-config-files/incoming-limit.conf.in \ - data/valid-config-files/multi-user.conf.in \ - data/valid-config-files/systemd-activation.conf.in \ + data/valid-config-files/max-completed-connections.conf.in \ + data/valid-config-files/max-connections-per-user.conf.in \ diff --git a/test/data/invalid-config-files/badcheck-1.conf b/test/data/invalid-config-files/badcheck-1.conf new file mode 100644 -index 00000000..fad9f502 +index 0000000..fad9f50 --- /dev/null +++ b/test/data/invalid-config-files/badcheck-1.conf @@ -0,0 +1,9 @@ @@ -2191,7 +2180,7 @@ index 00000000..fad9f502 +</busconfig> diff --git a/test/data/invalid-config-files/badcheck-2.conf b/test/data/invalid-config-files/badcheck-2.conf new file mode 100644 -index 00000000..63c7ef25 +index 0000000..63c7ef2 --- /dev/null +++ b/test/data/invalid-config-files/badcheck-2.conf @@ -0,0 +1,9 @@ @@ -2206,7 +2195,7 @@ index 00000000..63c7ef25 +</busconfig> diff --git a/test/data/valid-config-files/check-1.conf b/test/data/valid-config-files/check-1.conf new file mode 100644 -index 00000000..ad714733 +index 0000000..ad71473 --- /dev/null +++ b/test/data/valid-config-files/check-1.conf @@ -0,0 +1,9 @@ @@ -2221,7 +2210,7 @@ index 00000000..ad714733 +</busconfig> diff --git a/test/data/valid-config-files/debug-check-some.conf.in b/test/data/valid-config-files/debug-check-some.conf.in new file mode 100644 -index 00000000..47ee8548 +index 0000000..47ee854 --- /dev/null +++ b/test/data/valid-config-files/debug-check-some.conf.in @@ -0,0 +1,18 @@ @@ -2243,19 +2232,3 @@ index 00000000..47ee8548 + <check privilege="foo" send_interface="org.freedesktop.TestSuite" send_member="Echo"/> + </policy> +</busconfig> -diff --git a/tools/dbus-send.c b/tools/dbus-send.c -index 0dc1f5b3..76ddab3f 100644 ---- a/tools/dbus-send.c -+++ b/tools/dbus-send.c -@@ -458,7 +458,7 @@ main (int argc, char *argv[]) - char *arg; - char *c; - int type; -- int secondary_type; -+ int secondary_type = 0; - int container_type; - DBusMessageIter *target_iter; - DBusMessageIter container_iter; --- -2.14.3 - diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch index b1c3f3fdc..4fd75510e 100644 --- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch +++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch @@ -22,27 +22,16 @@ Change-Id: I57eccbf973525fd51369c7d4e58908292f44da80 Cherry-picked from b1b87ad9f20b2052c28431b48e81073078a745ce by Jose Bollo. +Updated for dbus 1.12.10 by Scott Murray. + Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - bus/activation.c | 78 +++++++++++++++-- - bus/check.c | 109 ++++++++++++++++++++++-- - bus/check.h | 10 +++ - bus/cynara.c | 1 - - bus/dispatch.c | 184 ++++++++++++++++++++++++++++++++++++---- - bus/dispatch.h | 2 +- - bus/driver.c | 12 ++- - dbus/dbus-connection-internal.h | 15 ++++ - dbus/dbus-connection.c | 125 +++++++++++++++++++++++++-- - dbus/dbus-list.c | 29 +++++++ - dbus/dbus-list.h | 3 + - dbus/dbus-shared.h | 3 +- - 12 files changed, 528 insertions(+), 43 deletions(-) +Signed-off-by: Scott Murray <scott.murray@konsulko.com> diff --git a/bus/activation.c b/bus/activation.c -index 1a98af6d..343d3f22 100644 +index 451179d..5f02153 100644 --- a/bus/activation.c +++ b/bus/activation.c -@@ -31,6 +31,7 @@ +@@ -32,6 +32,7 @@ #include "services.h" #include "test.h" #include "utils.h" @@ -50,7 +39,7 @@ index 1a98af6d..343d3f22 100644 #include <dbus/dbus-internals.h> #include <dbus/dbus-hash.h> #include <dbus/dbus-list.h> -@@ -91,6 +92,8 @@ struct BusPendingActivationEntry +@@ -94,6 +95,8 @@ struct BusPendingActivationEntry DBusConnection *connection; dbus_bool_t auto_activation; @@ -59,7 +48,7 @@ index 1a98af6d..343d3f22 100644 }; typedef struct -@@ -1180,20 +1183,23 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation +@@ -1241,20 +1244,23 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation BusPendingActivationEntry *entry = link->data; DBusList *next = _dbus_list_get_next_link (&pending_activation->entries, link); @@ -88,7 +77,7 @@ index 1a98af6d..343d3f22 100644 { /* If permission is denied, we just want to return the error * to the original method invoker; in particular, we don't -@@ -1205,9 +1211,40 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation +@@ -1266,9 +1272,40 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation bus_connection_send_oom_error (entry->connection, entry->activation_message); } @@ -131,7 +120,7 @@ index 1a98af6d..343d3f22 100644 } } -@@ -1225,6 +1262,19 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation +@@ -1286,6 +1323,19 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation return TRUE; error: @@ -151,20 +140,22 @@ index 1a98af6d..343d3f22 100644 return FALSE; } -@@ -2028,13 +2078,23 @@ bus_activation_activate_service (BusActivation *activation, +@@ -2078,6 +2128,7 @@ bus_activation_activate_service (BusActivation *activation, if (service != NULL) { + BusResult res; bus_context_log (activation->context, - DBUS_SYSTEM_LOG_INFO, "Activating via systemd: service name='%s' unit='%s'", + DBUS_SYSTEM_LOG_INFO, "Activating via systemd: service name='%s' unit='%s' requested by '%s' (%s)", service_name, - entry->systemd_service); +@@ -2085,8 +2136,17 @@ bus_activation_activate_service (BusActivation *activation, + bus_connection_get_name (connection), + bus_connection_get_loginfo (connection)); /* Wonderful, systemd is connected, let's just send the msg */ -- retval = bus_dispatch_matches (activation_transaction, NULL, bus_service_get_primary_owners_connection (service), -- message, error); -+ res = bus_dispatch_matches (activation_transaction, NULL, bus_service_get_primary_owners_connection (service), -+ message, error); +- retval = bus_dispatch_matches (activation_transaction, NULL, +- systemd, message, error); ++ res = bus_dispatch_matches (activation_transaction, NULL, ++ systemd, message, error); + + if (res == BUS_RESULT_TRUE) + retval = TRUE; @@ -178,7 +169,7 @@ index 1a98af6d..343d3f22 100644 else { diff --git a/bus/check.c b/bus/check.c -index 5b72d31c..4b8a6994 100644 +index 5b72d31..4b8a699 100644 --- a/bus/check.c +++ b/bus/check.c @@ -55,6 +55,8 @@ typedef struct BusDeferredMessage @@ -348,7 +339,7 @@ index 5b72d31c..4b8a6994 100644 bus_deferred_message_response_received (BusDeferredMessage *deferred_message, BusResult result) diff --git a/bus/check.h b/bus/check.h -index c3fcaf90..d1775497 100644 +index c3fcaf9..d177549 100644 --- a/bus/check.h +++ b/bus/check.h @@ -55,6 +55,7 @@ BusResult bus_check_privilege (BusCheck *check, @@ -374,7 +365,7 @@ index c3fcaf90..d1775497 100644 + #endif /* BUS_CHECK_H */ diff --git a/bus/cynara.c b/bus/cynara.c -index 57a4c45c..77aed623 100644 +index 57a4c45..77aed62 100644 --- a/bus/cynara.c +++ b/bus/cynara.c @@ -36,7 +36,6 @@ @@ -386,7 +377,7 @@ index 57a4c45c..77aed623 100644 typedef struct BusCynara { diff --git a/bus/dispatch.c b/bus/dispatch.c -index 05be3bdf..7353501b 100644 +index 7e51bc1..0250b53 100644 --- a/bus/dispatch.c +++ b/bus/dispatch.c @@ -35,6 +35,7 @@ @@ -397,7 +388,7 @@ index 05be3bdf..7353501b 100644 #include <dbus/dbus-misc.h> #include <string.h> -@@ -121,7 +122,7 @@ send_one_message (DBusConnection *connection, +@@ -122,7 +123,7 @@ send_one_message (DBusConnection *connection, return TRUE; } @@ -406,8 +397,8 @@ index 05be3bdf..7353501b 100644 bus_dispatch_matches (BusTransaction *transaction, DBusConnection *sender, DBusConnection *addressed_recipient, -@@ -157,13 +158,29 @@ bus_dispatch_matches (BusTransaction *transaction, - message, error, +@@ -158,13 +159,29 @@ bus_dispatch_matches (BusTransaction *transaction, + message, NULL, error, &deferred_message); if (res == BUS_RESULT_FALSE) - return FALSE; @@ -441,7 +432,7 @@ index 05be3bdf..7353501b 100644 } if (dbus_message_contains_unix_fds (message) && -@@ -174,14 +191,14 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -175,14 +192,14 @@ bus_dispatch_matches (BusTransaction *transaction, DBUS_ERROR_NOT_SUPPORTED, "Tried to send message with Unix file descriptors" "to a client that doesn't support that."); @@ -459,7 +450,7 @@ index 05be3bdf..7353501b 100644 } } -@@ -196,7 +213,7 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -197,7 +214,7 @@ bus_dispatch_matches (BusTransaction *transaction, &recipients)) { BUS_SET_OOM (error); @@ -468,7 +459,7 @@ index 05be3bdf..7353501b 100644 } link = _dbus_list_get_first_link (&recipients); -@@ -218,10 +235,10 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -219,10 +236,10 @@ bus_dispatch_matches (BusTransaction *transaction, if (dbus_error_is_set (&tmp_error)) { dbus_move_error (&tmp_error, error); @@ -481,7 +472,7 @@ index 05be3bdf..7353501b 100644 } static DBusHandlerResult -@@ -407,10 +424,12 @@ bus_dispatch (DBusConnection *connection, +@@ -410,10 +427,12 @@ bus_dispatch (DBusConnection *connection, } else if (res == BUS_RESULT_LATER) { @@ -498,7 +489,7 @@ index 05be3bdf..7353501b 100644 goto out; } -@@ -475,8 +494,14 @@ bus_dispatch (DBusConnection *connection, +@@ -515,8 +534,14 @@ bus_dispatch (DBusConnection *connection, * addressed_recipient == NULL), and match it against other connections' * match rules. */ @@ -515,9 +506,9 @@ index 05be3bdf..7353501b 100644 out: if (dbus_error_is_set (&error)) -@@ -5001,9 +5026,132 @@ bus_dispatch_test_conf_fail (const DBusString *test_data_dir, - return TRUE; +@@ -5061,9 +5086,132 @@ bus_dispatch_test_conf_fail (const DBusString *test_data_dir, } + #endif +typedef struct { + DBusTimeout *timeout; @@ -649,7 +640,7 @@ index 05be3bdf..7353501b 100644 _dbus_verbose ("Normal activation tests\n"); if (!bus_dispatch_test_conf (test_data_dir, diff --git a/bus/dispatch.h b/bus/dispatch.h -index fb5ba7a5..afba6a24 100644 +index fb5ba7a..afba6a2 100644 --- a/bus/dispatch.h +++ b/bus/dispatch.h @@ -29,7 +29,7 @@ @@ -662,10 +653,10 @@ index fb5ba7a5..afba6a24 100644 DBusConnection *recipient, DBusMessage *message, diff --git a/bus/driver.c b/bus/driver.c -index b7e1a0a0..a5823d4d 100644 +index cd0a714..f414f64 100644 --- a/bus/driver.c +++ b/bus/driver.c -@@ -225,6 +225,7 @@ bus_driver_send_service_owner_changed (const char *service_name, +@@ -218,6 +218,7 @@ bus_driver_send_service_owner_changed (const char *service_name, { DBusMessage *message; dbus_bool_t retval; @@ -673,8 +664,8 @@ index b7e1a0a0..a5823d4d 100644 const char *null_service; _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -260,7 +261,16 @@ bus_driver_send_service_owner_changed (const char *service_name, - if (!bus_transaction_capture (transaction, NULL, message)) +@@ -253,7 +254,16 @@ bus_driver_send_service_owner_changed (const char *service_name, + if (!bus_transaction_capture (transaction, NULL, NULL, message)) goto oom; - retval = bus_dispatch_matches (transaction, NULL, NULL, message, error); @@ -692,7 +683,7 @@ index b7e1a0a0..a5823d4d 100644 return retval; diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h -index 48357321..94b1c951 100644 +index 4835732..94b1c95 100644 --- a/dbus/dbus-connection-internal.h +++ b/dbus/dbus-connection-internal.h @@ -118,6 +118,21 @@ DBUS_PRIVATE_EXPORT @@ -718,7 +709,7 @@ index 48357321..94b1c951 100644 DBUS_PRIVATE_EXPORT void _dbus_connection_get_stats (DBusConnection *connection, diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c -index 7f5b3292..ed0be70d 100644 +index c525b6d..f1b0ea0 100644 --- a/dbus/dbus-connection.c +++ b/dbus/dbus-connection.c @@ -311,7 +311,8 @@ struct DBusConnection @@ -771,7 +762,7 @@ index 7f5b3292..ed0be70d 100644 #ifdef DBUS_ENABLE_EMBEDDED_TESTS /** * Gets the locks so we can examine them -@@ -4070,6 +4104,82 @@ _dbus_connection_putback_message_link_unlocked (DBusConnection *connection, +@@ -4069,6 +4103,82 @@ _dbus_connection_putback_message_link_unlocked (DBusConnection *connection, "_dbus_connection_putback_message_link_unlocked"); } @@ -854,7 +845,7 @@ index 7f5b3292..ed0be70d 100644 /** * Returns the first-received message from the incoming message queue, * removing it from the queue. The caller owns a reference to the -@@ -4253,8 +4363,9 @@ static DBusDispatchStatus +@@ -4252,8 +4362,9 @@ static DBusDispatchStatus _dbus_connection_get_dispatch_status_unlocked (DBusConnection *connection) { HAVE_LOCK_CHECK (connection); @@ -866,7 +857,7 @@ index 7f5b3292..ed0be70d 100644 return DBUS_DISPATCH_DATA_REMAINS; else if (!_dbus_transport_queue_messages (connection->transport)) return DBUS_DISPATCH_NEED_MEMORY; -@@ -4717,6 +4828,8 @@ dbus_connection_dispatch (DBusConnection *connection) +@@ -4716,6 +4827,8 @@ dbus_connection_dispatch (DBusConnection *connection) CONNECTION_LOCK (connection); @@ -875,7 +866,7 @@ index 7f5b3292..ed0be70d 100644 if (result == DBUS_HANDLER_RESULT_NEED_MEMORY) { _dbus_verbose ("No memory\n"); -@@ -4839,9 +4952,11 @@ dbus_connection_dispatch (DBusConnection *connection) +@@ -4838,9 +4951,11 @@ dbus_connection_dispatch (DBusConnection *connection) connection); out: @@ -890,7 +881,7 @@ index 7f5b3292..ed0be70d 100644 /* Put message back, and we'll start over. * Yes this means handlers must be idempotent if they diff --git a/dbus/dbus-list.c b/dbus/dbus-list.c -index c4c1856f..f84918b1 100644 +index 8e713c0..32ea871 100644 --- a/dbus/dbus-list.c +++ b/dbus/dbus-list.c @@ -458,6 +458,35 @@ _dbus_list_remove_last (DBusList **list, @@ -930,7 +921,7 @@ index c4c1856f..f84918b1 100644 * Finds a value in the list. Returns the last link * with value equal to the given data pointer. diff --git a/dbus/dbus-list.h b/dbus/dbus-list.h -index 9350a0da..fee9f1bc 100644 +index 9350a0d..fee9f1b 100644 --- a/dbus/dbus-list.h +++ b/dbus/dbus-list.h @@ -68,6 +68,9 @@ DBUS_PRIVATE_EXPORT @@ -944,7 +935,7 @@ index 9350a0da..fee9f1bc 100644 void *data); DBUS_PRIVATE_EXPORT diff --git a/dbus/dbus-shared.h b/dbus/dbus-shared.h -index 7ab91035..e5bfbed6 100644 +index 7ab9103..e5bfbed 100644 --- a/dbus/dbus-shared.h +++ b/dbus/dbus-shared.h @@ -67,7 +67,8 @@ typedef enum @@ -957,6 +948,3 @@ index 7ab91035..e5bfbed6 100644 } DBusHandlerResult; /* Bus names */ --- -2.14.3 - diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch index b797064ec..7f17bd00a 100644 --- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch +++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch @@ -23,26 +23,16 @@ Change-Id: Iecd5395f75a4c7811fa97247a37d8fc4d42e8814 Cherry picked from 1e231194610892dd4360224998d91336097b05a1 by Jose Bollo +Updated for dbus 1.12.10 by Scott Murray. + Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - bus/activation.c | 4 +- - bus/bus.c | 50 +++++++-- - bus/bus.h | 19 ++++ - bus/check.c | 307 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - bus/check.h | 25 +++++ - bus/connection.c | 169 ++++++++++++++++++++++++++++-- - bus/connection.h | 19 +++- - bus/dispatch.c | 121 ++++++++++++++++++---- - bus/dispatch.h | 11 +- - bus/driver.c | 2 +- - bus/policy.c | 6 ++ - 11 files changed, 686 insertions(+), 47 deletions(-) +Signed-off-by: Scott Murray <scott.murray@konsulko.com> diff --git a/bus/activation.c b/bus/activation.c -index 343d3f22..11bd8386 100644 +index 5f02153..f2981e1 100644 --- a/bus/activation.c +++ b/bus/activation.c -@@ -1198,7 +1198,7 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation +@@ -1259,7 +1259,7 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation res = bus_dispatch_matches (transaction, entry->connection, addressed_recipient, @@ -51,20 +41,20 @@ index 343d3f22..11bd8386 100644 if (res == BUS_RESULT_FALSE) { /* If permission is denied, we just want to return the error -@@ -2085,7 +2085,7 @@ bus_activation_activate_service (BusActivation *activation, - entry->systemd_service); +@@ -2137,7 +2137,7 @@ bus_activation_activate_service (BusActivation *activation, + bus_connection_get_loginfo (connection)); /* Wonderful, systemd is connected, let's just send the msg */ - res = bus_dispatch_matches (activation_transaction, NULL, bus_service_get_primary_owners_connection (service), -- message, error); -+ message, NULL, error); + res = bus_dispatch_matches (activation_transaction, NULL, +- systemd, message, error); ++ systemd, message, NULL, error); if (res == BUS_RESULT_TRUE) retval = TRUE; diff --git a/bus/bus.c b/bus/bus.c -index c4008505..911e2340 100644 +index 237efe3..5bb5637 100644 --- a/bus/bus.c +++ b/bus/bus.c -@@ -1796,17 +1796,9 @@ bus_context_check_security_policy (BusContext *context, +@@ -1800,17 +1800,9 @@ bus_context_check_security_policy (BusContext *context, } /* See if limits on size have been exceeded */ @@ -84,7 +74,7 @@ index c4008505..911e2340 100644 /* Record that we will allow a reply here in the future (don't * bother if the recipient is the bus or this is an eavesdropping -@@ -1861,3 +1853,41 @@ bus_context_check_all_watches (BusContext *context) +@@ -1869,3 +1861,41 @@ bus_context_check_all_watches (BusContext *context) _dbus_server_toggle_all_watches (server, enabled); } } @@ -127,10 +117,10 @@ index c4008505..911e2340 100644 + return TRUE; +} diff --git a/bus/bus.h b/bus/bus.h -index dab7791f..445165c9 100644 +index 82c32c8..1b08f7c 100644 --- a/bus/bus.h +++ b/bus/bus.h -@@ -158,4 +158,23 @@ BusResult bus_context_check_security_policy (BusContext +@@ -164,4 +164,23 @@ BusResult bus_context_check_security_policy (BusContext BusDeferredMessage **deferred_message); void bus_context_check_all_watches (BusContext *context); @@ -155,7 +145,7 @@ index dab7791f..445165c9 100644 + #endif /* BUS_BUS_H */ diff --git a/bus/check.c b/bus/check.c -index 4b8a6994..b8833349 100644 +index 4b8a699..f3d283f 100644 --- a/bus/check.c +++ b/bus/check.c @@ -49,6 +49,9 @@ typedef struct BusDeferredMessage @@ -370,7 +360,7 @@ index 4b8a6994..b8833349 100644 + deferred_message->sender, + deferred_message->addressed_recipient, + deferred_message->proposed_recipient, -+ deferred_message->message, NULL, ++ deferred_message->message, NULL, NULL, + &deferred_message2); + + if (result == BUS_RESULT_LATER) @@ -511,7 +501,7 @@ index 4b8a6994..b8833349 100644 } + diff --git a/bus/check.h b/bus/check.h -index d1775497..9c13c184 100644 +index d177549..9c13c18 100644 --- a/bus/check.h +++ b/bus/check.h @@ -64,12 +64,37 @@ BusDeferredMessage *bus_deferred_message_new (DBusMessage *messag @@ -553,7 +543,7 @@ index d1775497..9c13c184 100644 extern BusResult (*bus_check_test_override) (DBusConnection *connection, const char *privilege); diff --git a/bus/connection.c b/bus/connection.c -index eea50ecd..1c0bdffb 100644 +index deebde3..f9e563b 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -31,11 +31,13 @@ @@ -587,7 +577,7 @@ index eea50ecd..1c0bdffb 100644 bus_dispatch_remove_connection (connection); /* no more watching */ -@@ -2264,7 +2269,7 @@ bus_transaction_capture (BusTransaction *transaction, +@@ -2307,7 +2312,7 @@ bus_transaction_capture (BusTransaction *transaction, { DBusConnection *recipient = link->data; @@ -596,7 +586,7 @@ index eea50ecd..1c0bdffb 100644 goto out; } -@@ -2317,6 +2322,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, +@@ -2361,6 +2366,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, { DBusError error = DBUS_ERROR_INIT; BusResult res; @@ -604,17 +594,17 @@ index eea50ecd..1c0bdffb 100644 /* We have to set the sender to the driver, and have * to check security policy since it was not done in -@@ -2357,7 +2363,8 @@ bus_transaction_send_from_driver (BusTransaction *transaction, - res = bus_context_check_security_policy (bus_transaction_get_context (transaction), +@@ -2402,7 +2408,8 @@ bus_transaction_send_from_driver (BusTransaction *transaction, transaction, - NULL, connection, connection, message, &error, + NULL, connection, connection, + message, NULL, &error, - NULL); + &deferred_message); + if (res == BUS_RESULT_FALSE) { - if (!bus_transaction_capture_error_reply (transaction, &error, message)) -@@ -2374,18 +2381,20 @@ bus_transaction_send_from_driver (BusTransaction *transaction, + if (!bus_transaction_capture_error_reply (transaction, connection, +@@ -2420,18 +2427,20 @@ bus_transaction_send_from_driver (BusTransaction *transaction, } else if (res == BUS_RESULT_LATER) { @@ -639,7 +629,7 @@ index eea50ecd..1c0bdffb 100644 { MessageToSend *to_send; BusConnectionData *d; -@@ -2411,7 +2420,28 @@ bus_transaction_send (BusTransaction *transaction, +@@ -2457,7 +2466,28 @@ bus_transaction_send (BusTransaction *transaction, d = BUS_CONNECTION_DATA (connection); _dbus_assert (d != NULL); @@ -669,7 +659,7 @@ index eea50ecd..1c0bdffb 100644 to_send = dbus_new (MessageToSend, 1); if (to_send == NULL) { -@@ -2663,6 +2693,131 @@ bus_transaction_add_cancel_hook (BusTransaction *transaction, +@@ -2709,6 +2739,131 @@ bus_transaction_add_cancel_hook (BusTransaction *transaction, return TRUE; } @@ -802,10 +792,10 @@ index eea50ecd..1c0bdffb 100644 bus_connections_get_n_active (BusConnections *connections) { diff --git a/bus/connection.h b/bus/connection.h -index a6e5dfde..46e883e6 100644 +index 71078ea..97dae96 100644 --- a/bus/connection.h +++ b/bus/connection.h -@@ -83,6 +83,22 @@ dbus_bool_t bus_connection_preallocate_oom_error (DBusConnection *connection); +@@ -85,6 +85,22 @@ dbus_bool_t bus_connection_preallocate_oom_error (DBusConnection *connection); void bus_connection_send_oom_error (DBusConnection *connection, DBusMessage *in_reply_to); @@ -828,7 +818,7 @@ index a6e5dfde..46e883e6 100644 /* called by signals.c */ dbus_bool_t bus_connection_add_match_rule (DBusConnection *connection, BusMatchRule *rule); -@@ -135,7 +151,8 @@ BusTransaction* bus_transaction_new (BusContext * +@@ -137,7 +153,8 @@ BusTransaction* bus_transaction_new (BusContext * BusContext* bus_transaction_get_context (BusTransaction *transaction); dbus_bool_t bus_transaction_send (BusTransaction *transaction, DBusConnection *connection, @@ -837,9 +827,9 @@ index a6e5dfde..46e883e6 100644 + dbus_bool_t deferred_dispatch); dbus_bool_t bus_transaction_capture (BusTransaction *transaction, DBusConnection *connection, - DBusMessage *message); + DBusConnection *addressed_recipient, diff --git a/bus/dispatch.c b/bus/dispatch.c -index 7353501b..e32c9263 100644 +index 0250b53..1bdcbf0 100644 --- a/bus/dispatch.c +++ b/bus/dispatch.c @@ -33,6 +33,7 @@ @@ -850,16 +840,16 @@ index 7353501b..e32c9263 100644 #include "test.h" #include <dbus/dbus-internals.h> #include <dbus/dbus-connection-internal.h> -@@ -76,7 +77,7 @@ send_one_message (DBusConnection *connection, - message, +@@ -77,7 +78,7 @@ send_one_message (DBusConnection *connection, + NULL, &stack_error, &deferred_message); - if (result != BUS_RESULT_TRUE) + if (result == BUS_RESULT_FALSE) { - if (!bus_transaction_capture_error_reply (transaction, &stack_error, - message)) -@@ -111,9 +112,19 @@ send_one_message (DBusConnection *connection, + if (!bus_transaction_capture_error_reply (transaction, sender, + &stack_error, message)) +@@ -112,9 +113,19 @@ send_one_message (DBusConnection *connection, return TRUE; /* don't send it but don't return an error either */ } @@ -880,7 +870,7 @@ index 7353501b..e32c9263 100644 { BUS_SET_OOM (error); return FALSE; -@@ -123,11 +134,12 @@ send_one_message (DBusConnection *connection, +@@ -124,11 +135,12 @@ send_one_message (DBusConnection *connection, } BusResult @@ -898,7 +888,7 @@ index 7353501b..e32c9263 100644 { DBusError tmp_error; BusConnections *connections; -@@ -151,17 +163,78 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -152,17 +164,78 @@ bus_dispatch_matches (BusTransaction *transaction, /* First, send the message to the addressed_recipient, if there is one. */ if (addressed_recipient != NULL) { @@ -906,7 +896,7 @@ index 7353501b..e32c9263 100644 - res = bus_context_check_security_policy (context, transaction, - sender, addressed_recipient, - addressed_recipient, -- message, error, +- message, NULL, error, - &deferred_message); - if (res == BUS_RESULT_FALSE) + BusResult result; @@ -961,7 +951,7 @@ index 7353501b..e32c9263 100644 + + if (result == BUS_RESULT_LATER) + result = bus_context_check_security_policy(context, transaction, -+ sender, addressed_recipient, addressed_recipient, message, error, ++ sender, addressed_recipient, addressed_recipient, message, NULL, error, + &deferred_message); + + if (result == BUS_RESULT_FALSE) @@ -985,7 +975,7 @@ index 7353501b..e32c9263 100644 status = bus_deferred_message_get_status(deferred_message); if (status & BUS_DEFERRED_MESSAGE_CHECK_SEND) -@@ -172,13 +245,18 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -173,13 +246,18 @@ bus_dispatch_matches (BusTransaction *transaction, } else if (status & BUS_DEFERRED_MESSAGE_CHECK_RECEIVE) { @@ -1008,7 +998,7 @@ index 7353501b..e32c9263 100644 return BUS_RESULT_FALSE; } } -@@ -195,7 +273,8 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -196,7 +274,8 @@ bus_dispatch_matches (BusTransaction *transaction, } /* Dispatch the message */ @@ -1018,7 +1008,7 @@ index 7353501b..e32c9263 100644 { BUS_SET_OOM (error); return BUS_RESULT_FALSE; -@@ -495,7 +574,7 @@ bus_dispatch (DBusConnection *connection, +@@ -535,7 +614,7 @@ bus_dispatch (DBusConnection *connection, * match rules. */ if (BUS_RESULT_LATER == bus_dispatch_matches (transaction, connection, addressed_recipient, @@ -1028,7 +1018,7 @@ index 7353501b..e32c9263 100644 /* Roll back and dispatch the message once the policy result is available */ bus_transaction_cancel_and_free (transaction); diff --git a/bus/dispatch.h b/bus/dispatch.h -index afba6a24..f6102e80 100644 +index afba6a2..f6102e8 100644 --- a/bus/dispatch.h +++ b/bus/dispatch.h @@ -29,10 +29,11 @@ @@ -1049,11 +1039,11 @@ index afba6a24..f6102e80 100644 #endif /* BUS_DISPATCH_H */ diff --git a/bus/driver.c b/bus/driver.c -index a5823d4d..5acdd62a 100644 +index f414f64..d89a658 100644 --- a/bus/driver.c +++ b/bus/driver.c -@@ -261,7 +261,7 @@ bus_driver_send_service_owner_changed (const char *service_name, - if (!bus_transaction_capture (transaction, NULL, message)) +@@ -254,7 +254,7 @@ bus_driver_send_service_owner_changed (const char *service_name, + if (!bus_transaction_capture (transaction, NULL, NULL, message)) goto oom; - res = bus_dispatch_matches (transaction, NULL, NULL, message, error); @@ -1062,10 +1052,10 @@ index a5823d4d..5acdd62a 100644 retval = TRUE; else diff --git a/bus/policy.c b/bus/policy.c -index bcade176..47bd1a24 100644 +index 7ee1ce5..b1fab0d 100644 --- a/bus/policy.c +++ b/bus/policy.c -@@ -1071,6 +1071,9 @@ bus_client_policy_check_can_send (DBusConnection *sender, +@@ -1121,6 +1121,9 @@ bus_client_policy_check_can_send (DBusConnection *sender, result = bus_check_privilege(check, message, sender, addressed_recipient, receiver, privilege, BUS_DEFERRED_MESSAGE_CHECK_SEND, deferred_message); @@ -1075,7 +1065,7 @@ index bcade176..47bd1a24 100644 } else privilege = NULL; -@@ -1305,6 +1308,9 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1370,6 +1373,9 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, result = bus_check_privilege(check, message, sender, addressed_recipient, proposed_recipient, privilege, BUS_DEFERRED_MESSAGE_CHECK_RECEIVE, deferred_message); @@ -1085,6 +1075,3 @@ index bcade176..47bd1a24 100644 } else privilege = NULL; --- -2.14.3 - diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch index 1086f5b12..bde785241 100644 --- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch +++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch @@ -19,24 +19,16 @@ Change-Id: I4c2cbd4585e41fccd8a30f825a8f0d342ab56755 Cherry-picked from 35ef89cd6777ea2430077fc621d21bd01df92349 by Jose.bollo +Updated for dbus 1.12.10 by Scott Murray. + Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - bus/dispatch.c | 11 ++- - bus/driver.c | 259 ++++++++++++++++++++++++++++++--------------------------- - bus/driver.h | 2 +- - bus/policy.c | 51 +++++++++--- - bus/policy.h | 6 +- - bus/services.c | 26 ++++-- - bus/services.h | 3 +- - bus/stats.c | 28 +++---- - bus/stats.h | 6 +- - 9 files changed, 229 insertions(+), 163 deletions(-) +Signed-off-by: Scott Murray <scott.murray@konsulko.com> diff --git a/bus/dispatch.c b/bus/dispatch.c -index e32c9263..4d57c556 100644 +index 1bdcbf0..625add5 100644 --- a/bus/dispatch.c +++ b/bus/dispatch.c -@@ -513,8 +513,17 @@ bus_dispatch (DBusConnection *connection, +@@ -516,8 +516,17 @@ bus_dispatch (DBusConnection *connection, } _dbus_verbose ("Giving message to %s\n", DBUS_SERVICE_DBUS); @@ -56,10 +48,10 @@ index e32c9263..4d57c556 100644 else if (!bus_connection_is_active (connection)) /* clients must talk to bus driver first */ { diff --git a/bus/driver.c b/bus/driver.c -index 5acdd62a..bc4ce0b5 100644 +index d89a658..5ee60cb 100644 --- a/bus/driver.c +++ b/bus/driver.c -@@ -427,7 +427,7 @@ create_unique_client_name (BusRegistry *registry, +@@ -420,7 +420,7 @@ create_unique_client_name (BusRegistry *registry, return TRUE; } @@ -68,7 +60,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_hello (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -435,7 +435,7 @@ bus_driver_handle_hello (DBusConnection *connection, +@@ -428,7 +428,7 @@ bus_driver_handle_hello (DBusConnection *connection, { DBusString unique_name; BusService *service; @@ -76,8 +68,8 @@ index 5acdd62a..bc4ce0b5 100644 + BusResult retval; BusRegistry *registry; BusConnections *connections; - -@@ -446,7 +446,7 @@ bus_driver_handle_hello (DBusConnection *connection, + DBusError tmp_error; +@@ -442,7 +442,7 @@ bus_driver_handle_hello (DBusConnection *connection, /* We already handled an Hello message for this connection. */ dbus_set_error (error, DBUS_ERROR_FAILED, "Already handled an Hello message"); @@ -86,10 +78,10 @@ index 5acdd62a..bc4ce0b5 100644 } /* Note that when these limits are exceeded we don't disconnect the -@@ -460,16 +460,16 @@ bus_driver_handle_hello (DBusConnection *connection, - error)) - { - _DBUS_ASSERT_ERROR_IS_SET (error); +@@ -464,16 +464,16 @@ bus_driver_handle_hello (DBusConnection *connection, + bus_context_log (context, DBUS_SYSTEM_LOG_WARNING, "%s (%s=%d)", + tmp_error.message, limit_name, limit); + dbus_move_error (&tmp_error, error); - return FALSE; + return BUS_RESULT_FALSE; } @@ -106,7 +98,7 @@ index 5acdd62a..bc4ce0b5 100644 registry = bus_connection_get_registry (connection); -@@ -502,7 +502,7 @@ bus_driver_handle_hello (DBusConnection *connection, +@@ -506,7 +506,7 @@ bus_driver_handle_hello (DBusConnection *connection, goto out_0; _dbus_assert (bus_connection_is_active (connection)); @@ -115,7 +107,7 @@ index 5acdd62a..bc4ce0b5 100644 out_0: _dbus_string_free (&unique_name); -@@ -554,7 +554,7 @@ bus_driver_send_welcome_message (DBusConnection *connection, +@@ -558,7 +558,7 @@ bus_driver_send_welcome_message (DBusConnection *connection, } } @@ -124,7 +116,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_list_services (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -576,14 +576,14 @@ bus_driver_handle_list_services (DBusConnection *connection, +@@ -580,14 +580,14 @@ bus_driver_handle_list_services (DBusConnection *connection, if (reply == NULL) { BUS_SET_OOM (error); @@ -141,7 +133,7 @@ index 5acdd62a..bc4ce0b5 100644 } dbus_message_iter_init_append (reply, &iter); -@@ -595,7 +595,7 @@ bus_driver_handle_list_services (DBusConnection *connection, +@@ -599,7 +599,7 @@ bus_driver_handle_list_services (DBusConnection *connection, dbus_free_string_array (services); dbus_message_unref (reply); BUS_SET_OOM (error); @@ -150,7 +142,7 @@ index 5acdd62a..bc4ce0b5 100644 } { -@@ -607,7 +607,7 @@ bus_driver_handle_list_services (DBusConnection *connection, +@@ -611,7 +611,7 @@ bus_driver_handle_list_services (DBusConnection *connection, dbus_free_string_array (services); dbus_message_unref (reply); BUS_SET_OOM (error); @@ -159,7 +151,7 @@ index 5acdd62a..bc4ce0b5 100644 } } -@@ -620,7 +620,7 @@ bus_driver_handle_list_services (DBusConnection *connection, +@@ -624,7 +624,7 @@ bus_driver_handle_list_services (DBusConnection *connection, dbus_free_string_array (services); dbus_message_unref (reply); BUS_SET_OOM (error); @@ -168,7 +160,7 @@ index 5acdd62a..bc4ce0b5 100644 } ++i; } -@@ -631,23 +631,23 @@ bus_driver_handle_list_services (DBusConnection *connection, +@@ -635,23 +635,23 @@ bus_driver_handle_list_services (DBusConnection *connection, { dbus_message_unref (reply); BUS_SET_OOM (error); @@ -196,7 +188,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_list_activatable_services (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -669,14 +669,14 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, +@@ -673,14 +673,14 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, if (reply == NULL) { BUS_SET_OOM (error); @@ -213,7 +205,7 @@ index 5acdd62a..bc4ce0b5 100644 } dbus_message_iter_init_append (reply, &iter); -@@ -688,7 +688,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, +@@ -692,7 +692,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, dbus_free_string_array (services); dbus_message_unref (reply); BUS_SET_OOM (error); @@ -222,7 +214,7 @@ index 5acdd62a..bc4ce0b5 100644 } { -@@ -700,7 +700,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, +@@ -704,7 +704,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, dbus_free_string_array (services); dbus_message_unref (reply); BUS_SET_OOM (error); @@ -231,7 +223,7 @@ index 5acdd62a..bc4ce0b5 100644 } } -@@ -713,7 +713,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, +@@ -717,7 +717,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, dbus_free_string_array (services); dbus_message_unref (reply); BUS_SET_OOM (error); @@ -240,7 +232,7 @@ index 5acdd62a..bc4ce0b5 100644 } ++i; } -@@ -724,23 +724,23 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, +@@ -728,23 +728,23 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, { dbus_message_unref (reply); BUS_SET_OOM (error); @@ -268,7 +260,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_acquire_service (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -751,7 +751,8 @@ bus_driver_handle_acquire_service (DBusConnection *connection, +@@ -755,7 +755,8 @@ bus_driver_handle_acquire_service (DBusConnection *connection, const char *name; dbus_uint32_t service_reply; dbus_uint32_t flags; @@ -278,7 +270,7 @@ index 5acdd62a..bc4ce0b5 100644 BusRegistry *registry; _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -762,20 +763,24 @@ bus_driver_handle_acquire_service (DBusConnection *connection, +@@ -766,20 +767,24 @@ bus_driver_handle_acquire_service (DBusConnection *connection, DBUS_TYPE_STRING, &name, DBUS_TYPE_UINT32, &flags, DBUS_TYPE_INVALID)) @@ -310,7 +302,7 @@ index 5acdd62a..bc4ce0b5 100644 reply = dbus_message_new_method_return (message); if (reply == NULL) -@@ -796,7 +801,7 @@ bus_driver_handle_acquire_service (DBusConnection *connection, +@@ -800,7 +805,7 @@ bus_driver_handle_acquire_service (DBusConnection *connection, goto out; } @@ -319,7 +311,7 @@ index 5acdd62a..bc4ce0b5 100644 out: if (reply) -@@ -804,7 +809,7 @@ bus_driver_handle_acquire_service (DBusConnection *connection, +@@ -808,7 +813,7 @@ bus_driver_handle_acquire_service (DBusConnection *connection, return retval; } @@ -328,7 +320,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_release_service (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -814,7 +819,7 @@ bus_driver_handle_release_service (DBusConnection *connection, +@@ -818,7 +823,7 @@ bus_driver_handle_release_service (DBusConnection *connection, DBusString service_name; const char *name; dbus_uint32_t service_reply; @@ -337,7 +329,7 @@ index 5acdd62a..bc4ce0b5 100644 BusRegistry *registry; _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -824,11 +829,11 @@ bus_driver_handle_release_service (DBusConnection *connection, +@@ -828,11 +833,11 @@ bus_driver_handle_release_service (DBusConnection *connection, if (!dbus_message_get_args (message, error, DBUS_TYPE_STRING, &name, DBUS_TYPE_INVALID)) @@ -351,7 +343,7 @@ index 5acdd62a..bc4ce0b5 100644 reply = NULL; _dbus_string_init_const (&service_name, name); -@@ -857,7 +862,7 @@ bus_driver_handle_release_service (DBusConnection *connection, +@@ -861,7 +866,7 @@ bus_driver_handle_release_service (DBusConnection *connection, goto out; } @@ -360,7 +352,7 @@ index 5acdd62a..bc4ce0b5 100644 out: if (reply) -@@ -865,7 +870,7 @@ bus_driver_handle_release_service (DBusConnection *connection, +@@ -869,7 +874,7 @@ bus_driver_handle_release_service (DBusConnection *connection, return retval; } @@ -369,7 +361,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_service_exists (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -876,7 +881,7 @@ bus_driver_handle_service_exists (DBusConnection *connection, +@@ -880,7 +885,7 @@ bus_driver_handle_service_exists (DBusConnection *connection, BusService *service; dbus_bool_t service_exists; const char *name; @@ -378,7 +370,7 @@ index 5acdd62a..bc4ce0b5 100644 BusRegistry *registry; _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -886,9 +891,9 @@ bus_driver_handle_service_exists (DBusConnection *connection, +@@ -890,9 +895,9 @@ bus_driver_handle_service_exists (DBusConnection *connection, if (!dbus_message_get_args (message, error, DBUS_TYPE_STRING, &name, DBUS_TYPE_INVALID)) @@ -390,7 +382,7 @@ index 5acdd62a..bc4ce0b5 100644 if (strcmp (name, DBUS_SERVICE_DBUS) == 0) { -@@ -922,7 +927,7 @@ bus_driver_handle_service_exists (DBusConnection *connection, +@@ -926,7 +931,7 @@ bus_driver_handle_service_exists (DBusConnection *connection, goto out; } @@ -399,7 +391,7 @@ index 5acdd62a..bc4ce0b5 100644 out: if (reply) -@@ -931,7 +936,7 @@ bus_driver_handle_service_exists (DBusConnection *connection, +@@ -935,7 +940,7 @@ bus_driver_handle_service_exists (DBusConnection *connection, return retval; } @@ -408,7 +400,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_activate_service (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -939,7 +944,7 @@ bus_driver_handle_activate_service (DBusConnection *connection, +@@ -943,7 +948,7 @@ bus_driver_handle_activate_service (DBusConnection *connection, { dbus_uint32_t flags; const char *name; @@ -417,7 +409,7 @@ index 5acdd62a..bc4ce0b5 100644 BusActivation *activation; _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -953,10 +958,10 @@ bus_driver_handle_activate_service (DBusConnection *connection, +@@ -957,10 +962,10 @@ bus_driver_handle_activate_service (DBusConnection *connection, { _DBUS_ASSERT_ERROR_IS_SET (error); _dbus_verbose ("No memory to get arguments to StartServiceByName\n"); @@ -430,7 +422,7 @@ index 5acdd62a..bc4ce0b5 100644 if (!bus_activation_activate_service (activation, connection, transaction, FALSE, message, name, error)) -@@ -966,7 +971,7 @@ bus_driver_handle_activate_service (DBusConnection *connection, +@@ -970,7 +975,7 @@ bus_driver_handle_activate_service (DBusConnection *connection, goto out; } @@ -439,7 +431,7 @@ index 5acdd62a..bc4ce0b5 100644 out: return retval; -@@ -1068,13 +1073,13 @@ bus_driver_send_or_activate (BusTransaction *transaction, +@@ -1072,13 +1077,13 @@ bus_driver_send_or_activate (BusTransaction *transaction, return TRUE; } @@ -455,25 +447,7 @@ index 5acdd62a..bc4ce0b5 100644 BusActivation *activation; BusContext *context; DBusMessageIter iter; -@@ -1090,7 +1095,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - - if (!bus_driver_check_message_is_for_us (message, error)) -- return FALSE; -+ return BUS_RESULT_FALSE; - - #ifdef DBUS_UNIX - { @@ -1100,7 +1105,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, - */ - if (!bus_driver_check_caller_is_privileged (connection, transaction, - message, error)) -- return FALSE; -+ return BUS_RESULT_FALSE; - } - #endif - -@@ -1111,7 +1116,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "Cannot change activation environment " "on a system bus."); @@ -482,7 +456,7 @@ index 5acdd62a..bc4ce0b5 100644 } activation = bus_connection_get_activation (connection); -@@ -1125,7 +1130,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, +@@ -1114,7 +1119,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, dbus_message_iter_recurse (&iter, &dict_iter); @@ -491,8 +465,8 @@ index 5acdd62a..bc4ce0b5 100644 systemd_message = NULL; /* Then loop through the sent dictionary, add the location of -@@ -1291,7 +1296,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, - message, error)) +@@ -1279,7 +1284,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, + if (!bus_driver_send_ack_reply (connection, transaction, message, error)) goto out; - retval = TRUE; @@ -500,7 +474,7 @@ index 5acdd62a..bc4ce0b5 100644 out: if (systemd_message != NULL) -@@ -1301,7 +1306,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, +@@ -1289,7 +1294,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, return retval; } @@ -509,7 +483,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_add_match (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -1367,16 +1372,16 @@ bus_driver_handle_add_match (DBusConnection *connection, +@@ -1371,16 +1376,16 @@ bus_driver_handle_add_match (DBusConnection *connection, bus_match_rule_unref (rule); @@ -529,7 +503,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_remove_match (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -1420,16 +1425,16 @@ bus_driver_handle_remove_match (DBusConnection *connection, +@@ -1423,16 +1428,16 @@ bus_driver_handle_remove_match (DBusConnection *connection, bus_match_rule_unref (rule); @@ -549,7 +523,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_get_service_owner (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -1499,7 +1504,7 @@ bus_driver_handle_get_service_owner (DBusConnection *connection, +@@ -1502,7 +1507,7 @@ bus_driver_handle_get_service_owner (DBusConnection *connection, dbus_message_unref (reply); @@ -558,7 +532,7 @@ index 5acdd62a..bc4ce0b5 100644 oom: BUS_SET_OOM (error); -@@ -1508,10 +1513,10 @@ bus_driver_handle_get_service_owner (DBusConnection *connection, +@@ -1511,10 +1516,10 @@ bus_driver_handle_get_service_owner (DBusConnection *connection, _DBUS_ASSERT_ERROR_IS_SET (error); if (reply) dbus_message_unref (reply); @@ -571,7 +545,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_list_queued_owners (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -1602,7 +1607,7 @@ bus_driver_handle_list_queued_owners (DBusConnection *connection, +@@ -1606,7 +1611,7 @@ bus_driver_handle_list_queued_owners (DBusConnection *connection, dbus_message_unref (reply); @@ -580,7 +554,7 @@ index 5acdd62a..bc4ce0b5 100644 oom: BUS_SET_OOM (error); -@@ -1615,10 +1620,10 @@ bus_driver_handle_list_queued_owners (DBusConnection *connection, +@@ -1619,10 +1624,10 @@ bus_driver_handle_list_queued_owners (DBusConnection *connection, if (base_names) _dbus_list_clear (&base_names); @@ -593,7 +567,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_get_connection_unix_user (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -1673,7 +1678,7 @@ bus_driver_handle_get_connection_unix_user (DBusConnection *connection, +@@ -1679,7 +1684,7 @@ bus_driver_handle_get_connection_unix_user (DBusConnection *connection, dbus_message_unref (reply); @@ -602,7 +576,7 @@ index 5acdd62a..bc4ce0b5 100644 oom: BUS_SET_OOM (error); -@@ -1682,10 +1687,10 @@ bus_driver_handle_get_connection_unix_user (DBusConnection *connection, +@@ -1688,10 +1693,10 @@ bus_driver_handle_get_connection_unix_user (DBusConnection *connection, _DBUS_ASSERT_ERROR_IS_SET (error); if (reply) dbus_message_unref (reply); @@ -615,7 +589,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -1740,7 +1745,7 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection, +@@ -1748,7 +1753,7 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection, dbus_message_unref (reply); @@ -624,7 +598,7 @@ index 5acdd62a..bc4ce0b5 100644 oom: BUS_SET_OOM (error); -@@ -1749,10 +1754,10 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection, +@@ -1757,10 +1762,10 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection, _DBUS_ASSERT_ERROR_IS_SET (error); if (reply) dbus_message_unref (reply); @@ -637,7 +611,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_get_adt_audit_session_data (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -1803,7 +1808,7 @@ bus_driver_handle_get_adt_audit_session_data (DBusConnection *connection, +@@ -1811,7 +1816,7 @@ bus_driver_handle_get_adt_audit_session_data (DBusConnection *connection, dbus_message_unref (reply); @@ -646,7 +620,7 @@ index 5acdd62a..bc4ce0b5 100644 oom: BUS_SET_OOM (error); -@@ -1812,10 +1817,10 @@ bus_driver_handle_get_adt_audit_session_data (DBusConnection *connection, +@@ -1820,10 +1825,10 @@ bus_driver_handle_get_adt_audit_session_data (DBusConnection *connection, _DBUS_ASSERT_ERROR_IS_SET (error); if (reply) dbus_message_unref (reply); @@ -659,7 +633,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_get_connection_selinux_security_context (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -1863,7 +1868,7 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne +@@ -1872,7 +1877,7 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne dbus_message_unref (reply); @@ -668,7 +642,7 @@ index 5acdd62a..bc4ce0b5 100644 oom: BUS_SET_OOM (error); -@@ -1872,10 +1877,10 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne +@@ -1881,10 +1886,10 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne _DBUS_ASSERT_ERROR_IS_SET (error); if (reply) dbus_message_unref (reply); @@ -681,7 +655,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_get_connection_credentials (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -1987,7 +1992,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, +@@ -1998,7 +2003,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, dbus_message_unref (reply); @@ -690,7 +664,7 @@ index 5acdd62a..bc4ce0b5 100644 oom: BUS_SET_OOM (error); -@@ -2001,10 +2006,10 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, +@@ -2012,10 +2017,10 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, dbus_message_unref (reply); } @@ -703,7 +677,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_reload_config (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -2029,7 +2034,7 @@ bus_driver_handle_reload_config (DBusConnection *connection, +@@ -2040,7 +2045,7 @@ bus_driver_handle_reload_config (DBusConnection *connection, goto oom; dbus_message_unref (reply); @@ -712,7 +686,7 @@ index 5acdd62a..bc4ce0b5 100644 oom: BUS_SET_OOM (error); -@@ -2038,11 +2043,11 @@ bus_driver_handle_reload_config (DBusConnection *connection, +@@ -2049,11 +2054,11 @@ bus_driver_handle_reload_config (DBusConnection *connection, _DBUS_ASSERT_ERROR_IS_SET (error); if (reply) dbus_message_unref (reply); @@ -726,7 +700,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_enable_verbose (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -2062,7 +2067,7 @@ bus_driver_handle_enable_verbose (DBusConnection *connection, +@@ -2073,7 +2078,7 @@ bus_driver_handle_enable_verbose (DBusConnection *connection, _dbus_set_verbose(TRUE); dbus_message_unref (reply); @@ -735,7 +709,7 @@ index 5acdd62a..bc4ce0b5 100644 oom: _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -2071,10 +2076,10 @@ bus_driver_handle_enable_verbose (DBusConnection *connection, +@@ -2082,10 +2087,10 @@ bus_driver_handle_enable_verbose (DBusConnection *connection, if (reply) dbus_message_unref (reply); @@ -748,7 +722,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_disable_verbose (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -2094,7 +2099,7 @@ bus_driver_handle_disable_verbose (DBusConnection *connection, +@@ -2105,7 +2110,7 @@ bus_driver_handle_disable_verbose (DBusConnection *connection, _dbus_set_verbose(FALSE); dbus_message_unref (reply); @@ -757,7 +731,7 @@ index 5acdd62a..bc4ce0b5 100644 oom: _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -2103,11 +2108,11 @@ bus_driver_handle_disable_verbose (DBusConnection *connection, +@@ -2114,11 +2119,11 @@ bus_driver_handle_disable_verbose (DBusConnection *connection, if (reply) dbus_message_unref (reply); @@ -771,7 +745,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_get_id (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -2123,7 +2128,7 @@ bus_driver_handle_get_id (DBusConnection *connection, +@@ -2134,7 +2139,7 @@ bus_driver_handle_get_id (DBusConnection *connection, if (!_dbus_string_init (&uuid)) { BUS_SET_OOM (error); @@ -780,7 +754,7 @@ index 5acdd62a..bc4ce0b5 100644 } reply = NULL; -@@ -2149,7 +2154,7 @@ bus_driver_handle_get_id (DBusConnection *connection, +@@ -2160,7 +2165,7 @@ bus_driver_handle_get_id (DBusConnection *connection, _dbus_string_free (&uuid); dbus_message_unref (reply); @@ -789,7 +763,7 @@ index 5acdd62a..bc4ce0b5 100644 oom: _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -2159,10 +2164,10 @@ bus_driver_handle_get_id (DBusConnection *connection, +@@ -2170,10 +2175,10 @@ bus_driver_handle_get_id (DBusConnection *connection, if (reply) dbus_message_unref (reply); _dbus_string_free (&uuid); @@ -802,7 +776,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_become_monitor (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -2178,7 +2183,7 @@ bus_driver_handle_become_monitor (DBusConnection *connection, +@@ -2189,7 +2194,7 @@ bus_driver_handle_become_monitor (DBusConnection *connection, int i; int n_match_rules; dbus_uint32_t flags; @@ -811,7 +785,7 @@ index 5acdd62a..bc4ce0b5 100644 _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -2258,10 +2263,10 @@ bus_driver_handle_become_monitor (DBusConnection *connection, +@@ -2262,10 +2267,10 @@ bus_driver_handle_become_monitor (DBusConnection *connection, if (!bus_connection_be_monitor (connection, transaction, &rules, error)) goto out; @@ -824,7 +798,7 @@ index 5acdd62a..bc4ce0b5 100644 _DBUS_ASSERT_ERROR_IS_CLEAR (error); else _DBUS_ASSERT_ERROR_IS_SET (error); -@@ -2282,10 +2287,10 @@ typedef struct +@@ -2389,10 +2394,10 @@ typedef struct const char *name; const char *in_args; const char *out_args; @@ -836,19 +810,19 @@ index 5acdd62a..bc4ce0b5 100644 + BusTransaction *transaction, + DBusMessage *message, + DBusError *error); + MethodFlags flags; } MessageHandler; - /* For speed it might be useful to sort this in order of -@@ -2370,7 +2375,7 @@ static const MessageHandler dbus_message_handlers[] = { - { NULL, NULL, NULL, NULL } +@@ -2511,7 +2516,7 @@ static const PropertyHandler dbus_property_handlers[] = { + { NULL, NULL, NULL } }; -static dbus_bool_t bus_driver_handle_introspect (DBusConnection *, +static BusResult bus_driver_handle_introspect (DBusConnection *, BusTransaction *, DBusMessage *, DBusError *); - static const MessageHandler introspectable_message_handlers[] = { -@@ -2514,7 +2519,7 @@ bus_driver_generate_introspect_string (DBusString *xml) + static const MessageHandler properties_message_handlers[] = { +@@ -2763,7 +2768,7 @@ bus_driver_generate_introspect_string (DBusString *xml, return TRUE; } @@ -857,7 +831,7 @@ index 5acdd62a..bc4ce0b5 100644 bus_driver_handle_introspect (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -2534,13 +2539,13 @@ bus_driver_handle_introspect (DBusConnection *connection, +@@ -2784,13 +2789,13 @@ bus_driver_handle_introspect (DBusConnection *connection, DBUS_TYPE_INVALID)) { _DBUS_ASSERT_ERROR_IS_SET (error); @@ -872,8 +846,8 @@ index 5acdd62a..bc4ce0b5 100644 + return BUS_RESULT_FALSE; } - if (!bus_driver_generate_introspect_string (&xml)) -@@ -2563,7 +2568,7 @@ bus_driver_handle_introspect (DBusConnection *connection, + is_canonical_path = dbus_message_has_path (message, DBUS_PATH_DBUS); +@@ -2815,7 +2820,7 @@ bus_driver_handle_introspect (DBusConnection *connection, dbus_message_unref (reply); _dbus_string_free (&xml); @@ -882,7 +856,7 @@ index 5acdd62a..bc4ce0b5 100644 oom: BUS_SET_OOM (error); -@@ -2573,7 +2578,7 @@ bus_driver_handle_introspect (DBusConnection *connection, +@@ -2825,10 +2830,10 @@ bus_driver_handle_introspect (DBusConnection *connection, _dbus_string_free (&xml); @@ -890,25 +864,20 @@ index 5acdd62a..bc4ce0b5 100644 + return BUS_RESULT_FALSE; } - /* -@@ -2608,7 +2613,7 @@ bus_driver_check_message_is_for_us (DBusMessage *message, - return TRUE; - } - -dbus_bool_t +BusResult bus_driver_handle_message (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -2618,6 +2623,7 @@ bus_driver_handle_message (DBusConnection *connection, - const InterfaceHandler *ih; +@@ -2839,6 +2844,7 @@ bus_driver_handle_message (DBusConnection *connection, const MessageHandler *mh; dbus_bool_t found_interface = FALSE; + dbus_bool_t is_canonical_path; + BusResult res; _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -2633,7 +2639,7 @@ bus_driver_handle_message (DBusConnection *connection, +@@ -2854,7 +2860,7 @@ bus_driver_handle_message (DBusConnection *connection, transaction, message, error)) @@ -917,7 +886,7 @@ index 5acdd62a..bc4ce0b5 100644 context = bus_connection_get_context (connection); systemd = bus_driver_get_owner_of_name (connection, -@@ -2650,7 +2656,7 @@ bus_driver_handle_message (DBusConnection *connection, +@@ -2871,7 +2877,7 @@ bus_driver_handle_message (DBusConnection *connection, attacker ? attacker : "(unauthenticated)", bus_connection_get_loginfo (connection)); /* ignore it */ @@ -926,7 +895,7 @@ index 5acdd62a..bc4ce0b5 100644 } if (!bus_context_get_systemd_activation (context)) -@@ -2658,16 +2664,16 @@ bus_driver_handle_message (DBusConnection *connection, +@@ -2879,16 +2885,16 @@ bus_driver_handle_message (DBusConnection *connection, bus_context_log (context, DBUS_SYSTEM_LOG_WARNING, "Ignoring unexpected ActivationFailure message " "while not using systemd activation"); @@ -946,7 +915,7 @@ index 5acdd62a..bc4ce0b5 100644 } /* may be NULL, which means "any interface will do" */ -@@ -2709,20 +2715,27 @@ bus_driver_handle_message (DBusConnection *connection, +@@ -2953,20 +2959,27 @@ bus_driver_handle_message (DBusConnection *connection, name, dbus_message_get_signature (message), mh->in_args); _DBUS_ASSERT_ERROR_IS_SET (error); @@ -979,7 +948,7 @@ index 5acdd62a..bc4ce0b5 100644 } } } -@@ -2734,7 +2747,7 @@ bus_driver_handle_message (DBusConnection *connection, +@@ -2978,7 +2991,7 @@ bus_driver_handle_message (DBusConnection *connection, "%s does not understand message %s", DBUS_SERVICE_DBUS, name); @@ -989,11 +958,11 @@ index 5acdd62a..bc4ce0b5 100644 void diff --git a/bus/driver.h b/bus/driver.h -index 201709c4..3ff4ff15 100644 +index ac1289d..183c28b 100644 --- a/bus/driver.h +++ b/bus/driver.h -@@ -28,7 +28,7 @@ - #include "connection.h" +@@ -35,7 +35,7 @@ typedef enum + } BusDriverFound; void bus_driver_remove_connection (DBusConnection *connection); -dbus_bool_t bus_driver_handle_message (DBusConnection *connection, @@ -1002,10 +971,10 @@ index 201709c4..3ff4ff15 100644 DBusMessage *message, DBusError *error); diff --git a/bus/policy.c b/bus/policy.c -index 47bd1a24..7244a46f 100644 +index b1fab0d..27b66d1 100644 --- a/bus/policy.c +++ b/bus/policy.c -@@ -1323,18 +1323,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1388,18 +1388,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, @@ -1031,7 +1000,7 @@ index 47bd1a24..7244a46f 100644 link = _dbus_list_get_first_link (&rules); while (link != NULL) { -@@ -1370,17 +1373,45 @@ bus_rules_check_can_own (DBusList *rules, +@@ -1435,17 +1438,45 @@ bus_rules_check_can_own (DBusList *rules, } /* Use this rule */ @@ -1082,7 +1051,7 @@ index 47bd1a24..7244a46f 100644 } #ifdef DBUS_ENABLE_EMBEDDED_TESTS -@@ -1388,7 +1419,7 @@ dbus_bool_t +@@ -1453,7 +1484,7 @@ dbus_bool_t bus_policy_check_can_own (BusPolicy *policy, const DBusString *service_name) { @@ -1092,10 +1061,10 @@ index 47bd1a24..7244a46f 100644 #endif /* DBUS_ENABLE_EMBEDDED_TESTS */ diff --git a/bus/policy.h b/bus/policy.h -index e9f193af..1f234310 100644 +index f306a3c..39d7cc5 100644 --- a/bus/policy.h +++ b/bus/policy.h -@@ -170,8 +170,10 @@ BusResult bus_client_policy_check_can_receive (BusClientPolicy *polic +@@ -182,8 +182,10 @@ BusResult bus_client_policy_check_can_receive (BusClientPolicy *polic dbus_int32_t *toggles, const char **privilege_param, BusDeferredMessage **deferred_message); @@ -1109,10 +1078,10 @@ index e9f193af..1f234310 100644 BusPolicyRule *rule); void bus_client_policy_optimize (BusClientPolicy *policy); diff --git a/bus/services.c b/bus/services.c -index 6a4c8848..fcc2d261 100644 +index 127edda..586af18 100644 --- a/bus/services.c +++ b/bus/services.c -@@ -376,24 +376,26 @@ bus_registry_list_services (BusRegistry *registry, +@@ -376,16 +376,17 @@ bus_registry_list_services (BusRegistry *registry, return FALSE; } @@ -1132,17 +1101,18 @@ index 6a4c8848..fcc2d261 100644 DBusConnection *old_owner_conn; BusClientPolicy *policy; BusService *service; - BusActivation *activation; +@@ -393,8 +394,9 @@ bus_registry_acquire_service (BusRegistry *registry, BusSELinuxID *sid; BusOwner *primary_owner; + int limit; + BusResult res; - + - retval = FALSE; + retval = BUS_RESULT_FALSE; if (!_dbus_validate_bus_name (service_name, 0, _dbus_string_get_length (service_name))) -@@ -466,7 +468,8 @@ bus_registry_acquire_service (BusRegistry *registry, +@@ -467,7 +469,8 @@ bus_registry_acquire_service (BusRegistry *registry, _dbus_string_get_const_data (service_name), error)) goto out; @@ -1152,7 +1122,7 @@ index 6a4c8848..fcc2d261 100644 { dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "Connection \"%s\" is not allowed to own the service \"%s\" due " -@@ -477,6 +480,11 @@ bus_registry_acquire_service (BusRegistry *registry, +@@ -478,6 +481,11 @@ bus_registry_acquire_service (BusRegistry *registry, _dbus_string_get_const_data (service_name)); goto out; } @@ -1162,9 +1132,9 @@ index 6a4c8848..fcc2d261 100644 + goto out; + } - if (bus_connection_get_n_services_owned (connection) >= - bus_context_get_max_services_per_connection (registry->context)) -@@ -593,11 +601,13 @@ bus_registry_acquire_service (BusRegistry *registry, + limit = bus_context_get_max_services_per_connection (registry->context); + +@@ -603,11 +611,13 @@ bus_registry_acquire_service (BusRegistry *registry, } activation = bus_context_get_activation (registry->context); @@ -1183,7 +1153,7 @@ index 6a4c8848..fcc2d261 100644 out: return retval; diff --git a/bus/services.h b/bus/services.h -index 056dd9fa..3df3dd7d 100644 +index 056dd9f..3df3dd7 100644 --- a/bus/services.h +++ b/bus/services.h @@ -50,8 +50,9 @@ void bus_registry_foreach (BusRegistry *registry @@ -1198,7 +1168,7 @@ index 056dd9fa..3df3dd7d 100644 dbus_uint32_t flags, dbus_uint32_t *result, diff --git a/bus/stats.c b/bus/stats.c -index dace0e29..aab0e5c9 100644 +index 1582255..4ba72d6 100644 --- a/bus/stats.c +++ b/bus/stats.c @@ -36,7 +36,7 @@ @@ -1210,16 +1180,7 @@ index dace0e29..aab0e5c9 100644 bus_stats_handle_get_stats (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, -@@ -52,7 +52,7 @@ bus_stats_handle_get_stats (DBusConnection *connection, - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - - if (!bus_driver_check_message_is_for_us (message, error)) -- return FALSE; -+ return BUS_RESULT_FALSE; - - context = bus_transaction_get_context (transaction); - connections = bus_context_get_connections (context); -@@ -107,17 +107,17 @@ bus_stats_handle_get_stats (DBusConnection *connection, +@@ -104,17 +104,17 @@ bus_stats_handle_get_stats (DBusConnection *connection, goto oom; dbus_message_unref (reply); @@ -1240,33 +1201,7 @@ index dace0e29..aab0e5c9 100644 bus_stats_handle_get_connection_stats (DBusConnection *caller_connection, BusTransaction *transaction, DBusMessage *message, -@@ -137,14 +137,14 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection, - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - - if (!bus_driver_check_message_is_for_us (message, error)) -- return FALSE; -+ return BUS_RESULT_FALSE; - - registry = bus_connection_get_registry (caller_connection); - - if (! dbus_message_get_args (message, error, - DBUS_TYPE_STRING, &bus_name, - DBUS_TYPE_INVALID)) -- return FALSE; -+ return BUS_RESULT_FALSE; - - _dbus_string_init_const (&bus_name_str, bus_name); - service = bus_registry_lookup (registry, &bus_name_str); -@@ -153,7 +153,7 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection, - { - dbus_set_error (error, DBUS_ERROR_NAME_HAS_NO_OWNER, - "Bus name '%s' has no owner", bus_name); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - stats_connection = bus_service_get_primary_owners_connection (service); -@@ -215,18 +215,18 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection, +@@ -209,7 +209,7 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection, goto oom; dbus_message_unref (reply); @@ -1274,10 +1209,11 @@ index dace0e29..aab0e5c9 100644 + return BUS_RESULT_TRUE; oom: + BUS_SET_OOM (error); +@@ -218,11 +218,11 @@ failed: if (reply != NULL) dbus_message_unref (reply); - BUS_SET_OOM (error); - return FALSE; + return BUS_RESULT_FALSE; } @@ -1288,7 +1224,7 @@ index dace0e29..aab0e5c9 100644 bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection, BusTransaction *transaction, DBusMessage *message, -@@ -250,7 +250,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection, +@@ -246,7 +246,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection, matchmaker = bus_context_get_matchmaker (context); if (!bus_registry_list_services (registry, &services, &services_len)) @@ -1297,7 +1233,7 @@ index dace0e29..aab0e5c9 100644 reply = dbus_message_new_method_return (message); if (reply == NULL) -@@ -329,7 +329,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection, +@@ -325,7 +325,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection, dbus_message_unref (reply); dbus_free_string_array (services); @@ -1306,7 +1242,7 @@ index dace0e29..aab0e5c9 100644 oom: if (reply != NULL) -@@ -338,7 +338,7 @@ oom: +@@ -334,7 +334,7 @@ oom: dbus_free_string_array (services); BUS_SET_OOM (error); @@ -1316,7 +1252,7 @@ index dace0e29..aab0e5c9 100644 #endif diff --git a/bus/stats.h b/bus/stats.h -index dcb022c4..683fa175 100644 +index dcb022c..683fa17 100644 --- a/bus/stats.h +++ b/bus/stats.h @@ -25,17 +25,17 @@ @@ -1340,6 +1276,3 @@ index dcb022c4..683fa175 100644 BusTransaction *transaction, DBusMessage *message, DBusError *error); --- -2.14.3 - diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch index d30b2dbf8..6cc7c19c4 100644 --- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch +++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch @@ -26,14 +26,14 @@ Change-Id: Ifb4a160bf6e0638404e0295a2e4fa3077efd881c Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com> Cherry picked from e8610297cf7031e94eb314a2e8c11246f4405403 by Jose Bollo + +Updated for dbus 1.12.10 by Scott Murray. + Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - bus/session.conf.in | 32 ++++++++++++++++++++++++++------ - bus/system.conf.in | 19 +++++++++++++++---- - 2 files changed, 41 insertions(+), 10 deletions(-) +Signed-off-by: Scott Murray <scott.murray@konsulko.com> diff --git a/bus/session.conf.in b/bus/session.conf.in -index affa7f1d..157dfb4d 100644 +index affa7f1..157dfb4 100644 --- a/bus/session.conf.in +++ b/bus/session.conf.in @@ -27,12 +27,32 @@ @@ -76,10 +76,10 @@ index affa7f1d..157dfb4d 100644 <!-- Include legacy configuration location --> diff --git a/bus/system.conf.in b/bus/system.conf.in -index 014f67ee..ebbd468a 100644 +index f139b55..19d0c04 100644 --- a/bus/system.conf.in +++ b/bus/system.conf.in -@@ -50,23 +50,34 @@ +@@ -50,17 +50,20 @@ <deny own="*"/> <deny send_type="method_call"/> @@ -104,9 +104,10 @@ index 014f67ee..ebbd468a 100644 <!-- Allow anyone to talk to the message bus --> <allow send_destination="org.freedesktop.DBus" - send_interface="org.freedesktop.DBus" /> - <allow send_destination="org.freedesktop.DBus" +@@ -69,6 +72,14 @@ send_interface="org.freedesktop.DBus.Introspectable"/> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Properties"/> + <!-- If there is a need specific bus services could be protected by Cynara as well. + However, this can lead to deadlock during the boot process when such check is made and + Cynara is not yet activated (systemd calls protected method synchronously, @@ -118,6 +119,3 @@ index 014f67ee..ebbd468a 100644 <!-- But disallow some specific bus services --> <deny send_destination="org.freedesktop.DBus" send_interface="org.freedesktop.DBus" --- -2.14.3 - diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara_1.10.20.bb b/meta-security/recipes-core/dbus-cynara/dbus-cynara_1.12.10.bb index a97148366..2b494becb 100644 --- a/meta-security/recipes-core/dbus-cynara/dbus-cynara_1.10.20.bb +++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara_1.12.10.bb @@ -1,4 +1,4 @@ -require ${COREBASE}/meta/recipes-core/dbus/dbus_1.10.20.bb +require ${COREBASE}/meta/recipes-core/dbus/dbus_1.12.10.bb FILESEXTRAPATHS_prepend := "${COREBASE}/meta/recipes-core/dbus/dbus:${THISDIR}/dbus-cynara:" S = "${WORKDIR}/dbus-${PV}" diff --git a/meta-security/recipes-core/dbus-cynara/dbus_%.bbappend b/meta-security/recipes-core/dbus-cynara/dbus_%.bbappend index 78df8ec3c..2923c5c18 100644 --- a/meta-security/recipes-core/dbus-cynara/dbus_%.bbappend +++ b/meta-security/recipes-core/dbus-cynara/dbus_%.bbappend @@ -1,4 +1,5 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/dbus-cynara:" + SRC_URI_append = "\ file://0001-Integration-of-Cynara-asynchronous-security-checks.patch \ file://0002-Disable-message-dispatching-when-send-rule-result-is.patch \ |