diff options
author | Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2020-12-08 11:12:45 +0100 |
---|---|---|
committer | Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2020-12-17 13:59:52 +0000 |
commit | 1c3c06842ac1b9c089d0a08e91c60f44e4844fac (patch) | |
tree | 21e97368be8f78a3e76b66dfda24c1d5e774519f /meta-security | |
parent | c1e048fc05542d859115990312e0753ce2dea72e (diff) |
SPEC-3723: restructure meta-agl
Goal is to reach a minimal meta-agl-core as base for IVI and IC work at the same time.
Trim dependencies and move most 'demo' related recipes to meta-agl-demo.
v2: changed to bbapend + .inc , added description
v3: testbuild of all images
v4: restore -test packagegroup and -qa images, compare manifests and adapt packagegroups.
v5: rebased
v6: merged meta-agl-distro into meta-agl-core,
due to dependency on meta-oe, moved -test packagegroup and -qa images
to own layer meta-agl-core-test
v7: Fixed comments from Paul Barker
v8: Update the markdown files
v9: restore wayland/weston/agl-compositor recipes/appends, reworked to
move app f/w specific changes to bbappends in meta-app-framework and
only demo specific weston-init changes to meta-agl-demo
v10: fix s/agldemo/aglcore/ missed in weston-init.bbappend
Description:
This patch is part 1 out of 2 large patches that implement the layer rework
discussed during the previous workshop. Essentially meta-agl-core is the
small but versatile new core layer of AGL serving as basis for
the work done by the IC and IVI EGs.
All demo related work is moved to meta-agl-demo in the 2nd patchset.
This should be applied together as atomic change.
The resulting meta-agl/* follows these guidelines:
- only bsp adaptations in meta-agl-bsp
- remove the agl-profile-* layers for simplicity
-- the packagegroup-agl(-profile)-graphical and so on
have been kept in meta-agl-demo
- meta-agl-profile-core is now meta-agl-core
- meta-agl-core does pass yocto-check-layer
-- therefore use the bbappend + conditional + .inc file
construct found in meta-virtualization
- meta-agl/meta-security has been merged into meta-agl/meta-app-framework
- meta-netboot does pass yocto-check-layer
- meta-pipewire does pass yocto-check-layer
Migration:
All packagegroups are preserved but they're now enabled by 'agl-demo'.
Bug-AGL: SPEC-3723
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ia6c6e5e6ce2b4ffa69ea94959cdc57c310ba7c53
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/25769
Diffstat (limited to 'meta-security')
61 files changed, 0 insertions, 9695 deletions
diff --git a/meta-security/COPYING.MIT b/meta-security/COPYING.MIT deleted file mode 100644 index 89de35479..000000000 --- a/meta-security/COPYING.MIT +++ /dev/null @@ -1,17 +0,0 @@ -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. diff --git a/meta-security/README.md b/meta-security/README.md deleted file mode 100644 index 6a8024bc6..000000000 --- a/meta-security/README.md +++ /dev/null @@ -1,31 +0,0 @@ -This README file contains information on the contents of the -meta-security layer. - -Please see the corresponding sections below for details. - - -Dependencies -============ - -This layer depends on: - - URI: git://git.openembedded.org/bitbake - branch: master - - URI: git://git.openembedded.org/openembedded-core - layers: meta - branch: master - - URI: git://git.yoctoproject.org/meta-security - branch: master - - -Patches -======= - -Please submit any patches against the meta-security layer via gerrit -reviews. - -For discussion use the discussion mailing list -https://lists.automotivelinux.org/g/agl-dev-community - diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf deleted file mode 100644 index 6024d2847..000000000 --- a/meta-security/conf/layer.conf +++ /dev/null @@ -1,14 +0,0 @@ -# We have a conf and classes directory, add to BBPATH -BBPATH =. "${LAYERDIR}:" - -# We have a packages directory, add to BBFILES -BBFILES += " ${LAYERDIR}/recipes-*/*/*.bb \ - ${LAYERDIR}/recipes-*/*/*.bbappend \ - " - -# Must prioritize our rpm recipe over the default ones. -BBFILE_COLLECTIONS += "security-smack" -BBFILE_PATTERN_security-smack := "^${LAYERDIR}/" -BBFILE_PRIORITY_security-smack = "60" - -LAYERSERIES_COMPAT_security-smack = "dunfell" diff --git a/meta-security/recipes-connectivity/bluez5/bluez5_%.bbappend b/meta-security/recipes-connectivity/bluez5/bluez5_%.bbappend deleted file mode 100644 index 3767681b0..000000000 --- a/meta-security/recipes-connectivity/bluez5/bluez5_%.bbappend +++ /dev/null @@ -1,55 +0,0 @@ -# Recent bluez5 releases started limiting the capabilities of -# bluetoothd. When running on a Smack-enabled system, that change has the -# effect that bluetoothd can no longer create the input device under -# /sys because bluez5 running with label "System" has no write -# access to that. -# -# It works when running as normal root with unrestricted capabilities -# because then CAP_MAC_OVERRIDE (a Smack-specific capability) allows -# the process to ignore Smack rules. -# -# We need to ensure that bluetoothd still has that capability. -# -# To fix the issue, Patick and Casey(the Smack architect) had a talk -# about it in Ostro dev mail list. Casey has some ideas about the issue: -# "Turning off privilege is a great thing to do *so long as you don't -# really need the privilege*. In this case you really need it. -# The application package isn't written to account for Smack's use of -# CAP_MAC_OVERRIDE as the mechanism for controlling this dangerous operation. -# Yes, it would be possible to change /proc to change the Smack label on -# that particular file, but that might open other paths for exploit. -# I say give the program the required capability. The program maintainer -# may well say change the kernel handling of /proc. You're stuck in the -# middle, as both work the way they're intended and hence the system -# doesn't work. :( There isn't a way to make this work without "loosening" -# something." -# Therefore, when we we run the program with CAP_MAC_OVERRIDE, -# the whole reason for having capabilities is so the we can give a -# process the ability to bypass one kind of check without giving it the -# ability to bypass other, unrelated checks. A process with -# CAP_MAC_OVERRIDE is still constrained by the file mode bits. -# We was overly worried about granting that capability. -# When it has no other effect than excluding a process from Smack MAC enforcement, -# then adding to the process seems like the right solution for now. -# -# The conclusion from Patick and Casey is that the Smack architect give the key point -# that this is the solution preferred. -# -# Because the solution is to some extend specific to the environment -# in which connmand runs, this change is not submitted upstream -# and it can be overridden by a distro via FIX_BLUEZ5_CAPABILITIES. -# -# The related patch has been submitted to upstream too. -# upstream link: http://permalink.gmane.org/gmane.linux.bluez.kernel/67993 - -FILESEXTRAPATHS_prepend := "${THISDIR}/files:" - -SRC_URI_append_with-lsm-smack = "\ - file://bluetooth.service.conf \ -" - -FILES_${PN} += "${systemd_unitdir}" - -do_install_append_with-lsm-smack() { - install -Dm0644 ${WORKDIR}/bluetooth.service.conf ${D}${systemd_unitdir}/system/bluetooth.service.d/smack.conf -} diff --git a/meta-security/recipes-connectivity/bluez5/files/bluetooth.service.conf b/meta-security/recipes-connectivity/bluez5/files/bluetooth.service.conf deleted file mode 100644 index b93ab4fee..000000000 --- a/meta-security/recipes-connectivity/bluez5/files/bluetooth.service.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -CapabilityBoundingSet=CAP_MAC_OVERRIDE diff --git a/meta-security/recipes-connectivity/connman/connman_%.bbappend b/meta-security/recipes-connectivity/connman/connman_%.bbappend deleted file mode 100644 index 3b010490d..000000000 --- a/meta-security/recipes-connectivity/connman/connman_%.bbappend +++ /dev/null @@ -1,34 +0,0 @@ -# Recent ConnMan releases started limiting the capabilities of -# ConnMan. When running on a Smack-enabled system, that change has the -# effect that connmand can no longer change network settings under -# /proc/net because the Smack label of /proc is "_", and connmand -# running with label "System" has no write access to that. -# -# It works when running as normal root with unrestricted capabilities -# because then CAP_MAC_OVERRIDE (a Smack-specific capability) allows -# the process to ignore Smack rules. -# -# We need to ensure that connmand still has that capability. -# -# The alternative would be to set up fine-grained labelling of -# /proc with corresponding rules, which is considerably more work -# and also may depend on kernel changes (like supporting smackfsroot -# for procfs, which seems to be missing at the moment). -# -# Because the solution is to some extend specific to the environment -# in which connmand runs, this change is not submitted upstream -# and it can be overridden by a distro via FIX_CONNMAN_CAPABILITIES. - -FILESEXTRAPATHS_prepend := "${THISDIR}/files:" - -SRC_URI_append_with-lsm-smack = "\ - file://connman.service.conf \ -" - -RDEPENDS_${PN}_append_with-lsm-smack = " smack" - -FILES_${PN} += "${systemd_unitdir}" - -do_install_append_with-lsm-smack() { - install -Dm0644 ${WORKDIR}/connman.service.conf ${D}${systemd_unitdir}/system/connman.service.d/smack.conf -} diff --git a/meta-security/recipes-connectivity/connman/files/connman.service.conf b/meta-security/recipes-connectivity/connman/files/connman.service.conf deleted file mode 100644 index 6ebbf6ad1..000000000 --- a/meta-security/recipes-connectivity/connman/files/connman.service.conf +++ /dev/null @@ -1,4 +0,0 @@ -[Service] -CapabilityBoundingSet=CAP_MAC_OVERRIDE -ExecStartPre=+-/bin/mkdir -p /run/connman -ExecStartPre=+-/usr/bin/chsmack -t -a System::Shared /run/connman diff --git a/meta-security/recipes-core/base-files/base-files_%.bbappend b/meta-security/recipes-core/base-files/base-files_%.bbappend deleted file mode 100644 index f0e340f5b..000000000 --- a/meta-security/recipes-core/base-files/base-files_%.bbappend +++ /dev/null @@ -1,79 +0,0 @@ -# Install default Smack rules, copied from a running Tizen IVI 3.0. -# Corresponds to manifest file from default-access-domains in Tizen: -# https://review.tizen.org/git?p=platform/core/security/default-ac-domains.git;a=blob;f=packaging/default-ac-domains.manifest -do_install_append_with-lsm-smack () { - install -d ${D}/${sysconfdir}/smack/accesses.d - cat >${D}/${sysconfdir}/smack/accesses.d/default-access-domains <<EOF -System _ -----l -System System::Log rwxa-- -System System::Run rwxat- -System System::Shared rwxat- -System ^ rwxa-- -_ System::Run rwxat- -_ System -wx--- -^ System::Log rwxa-- -^ System::Run rwxat- -^ System rwxa-- -EOF - chmod 0644 ${D}/${sysconfdir}/smack/accesses.d/default-access-domains - - install -d ${D}/${libdir}/tmpfiles.d - cat >${D}/${libdir}/tmpfiles.d/packet-forwarding.conf <<EOF -t /proc/sys/net/ipv4/conf/all/forwarding - - - - security.SMACK64=* -t /proc/sys/net/ipv6/conf/all/forwarding - - - - security.SMACK64=* -t /proc/sys/net/ipv4/conf/default/forwarding - - - - security.SMACK64=* -t /proc/sys/net/ipv6/conf/default/forwarding - - - - security.SMACK64=* -EOF - chmod 0644 ${D}/${libdir}/tmpfiles.d/packet-forwarding.conf - - install -d ${D}/${base_libdir}/udev/rules.d - cat >${D}/${base_libdir}/udev/rules.d/85-netdev-ipconf-smacklabel.rules <<EOF -SUBSYSTEM=="net", ENV{ID_NET_NAME}=="", RUN+="/bin/sh -c '/usr/bin/chsmack -a \* /proc/sys/net/ipv4/conf/%k/*'", RUN+="/bin/sh -c '/usr/bin/chsmack -a \* /proc/sys/net/ipv6/conf/%k/*'" - -SUBSYSTEM=="net", ENV{ID_NET_NAME}!="", RUN+="/bin/sh -c '/usr/bin/chsmack -a \* /proc/sys/net/ipv4/conf/\$env{ID_NET_NAME}/*'", RUN+="/bin/sh -c '/usr/bin/chsmack -a \* /proc/sys/net/ipv6/conf/\$env{ID_NET_NAME}/*'" -EOF - chmod 0644 ${D}/${base_libdir}/udev/rules.d/85-netdev-ipconf-smacklabel.rules -} - -# Do not rely on an rpm with manifest support. Apparently that approach -# will no longer be used in Tizen 3.0. Instead set special Smack attributes -# via postinst. This is much easier to use with bitbake, too: -# - no need to maintain a patched rpm -# - works for directories which are not packaged by default when empty -RDEPENDS_${PN}_append_with-lsm-smack = " smack" -DEPENDS_append_with-lsm-smack = " smack-native" -pkg_postinst_${PN}_with-lsm-smack() { - #!/bin/sh -e - - # https://review.tizen.org/gerrit/gitweb?p=platform/upstream/filesystem.git;a=blob;f=packaging/filesystem.manifest: - # <filesystem path="/etc" label="System::Shared" type="transmutable" /> - install -d $D${sysconfdir} - # This has no effect on files installed into /etc during image construction - # because pseudo does not know the special semantic of SMACK::TRANSMUTE. - # To avoid having different xattrs on files inside /etc when pre-installed - # in an image vs. installed on a device, the xattr-images.bbclass has - # a workaround for this deficiency in pseudo. - chsmack -t $D${sysconfdir} - chsmack -a 'System::Shared' $D${sysconfdir} - - # Same for /media. Any daemon running as "System" will get write access - # to everything. - install -d $D/media - chsmack -t $D/media - chsmack -a 'System::Shared' $D/media - - # Same for /var. Any daemon running as "System" will get write access - # to everything. - install -d $D${localstatedir} - chsmack -t $D${localstatedir} - chsmack -a 'System::Shared' $D${localstatedir} - - # <filesystem path="/tmp" label="*" /> - mkdir -p $D/tmp - chsmack -a '*' $D/tmp - - # <filesystem path="/var/log" label="System::Log" type="transmutable" /> - # <filesystem path="/var/tmp" label="*" /> - # These are in a file system mounted by systemd. We patch the systemd service - # to set these attributes. -} diff --git a/meta-security/recipes-core/coreutils/coreutils_%.bbappend b/meta-security/recipes-core/coreutils/coreutils_%.bbappend deleted file mode 100644 index 1b9b722ec..000000000 --- a/meta-security/recipes-core/coreutils/coreutils_%.bbappend +++ /dev/null @@ -1,7 +0,0 @@ -# Smack patches are included in coreutils v8.22, we just need to enable them. -# The default is not deterministic (enabled if libsmack found), so disable -# explicitly otherwise. -EXTRA_OECONF_SMACK_class-target = "--disable-libsmack" -EXTRA_OECONF_SMACK_with-lsm-smack_class-target = "--enable-libsmack" -EXTRA_OECONF_append_class-target = " ${EXTRA_OECONF_SMACK}" -DEPENDS_append_with-lsm-smack_class-target = " smack" diff --git a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0001-Integration-of-Cynara-asynchronous-security-checks.patch b/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0001-Integration-of-Cynara-asynchronous-security-checks.patch deleted file mode 100644 index 55cedb9c7..000000000 --- a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0001-Integration-of-Cynara-asynchronous-security-checks.patch +++ /dev/null @@ -1,2309 +0,0 @@ -From ea4b650366261e4257e4b0fb95e7f48e30ef36f0 Mon Sep 17 00:00:00 2001 -From: Jacek Bukarewicz <j.bukarewicz@samsung.com> -Date: Thu, 27 Nov 2014 18:11:05 +0100 -Subject: [PATCH 1/8] Integration of Cynara asynchronous security checks -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This commit introduces basic framework for asynchronous policy -checks and Cynara integration code. Functions for checking security -policy can now return third value - BUS_RESULT_LATER denoting check -result unavailability. Whenever policy checker cannot decide on the -result of the check it is supposed to allocate DeferredMessage structure -that will be passed to the upper layers which can decide what should be -done in such situation. -Proper handling of such case will be implemented in subsequent commits. -Currently such return value results in message denial. - -Cherry picked from 4dcfb02f17247ff9de966b62182cd2e08f301238 -by José Bollo. - -Updated for dbus 1.10.20 by Scott Murray and José Bollo -Updated for dbus 1.12.16 by José Bollo - -Change-Id: I9bcbce34577e5dc2a3cecf6233a0a2b0e43e1108 -Signed-off-by: José Bollo <jose.bollo@iot.bzh> -Signed-off-by: Scott Murray <scott.murray@konsulko.com> ---- - bus/Makefile.am | 6 + - bus/activation.c | 5 +- - bus/bus.c | 124 ++++-- - bus/bus.h | 22 +- - bus/check.c | 217 ++++++++++ - bus/check.h | 68 ++++ - bus/config-parser-common.c | 6 + - bus/config-parser-common.h | 1 + - bus/config-parser-trivial.c | 2 + - bus/config-parser.c | 72 +++- - bus/connection.c | 57 ++- - bus/connection.h | 4 + - bus/cynara.c | 374 ++++++++++++++++++ - bus/cynara.h | 37 ++ - bus/dispatch.c | 46 ++- - bus/driver.h | 2 + - bus/policy.c | 195 ++++++--- - bus/policy.h | 29 +- - configure.ac | 12 + - test/Makefile.am | 1 + - .../data/invalid-config-files/badcheck-1.conf | 9 + - .../data/invalid-config-files/badcheck-2.conf | 9 + - test/data/valid-config-files/check-1.conf | 9 + - .../debug-check-some.conf.in | 18 + - 24 files changed, 1181 insertions(+), 144 deletions(-) - create mode 100644 bus/check.c - create mode 100644 bus/check.h - create mode 100644 bus/cynara.c - create mode 100644 bus/cynara.h - create mode 100644 test/data/invalid-config-files/badcheck-1.conf - create mode 100644 test/data/invalid-config-files/badcheck-2.conf - create mode 100644 test/data/valid-config-files/check-1.conf - create mode 100644 test/data/valid-config-files/debug-check-some.conf.in - -diff --git a/bus/Makefile.am b/bus/Makefile.am -index c917063..2a8a72c 100644 ---- a/bus/Makefile.am -+++ b/bus/Makefile.am -@@ -13,6 +13,7 @@ DBUS_BUS_LIBS = \ - $(THREAD_LIBS) \ - $(ADT_LIBS) \ - $(NETWORK_libs) \ -+ $(CYNARA_LIBS) \ - $(NULL) - - DBUS_LAUNCHER_LIBS = \ -@@ -30,6 +31,7 @@ AM_CPPFLAGS = \ - $(APPARMOR_CFLAGS) \ - -DDBUS_SYSTEM_CONFIG_FILE=\""$(dbusdatadir)/system.conf"\" \ - -DDBUS_COMPILATION \ -+ $(CYNARA_CFLAGS) \ - $(NULL) - - # if assertions are enabled, improve backtraces -@@ -90,6 +92,8 @@ BUS_SOURCES= \ - audit.h \ - bus.c \ - bus.h \ -+ check.c \ -+ check.h \ - config-loader-expat.c \ - config-parser.c \ - config-parser.h \ -@@ -97,6 +101,8 @@ BUS_SOURCES= \ - config-parser-common.h \ - connection.c \ - connection.h \ -+ cynara.c \ -+ cynara.h \ - desktop-file.c \ - desktop-file.h \ - $(DIR_WATCH_SOURCE) \ -diff --git a/bus/activation.c b/bus/activation.c -index 99404b9..f9c6c62 100644 ---- a/bus/activation.c -+++ b/bus/activation.c -@@ -1789,14 +1789,15 @@ bus_activation_activate_service (BusActivation *activation, - - if (auto_activation && - entry != NULL && -- !bus_context_check_security_policy (activation->context, -+ BUS_RESULT_TRUE != bus_context_check_security_policy (activation->context, - transaction, - connection, /* sender */ - NULL, /* addressed recipient */ - NULL, /* proposed recipient */ - activation_message, - entry, -- error)) -+ error, -+ NULL)) - { - _DBUS_ASSERT_ERROR_IS_SET (error); - _dbus_verbose ("activation not authorized: %s: %s\n", -diff --git a/bus/bus.c b/bus/bus.c -index 2ad8e78..6fc45d0 100644 ---- a/bus/bus.c -+++ b/bus/bus.c -@@ -38,6 +38,7 @@ - #include "apparmor.h" - #include "audit.h" - #include "dir-watch.h" -+#include "check.h" - #include <dbus/dbus-auth.h> - #include <dbus/dbus-list.h> - #include <dbus/dbus-hash.h> -@@ -67,6 +68,7 @@ struct BusContext - BusRegistry *registry; - BusPolicy *policy; - BusMatchmaker *matchmaker; -+ BusCheck *check; - BusLimits limits; - DBusRLimit *initial_fd_limit; - unsigned int fork : 1; -@@ -1003,6 +1005,10 @@ bus_context_new (const DBusString *config_file, - parser = NULL; - } - -+ context->check = bus_check_new(context, error); -+ if (context->check == NULL) -+ goto failed; -+ - dbus_server_free_data_slot (&server_data_slot); - - return context; -@@ -1127,6 +1133,12 @@ bus_context_unref (BusContext *context) - - bus_context_shutdown (context); - -+ if (context->check) -+ { -+ bus_check_unref(context->check); -+ context->check = NULL; -+ } -+ - if (context->connections) - { - bus_connections_unref (context->connections); -@@ -1256,6 +1268,12 @@ bus_context_get_loop (BusContext *context) - return context->loop; - } - -+BusCheck* -+bus_context_get_check (BusContext *context) -+{ -+ return context->check; -+} -+ - dbus_bool_t - bus_context_allow_unix_user (BusContext *context, - unsigned long uid) -@@ -1451,6 +1469,7 @@ complain_about_message (BusContext *context, - DBusConnection *proposed_recipient, - dbus_bool_t requested_reply, - dbus_bool_t log, -+ const char *privilege, - DBusError *error) - { - DBusError stack_error = DBUS_ERROR_INIT; -@@ -1480,7 +1499,8 @@ complain_about_message (BusContext *context, - dbus_set_error (&stack_error, error_name, - "%s, %d matched rules; type=\"%s\", sender=\"%s\" (%s) " - "interface=\"%s\" member=\"%s\" error name=\"%s\" " -- "requested_reply=\"%d\" destination=\"%s\" (%s)", -+ "requested_reply=\"%d\" destination=\"%s\" (%s) " -+ "privilege=\"%s\"", - complaint, - matched_rules, - dbus_message_type_to_string (dbus_message_get_type (message)), -@@ -1491,7 +1511,8 @@ complain_about_message (BusContext *context, - nonnull (dbus_message_get_error_name (message), "(unset)"), - requested_reply, - nonnull (dbus_message_get_destination (message), DBUS_SERVICE_DBUS), -- proposed_recipient_loginfo); -+ proposed_recipient_loginfo, -+ nonnull (privilege, "(n/a)")); - - /* If we hit OOM while setting the error, this will syslog "out of memory" - * which is itself an indication that something is seriously wrong */ -@@ -1519,7 +1540,7 @@ complain_about_message (BusContext *context, - * NULL for addressed_recipient may mean the bus driver, or may mean - * no destination was specified in the message (e.g. a signal). - */ --dbus_bool_t -+BusResult - bus_context_check_security_policy (BusContext *context, - BusTransaction *transaction, - DBusConnection *sender, -@@ -1527,7 +1548,8 @@ bus_context_check_security_policy (BusContext *context, - DBusConnection *proposed_recipient, - DBusMessage *message, - BusActivationEntry *activation_entry, -- DBusError *error) -+ DBusError *error, -+ BusDeferredMessage **deferred_message) - { - const char *src, *dest; - BusClientPolicy *sender_policy; -@@ -1536,6 +1558,7 @@ bus_context_check_security_policy (BusContext *context, - dbus_bool_t log; - int type; - dbus_bool_t requested_reply; -+ const char *privilege; - - type = dbus_message_get_type (message); - src = dbus_message_get_sender (message); -@@ -1565,7 +1588,7 @@ bus_context_check_security_policy (BusContext *context, - dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, - "Message bus will not accept messages of unknown type\n"); - -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - requested_reply = FALSE; -@@ -1595,7 +1618,7 @@ bus_context_check_security_policy (BusContext *context, - if (dbus_error_is_set (&error2)) - { - dbus_move_error (&error2, error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - } - } -@@ -1624,11 +1647,11 @@ bus_context_check_security_policy (BusContext *context, - complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, - "An SELinux policy prevents this sender from sending this " - "message to this recipient", -- 0, message, sender, proposed_recipient, FALSE, FALSE, error); -+ 0, message, sender, proposed_recipient, FALSE, FALSE, NULL, error); - _dbus_verbose ("SELinux security check denying send to service\n"); - } - -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - /* next verify AppArmor access controls. If allowed then -@@ -1646,7 +1669,7 @@ bus_context_check_security_policy (BusContext *context, - src ? src : DBUS_SERVICE_DBUS, - activation_entry, - error)) -- return FALSE; -+ return BUS_RESULT_FALSE; - - if (!bus_connection_is_active (sender)) - { -@@ -1660,7 +1683,7 @@ bus_context_check_security_policy (BusContext *context, - { - _dbus_verbose ("security check allowing %s message\n", - "Hello"); -- return TRUE; -+ return BUS_RESULT_TRUE; - } - else - { -@@ -1671,7 +1694,7 @@ bus_context_check_security_policy (BusContext *context, - "Client tried to send a message other than %s without being registered", - "Hello"); - -- return FALSE; -+ return BUS_RESULT_FALSE; - } - } - } -@@ -1720,20 +1743,29 @@ bus_context_check_security_policy (BusContext *context, - (proposed_recipient == NULL && recipient_policy == NULL)); - - log = FALSE; -- if (sender_policy && -- !bus_client_policy_check_can_send (sender_policy, -- context->registry, -- requested_reply, -- proposed_recipient, -- message, &toggles, &log)) -- { -- complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, -- "Rejected send message", toggles, -- message, sender, proposed_recipient, requested_reply, -- (addressed_recipient == proposed_recipient), error); -- _dbus_verbose ("security policy disallowing message due to sender policy\n"); -- return FALSE; -- } -+ if (sender_policy) -+ { -+ BusResult res = bus_client_policy_check_can_send (sender, -+ sender_policy, -+ context->registry, -+ requested_reply, -+ addressed_recipient, -+ proposed_recipient, -+ message, &toggles, &log, &privilege, -+ deferred_message); -+ if (res == BUS_RESULT_FALSE) -+ { -+ complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, -+ "Rejected send message", toggles, -+ message, sender, proposed_recipient, requested_reply, -+ (addressed_recipient == proposed_recipient), privilege, -+ error); -+ _dbus_verbose ("security policy disallowing message due to sender policy\n"); -+ return BUS_RESULT_FALSE; -+ } -+ else if (res == BUS_RESULT_LATER) -+ return BUS_RESULT_LATER; -+ } - - if (log) - { -@@ -1742,23 +1774,29 @@ bus_context_check_security_policy (BusContext *context, - complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, - "Would reject message", toggles, - message, sender, proposed_recipient, requested_reply, -- TRUE, NULL); -+ TRUE, privilege, NULL); - } - -- if (recipient_policy && -- !bus_client_policy_check_can_receive (recipient_policy, -- context->registry, -- requested_reply, -- sender, -- addressed_recipient, proposed_recipient, -- message, &toggles)) -+ if (recipient_policy) - { -- complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, -- "Rejected receive message", toggles, -- message, sender, proposed_recipient, requested_reply, -- (addressed_recipient == proposed_recipient), error); -- _dbus_verbose ("security policy disallowing message due to recipient policy\n"); -- return FALSE; -+ BusResult res; -+ res = bus_client_policy_check_can_receive (recipient_policy, -+ context->registry, -+ requested_reply, -+ sender, -+ addressed_recipient, proposed_recipient, -+ message, &toggles, &privilege, deferred_message); -+ if (res == BUS_RESULT_FALSE) -+ { -+ complain_about_message(context, DBUS_ERROR_ACCESS_DENIED, "Rejected receive message", -+ toggles, message, sender, proposed_recipient, requested_reply, -+ (addressed_recipient == proposed_recipient), privilege, error); -+ _dbus_verbose( -+ "security policy disallowing message due to recipient policy\n"); -+ return BUS_RESULT_FALSE; -+ } -+ else if (res == BUS_RESULT_LATER) -+ return BUS_RESULT_LATER; - } - - /* See if limits on size have been exceeded */ -@@ -1768,10 +1806,10 @@ bus_context_check_security_policy (BusContext *context, - { - complain_about_message (context, DBUS_ERROR_LIMITS_EXCEEDED, - "Rejected: destination has a full message queue", -- 0, message, sender, proposed_recipient, requested_reply, TRUE, -+ 0, message, sender, proposed_recipient, requested_reply, TRUE, NULL, - error); - _dbus_verbose ("security policy disallowing message due to full message queue\n"); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - /* Record that we will allow a reply here in the future (don't -@@ -1792,11 +1830,11 @@ bus_context_check_security_policy (BusContext *context, - message, error)) - { - _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n"); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - _dbus_verbose ("security policy allowing message\n"); -- return TRUE; -+ return BUS_RESULT_TRUE; - } - - void -diff --git a/bus/bus.h b/bus/bus.h -index 2e0de82..82c32c8 100644 ---- a/bus/bus.h -+++ b/bus/bus.h -@@ -45,6 +45,22 @@ typedef struct BusTransaction BusTransaction; - typedef struct BusMatchmaker BusMatchmaker; - typedef struct BusMatchRule BusMatchRule; - typedef struct BusActivationEntry BusActivationEntry; -+typedef struct BusCheck BusCheck; -+typedef struct BusDeferredMessage BusDeferredMessage; -+typedef struct BusCynara BusCynara; -+ -+/** -+ * BusResult is defined as a pointer to a dummy structure to allow detection of type mismatches. -+ * The disadvantage of such solution is that now BusResult variables cannot be used in switch -+ * statement. -+ * Additionally, BUS_RESULT_TRUE is defined as 0 instead of 1 to help detect type mismatches -+ * at runtime. -+ */ -+typedef const struct BusResultStruct { int dummy; } *BusResult; -+ -+static const BusResult BUS_RESULT_TRUE = (BusResult)0x0; -+static const BusResult BUS_RESULT_FALSE = (BusResult)0x1; -+static const BusResult BUS_RESULT_LATER = (BusResult)0x2; - - typedef struct - { -@@ -101,6 +117,7 @@ BusConnections* bus_context_get_connections (BusContext - BusActivation* bus_context_get_activation (BusContext *context); - BusMatchmaker* bus_context_get_matchmaker (BusContext *context); - DBusLoop* bus_context_get_loop (BusContext *context); -+BusCheck * bus_context_get_check (BusContext *context); - dbus_bool_t bus_context_allow_unix_user (BusContext *context, - unsigned long uid); - dbus_bool_t bus_context_allow_windows_user (BusContext *context, -@@ -136,14 +153,15 @@ void bus_context_log_and_set_error (BusContext - const char *name, - const char *msg, - ...) _DBUS_GNUC_PRINTF (5, 6); --dbus_bool_t bus_context_check_security_policy (BusContext *context, -+BusResult bus_context_check_security_policy (BusContext *context, - BusTransaction *transaction, - DBusConnection *sender, - DBusConnection *addressed_recipient, - DBusConnection *proposed_recipient, - DBusMessage *message, - BusActivationEntry *activation_entry, -- DBusError *error); -+ DBusError *error, -+ BusDeferredMessage **deferred_message); - void bus_context_check_all_watches (BusContext *context); - - #endif /* BUS_BUS_H */ -diff --git a/bus/check.c b/bus/check.c -new file mode 100644 -index 0000000..5b72d31 ---- /dev/null -+++ b/bus/check.c -@@ -0,0 +1,217 @@ -+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ -+/* check.c Bus security policy runtime check -+ * -+ * Copyright (C) 2014 Intel, Inc. -+ * Copyright (c) 2014 Samsung Electronics, Ltd. -+ * -+ * Licensed under the Academic Free License version 2.1 -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -+ * -+ */ -+ -+#include <config.h> -+#include "check.h" -+#include "connection.h" -+#include "dispatch.h" -+#include "cynara.h" -+#include "utils.h" -+#include <dbus/dbus-connection-internal.h> -+#include <dbus/dbus-message-internal.h> -+#include <dbus/dbus-internals.h> -+ -+ -+typedef struct BusCheck -+{ -+ int refcount; -+ -+ BusContext *context; -+ BusCynara *cynara; -+} BusCheck; -+ -+typedef struct BusDeferredMessage -+{ -+ int refcount; -+ -+ DBusMessage *message; -+ DBusConnection *sender; -+ DBusConnection *proposed_recipient; -+ DBusConnection *addressed_recipient; -+ dbus_bool_t full_dispatch; -+ BusDeferredMessageStatus status; -+ BusResult response; -+ BusCheckResponseFunc response_callback; -+} BusDeferredMessage; -+ -+BusCheck * -+bus_check_new (BusContext *context, DBusError *error) -+{ -+ BusCheck *check; -+ -+ check = dbus_new(BusCheck, 1); -+ if (check == NULL) -+ { -+ BUS_SET_OOM(error); -+ return NULL; -+ } -+ -+ check->refcount = 1; -+ check->context = context; -+ check->cynara = bus_cynara_new(check, error); -+ if (dbus_error_is_set(error)) -+ { -+ dbus_free(check); -+ return NULL; -+ } -+ -+ return check; -+} -+ -+BusCheck * -+bus_check_ref (BusCheck *check) -+{ -+ _dbus_assert (check->refcount > 0); -+ check->refcount += 1; -+ -+ return check; -+} -+ -+void -+bus_check_unref (BusCheck *check) -+{ -+ _dbus_assert (check->refcount > 0); -+ -+ check->refcount -= 1; -+ -+ if (check->refcount == 0) -+ { -+ bus_cynara_unref(check->cynara); -+ dbus_free(check); -+ } -+} -+ -+BusContext * -+bus_check_get_context (BusCheck *check) -+{ -+ return check->context; -+} -+ -+BusCynara * -+bus_check_get_cynara (BusCheck *check) -+{ -+ return check->cynara; -+} -+ -+BusResult -+bus_check_privilege (BusCheck *check, -+ DBusMessage *message, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ const char *privilege, -+ BusDeferredMessageStatus check_type, -+ BusDeferredMessage **deferred_message) -+{ -+ BusResult result = BUS_RESULT_FALSE; -+#ifdef DBUS_ENABLE_CYNARA -+ BusCynara *cynara; -+#endif -+ DBusConnection *connection; -+ -+ connection = check_type == BUS_DEFERRED_MESSAGE_CHECK_RECEIVE ? proposed_recipient : sender; -+ -+ if (!dbus_connection_get_is_connected(connection)) -+ { -+ return BUS_RESULT_FALSE; -+ } -+ -+ /* ask policy checkers */ -+#ifdef DBUS_ENABLE_CYNARA -+ cynara = bus_check_get_cynara(check); -+ result = bus_cynara_check_privilege(cynara, message, sender, addressed_recipient, -+ proposed_recipient, privilege, check_type, deferred_message); -+#endif -+ -+ if (result == BUS_RESULT_LATER && deferred_message != NULL) -+ { -+ (*deferred_message)->status |= check_type; -+ } -+ return result; -+} -+ -+BusDeferredMessage *bus_deferred_message_new (DBusMessage *message, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ BusResult response) -+{ -+ BusDeferredMessage *deferred_message; -+ -+ deferred_message = dbus_new(BusDeferredMessage, 1); -+ if (deferred_message == NULL) -+ { -+ return NULL; -+ } -+ -+ deferred_message->refcount = 1; -+ deferred_message->sender = sender != NULL ? dbus_connection_ref(sender) : NULL; -+ deferred_message->addressed_recipient = addressed_recipient != NULL ? dbus_connection_ref(addressed_recipient) : NULL; -+ deferred_message->proposed_recipient = proposed_recipient != NULL ? dbus_connection_ref(proposed_recipient) : NULL; -+ deferred_message->message = dbus_message_ref(message); -+ deferred_message->response = response; -+ deferred_message->status = 0; -+ deferred_message->full_dispatch = FALSE; -+ deferred_message->response_callback = NULL; -+ -+ return deferred_message; -+} -+ -+BusDeferredMessage * -+bus_deferred_message_ref (BusDeferredMessage *deferred_message) -+{ -+ _dbus_assert (deferred_message->refcount > 0); -+ deferred_message->refcount += 1; -+ return deferred_message; -+} -+ -+void -+bus_deferred_message_unref (BusDeferredMessage *deferred_message) -+{ -+ _dbus_assert (deferred_message->refcount > 0); -+ -+ deferred_message->refcount -= 1; -+ -+ if (deferred_message->refcount == 0) -+ { -+ dbus_message_unref(deferred_message->message); -+ if (deferred_message->sender != NULL) -+ dbus_connection_unref(deferred_message->sender); -+ if (deferred_message->addressed_recipient != NULL) -+ dbus_connection_unref(deferred_message->addressed_recipient); -+ if (deferred_message->proposed_recipient != NULL) -+ dbus_connection_unref(deferred_message->proposed_recipient); -+ dbus_free(deferred_message); -+ } -+} -+ -+void -+bus_deferred_message_response_received (BusDeferredMessage *deferred_message, -+ BusResult result) -+{ -+ if (deferred_message->response_callback != NULL) -+ { -+ deferred_message->response_callback(deferred_message, result); -+ } -+} -diff --git a/bus/check.h b/bus/check.h -new file mode 100644 -index 0000000..c3fcaf9 ---- /dev/null -+++ b/bus/check.h -@@ -0,0 +1,68 @@ -+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ -+/* check.h Bus security policy runtime check -+ * -+ * Copyright (C) 2014 Intel, Inc. -+ * Copyright (c) 2014 Samsung Electronics, Ltd. -+ * -+ * Licensed under the Academic Free License version 2.1 -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -+ * -+ */ -+ -+#ifndef BUS_CHECK_H -+#define BUS_CHECK_H -+ -+#include "bus.h" -+#include "policy.h" -+ -+ -+typedef void (*BusCheckResponseFunc) (BusDeferredMessage *message, -+ BusResult result); -+ -+typedef enum { -+ BUS_DEFERRED_MESSAGE_CHECK_SEND = 1 << 0, -+ BUS_DEFERRED_MESSAGE_CHECK_RECEIVE = 1 << 1, -+ BUS_DEFERRED_MESSAGE_CHECK_OWN = 1 << 2, -+} BusDeferredMessageStatus; -+ -+ -+BusCheck *bus_check_new (BusContext *context, -+ DBusError *error); -+BusCheck *bus_check_ref (BusCheck *check); -+void bus_check_unref (BusCheck *check); -+ -+BusContext *bus_check_get_context (BusCheck *check); -+BusCynara *bus_check_get_cynara (BusCheck *check); -+BusResult bus_check_privilege (BusCheck *check, -+ DBusMessage *message, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ const char *privilege, -+ BusDeferredMessageStatus check_type, -+ BusDeferredMessage **deferred_message); -+ -+BusDeferredMessage *bus_deferred_message_new (DBusMessage *message, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ BusResult response); -+ -+BusDeferredMessage *bus_deferred_message_ref (BusDeferredMessage *deferred_message); -+void bus_deferred_message_unref (BusDeferredMessage *deferred_message); -+void bus_deferred_message_response_received (BusDeferredMessage *deferred_message, -+ BusResult result); -+#endif /* BUS_CHECK_H */ -diff --git a/bus/config-parser-common.c b/bus/config-parser-common.c -index c1c4191..e2f253d 100644 ---- a/bus/config-parser-common.c -+++ b/bus/config-parser-common.c -@@ -75,6 +75,10 @@ bus_config_parser_element_name_to_type (const char *name) - { - return ELEMENT_DENY; - } -+ else if (strcmp (name, "check") == 0) -+ { -+ return ELEMENT_CHECK; -+ } - else if (strcmp (name, "servicehelper") == 0) - { - return ELEMENT_SERVICEHELPER; -@@ -159,6 +163,8 @@ bus_config_parser_element_type_to_name (ElementType type) - return "allow"; - case ELEMENT_DENY: - return "deny"; -+ case ELEMENT_CHECK: -+ return "check"; - case ELEMENT_FORK: - return "fork"; - case ELEMENT_PIDFILE: -diff --git a/bus/config-parser-common.h b/bus/config-parser-common.h -index 382a014..9e026d1 100644 ---- a/bus/config-parser-common.h -+++ b/bus/config-parser-common.h -@@ -36,6 +36,7 @@ typedef enum - ELEMENT_LIMIT, - ELEMENT_ALLOW, - ELEMENT_DENY, -+ ELEMENT_CHECK, - ELEMENT_FORK, - ELEMENT_PIDFILE, - ELEMENT_SERVICEDIR, -diff --git a/bus/config-parser-trivial.c b/bus/config-parser-trivial.c -index dd65c6d..23dedb4 100644 ---- a/bus/config-parser-trivial.c -+++ b/bus/config-parser-trivial.c -@@ -194,6 +194,7 @@ bus_config_parser_start_element (BusConfigParser *parser, - case ELEMENT_POLICY: - case ELEMENT_LIMIT: - case ELEMENT_ALLOW: -+ case ELEMENT_CHECK: - case ELEMENT_DENY: - case ELEMENT_FORK: - case ELEMENT_PIDFILE: -@@ -316,6 +317,7 @@ bus_config_parser_content (BusConfigParser *parser, - case ELEMENT_POLICY: - case ELEMENT_LIMIT: - case ELEMENT_ALLOW: -+ case ELEMENT_CHECK: - case ELEMENT_DENY: - case ELEMENT_FORK: - case ELEMENT_PIDFILE: -diff --git a/bus/config-parser.c b/bus/config-parser.c -index be27d38..7f91469 100644 ---- a/bus/config-parser.c -+++ b/bus/config-parser.c -@@ -1318,7 +1318,7 @@ append_rule_from_element (BusConfigParser *parser, - const char *element_name, - const char **attribute_names, - const char **attribute_values, -- dbus_bool_t allow, -+ BusPolicyRuleAccess access, - DBusError *error) - { - const char *log; -@@ -1360,6 +1360,7 @@ append_rule_from_element (BusConfigParser *parser, - const char *own_prefix; - const char *user; - const char *group; -+ const char *privilege; - - BusPolicyRule *rule; - -@@ -1390,6 +1391,7 @@ append_rule_from_element (BusConfigParser *parser, - "user", &user, - "group", &group, - "log", &log, -+ "privilege", &privilege, - NULL)) - return FALSE; - -@@ -1422,6 +1424,7 @@ append_rule_from_element (BusConfigParser *parser, - - if (!(any_send_attribute || - any_receive_attribute || -+ privilege || - own || own_prefix || user || group)) - { - dbus_set_error (error, DBUS_ERROR_FAILED, -@@ -1438,7 +1441,30 @@ append_rule_from_element (BusConfigParser *parser, - element_name); - return FALSE; - } -- -+ -+ if (access == BUS_POLICY_RULE_ACCESS_CHECK) -+ { -+ if (privilege == NULL || !*privilege) -+ { -+ dbus_set_error (error, DBUS_ERROR_FAILED, -+ "On element <%s>, you must specify the privilege to be checked.", -+ element_name); -+ return FALSE; -+ } -+ } -+ else -+ { -+ if (privilege != NULL && *privilege) -+ { -+ dbus_set_error (error, DBUS_ERROR_FAILED, -+ "On element <%s>, privilege %s is used outside of a check rule.", -+ element_name, privilege); -+ return FALSE; -+ } -+ else -+ privilege = NULL; /* replace (potentially) empty string with NULL pointer, it wouldn't be used anyway */ -+ } -+ - /* Allowed combinations of elements are: - * - * base, must be all send or all receive: -@@ -1589,7 +1615,7 @@ append_rule_from_element (BusConfigParser *parser, - error)) - return FALSE; - -- rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, allow); -+ rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, access); - if (rule == NULL) - goto nomem; - -@@ -1694,7 +1720,7 @@ append_rule_from_element (BusConfigParser *parser, - error)) - return FALSE; - -- rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, allow); -+ rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, access); - if (rule == NULL) - goto nomem; - -@@ -1726,7 +1752,7 @@ append_rule_from_element (BusConfigParser *parser, - } - else if (own || own_prefix) - { -- rule = bus_policy_rule_new (BUS_POLICY_RULE_OWN, allow); -+ rule = bus_policy_rule_new (BUS_POLICY_RULE_OWN, access); - if (rule == NULL) - goto nomem; - -@@ -1752,7 +1778,7 @@ append_rule_from_element (BusConfigParser *parser, - { - if (IS_WILDCARD (user)) - { -- rule = bus_policy_rule_new (BUS_POLICY_RULE_USER, allow); -+ rule = bus_policy_rule_new (BUS_POLICY_RULE_USER, access); - if (rule == NULL) - goto nomem; - -@@ -1767,7 +1793,7 @@ append_rule_from_element (BusConfigParser *parser, - - if (_dbus_parse_unix_user_from_config (&username, &uid)) - { -- rule = bus_policy_rule_new (BUS_POLICY_RULE_USER, allow); -+ rule = bus_policy_rule_new (BUS_POLICY_RULE_USER, access); - if (rule == NULL) - goto nomem; - -@@ -1784,7 +1810,7 @@ append_rule_from_element (BusConfigParser *parser, - { - if (IS_WILDCARD (group)) - { -- rule = bus_policy_rule_new (BUS_POLICY_RULE_GROUP, allow); -+ rule = bus_policy_rule_new (BUS_POLICY_RULE_GROUP, access); - if (rule == NULL) - goto nomem; - -@@ -1799,7 +1825,7 @@ append_rule_from_element (BusConfigParser *parser, - - if (_dbus_parse_unix_group_from_config (&groupname, &gid)) - { -- rule = bus_policy_rule_new (BUS_POLICY_RULE_GROUP, allow); -+ rule = bus_policy_rule_new (BUS_POLICY_RULE_GROUP, access); - if (rule == NULL) - goto nomem; - -@@ -1823,6 +1849,10 @@ append_rule_from_element (BusConfigParser *parser, - _dbus_assert (pe != NULL); - _dbus_assert (pe->type == ELEMENT_POLICY); - -+ rule->privilege = _dbus_strdup (privilege); -+ if (privilege && !rule->privilege) -+ goto nomem; -+ - switch (pe->d.policy.type) - { - case POLICY_IGNORED: -@@ -1898,7 +1928,7 @@ start_policy_child (BusConfigParser *parser, - { - if (!append_rule_from_element (parser, element_name, - attribute_names, attribute_values, -- TRUE, error)) -+ BUS_POLICY_RULE_ACCESS_ALLOW, error)) - return FALSE; - - if (push_element (parser, ELEMENT_ALLOW) == NULL) -@@ -1913,7 +1943,7 @@ start_policy_child (BusConfigParser *parser, - { - if (!append_rule_from_element (parser, element_name, - attribute_names, attribute_values, -- FALSE, error)) -+ BUS_POLICY_RULE_ACCESS_DENY, error)) - return FALSE; - - if (push_element (parser, ELEMENT_DENY) == NULL) -@@ -1922,6 +1952,21 @@ start_policy_child (BusConfigParser *parser, - return FALSE; - } - -+ return TRUE; -+ } -+ else if (strcmp (element_name, "check") == 0) -+ { -+ if (!append_rule_from_element (parser, element_name, -+ attribute_names, attribute_values, -+ BUS_POLICY_RULE_ACCESS_CHECK, error)) -+ return FALSE; -+ -+ if (push_element (parser, ELEMENT_CHECK) == NULL) -+ { -+ BUS_SET_OOM (error); -+ return FALSE; -+ } -+ - return TRUE; - } - else -@@ -2284,6 +2329,7 @@ bus_config_parser_end_element (BusConfigParser *parser, - case ELEMENT_POLICY: - case ELEMENT_ALLOW: - case ELEMENT_DENY: -+ case ELEMENT_CHECK: - case ELEMENT_FORK: - case ELEMENT_SYSLOG: - case ELEMENT_KEEP_UMASK: -@@ -2600,6 +2646,7 @@ bus_config_parser_content (BusConfigParser *parser, - case ELEMENT_POLICY: - case ELEMENT_ALLOW: - case ELEMENT_DENY: -+ case ELEMENT_CHECK: - case ELEMENT_FORK: - case ELEMENT_SYSLOG: - case ELEMENT_KEEP_UMASK: -@@ -3127,6 +3174,8 @@ do_load (const DBusString *full_path, - dbus_error_init (&error); - - parser = bus_config_load (full_path, TRUE, NULL, &error); -+ if (dbus_error_is_set (&error)) -+ _dbus_verbose ("Failed to load file: %s\n", error.message); - if (parser == NULL) - { - _DBUS_ASSERT_ERROR_IS_SET (&error); -@@ -3359,6 +3408,7 @@ elements_equal (const Element *a, - case ELEMENT_LISTEN: - case ELEMENT_AUTH: - case ELEMENT_ALLOW: -+ case ELEMENT_CHECK: - case ELEMENT_DENY: - case ELEMENT_FORK: - case ELEMENT_PIDFILE: -diff --git a/bus/connection.c b/bus/connection.c -index 53605fa..b348d42 100644 ---- a/bus/connection.c -+++ b/bus/connection.c -@@ -36,6 +36,10 @@ - #include <dbus/dbus-timeout.h> - #include <dbus/dbus-connection-internal.h> - #include <dbus/dbus-internals.h> -+#ifdef DBUS_ENABLE_CYNARA -+#include <stdlib.h> -+#include <cynara-session.h> -+#endif - - /* Trim executed commands to this length; we want to keep logs readable */ - #define MAX_LOG_COMMAND_LEN 50 -@@ -116,6 +120,9 @@ typedef struct - - /** non-NULL if and only if this is a monitor */ - DBusList *link_in_monitors; -+#ifdef DBUS_ENABLE_CYNARA -+ char *cynara_session_id; -+#endif - } BusConnectionData; - - static dbus_bool_t bus_pending_reply_expired (BusExpireList *list, -@@ -129,8 +136,8 @@ static dbus_bool_t expire_incomplete_timeout (void *data); - - #define BUS_CONNECTION_DATA(connection) (dbus_connection_get_data ((connection), connection_data_slot)) - --static DBusLoop* --connection_get_loop (DBusConnection *connection) -+DBusLoop* -+bus_connection_get_loop (DBusConnection *connection) - { - BusConnectionData *d; - -@@ -354,7 +361,7 @@ add_connection_watch (DBusWatch *watch, - { - DBusConnection *connection = data; - -- return _dbus_loop_add_watch (connection_get_loop (connection), watch); -+ return _dbus_loop_add_watch (bus_connection_get_loop (connection), watch); - } - - static void -@@ -363,7 +370,7 @@ remove_connection_watch (DBusWatch *watch, - { - DBusConnection *connection = data; - -- _dbus_loop_remove_watch (connection_get_loop (connection), watch); -+ _dbus_loop_remove_watch (bus_connection_get_loop (connection), watch); - } - - static void -@@ -372,7 +379,7 @@ toggle_connection_watch (DBusWatch *watch, - { - DBusConnection *connection = data; - -- _dbus_loop_toggle_watch (connection_get_loop (connection), watch); -+ _dbus_loop_toggle_watch (bus_connection_get_loop (connection), watch); - } - - static dbus_bool_t -@@ -381,7 +388,7 @@ add_connection_timeout (DBusTimeout *timeout, - { - DBusConnection *connection = data; - -- return _dbus_loop_add_timeout (connection_get_loop (connection), timeout); -+ return _dbus_loop_add_timeout (bus_connection_get_loop (connection), timeout); - } - - static void -@@ -390,7 +397,7 @@ remove_connection_timeout (DBusTimeout *timeout, - { - DBusConnection *connection = data; - -- _dbus_loop_remove_timeout (connection_get_loop (connection), timeout); -+ _dbus_loop_remove_timeout (bus_connection_get_loop (connection), timeout); - } - - static void -@@ -448,6 +455,10 @@ free_connection_data (void *data) - - dbus_free (d->name); - -+#ifdef DBUS_ENABLE_CYNARA -+ free (d->cynara_session_id); -+#endif -+ - dbus_free (d); - } - -@@ -1078,6 +1089,22 @@ bus_connection_get_policy (DBusConnection *connection) - return d->policy; - } - -+#ifdef DBUS_ENABLE_CYNARA -+const char *bus_connection_get_cynara_session_id (DBusConnection *connection) -+{ -+ BusConnectionData *d = BUS_CONNECTION_DATA (connection); -+ _dbus_assert (d != NULL); -+ -+ if (d->cynara_session_id == NULL) -+ { -+ unsigned long pid; -+ if (dbus_connection_get_unix_process_id(connection, &pid)) -+ d->cynara_session_id = cynara_session_from_pid(pid); -+ } -+ return d->cynara_session_id; -+} -+#endif -+ - static dbus_bool_t - foreach_active (BusConnections *connections, - BusConnectionForeachFunction function, -@@ -2333,6 +2360,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, - DBusMessage *message) - { - DBusError error = DBUS_ERROR_INIT; -+ BusResult res; - - /* We have to set the sender to the driver, and have - * to check security policy since it was not done in -@@ -2370,10 +2398,11 @@ bus_transaction_send_from_driver (BusTransaction *transaction, - * if we're actively capturing messages, it's nice to log that we - * tried to send it and did not allow ourselves to do so. - */ -- if (!bus_context_check_security_policy (bus_transaction_get_context (transaction), -- transaction, -- NULL, connection, connection, -- message, NULL, &error)) -+ res = bus_context_check_security_policy (bus_transaction_get_context (transaction), -+ transaction, -+ NULL, connection, connection, message, NULL, -+ &error, NULL); -+ if (res == BUS_RESULT_FALSE) - { - if (!bus_transaction_capture_error_reply (transaction, connection, - &error, message)) -@@ -2388,6 +2417,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction, - dbus_error_free (&error); - return TRUE; - } -+ else if (res == BUS_RESULT_LATER) -+ { -+ _dbus_verbose ("Cannot delay sending message from bus driver, dropping it\n"); -+ dbus_error_free (&error); -+ return TRUE; -+ } - - return bus_transaction_send (transaction, connection, message); - } -diff --git a/bus/connection.h b/bus/connection.h -index 9e253ae..71078ea 100644 ---- a/bus/connection.h -+++ b/bus/connection.h -@@ -31,6 +31,7 @@ - typedef dbus_bool_t (* BusConnectionForeachFunction) (DBusConnection *connection, - void *data); - -+DBusLoop* bus_connection_get_loop (DBusConnection *connection); - - BusConnections* bus_connections_new (BusContext *context); - BusConnections* bus_connections_ref (BusConnections *connections); -@@ -124,6 +125,9 @@ dbus_bool_t bus_connection_be_monitor (DBusConnection *connection, - BusTransaction *transaction, - DBusList **rules, - DBusError *error); -+#ifdef DBUS_ENABLE_CYNARA -+const char *bus_connection_get_cynara_session_id (DBusConnection *connection); -+#endif - - /* transaction API so we can send or not send a block of messages as a whole */ - -diff --git a/bus/cynara.c b/bus/cynara.c -new file mode 100644 -index 0000000..57a4c45 ---- /dev/null -+++ b/bus/cynara.c -@@ -0,0 +1,374 @@ -+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ -+/* cynara.c Cynara runtime privilege checking -+ * -+ * Copyright (c) 2014 Samsung Electronics, Ltd. -+ * -+ * Licensed under the Academic Free License version 2.1 -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -+ * -+ */ -+ -+#include <config.h> -+#include "cynara.h" -+#include "check.h" -+#include "utils.h" -+ -+#include <stdio.h> -+ -+#include <dbus/dbus.h> -+#include <dbus/dbus-watch.h> -+#include <dbus/dbus-connection-internal.h> -+#include <bus/connection.h> -+#ifdef DBUS_ENABLE_CYNARA -+#include <cynara-client-async.h> -+#endif -+ -+ -+#ifdef DBUS_ENABLE_CYNARA -+typedef struct BusCynara -+{ -+ int refcount; -+ -+ BusContext *context; -+ BusCheck *check; -+ cynara_async *cynara; -+ DBusWatch *cynara_watch; -+} BusCynara; -+ -+#define USE_CYNARA_CACHE 1 -+#ifdef USE_CYNARA_CACHE -+#define CYNARA_CACHE_SIZE 1000 -+#endif -+ -+static dbus_bool_t bus_cynara_watch_callback(DBusWatch *watch, -+ unsigned int flags, -+ void *data); -+ -+static void status_callback(int old_fd, -+ int new_fd, -+ cynara_async_status status, -+ void *user_status_data); -+static void bus_cynara_check_response_callback (cynara_check_id check_id, -+ cynara_async_call_cause cause, -+ int response, -+ void *user_response_data); -+#endif -+ -+ -+BusCynara * -+bus_cynara_new(BusCheck *check, DBusError *error) -+{ -+#ifdef DBUS_ENABLE_CYNARA -+ BusContext *context; -+ BusCynara *cynara; -+ cynara_async_configuration *conf = NULL; -+ int ret; -+ -+ cynara = dbus_new(BusCynara, 1); -+ if (cynara == NULL) -+ { -+ BUS_SET_OOM(error); -+ return NULL; -+ } -+ -+ context = bus_check_get_context(check); -+ -+ cynara->refcount = 1; -+ cynara->check = check; -+ cynara->context = context; -+ cynara->cynara_watch = NULL; -+ -+ ret = cynara_async_configuration_create(&conf); -+ if (ret != CYNARA_API_SUCCESS) -+ { -+ dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to create Cynara configuration"); -+ goto out; -+ } -+ -+#ifdef CYNARA_CACHE_SIZE -+ ret = cynara_async_configuration_set_cache_size(conf, CYNARA_CACHE_SIZE); -+ if (ret != CYNARA_API_SUCCESS) -+ { -+ dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to Cynara cache size"); -+ goto out; -+ } -+#endif -+ -+ ret = cynara_async_initialize(&cynara->cynara, conf, &status_callback, cynara); -+ if (ret != CYNARA_API_SUCCESS) -+ { -+ dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to initialize Cynara client"); -+ goto out; -+ } -+ -+out: -+ cynara_async_configuration_destroy(conf); -+ if (ret != CYNARA_API_SUCCESS) -+ { -+ dbus_free(cynara); -+ return NULL; -+ } -+ -+ return cynara; -+#else -+ return NULL; -+#endif -+} -+ -+BusCynara * -+bus_cynara_ref (BusCynara *cynara) -+{ -+#ifdef DBUS_ENABLE_CYNARA -+ _dbus_assert (cynara->refcount > 0); -+ cynara->refcount += 1; -+ -+ return cynara; -+#else -+ return NULL; -+#endif -+} -+ -+void -+bus_cynara_unref (BusCynara *cynara) -+{ -+#ifdef DBUS_ENABLE_CYNARA -+ _dbus_assert (cynara->refcount > 0); -+ -+ cynara->refcount -= 1; -+ -+ if (cynara->refcount == 0) -+ { -+ cynara_async_finish(cynara->cynara); -+ dbus_free(cynara); -+ } -+#endif -+} -+ -+BusResult -+bus_cynara_check_privilege (BusCynara *cynara, -+ DBusMessage *message, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ const char *privilege, -+ BusDeferredMessageStatus check_type, -+ BusDeferredMessage **deferred_message_param) -+{ -+#ifdef DBUS_ENABLE_CYNARA -+ int result; -+ unsigned long uid; -+ char *label; -+ const char *session_id; -+ char user[32]; -+ cynara_check_id check_id; -+ DBusConnection *connection = check_type == BUS_DEFERRED_MESSAGE_CHECK_RECEIVE ? proposed_recipient : sender; -+ BusDeferredMessage *deferred_message; -+ BusResult ret; -+ -+ _dbus_assert(connection != NULL); -+ -+ if (dbus_connection_get_unix_user(connection, &uid) == FALSE) -+ return BUS_RESULT_FALSE; -+ -+ if (_dbus_connection_get_linux_security_label(connection, &label) == FALSE || label == NULL) -+ { -+ _dbus_warn("Failed to obtain security label for connection\n"); -+ return BUS_RESULT_FALSE; -+ } -+ -+ session_id = bus_connection_get_cynara_session_id (connection); -+ if (session_id == NULL) -+ { -+ ret = BUS_RESULT_FALSE; -+ goto out; -+ } -+ -+ snprintf(user, sizeof(user), "%lu", uid); -+ -+#if USE_CYNARA_CACHE -+ result = cynara_async_check_cache(cynara->cynara, label, session_id, user, privilege); -+#else -+ result = CYNARA_API_CACHE_MISS; -+#endif -+ -+ switch (result) -+ { -+ case CYNARA_API_ACCESS_ALLOWED: -+ _dbus_verbose("Cynara: got ALLOWED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n", -+ label, session_id, user, privilege); -+ ret = BUS_RESULT_TRUE; -+ break; -+ -+ case CYNARA_API_ACCESS_DENIED: -+ _dbus_verbose("Cynara: got DENIED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n", -+ label, session_id, user, privilege); -+ ret = BUS_RESULT_FALSE; -+ break; -+ -+ case CYNARA_API_CACHE_MISS: -+ deferred_message = bus_deferred_message_new(message, sender, addressed_recipient, -+ proposed_recipient, BUS_RESULT_LATER); -+ if (deferred_message == NULL) -+ { -+ _dbus_verbose("Failed to allocate memory for deferred message\n"); -+ ret = BUS_RESULT_FALSE; -+ goto out; -+ } -+ -+ /* callback is supposed to unref deferred_message*/ -+ result = cynara_async_create_request(cynara->cynara, label, session_id, user, privilege, &check_id, -+ &bus_cynara_check_response_callback, deferred_message); -+ if (result == CYNARA_API_SUCCESS) -+ { -+ _dbus_verbose("Created Cynara request: client=%s session_id=%s user=%s privilege=%s check_id=%u " -+ "deferred_message=%p\n", label, session_id, user, privilege, (unsigned int)check_id, deferred_message); -+ if (deferred_message_param != NULL) -+ *deferred_message_param = deferred_message; -+ ret = BUS_RESULT_LATER; -+ } -+ else -+ { -+ _dbus_verbose("Error on cynara request create: %i\n", result); -+ bus_deferred_message_unref(deferred_message); -+ ret = BUS_RESULT_FALSE; -+ } -+ break; -+ default: -+ _dbus_verbose("Error when accessing Cynara cache: %i\n", result); -+ ret = BUS_RESULT_FALSE; -+ } -+out: -+ dbus_free(label); -+ return ret; -+ -+#else -+ return BUS_RESULT_FALSE; -+#endif -+} -+ -+ -+ -+#ifdef DBUS_ENABLE_CYNARA -+static void -+status_callback(int old_fd, int new_fd, cynara_async_status status, -+ void *user_status_data) -+{ -+ BusCynara *cynara = (BusCynara *)user_status_data; -+ DBusLoop *loop = bus_context_get_loop(cynara->context); -+ -+ if (cynara->cynara_watch != NULL) -+ { -+ _dbus_loop_remove_watch(loop, cynara->cynara_watch); -+ _dbus_watch_invalidate(cynara->cynara_watch); -+ _dbus_watch_unref(cynara->cynara_watch); -+ cynara->cynara_watch = NULL; -+ } -+ -+ if (new_fd != -1) -+ { -+ unsigned int flags; -+ DBusWatch *watch; -+ -+ switch (status) -+ { -+ case CYNARA_STATUS_FOR_READ: -+ flags = DBUS_WATCH_READABLE; -+ break; -+ case CYNARA_STATUS_FOR_RW: -+ flags = DBUS_WATCH_READABLE | DBUS_WATCH_WRITABLE; -+ break; -+ default: -+ /* Cynara passed unknown status - warn and add RW watch */ -+ _dbus_verbose("Cynara passed unknown status value: 0x%08X\n", (unsigned int)status); -+ flags = DBUS_WATCH_READABLE | DBUS_WATCH_WRITABLE; -+ break; -+ } -+ -+ watch = _dbus_watch_new(new_fd, flags, TRUE, &bus_cynara_watch_callback, cynara, NULL); -+ if (watch != NULL) -+ { -+ if (_dbus_loop_add_watch(loop, watch) == TRUE) -+ { -+ cynara->cynara_watch = watch; -+ return; -+ } -+ -+ _dbus_watch_invalidate(watch); -+ _dbus_watch_unref(watch); -+ } -+ -+ /* It seems like not much can be done at this point. Cynara events won't be processed -+ * until next Cynara function call triggering status callback */ -+ _dbus_verbose("Failed to add dbus watch\n"); -+ } -+} -+ -+static dbus_bool_t -+bus_cynara_watch_callback(DBusWatch *watch, -+ unsigned int flags, -+ void *data) -+{ -+ BusCynara *cynara = (BusCynara *)data; -+ int result = cynara_async_process(cynara->cynara); -+ if (result != CYNARA_API_SUCCESS) -+ _dbus_verbose("cynara_async_process returned %d\n", result); -+ -+ return result != CYNARA_API_OUT_OF_MEMORY ? TRUE : FALSE; -+} -+ -+static inline const char * -+call_cause_to_string(cynara_async_call_cause cause) -+{ -+ switch (cause) -+ { -+ case CYNARA_CALL_CAUSE_ANSWER: -+ return "ANSWER"; -+ case CYNARA_CALL_CAUSE_CANCEL: -+ return "CANCEL"; -+ case CYNARA_CALL_CAUSE_FINISH: -+ return "FINSIH"; -+ case CYNARA_CALL_CAUSE_SERVICE_NOT_AVAILABLE: -+ return "SERVICE NOT AVAILABLE"; -+ default: -+ return "INVALID"; -+ } -+} -+ -+static void -+bus_cynara_check_response_callback (cynara_check_id check_id, -+ cynara_async_call_cause cause, -+ int response, -+ void *user_response_data) -+{ -+ BusDeferredMessage *deferred_message = user_response_data; -+ BusResult result; -+ -+ _dbus_verbose("Cynara callback: check_id=%u, cause=%s response=%i response_data=%p\n", -+ (unsigned int)check_id, call_cause_to_string(cause), response, user_response_data); -+ -+ if (deferred_message == NULL) -+ return; -+ -+ if (cause == CYNARA_CALL_CAUSE_ANSWER && response == CYNARA_API_ACCESS_ALLOWED) -+ result = BUS_RESULT_TRUE; -+ else -+ result = BUS_RESULT_FALSE; -+ -+ bus_deferred_message_response_received(deferred_message, result); -+ bus_deferred_message_unref(deferred_message); -+} -+ -+#endif /* DBUS_ENABLE_CYNARA */ -diff --git a/bus/cynara.h b/bus/cynara.h -new file mode 100644 -index 0000000..c4728bb ---- /dev/null -+++ b/bus/cynara.h -@@ -0,0 +1,37 @@ -+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ -+/* cynara.h Cynara runtime privilege checking -+ * -+ * Copyright (c) 2014 Samsung Electronics, Ltd. -+ * -+ * Licensed under the Academic Free License version 2.1 -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -+ * -+ */ -+ -+#include "bus.h" -+#include "check.h" -+ -+BusCynara *bus_cynara_new (BusCheck *check, DBusError *error); -+BusCynara *bus_cynara_ref (BusCynara *cynara); -+void bus_cynara_unref (BusCynara *cynara); -+BusResult bus_cynara_check_privilege (BusCynara *cynara, -+ DBusMessage *message, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ const char *privilege, -+ BusDeferredMessageStatus check_type, -+ BusDeferredMessage **deferred_message); -diff --git a/bus/dispatch.c b/bus/dispatch.c -index 19228be..d3867f7 100644 ---- a/bus/dispatch.c -+++ b/bus/dispatch.c -@@ -25,6 +25,7 @@ - - #include <config.h> - #include "dispatch.h" -+#include "check.h" - #include "connection.h" - #include "driver.h" - #include "services.h" -@@ -64,14 +65,18 @@ send_one_message (DBusConnection *connection, - DBusError *error) - { - DBusError stack_error = DBUS_ERROR_INIT; -+ BusDeferredMessage *deferred_message; -+ BusResult result; - -- if (!bus_context_check_security_policy (context, transaction, -+ result = bus_context_check_security_policy (context, transaction, - sender, - addressed_recipient, - connection, - message, - NULL, -- &stack_error)) -+ &stack_error, -+ &deferred_message); -+ if (result != BUS_RESULT_TRUE) - { - if (!bus_transaction_capture_error_reply (transaction, sender, - &stack_error, message)) -@@ -130,6 +135,8 @@ bus_dispatch_matches (BusTransaction *transaction, - BusMatchmaker *matchmaker; - DBusList *link; - BusContext *context; -+ BusDeferredMessage *deferred_message; -+ BusResult res; - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - -@@ -145,11 +152,20 @@ bus_dispatch_matches (BusTransaction *transaction, - /* First, send the message to the addressed_recipient, if there is one. */ - if (addressed_recipient != NULL) - { -- if (!bus_context_check_security_policy (context, transaction, -- sender, addressed_recipient, -- addressed_recipient, -- message, NULL, error)) -+ res = bus_context_check_security_policy (context, transaction, -+ sender, addressed_recipient, -+ addressed_recipient, -+ message, NULL, error, -+ &deferred_message); -+ if (res == BUS_RESULT_FALSE) - return FALSE; -+ else if (res == BUS_RESULT_LATER) -+ { -+ dbus_set_error (error, -+ DBUS_ERROR_ACCESS_DENIED, -+ "Rejecting message because time is needed to check security policy"); -+ return FALSE; -+ } - - if (dbus_message_contains_unix_fds (message) && - !dbus_connection_can_send_type (addressed_recipient, -@@ -374,19 +390,31 @@ bus_dispatch (DBusConnection *connection, - if (service_name && - strcmp (service_name, DBUS_SERVICE_DBUS) == 0) /* to bus driver */ - { -+ BusDeferredMessage *deferred_message; -+ BusResult res; -+ - if (!bus_transaction_capture (transaction, connection, NULL, message)) - { - BUS_SET_OOM (&error); - goto out; - } - -- if (!bus_context_check_security_policy (context, transaction, -- connection, NULL, NULL, message, -- NULL, &error)) -+ res = bus_context_check_security_policy (context, transaction, -+ connection, NULL, NULL, message, NULL, -+ &error, &deferred_message); -+ if (res == BUS_RESULT_FALSE) - { - _dbus_verbose ("Security policy rejected message\n"); - goto out; - } -+ else if (res == BUS_RESULT_LATER) -+ { -+ dbus_set_error (&error, -+ DBUS_ERROR_ACCESS_DENIED, -+ "Rejecting message because time is needed to check security policy"); -+ _dbus_verbose ("Security policy needs time to check policy. Dropping message\n"); -+ goto out; -+ } - - _dbus_verbose ("Giving message to %s\n", DBUS_SERVICE_DBUS); - if (!bus_driver_handle_message (connection, transaction, message, &error)) -diff --git a/bus/driver.h b/bus/driver.h -index ac1289d..a7297ad 100644 ---- a/bus/driver.h -+++ b/bus/driver.h -@@ -66,5 +66,7 @@ dbus_bool_t bus_driver_send_ack_reply (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, - DBusError *error); -+dbus_bool_t bus_driver_check_message_is_for_us (DBusMessage *message, -+ DBusError *error); - - #endif /* BUS_DRIVER_H */ -diff --git a/bus/policy.c b/bus/policy.c -index a37be80..7de92c6 100644 ---- a/bus/policy.c -+++ b/bus/policy.c -@@ -22,6 +22,7 @@ - */ - - #include <config.h> -+#include "check.h" - #include "policy.h" - #include "services.h" - #include "test.h" -@@ -33,7 +34,7 @@ - - BusPolicyRule* - bus_policy_rule_new (BusPolicyRuleType type, -- dbus_bool_t allow) -+ BusPolicyRuleAccess access) - { - BusPolicyRule *rule; - -@@ -43,7 +44,7 @@ bus_policy_rule_new (BusPolicyRuleType type, - - rule->type = type; - rule->refcount = 1; -- rule->allow = allow; -+ rule->access = access; - - switch (rule->type) - { -@@ -55,18 +56,19 @@ bus_policy_rule_new (BusPolicyRuleType type, - break; - case BUS_POLICY_RULE_SEND: - rule->d.send.message_type = DBUS_MESSAGE_TYPE_INVALID; -- - /* allow rules default to TRUE (only requested replies allowed) -+ * check rules default to TRUE (only requested replies are checked) - * deny rules default to FALSE (only unrequested replies denied) - */ -- rule->d.send.requested_reply = rule->allow; -+ rule->d.send.requested_reply = rule->access != BUS_POLICY_RULE_ACCESS_DENY; - break; - case BUS_POLICY_RULE_RECEIVE: - rule->d.receive.message_type = DBUS_MESSAGE_TYPE_INVALID; - /* allow rules default to TRUE (only requested replies allowed) -+ * check rules default to TRUE (only requested replies are checked) - * deny rules default to FALSE (only unrequested replies denied) - */ -- rule->d.receive.requested_reply = rule->allow; -+ rule->d.receive.requested_reply = rule->access != BUS_POLICY_RULE_ACCESS_DENY; - break; - case BUS_POLICY_RULE_OWN: - break; -@@ -122,7 +124,8 @@ bus_policy_rule_unref (BusPolicyRule *rule) - default: - _dbus_assert_not_reached ("invalid rule"); - } -- -+ -+ dbus_free (rule->privilege); - dbus_free (rule); - } - } -@@ -435,7 +438,10 @@ list_allows_user (dbus_bool_t def, - else - continue; - -- allowed = rule->allow; -+ /* We don't intend to support <check user="..." /> and <check group="..." /> -+ rules. They are treated like deny. -+ */ -+ allowed = rule->access == BUS_POLICY_RULE_ACCESS_ALLOW; - } - - return allowed; -@@ -873,18 +879,23 @@ bus_client_policy_append_rule (BusClientPolicy *policy, - return TRUE; - } - --dbus_bool_t --bus_client_policy_check_can_send (BusClientPolicy *policy, -- BusRegistry *registry, -- dbus_bool_t requested_reply, -- DBusConnection *receiver, -- DBusMessage *message, -- dbus_int32_t *toggles, -- dbus_bool_t *log) -+BusResult -+bus_client_policy_check_can_send (DBusConnection *sender, -+ BusClientPolicy *policy, -+ BusRegistry *registry, -+ dbus_bool_t requested_reply, -+ DBusConnection *addressed_recipient, -+ DBusConnection *receiver, -+ DBusMessage *message, -+ dbus_int32_t *toggles, -+ dbus_bool_t *log, -+ const char **privilege_param, -+ BusDeferredMessage **deferred_message) - { - DBusList *link; -- dbus_bool_t allowed; -- -+ BusResult result; -+ const char *privilege; -+ - /* policy->rules is in the order the rules appeared - * in the config file, i.e. last rule that applies wins - */ -@@ -892,7 +903,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, - _dbus_verbose (" (policy) checking send rules\n"); - *toggles = 0; - -- allowed = FALSE; -+ result = BUS_RESULT_FALSE; - link = _dbus_list_get_first_link (&policy->rules); - while (link != NULL) - { -@@ -923,13 +934,14 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, - /* If it's a reply, the requested_reply flag kicks in */ - if (dbus_message_get_reply_serial (message) != 0) - { -- /* for allow, requested_reply=true means the rule applies -- * only when reply was requested. requested_reply=false means -- * always allow. -+ /* for allow or check requested_reply=true means the rule applies -+ * only when reply was requested. requested_reply=false means the -+ * rule always applies - */ -- if (!requested_reply && rule->allow && rule->d.send.requested_reply && !rule->d.send.eavesdrop) -+ if (!requested_reply && rule->access != BUS_POLICY_RULE_ACCESS_DENY && rule->d.send.requested_reply && !rule->d.send.eavesdrop) - { -- _dbus_verbose (" (policy) skipping allow rule since it only applies to requested replies and does not allow eavesdropping\n"); -+ _dbus_verbose (" (policy) skipping %s rule since it only applies to requested replies and does not allow eavesdropping\n", -+ rule->access == BUS_POLICY_RULE_ACCESS_ALLOW ? "allow" : "check"); - continue; - } - -@@ -937,7 +949,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, - * when the reply was not requested. requested_reply=true means the - * rule always applies. - */ -- if (requested_reply && !rule->allow && !rule->d.send.requested_reply) -+ if (requested_reply && rule->access == BUS_POLICY_RULE_ACCESS_DENY && !rule->d.send.requested_reply) - { - _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n"); - continue; -@@ -960,13 +972,15 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, - /* The interface is optional in messages. For allow rules, if the message - * has no interface we want to skip the rule (and thus not allow); - * for deny rules, if the message has no interface we want to use the -- * rule (and thus deny). -+ * rule (and thus deny). Check rules are meant to be used like allow -+ * rules (they can grant access, but not remove it), so we treat it like -+ * allow here. - */ - dbus_bool_t no_interface; - - no_interface = dbus_message_get_interface (message) == NULL; - -- if ((no_interface && rule->allow) || -+ if ((no_interface && rule->access != BUS_POLICY_RULE_ACCESS_DENY) || - (!no_interface && - strcmp (dbus_message_get_interface (message), - rule->d.send.interface) != 0)) -@@ -1079,33 +1093,64 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, - } - - /* Use this rule */ -- allowed = rule->allow; -+ switch (rule->access) -+ { -+ case BUS_POLICY_RULE_ACCESS_ALLOW: -+ result = BUS_RESULT_TRUE; -+ break; -+ case BUS_POLICY_RULE_ACCESS_DENY: -+ default: -+ result = BUS_RESULT_FALSE; -+ break; -+ case BUS_POLICY_RULE_ACCESS_CHECK: -+ result = BUS_RESULT_LATER; -+ privilege = rule->privilege; -+ break; -+ } -+ - *log = rule->d.send.log; - (*toggles)++; - -- _dbus_verbose (" (policy) used rule, allow now = %d\n", -- allowed); -+ _dbus_verbose (" (policy) used rule, result now = %d\n", -+ (int)(intptr_t)result); - } - -- return allowed; -+ if (result == BUS_RESULT_LATER) -+ { -+ BusContext *context = bus_connection_get_context(sender); -+ BusCheck *check = bus_context_get_check(context); -+ -+ result = bus_check_privilege(check, message, sender, addressed_recipient, receiver, -+ privilege, BUS_DEFERRED_MESSAGE_CHECK_SEND, deferred_message); -+ } -+ else -+ privilege = NULL; -+ -+ if (privilege_param != NULL) -+ *privilege_param = privilege; -+ -+ return result; - } - - /* See docs on what the args mean on bus_context_check_security_policy() - * comment - */ --dbus_bool_t --bus_client_policy_check_can_receive (BusClientPolicy *policy, -- BusRegistry *registry, -- dbus_bool_t requested_reply, -- DBusConnection *sender, -- DBusConnection *addressed_recipient, -- DBusConnection *proposed_recipient, -- DBusMessage *message, -- dbus_int32_t *toggles) -+BusResult -+bus_client_policy_check_can_receive (BusClientPolicy *policy, -+ BusRegistry *registry, -+ dbus_bool_t requested_reply, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ DBusMessage *message, -+ dbus_int32_t *toggles, -+ const char **privilege_param, -+ BusDeferredMessage **deferred_message) - { - DBusList *link; -- dbus_bool_t allowed; - dbus_bool_t eavesdropping; -+ BusResult result; -+ const char *privilege; - - eavesdropping = - addressed_recipient != proposed_recipient && -@@ -1118,7 +1163,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, - _dbus_verbose (" (policy) checking receive rules, eavesdropping = %d\n", eavesdropping); - *toggles = 0; - -- allowed = FALSE; -+ result = BUS_RESULT_FALSE; - link = _dbus_list_get_first_link (&policy->rules); - while (link != NULL) - { -@@ -1141,19 +1186,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, - } - } - -- /* for allow, eavesdrop=false means the rule doesn't apply when -- * eavesdropping. eavesdrop=true means always allow. -+ -+ /* for allow or check, eavesdrop=false means the rule doesn't apply when -+ * eavesdropping. eavesdrop=true means the rule always applies - */ -- if (eavesdropping && rule->allow && !rule->d.receive.eavesdrop) -+ if (eavesdropping && rule->access != BUS_POLICY_RULE_ACCESS_DENY && !rule->d.receive.eavesdrop) - { -- _dbus_verbose (" (policy) skipping allow rule since it doesn't apply to eavesdropping\n"); -+ _dbus_verbose (" (policy) skipping %s rule since it doesn't apply to eavesdropping\n", -+ rule->access == BUS_POLICY_RULE_ACCESS_ALLOW ? "allow" : "check"); - continue; - } - - /* for deny, eavesdrop=true means the rule applies only when - * eavesdropping; eavesdrop=false means always deny. - */ -- if (!eavesdropping && !rule->allow && rule->d.receive.eavesdrop) -+ if (!eavesdropping && rule->access == BUS_POLICY_RULE_ACCESS_DENY && rule->d.receive.eavesdrop) - { - _dbus_verbose (" (policy) skipping deny rule since it only applies to eavesdropping\n"); - continue; -@@ -1162,13 +1209,14 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, - /* If it's a reply, the requested_reply flag kicks in */ - if (dbus_message_get_reply_serial (message) != 0) - { -- /* for allow, requested_reply=true means the rule applies -- * only when reply was requested. requested_reply=false means -- * always allow. -+ /* for allow or check requested_reply=true means the rule applies -+ * only when reply was requested. requested_reply=false means the -+ * rule always applies - */ -- if (!requested_reply && rule->allow && rule->d.receive.requested_reply && !rule->d.receive.eavesdrop) -+ if (!requested_reply && rule->access != BUS_POLICY_RULE_ACCESS_DENY && rule->d.send.requested_reply && !rule->d.send.eavesdrop) - { -- _dbus_verbose (" (policy) skipping allow rule since it only applies to requested replies and does not allow eavesdropping\n"); -+ _dbus_verbose (" (policy) skipping %s rule since it only applies to requested replies and does not allow eavesdropping\n", -+ rule->access == BUS_POLICY_RULE_ACCESS_DENY ? "allow" : "deny"); - continue; - } - -@@ -1176,7 +1224,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, - * when the reply was not requested. requested_reply=true means the - * rule always applies. - */ -- if (requested_reply && !rule->allow && !rule->d.receive.requested_reply) -+ if (requested_reply && rule->access == BUS_POLICY_RULE_ACCESS_DENY && !rule->d.receive.requested_reply) - { - _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n"); - continue; -@@ -1199,13 +1247,13 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, - /* The interface is optional in messages. For allow rules, if the message - * has no interface we want to skip the rule (and thus not allow); - * for deny rules, if the message has no interface we want to use the -- * rule (and thus deny). -+ * rule (and thus deny). Check rules are treated like allow rules. - */ - dbus_bool_t no_interface; - - no_interface = dbus_message_get_interface (message) == NULL; - -- if ((no_interface && rule->allow) || -+ if ((no_interface && rule->access != BUS_POLICY_RULE_ACCESS_DENY) || - (!no_interface && - strcmp (dbus_message_get_interface (message), - rule->d.receive.interface) != 0)) -@@ -1295,14 +1343,43 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, - } - - /* Use this rule */ -- allowed = rule->allow; -+ switch (rule->access) -+ { -+ case BUS_POLICY_RULE_ACCESS_ALLOW: -+ result = BUS_RESULT_TRUE; -+ break; -+ case BUS_POLICY_RULE_ACCESS_DENY: -+ default: -+ result = BUS_RESULT_FALSE; -+ break; -+ case BUS_POLICY_RULE_ACCESS_CHECK: -+ result = BUS_RESULT_LATER; -+ privilege = rule->privilege; -+ break; -+ } -+ - (*toggles)++; - -- _dbus_verbose (" (policy) used rule, allow now = %d\n", -- allowed); -+ _dbus_verbose (" (policy) used rule, result now = %d\n", -+ (int)(intptr_t)result); - } - -- return allowed; -+ -+ if (result == BUS_RESULT_LATER) -+ { -+ BusContext *context = bus_connection_get_context(proposed_recipient); -+ BusCheck *check = bus_context_get_check(context); -+ -+ result = bus_check_privilege(check, message, sender, addressed_recipient, proposed_recipient, -+ privilege, BUS_DEFERRED_MESSAGE_CHECK_RECEIVE, deferred_message); -+ } -+ else -+ privilege = NULL; -+ -+ if (privilege_param != NULL) -+ *privilege_param = privilege; -+ -+ return result; - } - - -@@ -1354,7 +1431,7 @@ bus_rules_check_can_own (DBusList *rules, - } - - /* Use this rule */ -- allowed = rule->allow; -+ allowed = rule->access == BUS_POLICY_RULE_ACCESS_ALLOW; - } - - return allowed; -diff --git a/bus/policy.h b/bus/policy.h -index ec43ffa..f839d23 100644 ---- a/bus/policy.h -+++ b/bus/policy.h -@@ -46,6 +46,14 @@ typedef enum - BUS_POLICY_TRISTATE_TRUE - } BusPolicyTristate; - -+typedef enum -+{ -+ BUS_POLICY_RULE_ACCESS_DENY, -+ BUS_POLICY_RULE_ACCESS_ALLOW, -+ /** runtime check resulting in allow or deny */ -+ BUS_POLICY_RULE_ACCESS_CHECK -+} BusPolicyRuleAccess; -+ - /** determines whether the rule affects a connection, or some global item */ - #define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \ - (rule)->type == BUS_POLICY_RULE_GROUP)) -@@ -56,8 +64,9 @@ struct BusPolicyRule - - BusPolicyRuleType type; - -- unsigned int allow : 1; /**< #TRUE if this allows, #FALSE if it denies */ -- -+ unsigned int access : 2; /**< BusPolicyRuleAccess */ -+ char *privilege; /**< for BUS_POLICY_RULE_ACCESS_CHECK */ -+ - union - { - struct -@@ -118,7 +127,7 @@ struct BusPolicyRule - }; - - BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type, -- dbus_bool_t allow); -+ BusPolicyRuleAccess access); - BusPolicyRule* bus_policy_rule_ref (BusPolicyRule *rule); - void bus_policy_rule_unref (BusPolicyRule *rule); - -@@ -152,21 +161,27 @@ dbus_bool_t bus_policy_merge (BusPolicy *policy, - BusClientPolicy* bus_client_policy_new (void); - BusClientPolicy* bus_client_policy_ref (BusClientPolicy *policy); - void bus_client_policy_unref (BusClientPolicy *policy); --dbus_bool_t bus_client_policy_check_can_send (BusClientPolicy *policy, -+BusResult bus_client_policy_check_can_send (DBusConnection *sender, -+ BusClientPolicy *policy, - BusRegistry *registry, - dbus_bool_t requested_reply, -+ DBusConnection *addressed_recipient, - DBusConnection *receiver, - DBusMessage *message, - dbus_int32_t *toggles, -- dbus_bool_t *log); --dbus_bool_t bus_client_policy_check_can_receive (BusClientPolicy *policy, -+ dbus_bool_t *log, -+ const char **privilege_param, -+ BusDeferredMessage **deferred_message); -+BusResult bus_client_policy_check_can_receive (BusClientPolicy *policy, - BusRegistry *registry, - dbus_bool_t requested_reply, - DBusConnection *sender, - DBusConnection *addressed_recipient, - DBusConnection *proposed_recipient, - DBusMessage *message, -- dbus_int32_t *toggles); -+ dbus_int32_t *toggles, -+ const char **privilege_param, -+ BusDeferredMessage **deferred_message); - dbus_bool_t bus_client_policy_check_can_own (BusClientPolicy *policy, - const DBusString *service_name); - dbus_bool_t bus_client_policy_append_rule (BusClientPolicy *policy, -diff --git a/configure.ac b/configure.ac -index d1e3a29..11b5ffd 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1742,6 +1742,17 @@ AC_ARG_ENABLE([user-session], - AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION], - [test "x$enable_user_session" = xyes]) - -+#enable cynara integration -+AC_ARG_ENABLE([cynara], [AS_HELP_STRING([--enable-cynara], [enable Cynara integration])], [], [enable_cynara=no]) -+if test "x$enable_cynara" = xyes; then -+ PKG_CHECK_MODULES([CYNARA], [cynara-client-async >= 0.6.0 cynara-session >= 0.6.0], -+ [AC_DEFINE([DBUS_ENABLE_CYNARA], [1], [Define to enable Cynara privilege checks in dbus-daemon])], -+ [AC_MSG_ERROR([libcynara-client-async and cynara-session are required to enable Cynara integration])]) -+fi -+ -+AC_SUBST([CYNARA_CFLAGS]) -+AC_SUBST([CYNARA_LIBS]) -+ - AC_CONFIG_FILES([ - Doxyfile - dbus/Version -@@ -1824,6 +1835,7 @@ echo " - Building bus stats API: ${enable_stats} - Building SELinux support: ${have_selinux} - Building AppArmor support: ${have_apparmor} -+ Building Cynara support: ${enable_cynara} - Building inotify support: ${have_inotify} - Building kqueue support: ${have_kqueue} - Building systemd support: ${have_systemd} -diff --git a/test/Makefile.am b/test/Makefile.am -index af1e13b..e6f50e1 100644 ---- a/test/Makefile.am -+++ b/test/Makefile.am -@@ -439,6 +439,7 @@ in_data = \ - data/valid-config-files/debug-allow-all.conf.in \ - data/valid-config-files/finite-timeout.conf.in \ - data/valid-config-files/forbidding.conf.in \ -+ data/valid-config-files/debug-check-some.conf.in \ - data/valid-config-files/incoming-limit.conf.in \ - data/valid-config-files/max-completed-connections.conf.in \ - data/valid-config-files/max-connections-per-user.conf.in \ -diff --git a/test/data/invalid-config-files/badcheck-1.conf b/test/data/invalid-config-files/badcheck-1.conf -new file mode 100644 -index 0000000..fad9f50 ---- /dev/null -+++ b/test/data/invalid-config-files/badcheck-1.conf -@@ -0,0 +1,9 @@ -+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" -+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> -+<busconfig> -+ <user>mybususer</user> -+ <listen>unix:path=/foo/bar</listen> -+ <policy context="default"> -+ <allow privilege="foo" send_destination="*"/> <!-- extra privilege="foo" --> -+ </policy> -+</busconfig> -diff --git a/test/data/invalid-config-files/badcheck-2.conf b/test/data/invalid-config-files/badcheck-2.conf -new file mode 100644 -index 0000000..63c7ef2 ---- /dev/null -+++ b/test/data/invalid-config-files/badcheck-2.conf -@@ -0,0 +1,9 @@ -+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" -+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> -+<busconfig> -+ <user>mybususer</user> -+ <listen>unix:path=/foo/bar</listen> -+ <policy context="default"> -+ <check send_destination="*"/> <!-- missing privilege="foo" --> -+ </policy> -+</busconfig> -diff --git a/test/data/valid-config-files/check-1.conf b/test/data/valid-config-files/check-1.conf -new file mode 100644 -index 0000000..ad71473 ---- /dev/null -+++ b/test/data/valid-config-files/check-1.conf -@@ -0,0 +1,9 @@ -+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" -+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> -+<busconfig> -+ <user>mybususer</user> -+ <listen>unix:path=/foo/bar</listen> -+ <policy context="default"> -+ <check privilege="foo" send_destination="*"/> -+ </policy> -+</busconfig> -diff --git a/test/data/valid-config-files/debug-check-some.conf.in b/test/data/valid-config-files/debug-check-some.conf.in -new file mode 100644 -index 0000000..47ee854 ---- /dev/null -+++ b/test/data/valid-config-files/debug-check-some.conf.in -@@ -0,0 +1,18 @@ -+<!-- Bus that listens on a debug pipe and doesn't create any restrictions --> -+ -+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" -+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> -+<busconfig> -+ <listen>debug-pipe:name=test-server</listen> -+ <listen>@TEST_LISTEN@</listen> -+ <servicedir>@DBUS_TEST_DATA@/valid-service-files</servicedir> -+ <policy context="default"> -+ <allow send_interface="*"/> -+ <allow receive_interface="*"/> -+ <allow own="*"/> -+ <allow user="*"/> -+ -+ <deny send_interface="org.freedesktop.TestSuite" send_member="Echo"/> -+ <check privilege="foo" send_interface="org.freedesktop.TestSuite" send_member="Echo"/> -+ </policy> -+</busconfig> --- -2.21.1 - diff --git a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0002-Disable-message-dispatching-when-send-rule-result-is.patch b/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0002-Disable-message-dispatching-when-send-rule-result-is.patch deleted file mode 100644 index bac8cf97f..000000000 --- a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0002-Disable-message-dispatching-when-send-rule-result-is.patch +++ /dev/null @@ -1,967 +0,0 @@ -From c2f4ba585c777b731df6b6b8a165b6cc4dc5d639 Mon Sep 17 00:00:00 2001 -From: Jacek Bukarewicz <j.bukarewicz@samsung.com> -Date: Fri, 28 Nov 2014 12:07:39 +0100 -Subject: [PATCH 2/8] Disable message dispatching when send rule result is not - known -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When unicast message is sent to addressed recipient and policy result -is not available message dispatch from the sender is disabled. -This also means that any further messages from the given connection are -put into the incoming queue without being processed. If response is received -message dispatching is resumed. This time answer is attached to the message -which is now processed synchronously. -Receive rule result unavailability is not yet handled - such messages are -rejected. Also, if message is sent to non-addressed recipient and policy result -is unknown, message is silently dropped. - -Cherry-picked from b1b87ad9f20b2052c28431b48e81073078a745ce -by Jose Bollo. - -Updated for dbus 1.10.20 by Scott Murray and José Bollo - -Signed-off-by: José Bollo <jose.bollo@iot.bzh> -Signed-off-by: Scott Murray <scott.murray@konsulko.com> ---- - bus/activation.c | 76 +++++++++++-- - bus/check.c | 109 +++++++++++++++++-- - bus/check.h | 10 ++ - bus/cynara.c | 1 - - bus/dispatch.c | 184 ++++++++++++++++++++++++++++---- - bus/dispatch.h | 2 +- - bus/driver.c | 12 ++- - dbus/dbus-connection-internal.h | 15 +++ - dbus/dbus-connection.c | 125 +++++++++++++++++++++- - dbus/dbus-list.c | 29 +++++ - dbus/dbus-list.h | 3 + - dbus/dbus-shared.h | 3 +- - 12 files changed, 528 insertions(+), 41 deletions(-) - -diff --git a/bus/activation.c b/bus/activation.c -index f9c6c62..8301b59 100644 ---- a/bus/activation.c -+++ b/bus/activation.c -@@ -32,6 +32,7 @@ - #include "services.h" - #include "test.h" - #include "utils.h" -+#include <dbus/dbus-connection-internal.h> - #include <dbus/dbus-internals.h> - #include <dbus/dbus-hash.h> - #include <dbus/dbus-list.h> -@@ -94,6 +95,8 @@ struct BusPendingActivationEntry - DBusConnection *connection; - - dbus_bool_t auto_activation; -+ -+ dbus_bool_t is_put_back; - }; - - typedef struct -@@ -1241,20 +1244,23 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation - BusPendingActivationEntry *entry = link->data; - DBusList *next = _dbus_list_get_next_link (&pending_activation->entries, link); - -- if (entry->auto_activation && (entry->connection == NULL || dbus_connection_get_is_connected (entry->connection))) -+ if (entry->auto_activation && !entry->is_put_back && -+ (entry->connection == NULL || dbus_connection_get_is_connected (entry->connection))) - { - DBusConnection *addressed_recipient; - DBusError error; -+ BusResult res; - - dbus_error_init (&error); - - addressed_recipient = bus_service_get_primary_owners_connection (service); - - /* Resume dispatching where we left off in bus_dispatch() */ -- if (!bus_dispatch_matches (transaction, -- entry->connection, -- addressed_recipient, -- entry->activation_message, &error)) -+ res = bus_dispatch_matches (transaction, -+ entry->connection, -+ addressed_recipient, -+ entry->activation_message, &error); -+ if (res == BUS_RESULT_FALSE) - { - /* If permission is denied, we just want to return the error - * to the original method invoker; in particular, we don't -@@ -1266,11 +1272,44 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation - bus_connection_send_oom_error (entry->connection, - entry->activation_message); - } -- - dbus_error_free (&error); - link = next; - continue; - } -+ else if (res == BUS_RESULT_LATER) -+ { -+ DBusList *putback_message_link = link; -+ DBusMessage *last_inserted_message = NULL; -+ -+ /* NULL entry->connection implies sending pending ActivationRequest message to systemd */ -+ if (entry->connection == NULL) -+ { -+ _dbus_assert_not_reached ("bus_dispatch_matches returned BUS_RESULT_LATER unexpectedly when sender is NULL"); -+ link = next; -+ continue; -+ } -+ -+ /** -+ * Getting here means that policy check result is not yet available and dispatching -+ * messages from entry->connection has been disabled. -+ * Let's put back all messages for the given connection in the incoming queue and mark -+ * this entry as put back so they are not handled twice. -+ */ -+ while (putback_message_link != NULL) -+ { -+ BusPendingActivationEntry *putback_message = putback_message_link->data; -+ if (putback_message->connection == entry->connection) -+ { -+ if (!_dbus_connection_putback_message (putback_message->connection, last_inserted_message, -+ putback_message->activation_message, &error)) -+ goto error; -+ last_inserted_message = putback_message->activation_message; -+ putback_message->is_put_back = TRUE; -+ } -+ -+ putback_message_link = _dbus_list_get_next_link(&pending_activation->entries, putback_message_link); -+ } -+ } - } - - link = next; -@@ -1287,6 +1326,19 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation - return TRUE; - - error: -+ /* remove all messages that have been put to connections' incoming queues */ -+ link = _dbus_list_get_first_link (&pending_activation->entries); -+ while (link != NULL) -+ { -+ BusPendingActivationEntry *entry = link->data; -+ if (entry->is_put_back) -+ { -+ _dbus_connection_remove_message(entry->connection, entry->activation_message); -+ entry->is_put_back = FALSE; -+ } -+ link = _dbus_list_get_next_link(&pending_activation->entries, link); -+ } -+ - return FALSE; - } - -@@ -2079,6 +2131,7 @@ bus_activation_activate_service (BusActivation *activation, - - if (service != NULL) - { -+ BusResult res; - bus_context_log (activation->context, - DBUS_SYSTEM_LOG_INFO, "Activating via systemd: service name='%s' unit='%s' requested by '%s' (%s)", - service_name, -@@ -2086,8 +2139,17 @@ bus_activation_activate_service (BusActivation *activation, - bus_connection_get_name (connection), - bus_connection_get_loginfo (connection)); - /* Wonderful, systemd is connected, let's just send the msg */ -- retval = bus_dispatch_matches (activation_transaction, NULL, -+ res = bus_dispatch_matches (activation_transaction, NULL, - systemd, message, error); -+ -+ if (res == BUS_RESULT_TRUE) -+ retval = TRUE; -+ else -+ { -+ retval = FALSE; -+ if (res == BUS_RESULT_LATER) -+ _dbus_verbose("Unexpectedly need time to check message from bus driver to systemd - dropping the message.\n"); -+ } - } - else - { -diff --git a/bus/check.c b/bus/check.c -index 5b72d31..4b8a699 100644 ---- a/bus/check.c -+++ b/bus/check.c -@@ -55,6 +55,8 @@ typedef struct BusDeferredMessage - BusCheckResponseFunc response_callback; - } BusDeferredMessage; - -+static dbus_int32_t deferred_message_data_slot = -1; -+ - BusCheck * - bus_check_new (BusContext *context, DBusError *error) - { -@@ -67,11 +69,19 @@ bus_check_new (BusContext *context, DBusError *error) - return NULL; - } - -+ if (!dbus_message_allocate_data_slot(&deferred_message_data_slot)) -+ { -+ dbus_free(check); -+ BUS_SET_OOM(error); -+ return NULL; -+ } -+ - check->refcount = 1; - check->context = context; - check->cynara = bus_cynara_new(check, error); - if (dbus_error_is_set(error)) - { -+ dbus_message_free_data_slot(&deferred_message_data_slot); - dbus_free(check); - return NULL; - } -@@ -98,6 +108,7 @@ bus_check_unref (BusCheck *check) - if (check->refcount == 0) - { - bus_cynara_unref(check->cynara); -+ dbus_message_free_data_slot(&deferred_message_data_slot); - dbus_free(check); - } - } -@@ -114,6 +125,45 @@ bus_check_get_cynara (BusCheck *check) - return check->cynara; - } - -+static void -+bus_check_enable_dispatch_callback (BusDeferredMessage *deferred_message, -+ BusResult result) -+{ -+ _dbus_verbose("bus_check_enable_dispatch_callback called deferred_message=%p\n", deferred_message); -+ -+ deferred_message->response = result; -+ _dbus_connection_enable_dispatch(deferred_message->sender); -+} -+ -+static void -+deferred_message_free_function(void *data) -+{ -+ BusDeferredMessage *deferred_message = (BusDeferredMessage *)data; -+ bus_deferred_message_unref(deferred_message); -+} -+ -+void -+bus_deferred_message_disable_sender (BusDeferredMessage *deferred_message) -+{ -+ _dbus_assert(deferred_message != NULL); -+ _dbus_assert(deferred_message->sender != NULL); -+ -+ if (dbus_message_get_data(deferred_message->message, deferred_message_data_slot) == NULL) -+ { -+ if (dbus_message_set_data(deferred_message->message, deferred_message_data_slot, deferred_message, -+ deferred_message_free_function)) -+ bus_deferred_message_ref(deferred_message); -+ } -+ -+ _dbus_connection_disable_dispatch(deferred_message->sender); -+ deferred_message->response_callback = bus_check_enable_dispatch_callback; -+} -+ -+#ifdef DBUS_ENABLE_EMBEDDED_TESTS -+BusResult (*bus_check_test_override) (DBusConnection *connection, -+ const char *privilege); -+#endif -+ - BusResult - bus_check_privilege (BusCheck *check, - DBusMessage *message, -@@ -124,6 +174,7 @@ bus_check_privilege (BusCheck *check, - BusDeferredMessageStatus check_type, - BusDeferredMessage **deferred_message) - { -+ BusDeferredMessage *previous_deferred_message; - BusResult result = BUS_RESULT_FALSE; - #ifdef DBUS_ENABLE_CYNARA - BusCynara *cynara; -@@ -137,16 +188,54 @@ bus_check_privilege (BusCheck *check, - return BUS_RESULT_FALSE; - } - -- /* ask policy checkers */ --#ifdef DBUS_ENABLE_CYNARA -- cynara = bus_check_get_cynara(check); -- result = bus_cynara_check_privilege(cynara, message, sender, addressed_recipient, -- proposed_recipient, privilege, check_type, deferred_message); -+#ifdef DBUS_ENABLE_EMBEDDED_TESTS -+ if (bus_check_test_override) -+ return bus_check_test_override (connection, privilege); - #endif - -- if (result == BUS_RESULT_LATER && deferred_message != NULL) -+ previous_deferred_message = dbus_message_get_data(message, deferred_message_data_slot); -+ /* check if message blocked at sender's queue is being processed */ -+ if (previous_deferred_message != NULL) -+ { -+ if ((check_type & BUS_DEFERRED_MESSAGE_CHECK_SEND) && -+ !(previous_deferred_message->status & BUS_DEFERRED_MESSAGE_CHECK_SEND)) -+ { -+ /** -+ * Message has been deferred due to receive or own rule which means that sending this message -+ * is allowed - it must have been checked previously. -+ * This might happen when client calls RequestName method which depending on security -+ * policy might result in both "can_send" and "can_own" Cynara checks. -+ */ -+ result = BUS_RESULT_TRUE; -+ } -+ else -+ { -+ result = previous_deferred_message->response; -+ if (result == BUS_RESULT_LATER) -+ { -+ /* result is still not known - reuse deferred message object */ -+ if (deferred_message != NULL) -+ *deferred_message = previous_deferred_message; -+ } -+ else -+ { -+ /* result is available - we can remove deferred message from the processed message */ -+ dbus_message_set_data(message, deferred_message_data_slot, NULL, NULL); -+ } -+ } -+ } -+ else - { -- (*deferred_message)->status |= check_type; -+ /* ask policy checkers */ -+#ifdef DBUS_ENABLE_CYNARA -+ cynara = bus_check_get_cynara(check); -+ result = bus_cynara_check_privilege(cynara, message, sender, addressed_recipient, -+ proposed_recipient, privilege, check_type, deferred_message); -+#endif -+ if (result == BUS_RESULT_LATER && deferred_message != NULL) -+ { -+ (*deferred_message)->status |= check_type; -+ } - } - return result; - } -@@ -206,6 +295,12 @@ bus_deferred_message_unref (BusDeferredMessage *deferred_message) - } - } - -+BusDeferredMessageStatus -+bus_deferred_message_get_status (BusDeferredMessage *deferred_message) -+{ -+ return deferred_message->status; -+} -+ - void - bus_deferred_message_response_received (BusDeferredMessage *deferred_message, - BusResult result) -diff --git a/bus/check.h b/bus/check.h -index c3fcaf9..d177549 100644 ---- a/bus/check.h -+++ b/bus/check.h -@@ -55,6 +55,7 @@ BusResult bus_check_privilege (BusCheck *check, - BusDeferredMessageStatus check_type, - BusDeferredMessage **deferred_message); - -+ - BusDeferredMessage *bus_deferred_message_new (DBusMessage *message, - DBusConnection *sender, - DBusConnection *addressed_recipient, -@@ -65,4 +66,13 @@ BusDeferredMessage *bus_deferred_message_ref (BusDeferredMessage - void bus_deferred_message_unref (BusDeferredMessage *deferred_message); - void bus_deferred_message_response_received (BusDeferredMessage *deferred_message, - BusResult result); -+void bus_deferred_message_disable_sender (BusDeferredMessage *deferred_message); -+ -+BusDeferredMessageStatus bus_deferred_message_get_status (BusDeferredMessage *deferred_message); -+ -+#ifdef DBUS_ENABLE_EMBEDDED_TESTS -+extern BusResult (*bus_check_test_override) (DBusConnection *connection, -+ const char *privilege); -+#endif -+ - #endif /* BUS_CHECK_H */ -diff --git a/bus/cynara.c b/bus/cynara.c -index 57a4c45..77aed62 100644 ---- a/bus/cynara.c -+++ b/bus/cynara.c -@@ -36,7 +36,6 @@ - #include <cynara-client-async.h> - #endif - -- - #ifdef DBUS_ENABLE_CYNARA - typedef struct BusCynara - { -diff --git a/bus/dispatch.c b/bus/dispatch.c -index d3867f7..50a22a3 100644 ---- a/bus/dispatch.c -+++ b/bus/dispatch.c -@@ -35,6 +35,7 @@ - #include "signals.h" - #include "test.h" - #include <dbus/dbus-internals.h> -+#include <dbus/dbus-connection-internal.h> - #include <dbus/dbus-misc.h> - #include <string.h> - -@@ -122,7 +123,7 @@ send_one_message (DBusConnection *connection, - return TRUE; - } - --dbus_bool_t -+BusResult - bus_dispatch_matches (BusTransaction *transaction, - DBusConnection *sender, - DBusConnection *addressed_recipient, -@@ -158,13 +159,29 @@ bus_dispatch_matches (BusTransaction *transaction, - message, NULL, error, - &deferred_message); - if (res == BUS_RESULT_FALSE) -- return FALSE; -+ return BUS_RESULT_FALSE; - else if (res == BUS_RESULT_LATER) - { -- dbus_set_error (error, -- DBUS_ERROR_ACCESS_DENIED, -- "Rejecting message because time is needed to check security policy"); -- return FALSE; -+ BusDeferredMessageStatus status; -+ status = bus_deferred_message_get_status(deferred_message); -+ -+ if (status & BUS_DEFERRED_MESSAGE_CHECK_SEND) -+ { -+ /* send rule result not available - disable dispatching messages from the sender */ -+ bus_deferred_message_disable_sender(deferred_message); -+ return BUS_RESULT_LATER; -+ } -+ else if (status & BUS_DEFERRED_MESSAGE_CHECK_RECEIVE) -+ { -+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, -+ "Rejecting message because time is needed to check security policy"); -+ return BUS_RESULT_FALSE; -+ } -+ else -+ { -+ _dbus_verbose("deferred message has no status field set to send or receive unexpectedly\n"); -+ return BUS_RESULT_FALSE; -+ } - } - - if (dbus_message_contains_unix_fds (message) && -@@ -175,14 +192,14 @@ bus_dispatch_matches (BusTransaction *transaction, - DBUS_ERROR_NOT_SUPPORTED, - "Tried to send message with Unix file descriptors" - "to a client that doesn't support that."); -- return FALSE; -- } -+ return BUS_RESULT_FALSE; -+ } - - /* Dispatch the message */ - if (!bus_transaction_send (transaction, addressed_recipient, message)) - { - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - } - -@@ -197,7 +214,7 @@ bus_dispatch_matches (BusTransaction *transaction, - &recipients)) - { - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - link = _dbus_list_get_first_link (&recipients); -@@ -219,10 +236,10 @@ bus_dispatch_matches (BusTransaction *transaction, - if (dbus_error_is_set (&tmp_error)) - { - dbus_move_error (&tmp_error, error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - else -- return TRUE; -+ return BUS_RESULT_TRUE; - } - - static DBusHandlerResult -@@ -409,10 +426,12 @@ bus_dispatch (DBusConnection *connection, - } - else if (res == BUS_RESULT_LATER) - { -- dbus_set_error (&error, -- DBUS_ERROR_ACCESS_DENIED, -- "Rejecting message because time is needed to check security policy"); -- _dbus_verbose ("Security policy needs time to check policy. Dropping message\n"); -+ /* Disable dispatching messages from the sender, -+ * roll back and dispatch the message once the policy result is available */ -+ bus_deferred_message_disable_sender(deferred_message); -+ bus_transaction_cancel_and_free (transaction); -+ transaction = NULL; -+ result = DBUS_HANDLER_RESULT_LATER; - goto out; - } - -@@ -514,8 +533,14 @@ bus_dispatch (DBusConnection *connection, - * addressed_recipient == NULL), and match it against other connections' - * match rules. - */ -- if (!bus_dispatch_matches (transaction, connection, addressed_recipient, message, &error)) -- goto out; -+ if (BUS_RESULT_LATER == bus_dispatch_matches (transaction, connection, addressed_recipient, -+ message, &error)) -+ { -+ /* Roll back and dispatch the message once the policy result is available */ -+ bus_transaction_cancel_and_free (transaction); -+ transaction = NULL; -+ result = DBUS_HANDLER_RESULT_LATER; -+ } - - out: - if (dbus_error_is_set (&error)) -@@ -5060,9 +5085,132 @@ bus_dispatch_test_conf_fail (const DBusString *test_data_dir, - } - #endif - -+typedef struct { -+ DBusTimeout *timeout; -+ DBusConnection *connection; -+ dbus_bool_t timedout; -+ int check_counter; -+} BusTestCheckData; -+ -+static BusTestCheckData *cdata; -+ -+static dbus_bool_t -+bus_dispatch_test_check_timeout (void *data) -+{ -+ _dbus_verbose ("timeout triggered - pretend that privilege check result is available\n"); -+ -+ /* should only happen once during the test */ -+ _dbus_assert (!cdata->timedout); -+ cdata->timedout = TRUE; -+ _dbus_connection_enable_dispatch (cdata->connection); -+ -+ /* don't call this again */ -+ _dbus_loop_remove_timeout (bus_connection_get_loop (cdata->connection), -+ cdata->timeout); -+ dbus_connection_unref (cdata->connection); -+ cdata->connection = NULL; -+ return TRUE; -+} -+ -+static BusResult -+bus_dispatch_test_check_override (DBusConnection *connection, -+ const char *privilege) -+{ -+ _dbus_verbose ("overriding privilege check %s #%d\n", privilege, cdata->check_counter); -+ cdata->check_counter++; -+ if (!cdata->timedout) -+ { -+ dbus_bool_t added; -+ -+ /* Should be the first privilege check for the "Echo" method. */ -+ _dbus_assert (cdata->check_counter == 1); -+ cdata->timeout = _dbus_timeout_new (1, bus_dispatch_test_check_timeout, -+ NULL, NULL); -+ _dbus_assert (cdata->timeout); -+ added = _dbus_loop_add_timeout (bus_connection_get_loop (connection), -+ cdata->timeout); -+ _dbus_assert (added); -+ cdata->connection = connection; -+ dbus_connection_ref (connection); -+ _dbus_connection_disable_dispatch (connection); -+ return BUS_RESULT_LATER; -+ } -+ else -+ { -+ /* Should only be checked one more time, and this time succeeds. */ -+ _dbus_assert (cdata->check_counter == 2); -+ return BUS_RESULT_TRUE; -+ } -+} -+ -+static dbus_bool_t -+bus_dispatch_test_check (const DBusString *test_data_dir) -+{ -+ const char *filename = "valid-config-files/debug-check-some.conf"; -+ BusContext *context; -+ DBusConnection *foo; -+ DBusError error; -+ dbus_bool_t result = TRUE; -+ BusTestCheckData data; -+ -+ /* save the config name for the activation helper */ -+ if (!setenv_TEST_LAUNCH_HELPER_CONFIG (test_data_dir, filename)) -+ _dbus_assert_not_reached ("no memory setting TEST_LAUNCH_HELPER_CONFIG"); -+ -+ dbus_error_init (&error); -+ -+ context = bus_context_new_test (test_data_dir, filename); -+ if (context == NULL) -+ return FALSE; -+ -+ foo = dbus_connection_open_private (TEST_DEBUG_PIPE, &error); -+ if (foo == NULL) -+ _dbus_assert_not_reached ("could not alloc connection"); -+ -+ if (!bus_setup_debug_client (foo)) -+ _dbus_assert_not_reached ("could not set up connection"); -+ -+ spin_connection_until_authenticated (context, foo); -+ -+ if (!check_hello_message (context, foo)) -+ _dbus_assert_not_reached ("hello message failed"); -+ -+ if (!check_double_hello_message (context, foo)) -+ _dbus_assert_not_reached ("double hello message failed"); -+ -+ if (!check_add_match (context, foo, "")) -+ _dbus_assert_not_reached ("AddMatch message failed"); -+ -+ /* -+ * Cause bus_check_send_privilege() to return BUS_RESULT_LATER in the -+ * first call, then BUS_RESULT_TRUE. -+ */ -+ cdata = &data; -+ memset (cdata, 0, sizeof(*cdata)); -+ bus_check_test_override = bus_dispatch_test_check_override; -+ -+ result = check_existent_service_auto_start (context, foo); -+ -+ _dbus_assert (cdata->check_counter == 2); -+ _dbus_assert (cdata->timedout); -+ _dbus_assert (cdata->timeout); -+ _dbus_assert (!cdata->connection); -+ _dbus_timeout_unref (cdata->timeout); -+ -+ kill_client_connection_unchecked (foo); -+ -+ bus_context_unref (context); -+ -+ return result; -+} -+ - dbus_bool_t - bus_dispatch_test (const DBusString *test_data_dir) - { -+ _dbus_verbose ("<check> tests\n"); -+ if (!bus_dispatch_test_check (test_data_dir)) -+ return FALSE; -+ - /* run normal activation tests */ - _dbus_verbose ("Normal activation tests\n"); - if (!bus_dispatch_test_conf (test_data_dir, -diff --git a/bus/dispatch.h b/bus/dispatch.h -index fb5ba7a..afba6a2 100644 ---- a/bus/dispatch.h -+++ b/bus/dispatch.h -@@ -29,7 +29,7 @@ - - dbus_bool_t bus_dispatch_add_connection (DBusConnection *connection); - void bus_dispatch_remove_connection (DBusConnection *connection); --dbus_bool_t bus_dispatch_matches (BusTransaction *transaction, -+BusResult bus_dispatch_matches (BusTransaction *transaction, - DBusConnection *sender, - DBusConnection *recipient, - DBusMessage *message, -diff --git a/bus/driver.c b/bus/driver.c -index cd0a714..f414f64 100644 ---- a/bus/driver.c -+++ b/bus/driver.c -@@ -218,6 +218,7 @@ bus_driver_send_service_owner_changed (const char *service_name, - { - DBusMessage *message; - dbus_bool_t retval; -+ BusResult res; - const char *null_service; - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -253,7 +254,16 @@ bus_driver_send_service_owner_changed (const char *service_name, - if (!bus_transaction_capture (transaction, NULL, NULL, message)) - goto oom; - -- retval = bus_dispatch_matches (transaction, NULL, NULL, message, error); -+ res = bus_dispatch_matches (transaction, NULL, NULL, message, error); -+ if (res == BUS_RESULT_TRUE) -+ retval = TRUE; -+ else -+ { -+ retval = FALSE; -+ if (res == BUS_RESULT_LATER) -+ /* should never happen */ -+ _dbus_assert_not_reached ("bus_dispatch_matches returned BUS_RESULT_LATER unexpectedly"); -+ } - dbus_message_unref (message); - - return retval; -diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h -index 4835732..94b1c95 100644 ---- a/dbus/dbus-connection-internal.h -+++ b/dbus/dbus-connection-internal.h -@@ -118,6 +118,21 @@ DBUS_PRIVATE_EXPORT - dbus_bool_t _dbus_connection_get_linux_security_label (DBusConnection *connection, - char **label_p); - -+DBUS_PRIVATE_EXPORT -+void _dbus_connection_enable_dispatch (DBusConnection *connection); -+DBUS_PRIVATE_EXPORT -+void _dbus_connection_disable_dispatch (DBusConnection *connection); -+ -+DBUS_PRIVATE_EXPORT -+dbus_bool_t _dbus_connection_putback_message (DBusConnection *connection, -+ DBusMessage *after_message, -+ DBusMessage *message, -+ DBusError *error); -+ -+DBUS_PRIVATE_EXPORT -+dbus_bool_t _dbus_connection_remove_message (DBusConnection *connection, -+ DBusMessage *message); -+ - /* if DBUS_ENABLE_STATS */ - DBUS_PRIVATE_EXPORT - void _dbus_connection_get_stats (DBusConnection *connection, -diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c -index c525b6d..958968c 100644 ---- a/dbus/dbus-connection.c -+++ b/dbus/dbus-connection.c -@@ -311,7 +311,8 @@ struct DBusConnection - */ - dbus_bool_t dispatch_acquired; /**< Someone has dispatch path (can drain incoming queue) */ - dbus_bool_t io_path_acquired; /**< Someone has transport io path (can use the transport to read/write messages) */ -- -+ -+ unsigned int dispatch_disabled : 1; /**< if true, then dispatching incoming messages is stopped until enabled again */ - unsigned int shareable : 1; /**< #TRUE if libdbus owns a reference to the connection and can return it from dbus_connection_open() more than once */ - - unsigned int exit_on_disconnect : 1; /**< If #TRUE, exit after handling disconnect signal */ -@@ -439,6 +440,39 @@ _dbus_connection_wakeup_mainloop (DBusConnection *connection) - (*connection->wakeup_main_function) (connection->wakeup_main_data); - } - -+static void -+_dbus_connection_set_dispatch(DBusConnection *connection, -+ dbus_bool_t disabled) -+{ -+ CONNECTION_LOCK (connection); -+ if (connection->dispatch_disabled != disabled) -+ { -+ DBusDispatchStatus status; -+ -+ connection->dispatch_disabled = disabled; -+ status = _dbus_connection_get_dispatch_status_unlocked (connection); -+ _dbus_connection_update_dispatch_status_and_unlock (connection, status); -+ } -+ else -+ { -+ CONNECTION_UNLOCK (connection); -+ } -+} -+ -+ -+void -+_dbus_connection_enable_dispatch (DBusConnection *connection) -+{ -+ _dbus_connection_set_dispatch (connection, FALSE); -+} -+ -+void -+ _dbus_connection_disable_dispatch (DBusConnection *connection) -+{ -+ _dbus_connection_set_dispatch (connection, TRUE); -+} -+ -+ - #ifdef DBUS_ENABLE_EMBEDDED_TESTS - /** - * Gets the locks so we can examine them -@@ -4069,6 +4103,82 @@ _dbus_connection_putback_message_link_unlocked (DBusConnection *connection, - "_dbus_connection_putback_message_link_unlocked"); - } - -+dbus_bool_t -+_dbus_connection_putback_message (DBusConnection *connection, -+ DBusMessage *after_message, -+ DBusMessage *message, -+ DBusError *error) -+{ -+ DBusDispatchStatus status; -+ DBusList *message_link = _dbus_list_alloc_link (message); -+ DBusList *after_link; -+ if (message_link == NULL) -+ { -+ _DBUS_SET_OOM (error); -+ return FALSE; -+ } -+ dbus_message_ref (message); -+ -+ CONNECTION_LOCK (connection); -+ _dbus_connection_acquire_dispatch (connection); -+ HAVE_LOCK_CHECK (connection); -+ -+ after_link = _dbus_list_find_first(&connection->incoming_messages, after_message); -+ _dbus_list_insert_after_link (&connection->incoming_messages, after_link, message_link); -+ connection->n_incoming += 1; -+ -+ _dbus_verbose ("Message %p (%s %s %s '%s') put back into queue %p, %d incoming\n", -+ message_link->data, -+ dbus_message_type_to_string (dbus_message_get_type (message_link->data)), -+ dbus_message_get_interface (message_link->data) ? -+ dbus_message_get_interface (message_link->data) : -+ "no interface", -+ dbus_message_get_member (message_link->data) ? -+ dbus_message_get_member (message_link->data) : -+ "no member", -+ dbus_message_get_signature (message_link->data), -+ connection, connection->n_incoming); -+ -+ _dbus_message_trace_ref (message_link->data, -1, -1, -+ "_dbus_connection_putback_message"); -+ -+ _dbus_connection_release_dispatch (connection); -+ -+ status = _dbus_connection_get_dispatch_status_unlocked (connection); -+ _dbus_connection_update_dispatch_status_and_unlock (connection, status); -+ -+ return TRUE; -+} -+ -+dbus_bool_t -+_dbus_connection_remove_message (DBusConnection *connection, -+ DBusMessage *message) -+{ -+ DBusDispatchStatus status; -+ dbus_bool_t removed; -+ -+ CONNECTION_LOCK (connection); -+ _dbus_connection_acquire_dispatch (connection); -+ HAVE_LOCK_CHECK (connection); -+ -+ removed = _dbus_list_remove(&connection->incoming_messages, message); -+ -+ if (removed) -+ { -+ connection->n_incoming -= 1; -+ dbus_message_unref(message); -+ _dbus_verbose ("Message %p removed from incoming queue\n", message); -+ } -+ else -+ _dbus_verbose ("Message %p not found in the incoming queue\n", message); -+ -+ _dbus_connection_release_dispatch (connection); -+ -+ status = _dbus_connection_get_dispatch_status_unlocked (connection); -+ _dbus_connection_update_dispatch_status_and_unlock (connection, status); -+ return removed; -+} -+ - /** - * Returns the first-received message from the incoming message queue, - * removing it from the queue. The caller owns a reference to the -@@ -4252,8 +4362,9 @@ static DBusDispatchStatus - _dbus_connection_get_dispatch_status_unlocked (DBusConnection *connection) - { - HAVE_LOCK_CHECK (connection); -- -- if (connection->n_incoming > 0) -+ if (connection->dispatch_disabled && _dbus_connection_get_is_connected_unlocked(connection)) -+ return DBUS_DISPATCH_COMPLETE; -+ else if (connection->n_incoming > 0) - return DBUS_DISPATCH_DATA_REMAINS; - else if (!_dbus_transport_queue_messages (connection->transport)) - return DBUS_DISPATCH_NEED_MEMORY; -@@ -4716,6 +4827,8 @@ dbus_connection_dispatch (DBusConnection *connection) - - CONNECTION_LOCK (connection); - -+ if (result == DBUS_HANDLER_RESULT_LATER) -+ goto out; - if (result == DBUS_HANDLER_RESULT_NEED_MEMORY) - { - _dbus_verbose ("No memory\n"); -@@ -4838,9 +4951,11 @@ dbus_connection_dispatch (DBusConnection *connection) - connection); - - out: -- if (result == DBUS_HANDLER_RESULT_NEED_MEMORY) -+ if (result == DBUS_HANDLER_RESULT_LATER || -+ result == DBUS_HANDLER_RESULT_NEED_MEMORY) - { -- _dbus_verbose ("out of memory\n"); -+ if (result == DBUS_HANDLER_RESULT_NEED_MEMORY) -+ _dbus_verbose ("out of memory\n"); - - /* Put message back, and we'll start over. - * Yes this means handlers must be idempotent if they -diff --git a/dbus/dbus-list.c b/dbus/dbus-list.c -index 8e713c0..32ea871 100644 ---- a/dbus/dbus-list.c -+++ b/dbus/dbus-list.c -@@ -458,6 +458,35 @@ _dbus_list_remove_last (DBusList **list, - return FALSE; - } - -+/** -+ * Finds a value in the list. Returns the first link -+ * with value equal to the given data pointer. -+ * This is a linear-time operation. -+ * Returns #NULL if no value found that matches. -+ * -+ * @param list address of the list head. -+ * @param data the value to find. -+ * @returns the link if found -+ */ -+DBusList* -+_dbus_list_find_first (DBusList **list, -+ void *data) -+{ -+ DBusList *link; -+ -+ link = _dbus_list_get_first_link (list); -+ -+ while (link != NULL) -+ { -+ if (link->data == data) -+ return link; -+ -+ link = _dbus_list_get_next_link (list, link); -+ } -+ -+ return NULL; -+} -+ - /** - * Finds a value in the list. Returns the last link - * with value equal to the given data pointer. -diff --git a/dbus/dbus-list.h b/dbus/dbus-list.h -index 9350a0d..fee9f1b 100644 ---- a/dbus/dbus-list.h -+++ b/dbus/dbus-list.h -@@ -68,6 +68,9 @@ DBUS_PRIVATE_EXPORT - void _dbus_list_remove_link (DBusList **list, - DBusList *link); - DBUS_PRIVATE_EXPORT -+DBusList* _dbus_list_find_first (DBusList **list, -+ void *data); -+DBUS_PRIVATE_EXPORT - DBusList* _dbus_list_find_last (DBusList **list, - void *data); - DBUS_PRIVATE_EXPORT -diff --git a/dbus/dbus-shared.h b/dbus/dbus-shared.h -index 7ab9103..e5bfbed 100644 ---- a/dbus/dbus-shared.h -+++ b/dbus/dbus-shared.h -@@ -67,7 +67,8 @@ typedef enum - { - DBUS_HANDLER_RESULT_HANDLED, /**< Message has had its effect - no need to run more handlers. */ - DBUS_HANDLER_RESULT_NOT_YET_HANDLED, /**< Message has not had any effect - see if other handlers want it. */ -- DBUS_HANDLER_RESULT_NEED_MEMORY /**< Need more memory in order to return #DBUS_HANDLER_RESULT_HANDLED or #DBUS_HANDLER_RESULT_NOT_YET_HANDLED. Please try again later with more memory. */ -+ DBUS_HANDLER_RESULT_NEED_MEMORY, /**< Need more memory in order to return #DBUS_HANDLER_RESULT_HANDLED or #DBUS_HANDLER_RESULT_NOT_YET_HANDLED. Please try again later with more memory. */ -+ DBUS_HANDLER_RESULT_LATER /**< Message dispatch deferred due to pending policy check */ - } DBusHandlerResult; - - /* Bus names */ --- -2.21.1 - diff --git a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0003-Handle-unavailability-of-policy-results-for-broadcas.patch b/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0003-Handle-unavailability-of-policy-results-for-broadcas.patch deleted file mode 100644 index 7d89a7496..000000000 --- a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0003-Handle-unavailability-of-policy-results-for-broadcas.patch +++ /dev/null @@ -1,1095 +0,0 @@ -From 9d39aa9dd55680529d721a0389ce9ef579bb669a Mon Sep 17 00:00:00 2001 -From: Jacek Bukarewicz <j.bukarewicz@samsung.com> -Date: Fri, 28 Nov 2014 12:39:33 +0100 -Subject: [PATCH 3/8] Handle unavailability of policy results for broadcasts - and receive rules -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When message is sent to the addressed recipient and receive rule -result is unavailable we don't want to block the sender -as it most likely will be the privileged service, so instead we queue -it at the recipient. Any further messages sent to it will be queued to -maintain message order. Once the answer from Cynara arrives messages are -dispatched from the recipient queue. In such case full dispatch is -performed - messages are sent to addressed recipient and other -interested connections. -Messages sent to non-addressed recipients (eavesdroppers or broadcast -message recipients) are handled in a similar way. The difference is -that it is not full dispatch meaning message is sent to a single recipient. - -Cherry picked from 1e231194610892dd4360224998d91336097b05a1 by Jose Bollo - -Updated for dbus 1.10.20 by Scott Murray and José Bollo - -Signed-off-by: José Bollo <jose.bollo@iot.bzh> -Signed-off-by: Scott Murray <scott.murray@konsulko.com> ---- - bus/activation.c | 4 +- - bus/bus.c | 50 ++++++-- - bus/bus.h | 19 +++ - bus/check.c | 307 +++++++++++++++++++++++++++++++++++++++++++++++ - bus/check.h | 25 ++++ - bus/connection.c | 168 ++++++++++++++++++++++++-- - bus/connection.h | 19 ++- - bus/dispatch.c | 115 +++++++++++++++--- - bus/dispatch.h | 11 +- - bus/driver.c | 2 +- - bus/policy.c | 6 + - 11 files changed, 683 insertions(+), 43 deletions(-) - -diff --git a/bus/activation.c b/bus/activation.c -index 8301b59..d4b597c 100644 ---- a/bus/activation.c -+++ b/bus/activation.c -@@ -1259,7 +1259,7 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation - res = bus_dispatch_matches (transaction, - entry->connection, - addressed_recipient, -- entry->activation_message, &error); -+ entry->activation_message, NULL, &error); - if (res == BUS_RESULT_FALSE) - { - /* If permission is denied, we just want to return the error -@@ -2140,7 +2140,7 @@ bus_activation_activate_service (BusActivation *activation, - bus_connection_get_loginfo (connection)); - /* Wonderful, systemd is connected, let's just send the msg */ - res = bus_dispatch_matches (activation_transaction, NULL, -- systemd, message, error); -+ systemd, message, NULL, error); - - if (res == BUS_RESULT_TRUE) - retval = TRUE; -diff --git a/bus/bus.c b/bus/bus.c -index 6fc45d0..0aa700b 100644 ---- a/bus/bus.c -+++ b/bus/bus.c -@@ -1800,17 +1800,9 @@ bus_context_check_security_policy (BusContext *context, - } - - /* See if limits on size have been exceeded */ -- if (proposed_recipient && -- ((dbus_connection_get_outgoing_size (proposed_recipient) > context->limits.max_outgoing_bytes) || -- (dbus_connection_get_outgoing_unix_fds (proposed_recipient) > context->limits.max_outgoing_unix_fds))) -- { -- complain_about_message (context, DBUS_ERROR_LIMITS_EXCEEDED, -- "Rejected: destination has a full message queue", -- 0, message, sender, proposed_recipient, requested_reply, TRUE, NULL, -- error); -- _dbus_verbose ("security policy disallowing message due to full message queue\n"); -+ if (!bus_context_check_recipient_message_limits(context, proposed_recipient, sender, message, -+ requested_reply, error)) - return BUS_RESULT_FALSE; -- } - - /* Record that we will allow a reply here in the future (don't - * bother if the recipient is the bus or this is an eavesdropping -@@ -1869,3 +1861,41 @@ bus_context_check_all_watches (BusContext *context) - _dbus_server_toggle_all_watches (server, enabled); - } - } -+ -+void -+bus_context_complain_about_message (BusContext *context, -+ const char *error_name, -+ const char *complaint, -+ int matched_rules, -+ DBusMessage *message, -+ DBusConnection *sender, -+ DBusConnection *proposed_recipient, -+ dbus_bool_t requested_reply, -+ dbus_bool_t log, -+ const char *privilege, -+ DBusError *error) -+{ -+ complain_about_message(context, error_name, complaint, matched_rules, message, sender, -+ proposed_recipient, requested_reply, log, privilege, error); -+} -+ -+dbus_bool_t bus_context_check_recipient_message_limits (BusContext *context, -+ DBusConnection *recipient, -+ DBusConnection *sender, -+ DBusMessage *message, -+ dbus_bool_t requested_reply, -+ DBusError *error) -+{ -+ if (recipient && -+ ((dbus_connection_get_outgoing_size (recipient) > context->limits.max_outgoing_bytes) || -+ (dbus_connection_get_outgoing_unix_fds (recipient) > context->limits.max_outgoing_unix_fds))) -+ { -+ complain_about_message (context, DBUS_ERROR_LIMITS_EXCEEDED, -+ "Rejected: destination has a full message queue", -+ 0, message, sender, recipient, requested_reply, TRUE, NULL, -+ error); -+ _dbus_verbose ("security policy disallowing message due to full message queue\n"); -+ return FALSE; -+ } -+ return TRUE; -+} -diff --git a/bus/bus.h b/bus/bus.h -index 82c32c8..1b08f7c 100644 ---- a/bus/bus.h -+++ b/bus/bus.h -@@ -164,4 +164,23 @@ BusResult bus_context_check_security_policy (BusContext - BusDeferredMessage **deferred_message); - void bus_context_check_all_watches (BusContext *context); - -+dbus_bool_t bus_context_check_recipient_message_limits (BusContext *context, -+ DBusConnection *recipient, -+ DBusConnection *sender, -+ DBusMessage *message, -+ dbus_bool_t requested_reply, -+ DBusError *error); -+void bus_context_complain_about_message (BusContext *context, -+ const char *error_name, -+ const char *complaint, -+ int matched_rules, -+ DBusMessage *message, -+ DBusConnection *sender, -+ DBusConnection *proposed_recipient, -+ dbus_bool_t requested_reply, -+ dbus_bool_t log, -+ const char *privilege, -+ DBusError *error); -+ -+ - #endif /* BUS_BUS_H */ -diff --git a/bus/check.c b/bus/check.c -index 4b8a699..f3d283f 100644 ---- a/bus/check.c -+++ b/bus/check.c -@@ -49,6 +49,9 @@ typedef struct BusDeferredMessage - DBusConnection *sender; - DBusConnection *proposed_recipient; - DBusConnection *addressed_recipient; -+ dbus_bool_t requested_reply; -+ int matched_rules; -+ const char *privilege; - dbus_bool_t full_dispatch; - BusDeferredMessageStatus status; - BusResult response; -@@ -135,6 +138,89 @@ bus_check_enable_dispatch_callback (BusDeferredMessage *deferred_message, - _dbus_connection_enable_dispatch(deferred_message->sender); - } - -+static void -+bus_check_queued_message_reply_callback (BusDeferredMessage *deferred_message, -+ BusResult result) -+{ -+ int status; -+ -+ _dbus_verbose("bus_check_queued_message_reply_callback called message=%p\n", deferred_message); -+ -+ if (!bus_connection_is_active(deferred_message->proposed_recipient)) -+ return; -+ -+ status = deferred_message->status; -+ -+ deferred_message->status = 0; /* mark message as not waiting for response */ -+ deferred_message->response = result; -+ -+ /* -+ * If send rule allows us to send message we still need to check receive rules. -+ */ -+ if ((status & BUS_DEFERRED_MESSAGE_CHECK_SEND) && (result == BUS_RESULT_TRUE)) -+ { -+ int toggles; -+ BusContext *context; -+ BusRegistry *registry; -+ BusClientPolicy *recipient_policy; -+ BusDeferredMessage *deferred_message_receive; -+ -+ context = bus_connection_get_context(deferred_message->proposed_recipient); -+ registry = bus_context_get_registry(context); -+ recipient_policy = bus_connection_get_policy(deferred_message->proposed_recipient); -+ -+ deferred_message->response = bus_client_policy_check_can_receive(recipient_policy, registry, -+ deferred_message->requested_reply, deferred_message->sender, -+ deferred_message->addressed_recipient, deferred_message->proposed_recipient, deferred_message->message, -+ &toggles, NULL, &deferred_message_receive); -+ if (deferred_message->response == BUS_RESULT_LATER) -+ { -+ /* replace deferred message associated with send check with the one associated with -+ * receive check */ -+ if (!bus_deferred_message_replace(deferred_message, deferred_message_receive)) -+ { -+ /* failed to replace deferred message (due to oom). Set it to rejected */ -+ deferred_message->response = BUS_RESULT_FALSE; -+ } -+ } -+ } -+ -+ bus_connection_dispatch_deferred(deferred_message->proposed_recipient); -+} -+ -+static void -+queue_deferred_message_cancel_transaction_hook (void *data) -+{ -+ BusDeferredMessage *deferred_message = (BusDeferredMessage *)data; -+ bus_connection_remove_deferred_message(deferred_message->proposed_recipient, deferred_message); -+} -+ -+ -+dbus_bool_t -+bus_deferred_message_queue_at_recipient (BusDeferredMessage *deferred_message, -+ BusTransaction *transaction, -+ dbus_bool_t full_dispatch, -+ dbus_bool_t prepend) -+{ -+ _dbus_assert(deferred_message != NULL); -+ _dbus_assert(deferred_message->proposed_recipient != NULL); -+ -+ if (!bus_connection_queue_deferred_message(deferred_message->proposed_recipient, -+ deferred_message, prepend)) -+ return FALSE; -+ -+ if (!bus_transaction_add_cancel_hook(transaction, queue_deferred_message_cancel_transaction_hook, -+ deferred_message, NULL)) -+ { -+ bus_connection_remove_deferred_message(deferred_message->proposed_recipient, deferred_message); -+ return FALSE; -+ } -+ deferred_message->response_callback = bus_check_queued_message_reply_callback; -+ deferred_message->full_dispatch = full_dispatch; -+ -+ return TRUE; -+} -+ - static void - deferred_message_free_function(void *data) - { -@@ -159,6 +245,20 @@ bus_deferred_message_disable_sender (BusDeferredMessage *deferred_message) - deferred_message->response_callback = bus_check_enable_dispatch_callback; - } - -+void -+bus_deferred_message_set_policy_check_info (BusDeferredMessage *deferred_message, -+ dbus_bool_t requested_reply, -+ int matched_rules, -+ const char *privilege) -+{ -+ _dbus_assert(deferred_message != NULL); -+ -+ deferred_message->requested_reply = requested_reply; -+ deferred_message->matched_rules = matched_rules; -+ deferred_message->privilege = privilege; -+} -+ -+ - #ifdef DBUS_ENABLE_EMBEDDED_TESTS - BusResult (*bus_check_test_override) (DBusConnection *connection, - const char *privilege); -@@ -259,6 +359,9 @@ BusDeferredMessage *bus_deferred_message_new (DBusMessage *message, - deferred_message->addressed_recipient = addressed_recipient != NULL ? dbus_connection_ref(addressed_recipient) : NULL; - deferred_message->proposed_recipient = proposed_recipient != NULL ? dbus_connection_ref(proposed_recipient) : NULL; - deferred_message->message = dbus_message_ref(message); -+ deferred_message->requested_reply = FALSE; -+ deferred_message->matched_rules = 0; -+ deferred_message->privilege = NULL; - deferred_message->response = response; - deferred_message->status = 0; - deferred_message->full_dispatch = FALSE; -@@ -295,12 +398,215 @@ bus_deferred_message_unref (BusDeferredMessage *deferred_message) - } - } - -+dbus_bool_t -+bus_deferred_message_check_message_limits (BusDeferredMessage *deferred_message, DBusError *error) -+{ -+ BusContext *context = bus_connection_get_context(deferred_message->proposed_recipient); -+ -+ return bus_context_check_recipient_message_limits(context, deferred_message->proposed_recipient, -+ deferred_message->sender, deferred_message->message, deferred_message->requested_reply, -+ error); -+} -+ -+dbus_bool_t -+bus_deferred_message_expect_method_reply(BusDeferredMessage *deferred_message, BusTransaction *transaction, DBusError *error) -+{ -+ int type = dbus_message_get_type(deferred_message->message); -+ if (type == DBUS_MESSAGE_TYPE_METHOD_CALL && -+ deferred_message->sender && -+ deferred_message->addressed_recipient && -+ deferred_message->addressed_recipient == deferred_message->proposed_recipient && /* not eavesdropping */ -+ !bus_connections_expect_reply (bus_connection_get_connections (deferred_message->sender), -+ transaction, -+ deferred_message->sender, deferred_message->addressed_recipient, -+ deferred_message->message, error)) -+ { -+ _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n"); -+ return FALSE; -+ } -+ return TRUE; -+} -+ -+void -+bus_deferred_message_create_error(BusDeferredMessage *deferred_message, -+ const char *error_message, DBusError *error) -+{ -+ BusContext *context; -+ _dbus_assert (deferred_message->status == 0 && deferred_message->response == BUS_RESULT_FALSE); -+ -+ if (deferred_message->sender == NULL) -+ return; /* error won't be sent to bus driver anyway */ -+ -+ context = bus_connection_get_context(deferred_message->sender); -+ bus_context_complain_about_message(context, DBUS_ERROR_ACCESS_DENIED, "Rejected message", -+ deferred_message->matched_rules, deferred_message->message, deferred_message->sender, -+ deferred_message->proposed_recipient, deferred_message->requested_reply, FALSE, -+ deferred_message->privilege, error); -+} -+ -+BusResult -+bus_deferred_message_dispatch (BusDeferredMessage *deferred_message) -+{ -+ BusContext *context = bus_connection_get_context (deferred_message->proposed_recipient); -+ BusTransaction *transaction = bus_transaction_new (context); -+ BusResult result = BUS_RESULT_TRUE; -+ DBusError error; -+ -+ if (transaction == NULL) -+ { -+ return BUS_RESULT_FALSE; -+ } -+ -+ dbus_error_init(&error); -+ -+ if (!deferred_message->full_dispatch) -+ { -+ result = deferred_message->response; -+ if (result == BUS_RESULT_TRUE) -+ { -+ if (!bus_context_check_recipient_message_limits(context, deferred_message->proposed_recipient, -+ deferred_message->sender, deferred_message->message, deferred_message->requested_reply, &error)) -+ result = BUS_RESULT_FALSE; -+ } -+ else if (result == BUS_RESULT_LATER) -+ { -+ BusDeferredMessage *deferred_message2; -+ result = bus_context_check_security_policy (context, transaction, -+ deferred_message->sender, -+ deferred_message->addressed_recipient, -+ deferred_message->proposed_recipient, -+ deferred_message->message, NULL, NULL, -+ &deferred_message2); -+ -+ if (result == BUS_RESULT_LATER) -+ { -+ /* prepend at recipient */ -+ if (!bus_deferred_message_queue_at_recipient(deferred_message2, transaction, -+ FALSE, TRUE)) -+ result = BUS_RESULT_FALSE; -+ } -+ } -+ -+ /* silently drop messages on access denial */ -+ if (result == BUS_RESULT_TRUE) -+ { -+ if (!bus_transaction_send (transaction, deferred_message->proposed_recipient, deferred_message->message, TRUE)) -+ result = BUS_RESULT_FALSE; -+ } -+ -+ bus_transaction_execute_and_free(transaction); -+ -+ goto out; -+ } -+ -+ /* do not attempt to send message if sender has disconnected */ -+ if (deferred_message->sender != NULL && !bus_connection_is_active(deferred_message->sender)) -+ { -+ bus_transaction_cancel_and_free(transaction); -+ result = BUS_RESULT_FALSE; -+ goto out; -+ } -+ -+ result = bus_dispatch_matches(transaction, deferred_message->sender, -+ deferred_message->addressed_recipient, deferred_message->message, deferred_message, &error); -+ -+ if (result == BUS_RESULT_LATER) -+ { -+ /* Message deferring was already done in bus_dispatch_matches */ -+ bus_transaction_cancel_and_free(transaction); -+ goto out; -+ } -+ -+ /* this part is a copy & paste from bus_dispatch function. Probably can be moved to a function */ -+ if (dbus_error_is_set (&error)) -+ { -+ if (!dbus_connection_get_is_connected (deferred_message->sender)) -+ { -+ /* If we disconnected it, we won't bother to send it any error -+ * messages. -+ */ -+ _dbus_verbose ("Not sending error to connection we disconnected\n"); -+ } -+ else if (dbus_error_has_name (&error, DBUS_ERROR_NO_MEMORY)) -+ { -+ bus_connection_send_oom_error (deferred_message->sender, deferred_message->message); -+ -+ /* cancel transaction due to OOM */ -+ if (transaction != NULL) -+ { -+ bus_transaction_cancel_and_free (transaction); -+ transaction = NULL; -+ } -+ } -+ else -+ { -+ /* Try to send the real error, if no mem to do that, send -+ * the OOM error -+ */ -+ _dbus_assert (transaction != NULL); -+ if (!bus_transaction_send_error_reply (transaction, deferred_message->sender, -+ &error, deferred_message->message)) -+ { -+ bus_connection_send_oom_error (deferred_message->sender, deferred_message->message); -+ -+ /* cancel transaction due to OOM */ -+ if (transaction != NULL) -+ { -+ bus_transaction_cancel_and_free (transaction); -+ transaction = NULL; -+ } -+ } -+ } -+ } -+ -+ if (transaction != NULL) -+ { -+ bus_transaction_execute_and_free (transaction); -+ } -+ -+out: -+ dbus_error_free(&error); -+ -+ return result; -+} -+ -+dbus_bool_t -+bus_deferred_message_replace (BusDeferredMessage *old_message, BusDeferredMessage *new_message) -+{ -+ if (bus_connection_replace_deferred_message(old_message->proposed_recipient, -+ old_message, new_message)) -+ { -+ new_message->response_callback = old_message->response_callback; -+ new_message->full_dispatch = old_message->full_dispatch; -+ return TRUE; -+ } -+ return FALSE; -+} -+ -+dbus_bool_t -+bus_deferred_message_waits_for_check(BusDeferredMessage *deferred_message) -+{ -+ return deferred_message->status != 0; -+} -+ -+DBusConnection * -+bus_deferred_message_get_recipient(BusDeferredMessage *deferred_message) -+{ -+ return deferred_message->proposed_recipient; -+} -+ - BusDeferredMessageStatus - bus_deferred_message_get_status (BusDeferredMessage *deferred_message) - { - return deferred_message->status; - } - -+BusResult -+bus_deferred_message_get_response (BusDeferredMessage *deferred_message) -+{ -+ return deferred_message->response; -+} -+ - void - bus_deferred_message_response_received (BusDeferredMessage *deferred_message, - BusResult result) -@@ -310,3 +616,4 @@ bus_deferred_message_response_received (BusDeferredMessage *deferred_message, - deferred_message->response_callback(deferred_message, result); - } - } -+ -diff --git a/bus/check.h b/bus/check.h -index d177549..9c13c18 100644 ---- a/bus/check.h -+++ b/bus/check.h -@@ -64,12 +64,37 @@ BusDeferredMessage *bus_deferred_message_new (DBusMessage *messag - - BusDeferredMessage *bus_deferred_message_ref (BusDeferredMessage *deferred_message); - void bus_deferred_message_unref (BusDeferredMessage *deferred_message); -+BusResult bus_deferred_message_dispatch (BusDeferredMessage *deferred_message); -+dbus_bool_t bus_deferred_message_waits_for_check (BusDeferredMessage *deferred_message); -+DBusConnection *bus_deferred_message_get_recipient (BusDeferredMessage *deferred_message); - void bus_deferred_message_response_received (BusDeferredMessage *deferred_message, - BusResult result); -+dbus_bool_t bus_deferred_message_queue_at_recipient (BusDeferredMessage *deferred_message, -+ BusTransaction *transaction, -+ dbus_bool_t full_dispatch, -+ dbus_bool_t prepend); -+dbus_bool_t bus_deferred_message_replace (BusDeferredMessage *old_message, -+ BusDeferredMessage *new_message); - void bus_deferred_message_disable_sender (BusDeferredMessage *deferred_message); -+BusResult bus_deferred_message_get_response (BusDeferredMessage *deferred_message); - - BusDeferredMessageStatus bus_deferred_message_get_status (BusDeferredMessage *deferred_message); - -+ -+dbus_bool_t bus_deferred_message_expect_method_reply (BusDeferredMessage *deferred_message, -+ BusTransaction *transaction, -+ DBusError *error); -+void bus_deferred_message_create_error (BusDeferredMessage *deferred_message, -+ const char *error_message, -+ DBusError *error); -+void bus_deferred_message_set_policy_check_info (BusDeferredMessage *deferred_message, -+ dbus_bool_t requested_reply, -+ int matched_rules, -+ const char *privilege); -+dbus_bool_t bus_deferred_message_check_message_limits (BusDeferredMessage *deferred_message, -+ DBusError *error); -+ -+ - #ifdef DBUS_ENABLE_EMBEDDED_TESTS - extern BusResult (*bus_check_test_override) (DBusConnection *connection, - const char *privilege); -diff --git a/bus/connection.c b/bus/connection.c -index b348d42..ee93384 100644 ---- a/bus/connection.c -+++ b/bus/connection.c -@@ -31,11 +31,13 @@ - #include "expirelist.h" - #include "selinux.h" - #include "apparmor.h" -+#include "check.h" - #include <dbus/dbus-list.h> - #include <dbus/dbus-hash.h> - #include <dbus/dbus-timeout.h> - #include <dbus/dbus-connection-internal.h> - #include <dbus/dbus-internals.h> -+#include <dbus/dbus-message-internal.h> - #ifdef DBUS_ENABLE_CYNARA - #include <stdlib.h> - #include <cynara-session.h> -@@ -102,6 +104,7 @@ typedef struct - DBusMessage *oom_message; - DBusPreallocatedSend *oom_preallocated; - BusClientPolicy *policy; -+ DBusList *deferred_messages; /**< Queue of messages deferred due to pending policy check */ - - char *cached_loginfo_string; - BusSELinuxID *selinux_id; -@@ -268,6 +271,8 @@ bus_connection_disconnected (DBusConnection *connection) - bus_transaction_execute_and_free (transaction); - } - -+ bus_connection_clear_deferred_messages(connection); -+ - bus_dispatch_remove_connection (connection); - - /* no more watching */ -@@ -2307,7 +2312,7 @@ bus_transaction_capture (BusTransaction *transaction, - { - DBusConnection *recipient = link->data; - -- if (!bus_transaction_send (transaction, recipient, message)) -+ if (!bus_transaction_send (transaction, recipient, message, FALSE)) - goto out; - } - -@@ -2361,6 +2366,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, - { - DBusError error = DBUS_ERROR_INIT; - BusResult res; -+ BusDeferredMessage *deferred_message; - - /* We have to set the sender to the driver, and have - * to check security policy since it was not done in -@@ -2401,7 +2407,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, - res = bus_context_check_security_policy (bus_transaction_get_context (transaction), - transaction, - NULL, connection, connection, message, NULL, -- &error, NULL); -+ &error, &deferred_message); - if (res == BUS_RESULT_FALSE) - { - if (!bus_transaction_capture_error_reply (transaction, connection, -@@ -2419,18 +2425,20 @@ bus_transaction_send_from_driver (BusTransaction *transaction, - } - else if (res == BUS_RESULT_LATER) - { -- _dbus_verbose ("Cannot delay sending message from bus driver, dropping it\n"); - dbus_error_free (&error); -- return TRUE; -+ if (!bus_deferred_message_queue_at_recipient(deferred_message, transaction, FALSE, FALSE)) -+ return FALSE; -+ return TRUE; /* pretend to have sent it */ - } - -- return bus_transaction_send (transaction, connection, message); -+ return bus_transaction_send (transaction, connection, message, FALSE); - } - - dbus_bool_t - bus_transaction_send (BusTransaction *transaction, - DBusConnection *connection, -- DBusMessage *message) -+ DBusMessage *message, -+ dbus_bool_t deferred_dispatch) - { - MessageToSend *to_send; - BusConnectionData *d; -@@ -2456,7 +2464,28 @@ bus_transaction_send (BusTransaction *transaction, - - d = BUS_CONNECTION_DATA (connection); - _dbus_assert (d != NULL); -- -+ -+ if (!deferred_dispatch && d->deferred_messages != NULL) -+ { -+ BusDeferredMessage *deferred_message; -+ dbus_bool_t success; -+ /* sender and addressed recipient are not required at this point as we only need to send message -+ * to a single recipient without performing policy check. */ -+ deferred_message = bus_deferred_message_new (message, -+ NULL, -+ NULL, -+ connection, -+ BUS_RESULT_TRUE); -+ if (deferred_message == NULL) -+ return FALSE; -+ -+ success = bus_deferred_message_queue_at_recipient(deferred_message, transaction, -+ FALSE, FALSE); -+ bus_deferred_message_unref(deferred_message); -+ -+ return success; -+ } -+ - to_send = dbus_new (MessageToSend, 1); - if (to_send == NULL) - { -@@ -2708,6 +2737,131 @@ bus_transaction_add_cancel_hook (BusTransaction *transaction, - return TRUE; - } - -+void -+bus_connection_dispatch_deferred (DBusConnection *connection) -+{ -+ BusDeferredMessage *message; -+ -+ _dbus_return_if_fail (connection != NULL); -+ -+ while ((message = bus_connection_pop_deferred_message(connection)) != NULL) -+ { -+ bus_deferred_message_dispatch(message); -+ bus_deferred_message_unref(message); -+ } -+} -+ -+dbus_bool_t -+bus_connection_has_deferred_messages (DBusConnection *connection) -+{ -+ BusConnectionData *d = BUS_CONNECTION_DATA(connection); -+ return d->deferred_messages != NULL ? TRUE : FALSE; -+} -+ -+dbus_bool_t -+bus_connection_queue_deferred_message (DBusConnection *connection, -+ BusDeferredMessage *message, -+ dbus_bool_t prepend) -+{ -+ BusConnectionData *d = BUS_CONNECTION_DATA(connection); -+ dbus_bool_t success; -+ if (prepend) -+ success = _dbus_list_prepend(&d->deferred_messages, message); -+ else -+ success = _dbus_list_append(&d->deferred_messages, message); -+ -+ if (success) -+ { -+ bus_deferred_message_ref(message); -+ return TRUE; -+ } -+ -+ return FALSE; -+} -+ -+dbus_bool_t -+bus_connection_replace_deferred_message (DBusConnection *connection, -+ BusDeferredMessage *oldMessage, -+ BusDeferredMessage *newMessage) -+{ -+ DBusList *link; -+ BusConnectionData *d = BUS_CONNECTION_DATA(connection); -+ -+ link = _dbus_list_find_first(&d->deferred_messages, oldMessage); -+ if (link == NULL) -+ return FALSE; -+ -+ if (!_dbus_list_insert_after(&d->deferred_messages, link, newMessage)) -+ return FALSE; -+ -+ bus_deferred_message_ref(newMessage); -+ _dbus_list_remove_link(&d->deferred_messages, link); -+ bus_deferred_message_unref(oldMessage); -+ return TRUE; -+} -+ -+BusDeferredMessage * -+bus_connection_pop_deferred_message (DBusConnection *connection) -+{ -+ DBusList *link; -+ BusDeferredMessage *message; -+ BusConnectionData *d = BUS_CONNECTION_DATA(connection); -+ -+ link =_dbus_list_get_first_link(&d->deferred_messages); -+ if (link != NULL) -+ { -+ message = link->data; -+ if (!bus_deferred_message_waits_for_check(message)) -+ { -+ _dbus_list_remove_link(&d->deferred_messages, link); -+ return message; -+ } -+ } -+ -+ return NULL; -+} -+ -+dbus_bool_t -+bus_connection_putback_deferred_message (DBusConnection *connection, BusDeferredMessage *message) -+{ -+ BusConnectionData *d = BUS_CONNECTION_DATA(connection); -+ if (_dbus_list_prepend(&d->deferred_messages, message)) -+ { -+ return TRUE; -+ } -+ return FALSE; -+} -+ -+void -+bus_connection_clear_deferred_messages (DBusConnection *connection) -+{ -+ BusConnectionData *d = BUS_CONNECTION_DATA(connection); -+ DBusList *link; -+ DBusList *next; -+ BusDeferredMessage *message; -+ -+ link =_dbus_list_get_first_link(&d->deferred_messages); -+ while (link != NULL) -+ { -+ next = _dbus_list_get_next_link (&d->deferred_messages, link); -+ message = link->data; -+ -+ bus_deferred_message_unref(message); -+ _dbus_list_remove_link(&d->deferred_messages, link); -+ -+ link = next; -+ } -+} -+ -+void -+bus_connection_remove_deferred_message (DBusConnection *connection, -+ BusDeferredMessage *message) -+{ -+ BusConnectionData *d = BUS_CONNECTION_DATA(connection); -+ if (_dbus_list_remove(&d->deferred_messages, message)) -+ bus_deferred_message_unref(message); -+} -+ - int - bus_connections_get_n_active (BusConnections *connections) - { -diff --git a/bus/connection.h b/bus/connection.h -index 71078ea..97dae96 100644 ---- a/bus/connection.h -+++ b/bus/connection.h -@@ -85,6 +85,22 @@ dbus_bool_t bus_connection_preallocate_oom_error (DBusConnection *connection); - void bus_connection_send_oom_error (DBusConnection *connection, - DBusMessage *in_reply_to); - -+dbus_bool_t bus_connection_has_deferred_messages (DBusConnection *connection); -+dbus_bool_t bus_connection_queue_deferred_message (DBusConnection *connection, -+ BusDeferredMessage *message, -+ dbus_bool_t prepend); -+BusDeferredMessage *bus_connection_pop_deferred_message (DBusConnection *connection); -+dbus_bool_t bus_connection_putback_deferred_message (DBusConnection *connection, -+ BusDeferredMessage *message); -+void bus_connection_remove_deferred_message (DBusConnection *connection, -+ BusDeferredMessage *message); -+dbus_bool_t bus_connection_replace_deferred_message (DBusConnection *connection, -+ BusDeferredMessage *oldMessage, -+ BusDeferredMessage *newMessage); -+void bus_connection_dispatch_deferred (DBusConnection *connection); -+void bus_connection_clear_deferred_messages (DBusConnection *connection); -+ -+ - /* called by signals.c */ - dbus_bool_t bus_connection_add_match_rule (DBusConnection *connection, - BusMatchRule *rule); -@@ -137,7 +153,8 @@ BusTransaction* bus_transaction_new (BusContext * - BusContext* bus_transaction_get_context (BusTransaction *transaction); - dbus_bool_t bus_transaction_send (BusTransaction *transaction, - DBusConnection *connection, -- DBusMessage *message); -+ DBusMessage *message, -+ dbus_bool_t deferred_dispatch); - dbus_bool_t bus_transaction_capture (BusTransaction *transaction, - DBusConnection *connection, - DBusConnection *addressed_recipient, -diff --git a/bus/dispatch.c b/bus/dispatch.c -index 50a22a3..7d30ce4 100644 ---- a/bus/dispatch.c -+++ b/bus/dispatch.c -@@ -33,6 +33,7 @@ - #include "utils.h" - #include "bus.h" - #include "signals.h" -+#include "dispatch.h" - #include "test.h" - #include <dbus/dbus-internals.h> - #include <dbus/dbus-connection-internal.h> -@@ -77,7 +78,7 @@ send_one_message (DBusConnection *connection, - NULL, - &stack_error, - &deferred_message); -- if (result != BUS_RESULT_TRUE) -+ if (result == BUS_RESULT_FALSE) - { - if (!bus_transaction_capture_error_reply (transaction, sender, - &stack_error, message)) -@@ -112,9 +113,19 @@ send_one_message (DBusConnection *connection, - return TRUE; /* don't send it but don't return an error either */ - } - -+ if (result == BUS_RESULT_LATER) -+ { -+ if (!bus_deferred_message_queue_at_recipient(deferred_message, transaction, FALSE, FALSE)) -+ { -+ BUS_SET_OOM (error); -+ return FALSE; -+ } -+ return TRUE; /* pretend to have sent it */ -+ } -+ - if (!bus_transaction_send (transaction, - connection, -- message)) -+ message, FALSE)) - { - BUS_SET_OOM (error); - return FALSE; -@@ -124,11 +135,12 @@ send_one_message (DBusConnection *connection, - } - - BusResult --bus_dispatch_matches (BusTransaction *transaction, -- DBusConnection *sender, -- DBusConnection *addressed_recipient, -- DBusMessage *message, -- DBusError *error) -+bus_dispatch_matches (BusTransaction *transaction, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusMessage *message, -+ BusDeferredMessage *dispatched_deferred_message, -+ DBusError *error) - { - DBusError tmp_error; - BusConnections *connections; -@@ -137,7 +149,6 @@ bus_dispatch_matches (BusTransaction *transaction, - DBusList *link; - BusContext *context; - BusDeferredMessage *deferred_message; -- BusResult res; - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - -@@ -153,16 +164,80 @@ bus_dispatch_matches (BusTransaction *transaction, - /* First, send the message to the addressed_recipient, if there is one. */ - if (addressed_recipient != NULL) - { -- res = bus_context_check_security_policy (context, transaction, -+ BusResult result; -+ /* To maintain message order message needs to be appended at the recipient if there are already -+ * deferred messages and we are not doing deferred dispatch -+ */ -+ if (dispatched_deferred_message == NULL && bus_connection_has_deferred_messages(addressed_recipient)) -+ { -+ deferred_message = bus_deferred_message_new(message, sender, -+ addressed_recipient, addressed_recipient, BUS_RESULT_LATER); -+ -+ if (deferred_message == NULL) -+ { -+ BUS_SET_OOM(error); -+ return BUS_RESULT_FALSE; -+ } -+ -+ if (!bus_deferred_message_queue_at_recipient(deferred_message, transaction, TRUE, FALSE)) -+ { -+ bus_deferred_message_unref(deferred_message); -+ BUS_SET_OOM(error); -+ return BUS_RESULT_FALSE; -+ } -+ -+ bus_deferred_message_unref(deferred_message); -+ return BUS_RESULT_TRUE; /* pretend to have sent it */ -+ } -+ -+ if (dispatched_deferred_message != NULL) -+ { -+ result = bus_deferred_message_get_response(dispatched_deferred_message); -+ if (result == BUS_RESULT_TRUE) -+ { -+ /* if we know the result of policy check we still need to check if message limits -+ * are not exceeded. It is also required to add entry in expected replies list if -+ * this is a method call -+ */ -+ if (!bus_deferred_message_check_message_limits(dispatched_deferred_message, error)) -+ return BUS_RESULT_FALSE; -+ -+ if (!bus_deferred_message_expect_method_reply(dispatched_deferred_message, transaction, error)) -+ return BUS_RESULT_FALSE; -+ } -+ else if (result == BUS_RESULT_FALSE) -+ { -+ bus_deferred_message_create_error(dispatched_deferred_message, "Rejected message", error); -+ return BUS_RESULT_FALSE; -+ } -+ } -+ else -+ result = BUS_RESULT_LATER; -+ -+ if (result == BUS_RESULT_LATER) -+ result = bus_context_check_security_policy (context, transaction, - sender, addressed_recipient, - addressed_recipient, - message, NULL, error, - &deferred_message); -- if (res == BUS_RESULT_FALSE) -+ -+ if (result == BUS_RESULT_FALSE) - return BUS_RESULT_FALSE; -- else if (res == BUS_RESULT_LATER) -+ else if (result == BUS_RESULT_LATER) - { - BusDeferredMessageStatus status; -+ -+ if (dispatched_deferred_message != NULL) -+ { -+ /* for deferred dispatch prepend message at the recipient */ -+ if (!bus_deferred_message_queue_at_recipient(deferred_message, transaction, TRUE, TRUE)) -+ { -+ BUS_SET_OOM(error); -+ return BUS_RESULT_FALSE; -+ } -+ return BUS_RESULT_TRUE; /* pretend to have sent it */ -+ } -+ - status = bus_deferred_message_get_status(deferred_message); - - if (status & BUS_DEFERRED_MESSAGE_CHECK_SEND) -@@ -173,13 +248,18 @@ bus_dispatch_matches (BusTransaction *transaction, - } - else if (status & BUS_DEFERRED_MESSAGE_CHECK_RECEIVE) - { -- dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, -- "Rejecting message because time is needed to check security policy"); -- return BUS_RESULT_FALSE; -+ /* receive rule result not available - queue message at the recipient */ -+ if (!bus_deferred_message_queue_at_recipient(deferred_message, transaction, TRUE, FALSE)) -+ { -+ BUS_SET_OOM(error); -+ return BUS_RESULT_FALSE; -+ } -+ -+ return BUS_RESULT_TRUE; /* pretend to have sent it */ - } - else - { -- _dbus_verbose("deferred message has no status field set to send or receive unexpectedly\n"); -+ _dbus_verbose("deferred message has no status field set unexpectedly\n"); - return BUS_RESULT_FALSE; - } - } -@@ -196,7 +276,8 @@ bus_dispatch_matches (BusTransaction *transaction, - } - - /* Dispatch the message */ -- if (!bus_transaction_send (transaction, addressed_recipient, message)) -+ if (!bus_transaction_send(transaction, addressed_recipient, message, -+ dispatched_deferred_message != NULL ? TRUE : FALSE)) - { - BUS_SET_OOM (error); - return BUS_RESULT_FALSE; -@@ -534,7 +615,7 @@ bus_dispatch (DBusConnection *connection, - * match rules. - */ - if (BUS_RESULT_LATER == bus_dispatch_matches (transaction, connection, addressed_recipient, -- message, &error)) -+ message, NULL, &error)) - { - /* Roll back and dispatch the message once the policy result is available */ - bus_transaction_cancel_and_free (transaction); -diff --git a/bus/dispatch.h b/bus/dispatch.h -index afba6a2..f6102e8 100644 ---- a/bus/dispatch.h -+++ b/bus/dispatch.h -@@ -29,10 +29,11 @@ - - dbus_bool_t bus_dispatch_add_connection (DBusConnection *connection); - void bus_dispatch_remove_connection (DBusConnection *connection); --BusResult bus_dispatch_matches (BusTransaction *transaction, -- DBusConnection *sender, -- DBusConnection *recipient, -- DBusMessage *message, -- DBusError *error); -+BusResult bus_dispatch_matches (BusTransaction *transaction, -+ DBusConnection *sender, -+ DBusConnection *recipient, -+ DBusMessage *message, -+ BusDeferredMessage *dispatched_deferred_message, -+ DBusError *error); - - #endif /* BUS_DISPATCH_H */ -diff --git a/bus/driver.c b/bus/driver.c -index f414f64..d89a658 100644 ---- a/bus/driver.c -+++ b/bus/driver.c -@@ -254,7 +254,7 @@ bus_driver_send_service_owner_changed (const char *service_name, - if (!bus_transaction_capture (transaction, NULL, NULL, message)) - goto oom; - -- res = bus_dispatch_matches (transaction, NULL, NULL, message, error); -+ res = bus_dispatch_matches (transaction, NULL, NULL, message, NULL, error); - if (res == BUS_RESULT_TRUE) - retval = TRUE; - else -diff --git a/bus/policy.c b/bus/policy.c -index 7de92c6..483cc97 100644 ---- a/bus/policy.c -+++ b/bus/policy.c -@@ -1122,6 +1122,9 @@ bus_client_policy_check_can_send (DBusConnection *sender, - - result = bus_check_privilege(check, message, sender, addressed_recipient, receiver, - privilege, BUS_DEFERRED_MESSAGE_CHECK_SEND, deferred_message); -+ if (result == BUS_RESULT_LATER && deferred_message != NULL) -+ bus_deferred_message_set_policy_check_info(*deferred_message, requested_reply, -+ *toggles, privilege); - } - else - privilege = NULL; -@@ -1372,6 +1375,9 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, - - result = bus_check_privilege(check, message, sender, addressed_recipient, proposed_recipient, - privilege, BUS_DEFERRED_MESSAGE_CHECK_RECEIVE, deferred_message); -+ if (result == BUS_RESULT_LATER && deferred_message != NULL) -+ bus_deferred_message_set_policy_check_info(*deferred_message, requested_reply, -+ *toggles, privilege); - } - else - privilege = NULL; --- -2.21.1 - diff --git a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0004-Add-own-rule-result-unavailability-handling.patch b/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0004-Add-own-rule-result-unavailability-handling.patch deleted file mode 100644 index 9953dcaac..000000000 --- a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0004-Add-own-rule-result-unavailability-handling.patch +++ /dev/null @@ -1,1505 +0,0 @@ -From 28ada62c98d74285dc22b66650b09b6c8f2c28c4 Mon Sep 17 00:00:00 2001 -From: Jacek Bukarewicz <j.bukarewicz@samsung.com> -Date: Thu, 27 Nov 2014 11:26:21 +0100 -Subject: [PATCH 4/8] Add own rule result unavailability handling -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Own rule result unavailability is handled like send rules - dispatching -messages from the sender is blocked and resumed when result becomes -available. - -Handler of "RequestName" method needs to return BUS_RESULT_LATER when -policy result is not known therefore its return type is modified. -Since bus message handlers are put into function pointer array other -message handler function singatures are also affected. - -Cherry-picked from 35ef89cd6777ea2430077fc621d21bd01df92349 by Jose.bollo - -Updated for dbus 1.10.20 by Scott Murray and José Bollo - -Signed-off-by: José Bollo <jose.bollo@iot.bzh> -Signed-off-by: Scott Murray <scott.murray@konsulko.com> ---- - bus/dispatch.c | 11 +- - bus/driver.c | 334 ++++++++++++++++++++++++++++--------------------- - bus/driver.h | 2 +- - bus/policy.c | 52 ++++++-- - bus/policy.h | 6 +- - bus/services.c | 26 ++-- - bus/services.h | 3 +- - bus/stats.c | 23 ++-- - bus/stats.h | 6 +- - 9 files changed, 283 insertions(+), 180 deletions(-) - -diff --git a/bus/dispatch.c b/bus/dispatch.c -index 7d30ce4..4b84c21 100644 ---- a/bus/dispatch.c -+++ b/bus/dispatch.c -@@ -517,8 +517,17 @@ bus_dispatch (DBusConnection *connection, - } - - _dbus_verbose ("Giving message to %s\n", DBUS_SERVICE_DBUS); -- if (!bus_driver_handle_message (connection, transaction, message, &error)) -+ res = bus_driver_handle_message (connection, transaction, message, &error); -+ if (res == BUS_RESULT_FALSE) - goto out; -+ else if (res == BUS_RESULT_LATER) -+ { -+ /* connection has been disabled in message handler */ -+ bus_transaction_cancel_and_free (transaction); -+ transaction = NULL; -+ result = DBUS_HANDLER_RESULT_LATER; -+ goto out; -+ } - } - else if (!bus_connection_is_active (connection)) /* clients must talk to bus driver first */ - { -diff --git a/bus/driver.c b/bus/driver.c -index d89a658..aaeb3b2 100644 ---- a/bus/driver.c -+++ b/bus/driver.c -@@ -420,7 +420,7 @@ create_unique_client_name (BusRegistry *registry, - return TRUE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_hello (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -428,7 +428,7 @@ bus_driver_handle_hello (DBusConnection *connection, - { - DBusString unique_name; - BusService *service; -- dbus_bool_t retval; -+ BusResult retval; - BusRegistry *registry; - BusConnections *connections; - DBusError tmp_error; -@@ -442,7 +442,7 @@ bus_driver_handle_hello (DBusConnection *connection, - /* We already handled an Hello message for this connection. */ - dbus_set_error (error, DBUS_ERROR_FAILED, - "Already handled an Hello message"); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - /* Note that when these limits are exceeded we don't disconnect the -@@ -464,16 +464,16 @@ bus_driver_handle_hello (DBusConnection *connection, - bus_context_log (context, DBUS_SYSTEM_LOG_WARNING, "%s (%s=%d)", - tmp_error.message, limit_name, limit); - dbus_move_error (&tmp_error, error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - if (!_dbus_string_init (&unique_name)) - { - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - -- retval = FALSE; -+ retval = BUS_RESULT_FALSE; - - registry = bus_connection_get_registry (connection); - -@@ -506,7 +506,7 @@ bus_driver_handle_hello (DBusConnection *connection, - goto out_0; - - _dbus_assert (bus_connection_is_active (connection)); -- retval = TRUE; -+ retval = BUS_RESULT_TRUE; - - out_0: - _dbus_string_free (&unique_name); -@@ -558,7 +558,7 @@ bus_driver_send_welcome_message (DBusConnection *connection, - } - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_list_services (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -580,14 +580,14 @@ bus_driver_handle_list_services (DBusConnection *connection, - if (reply == NULL) - { - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - if (!bus_registry_list_services (registry, &services, &len)) - { - dbus_message_unref (reply); - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - dbus_message_iter_init_append (reply, &iter); -@@ -599,7 +599,7 @@ bus_driver_handle_list_services (DBusConnection *connection, - dbus_free_string_array (services); - dbus_message_unref (reply); - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - { -@@ -611,7 +611,7 @@ bus_driver_handle_list_services (DBusConnection *connection, - dbus_free_string_array (services); - dbus_message_unref (reply); - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - } - -@@ -624,7 +624,7 @@ bus_driver_handle_list_services (DBusConnection *connection, - dbus_free_string_array (services); - dbus_message_unref (reply); - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - ++i; - } -@@ -635,23 +635,23 @@ bus_driver_handle_list_services (DBusConnection *connection, - { - dbus_message_unref (reply); - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - if (!bus_transaction_send_from_driver (transaction, connection, reply)) - { - dbus_message_unref (reply); - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - else - { - dbus_message_unref (reply); -- return TRUE; -+ return BUS_RESULT_TRUE; - } - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_list_activatable_services (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -673,14 +673,14 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, - if (reply == NULL) - { - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - if (!bus_activation_list_services (activation, &services, &len)) - { - dbus_message_unref (reply); - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - dbus_message_iter_init_append (reply, &iter); -@@ -692,7 +692,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, - dbus_free_string_array (services); - dbus_message_unref (reply); - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - { -@@ -704,7 +704,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, - dbus_free_string_array (services); - dbus_message_unref (reply); - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - } - -@@ -717,7 +717,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, - dbus_free_string_array (services); - dbus_message_unref (reply); - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - ++i; - } -@@ -728,23 +728,23 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection, - { - dbus_message_unref (reply); - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - if (!bus_transaction_send_from_driver (transaction, connection, reply)) - { - dbus_message_unref (reply); - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - else - { - dbus_message_unref (reply); -- return TRUE; -+ return BUS_RESULT_TRUE; - } - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_acquire_service (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -755,7 +755,8 @@ bus_driver_handle_acquire_service (DBusConnection *connection, - const char *name; - dbus_uint32_t service_reply; - dbus_uint32_t flags; -- dbus_bool_t retval; -+ BusResult retval; -+ BusResult res; - BusRegistry *registry; - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -766,20 +767,24 @@ bus_driver_handle_acquire_service (DBusConnection *connection, - DBUS_TYPE_STRING, &name, - DBUS_TYPE_UINT32, &flags, - DBUS_TYPE_INVALID)) -- return FALSE; -+ return BUS_RESULT_FALSE; - - _dbus_verbose ("Trying to own name %s with flags 0x%x\n", name, flags); - -- retval = FALSE; -+ retval = BUS_RESULT_FALSE; - reply = NULL; - - _dbus_string_init_const (&service_name, name); - -- if (!bus_registry_acquire_service (registry, connection, -- &service_name, flags, -- &service_reply, transaction, -- error)) -- goto out; -+ res = bus_registry_acquire_service (registry, connection, message, -+ &service_name, flags, -+ &service_reply, transaction, -+ error); -+ if (res != BUS_RESULT_TRUE) -+ { -+ retval = res; -+ goto out; -+ } - - reply = dbus_message_new_method_return (message); - if (reply == NULL) -@@ -800,7 +805,7 @@ bus_driver_handle_acquire_service (DBusConnection *connection, - goto out; - } - -- retval = TRUE; -+ retval = BUS_RESULT_TRUE; - - out: - if (reply) -@@ -808,7 +813,7 @@ bus_driver_handle_acquire_service (DBusConnection *connection, - return retval; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_release_service (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -818,7 +823,7 @@ bus_driver_handle_release_service (DBusConnection *connection, - DBusString service_name; - const char *name; - dbus_uint32_t service_reply; -- dbus_bool_t retval; -+ BusResult retval; - BusRegistry *registry; - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -828,11 +833,11 @@ bus_driver_handle_release_service (DBusConnection *connection, - if (!dbus_message_get_args (message, error, - DBUS_TYPE_STRING, &name, - DBUS_TYPE_INVALID)) -- return FALSE; -+ return BUS_RESULT_FALSE; - - _dbus_verbose ("Trying to release name %s\n", name); - -- retval = FALSE; -+ retval = BUS_RESULT_FALSE; - reply = NULL; - - _dbus_string_init_const (&service_name, name); -@@ -861,7 +866,7 @@ bus_driver_handle_release_service (DBusConnection *connection, - goto out; - } - -- retval = TRUE; -+ retval = BUS_RESULT_TRUE; - - out: - if (reply) -@@ -869,7 +874,7 @@ bus_driver_handle_release_service (DBusConnection *connection, - return retval; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_service_exists (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -880,7 +885,7 @@ bus_driver_handle_service_exists (DBusConnection *connection, - BusService *service; - dbus_bool_t service_exists; - const char *name; -- dbus_bool_t retval; -+ BusResult retval; - BusRegistry *registry; - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -890,9 +895,9 @@ bus_driver_handle_service_exists (DBusConnection *connection, - if (!dbus_message_get_args (message, error, - DBUS_TYPE_STRING, &name, - DBUS_TYPE_INVALID)) -- return FALSE; -+ return BUS_RESULT_FALSE; - -- retval = FALSE; -+ retval = BUS_RESULT_FALSE; - - if (strcmp (name, DBUS_SERVICE_DBUS) == 0) - { -@@ -926,7 +931,7 @@ bus_driver_handle_service_exists (DBusConnection *connection, - goto out; - } - -- retval = TRUE; -+ retval = BUS_RESULT_TRUE; - - out: - if (reply) -@@ -935,7 +940,7 @@ bus_driver_handle_service_exists (DBusConnection *connection, - return retval; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_activate_service (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -943,7 +948,7 @@ bus_driver_handle_activate_service (DBusConnection *connection, - { - dbus_uint32_t flags; - const char *name; -- dbus_bool_t retval; -+ BusResult retval; - BusActivation *activation; - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -957,10 +962,10 @@ bus_driver_handle_activate_service (DBusConnection *connection, - { - _DBUS_ASSERT_ERROR_IS_SET (error); - _dbus_verbose ("No memory to get arguments to StartServiceByName\n"); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - -- retval = FALSE; -+ retval = BUS_RESULT_FALSE; - - if (!bus_activation_activate_service (activation, connection, transaction, FALSE, - message, name, error)) -@@ -970,7 +975,7 @@ bus_driver_handle_activate_service (DBusConnection *connection, - goto out; - } - -- retval = TRUE; -+ retval = BUS_RESULT_TRUE; - - out: - return retval; -@@ -1072,13 +1077,13 @@ bus_driver_send_or_activate (BusTransaction *transaction, - return TRUE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_update_activation_environment (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, - DBusError *error) - { -- dbus_bool_t retval; -+ BusResult retval; - BusActivation *activation; - BusContext *context; - DBusMessageIter iter; -@@ -1100,7 +1105,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, - dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, - "Cannot change activation environment " - "on a system bus."); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - activation = bus_connection_get_activation (connection); -@@ -1114,7 +1119,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, - - dbus_message_iter_recurse (&iter, &dict_iter); - -- retval = FALSE; -+ retval = BUS_RESULT_FALSE; - systemd_message = NULL; - - /* Then loop through the sent dictionary, add the location of -@@ -1279,7 +1284,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, - if (!bus_driver_send_ack_reply (connection, transaction, message, error)) - goto out; - -- retval = TRUE; -+ retval = BUS_RESULT_TRUE; - - out: - if (systemd_message != NULL) -@@ -1289,7 +1294,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, - return retval; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_add_match (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -1371,16 +1376,16 @@ bus_driver_handle_add_match (DBusConnection *connection, - - bus_match_rule_unref (rule); - -- return TRUE; -+ return BUS_RESULT_TRUE; - - failed: - _DBUS_ASSERT_ERROR_IS_SET (error); - if (rule) - bus_match_rule_unref (rule); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_remove_match (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -1423,16 +1428,16 @@ bus_driver_handle_remove_match (DBusConnection *connection, - - bus_match_rule_unref (rule); - -- return TRUE; -+ return BUS_RESULT_TRUE; - - failed: - _DBUS_ASSERT_ERROR_IS_SET (error); - if (rule) - bus_match_rule_unref (rule); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_get_service_owner (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -1502,7 +1507,7 @@ bus_driver_handle_get_service_owner (DBusConnection *connection, - - dbus_message_unref (reply); - -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - BUS_SET_OOM (error); -@@ -1511,10 +1516,10 @@ bus_driver_handle_get_service_owner (DBusConnection *connection, - _DBUS_ASSERT_ERROR_IS_SET (error); - if (reply) - dbus_message_unref (reply); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_list_queued_owners (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -1606,7 +1611,7 @@ bus_driver_handle_list_queued_owners (DBusConnection *connection, - - dbus_message_unref (reply); - -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - BUS_SET_OOM (error); -@@ -1619,10 +1624,10 @@ bus_driver_handle_list_queued_owners (DBusConnection *connection, - if (base_names) - _dbus_list_clear (&base_names); - -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_get_connection_unix_user (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -1679,7 +1684,7 @@ bus_driver_handle_get_connection_unix_user (DBusConnection *connection, - - dbus_message_unref (reply); - -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - BUS_SET_OOM (error); -@@ -1688,10 +1693,10 @@ bus_driver_handle_get_connection_unix_user (DBusConnection *connection, - _DBUS_ASSERT_ERROR_IS_SET (error); - if (reply) - dbus_message_unref (reply); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -1748,7 +1753,7 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection, - - dbus_message_unref (reply); - -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - BUS_SET_OOM (error); -@@ -1757,10 +1762,10 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection, - _DBUS_ASSERT_ERROR_IS_SET (error); - if (reply) - dbus_message_unref (reply); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_get_adt_audit_session_data (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -1811,7 +1816,7 @@ bus_driver_handle_get_adt_audit_session_data (DBusConnection *connection, - - dbus_message_unref (reply); - -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - BUS_SET_OOM (error); -@@ -1820,10 +1825,10 @@ bus_driver_handle_get_adt_audit_session_data (DBusConnection *connection, - _DBUS_ASSERT_ERROR_IS_SET (error); - if (reply) - dbus_message_unref (reply); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_get_connection_selinux_security_context (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -1872,7 +1877,7 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne - - dbus_message_unref (reply); - -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - BUS_SET_OOM (error); -@@ -1881,10 +1886,10 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne - _DBUS_ASSERT_ERROR_IS_SET (error); - if (reply) - dbus_message_unref (reply); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_get_connection_credentials (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -1998,7 +2003,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, - - dbus_message_unref (reply); - -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - BUS_SET_OOM (error); -@@ -2012,10 +2017,10 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, - dbus_message_unref (reply); - } - -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_reload_config (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -2040,7 +2045,7 @@ bus_driver_handle_reload_config (DBusConnection *connection, - goto oom; - - dbus_message_unref (reply); -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - BUS_SET_OOM (error); -@@ -2049,11 +2054,11 @@ bus_driver_handle_reload_config (DBusConnection *connection, - _DBUS_ASSERT_ERROR_IS_SET (error); - if (reply) - dbus_message_unref (reply); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - #ifdef DBUS_ENABLE_VERBOSE_MODE --static dbus_bool_t -+static BusResult - bus_driver_handle_enable_verbose (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -2073,7 +2078,7 @@ bus_driver_handle_enable_verbose (DBusConnection *connection, - _dbus_set_verbose(TRUE); - - dbus_message_unref (reply); -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -2082,10 +2087,10 @@ bus_driver_handle_enable_verbose (DBusConnection *connection, - - if (reply) - dbus_message_unref (reply); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_disable_verbose (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -2105,7 +2110,7 @@ bus_driver_handle_disable_verbose (DBusConnection *connection, - _dbus_set_verbose(FALSE); - - dbus_message_unref (reply); -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -2114,11 +2119,11 @@ bus_driver_handle_disable_verbose (DBusConnection *connection, - - if (reply) - dbus_message_unref (reply); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - #endif - --static dbus_bool_t -+static BusResult - bus_driver_handle_get_id (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -2134,7 +2139,7 @@ bus_driver_handle_get_id (DBusConnection *connection, - if (!_dbus_string_init (&uuid)) - { - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - reply = NULL; -@@ -2160,7 +2165,7 @@ bus_driver_handle_get_id (DBusConnection *connection, - - _dbus_string_free (&uuid); - dbus_message_unref (reply); -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -2170,10 +2175,10 @@ bus_driver_handle_get_id (DBusConnection *connection, - if (reply) - dbus_message_unref (reply); - _dbus_string_free (&uuid); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_become_monitor (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -2189,7 +2194,7 @@ bus_driver_handle_become_monitor (DBusConnection *connection, - int i; - int n_match_rules; - dbus_uint32_t flags; -- dbus_bool_t ret = FALSE; -+ BusResult ret = BUS_RESULT_FALSE; - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - -@@ -2262,10 +2267,10 @@ bus_driver_handle_become_monitor (DBusConnection *connection, - if (!bus_connection_be_monitor (connection, transaction, &rules, error)) - goto out; - -- ret = TRUE; -+ ret = BUS_RESULT_TRUE; - - out: -- if (ret) -+ if (ret == BUS_RESULT_TRUE) - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - else - _DBUS_ASSERT_ERROR_IS_SET (error); -@@ -2281,7 +2286,7 @@ out: - return ret; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_get_machine_id (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -2296,7 +2301,7 @@ bus_driver_handle_get_machine_id (DBusConnection *connection, - if (!_dbus_string_init (&uuid)) - { - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - if (!_dbus_get_local_machine_uuid_encoded (&uuid, error)) -@@ -2321,7 +2326,7 @@ bus_driver_handle_get_machine_id (DBusConnection *connection, - - _dbus_string_free (&uuid); - dbus_message_unref (reply); -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -2335,29 +2340,30 @@ fail: - dbus_message_unref (reply); - - _dbus_string_free (&uuid); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_ping (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, - DBusError *error) - { -- return bus_driver_send_ack_reply (connection, transaction, message, error); -+ return bus_driver_send_ack_reply (connection, transaction, message, error) == TRUE -+ ? BUS_RESULT_TRUE : BUS_RESULT_FALSE; - } - --static dbus_bool_t bus_driver_handle_get (DBusConnection *connection, -+static BusResult bus_driver_handle_get (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, - DBusError *error); - --static dbus_bool_t bus_driver_handle_get_all (DBusConnection *connection, -+static BusResult bus_driver_handle_get_all (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, - DBusError *error); - --static dbus_bool_t bus_driver_handle_set (DBusConnection *connection, -+static BusResult bus_driver_handle_set (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, - DBusError *error); -@@ -2389,10 +2395,10 @@ typedef struct - const char *name; - const char *in_args; - const char *out_args; -- dbus_bool_t (* handler) (DBusConnection *connection, -- BusTransaction *transaction, -- DBusMessage *message, -- DBusError *error); -+ BusResult (* handler) (DBusConnection *connection, -+ BusTransaction *transaction, -+ DBusMessage *message, -+ DBusError *error); - MethodFlags flags; - } MessageHandler; - -@@ -2511,7 +2517,7 @@ static const PropertyHandler dbus_property_handlers[] = { - { NULL, NULL, NULL } - }; - --static dbus_bool_t bus_driver_handle_introspect (DBusConnection *, -+static BusResult bus_driver_handle_introspect (DBusConnection *, - BusTransaction *, DBusMessage *, DBusError *); - - static const MessageHandler properties_message_handlers[] = { -@@ -2763,7 +2769,7 @@ bus_driver_generate_introspect_string (DBusString *xml, - return TRUE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_introspect (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -2784,13 +2790,13 @@ bus_driver_handle_introspect (DBusConnection *connection, - DBUS_TYPE_INVALID)) - { - _DBUS_ASSERT_ERROR_IS_SET (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - if (!_dbus_string_init (&xml)) - { - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - is_canonical_path = dbus_message_has_path (message, DBUS_PATH_DBUS); -@@ -2815,7 +2821,7 @@ bus_driver_handle_introspect (DBusConnection *connection, - dbus_message_unref (reply); - _dbus_string_free (&xml); - -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - BUS_SET_OOM (error); -@@ -2825,10 +2831,42 @@ bus_driver_handle_introspect (DBusConnection *connection, - - _dbus_string_free (&xml); - -- return FALSE; -+ return BUS_RESULT_FALSE; - } - -+/* -+ * Set @error and return FALSE if the message is not directed to the -+ * dbus-daemon by its canonical object path. This is hardening against -+ * system services with poorly-written security policy files, which -+ * might allow sending dangerously broad equivalence classes of messages -+ * such as "anything with this assumed-to-be-safe object path". -+ * -+ * dbus-daemon is unusual in that it normally ignores the object path -+ * of incoming messages; we need to keep that behaviour for the "read" -+ * read-only method calls like GetConnectionUnixUser for backwards -+ * compatibility, but it seems safer to be more restrictive for things -+ * intended to be root-only or privileged-developers-only. -+ * -+ * It is possible that there are other system services with the same -+ * quirk as dbus-daemon. -+ */ - dbus_bool_t -+bus_driver_check_message_is_for_us (DBusMessage *message, -+ DBusError *error) -+{ -+ if (!dbus_message_has_path (message, DBUS_PATH_DBUS)) -+ { -+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, -+ "Method '%s' is only available at the canonical object path '%s'", -+ dbus_message_get_member (message), DBUS_PATH_DBUS); -+ -+ return FALSE; -+ } -+ -+ return TRUE; -+} -+ -+BusResult - bus_driver_handle_message (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -2839,6 +2877,7 @@ bus_driver_handle_message (DBusConnection *connection, - const MessageHandler *mh; - dbus_bool_t found_interface = FALSE; - dbus_bool_t is_canonical_path; -+ BusResult res; - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - -@@ -2854,7 +2893,7 @@ bus_driver_handle_message (DBusConnection *connection, - transaction, - message, - error)) -- return FALSE; -+ return BUS_RESULT_FALSE; - - context = bus_connection_get_context (connection); - systemd = bus_driver_get_owner_of_name (connection, -@@ -2871,7 +2910,7 @@ bus_driver_handle_message (DBusConnection *connection, - attacker ? attacker : "(unauthenticated)", - bus_connection_get_loginfo (connection)); - /* ignore it */ -- return TRUE; -+ return BUS_RESULT_TRUE; - } - - if (!bus_context_get_systemd_activation (context)) -@@ -2879,16 +2918,16 @@ bus_driver_handle_message (DBusConnection *connection, - bus_context_log (context, DBUS_SYSTEM_LOG_WARNING, - "Ignoring unexpected ActivationFailure message " - "while not using systemd activation"); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - -- return dbus_activation_systemd_failure(bus_context_get_activation(context), message); -+ return dbus_activation_systemd_failure(bus_context_get_activation(context), message) == TRUE ? BUS_RESULT_TRUE : BUS_RESULT_FALSE; - } - - if (dbus_message_get_type (message) != DBUS_MESSAGE_TYPE_METHOD_CALL) - { - _dbus_verbose ("Driver got a non-method-call message, ignoring\n"); -- return TRUE; /* we just ignore this */ -+ return BUS_RESULT_TRUE; /* we just ignore this */ - } - - /* may be NULL, which means "any interface will do" */ -@@ -2953,20 +2992,27 @@ bus_driver_handle_message (DBusConnection *connection, - name, dbus_message_get_signature (message), - mh->in_args); - _DBUS_ASSERT_ERROR_IS_SET (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - -- if ((* mh->handler) (connection, transaction, message, error)) -+ res = (* mh->handler) (connection, transaction, message, error); -+ if (res == BUS_RESULT_TRUE) - { - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - _dbus_verbose ("Driver handler succeeded\n"); -- return TRUE; -+ return BUS_RESULT_TRUE; - } -- else -+ else if (res == BUS_RESULT_FALSE) - { - _DBUS_ASSERT_ERROR_IS_SET (error); - _dbus_verbose ("Driver handler returned failure\n"); -- return FALSE; -+ return BUS_RESULT_FALSE; -+ } -+ else if (res == BUS_RESULT_LATER) -+ { -+ _DBUS_ASSERT_ERROR_IS_CLEAR (error); -+ _dbus_verbose ("Driver handler delayed message processing due to policy check\n"); -+ return BUS_RESULT_LATER; - } - } - } -@@ -2978,7 +3024,7 @@ bus_driver_handle_message (DBusConnection *connection, - "%s does not understand message %s", - DBUS_SERVICE_DBUS, name); - -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - void -@@ -3099,7 +3145,7 @@ interface_handler_find_property (const InterfaceHandler *ih, - return NULL; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_get (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -3120,18 +3166,18 @@ bus_driver_handle_get (DBusConnection *connection, - DBUS_TYPE_STRING, &iface, - DBUS_TYPE_STRING, &prop, - DBUS_TYPE_INVALID)) -- return FALSE; -+ return BUS_RESULT_FALSE; - - /* We only implement Properties on /org/freedesktop/DBus so far. */ - ih = bus_driver_find_interface (iface, TRUE, error); - - if (ih == NULL) -- return FALSE; -+ return BUS_RESULT_FALSE; - - handler = interface_handler_find_property (ih, prop, error); - - if (handler == NULL) -- return FALSE; -+ return BUS_RESULT_FALSE; - - context = bus_transaction_get_context (transaction); - -@@ -3159,17 +3205,17 @@ bus_driver_handle_get (DBusConnection *connection, - goto oom; - - dbus_message_unref (reply); -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - if (reply != NULL) - dbus_message_unref (reply); - - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_get_all (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -3188,13 +3234,13 @@ bus_driver_handle_get_all (DBusConnection *connection, - if (!dbus_message_get_args (message, error, - DBUS_TYPE_STRING, &iface, - DBUS_TYPE_INVALID)) -- return FALSE; -+ return BUS_RESULT_FALSE; - - /* We only implement Properties on /org/freedesktop/DBus so far. */ - ih = bus_driver_find_interface (iface, TRUE, error); - - if (ih == NULL) -- return FALSE; -+ return BUS_RESULT_FALSE; - - context = bus_transaction_get_context (transaction); - -@@ -3229,7 +3275,7 @@ bus_driver_handle_get_all (DBusConnection *connection, - goto oom; - - dbus_message_unref (reply); -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom_abandon_message: - _dbus_asv_abandon (&reply_iter, &array_iter); -@@ -3239,10 +3285,10 @@ oom: - dbus_message_unref (reply); - - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --static dbus_bool_t -+static BusResult - bus_driver_handle_set (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -3271,15 +3317,15 @@ bus_driver_handle_set (DBusConnection *connection, - ih = bus_driver_find_interface (iface, TRUE, error); - - if (ih == NULL) -- return FALSE; -+ return BUS_RESULT_FALSE; - - handler = interface_handler_find_property (ih, prop, error); - - if (handler == NULL) -- return FALSE; -+ return BUS_RESULT_FALSE; - - /* We don't implement any properties that can be set yet. */ - dbus_set_error (error, DBUS_ERROR_PROPERTY_READ_ONLY, - "Property '%s.%s' cannot be set", iface, prop); -- return FALSE; -+ return BUS_RESULT_FALSE; - } -diff --git a/bus/driver.h b/bus/driver.h -index a7297ad..05e9886 100644 ---- a/bus/driver.h -+++ b/bus/driver.h -@@ -35,7 +35,7 @@ typedef enum - } BusDriverFound; - - void bus_driver_remove_connection (DBusConnection *connection); --dbus_bool_t bus_driver_handle_message (DBusConnection *connection, -+BusResult bus_driver_handle_message (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, - DBusError *error); -diff --git a/bus/policy.c b/bus/policy.c -index 483cc97..f6f4d85 100644 ---- a/bus/policy.c -+++ b/bus/policy.c -@@ -1390,18 +1390,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, - - - --static dbus_bool_t -+static BusResult - bus_rules_check_can_own (DBusList *rules, -- const DBusString *service_name) -+ const DBusString *service_name, -+ DBusConnection *connection, -+ DBusMessage *message) - { - DBusList *link; -- dbus_bool_t allowed; -+ BusResult result; -+ const char *privilege; - - /* rules is in the order the rules appeared - * in the config file, i.e. last rule that applies wins - */ - -- allowed = FALSE; -+ result = BUS_RESULT_FALSE; - link = _dbus_list_get_first_link (&rules); - while (link != NULL) - { -@@ -1437,17 +1440,46 @@ bus_rules_check_can_own (DBusList *rules, - } - - /* Use this rule */ -- allowed = rule->access == BUS_POLICY_RULE_ACCESS_ALLOW; -+ switch (rule->access) -+ { -+ case BUS_POLICY_RULE_ACCESS_ALLOW: -+ result = BUS_RESULT_TRUE; -+ break; -+ default: -+ case BUS_POLICY_RULE_ACCESS_DENY: -+ result = BUS_RESULT_FALSE; -+ break; -+ case BUS_POLICY_RULE_ACCESS_CHECK: -+ result = BUS_RESULT_LATER; -+ privilege = rule->privilege; -+ break; -+ } - } - -- return allowed; -+ if (result == BUS_RESULT_LATER) -+ { -+ BusContext *context = bus_connection_get_context(connection); -+ BusCheck *check = bus_context_get_check(context); -+ BusDeferredMessage *deferred_message; -+ -+ result = bus_check_privilege(check, message, connection, NULL, NULL, -+ privilege, BUS_DEFERRED_MESSAGE_CHECK_OWN, &deferred_message); -+ if (result == BUS_RESULT_LATER) -+ { -+ bus_deferred_message_disable_sender(deferred_message); -+ } -+ } -+ -+ return result; - } - --dbus_bool_t -+BusResult - bus_client_policy_check_can_own (BusClientPolicy *policy, -- const DBusString *service_name) -+ const DBusString *service_name, -+ DBusConnection *connection, -+ DBusMessage *message) - { -- return bus_rules_check_can_own (policy->rules, service_name); -+ return bus_rules_check_can_own (policy->rules, service_name, connection, message); - } - - #ifdef DBUS_ENABLE_EMBEDDED_TESTS -@@ -1455,7 +1487,7 @@ dbus_bool_t - bus_policy_check_can_own (BusPolicy *policy, - const DBusString *service_name) - { -- return bus_rules_check_can_own (policy->default_rules, service_name); -+ return bus_rules_check_can_own (policy->default_rules, service_name, NULL, NULL) == BUS_RESULT_TRUE; - } - #endif /* DBUS_ENABLE_EMBEDDED_TESTS */ - -diff --git a/bus/policy.h b/bus/policy.h -index f839d23..28ce8f2 100644 ---- a/bus/policy.h -+++ b/bus/policy.h -@@ -182,8 +182,10 @@ BusResult bus_client_policy_check_can_receive (BusClientPolicy *policy, - dbus_int32_t *toggles, - const char **privilege_param, - BusDeferredMessage **deferred_message); --dbus_bool_t bus_client_policy_check_can_own (BusClientPolicy *policy, -- const DBusString *service_name); -+BusResult bus_client_policy_check_can_own (BusClientPolicy *policy, -+ const DBusString *service_name, -+ DBusConnection *connection, -+ DBusMessage *message); - dbus_bool_t bus_client_policy_append_rule (BusClientPolicy *policy, - BusPolicyRule *rule); - void bus_client_policy_optimize (BusClientPolicy *policy); -diff --git a/bus/services.c b/bus/services.c -index 127edda..586af18 100644 ---- a/bus/services.c -+++ b/bus/services.c -@@ -376,16 +376,17 @@ bus_registry_list_services (BusRegistry *registry, - return FALSE; - } - --dbus_bool_t -+BusResult - bus_registry_acquire_service (BusRegistry *registry, - DBusConnection *connection, -+ DBusMessage *message, - const DBusString *service_name, - dbus_uint32_t flags, - dbus_uint32_t *result, - BusTransaction *transaction, - DBusError *error) - { -- dbus_bool_t retval; -+ BusResult retval; - DBusConnection *old_owner_conn; - BusClientPolicy *policy; - BusService *service; -@@ -393,8 +394,9 @@ bus_registry_acquire_service (BusRegistry *registry, - BusSELinuxID *sid; - BusOwner *primary_owner; - int limit; -+ BusResult res; - -- retval = FALSE; -+ retval = BUS_RESULT_FALSE; - - if (!_dbus_validate_bus_name (service_name, 0, - _dbus_string_get_length (service_name))) -@@ -467,7 +469,8 @@ bus_registry_acquire_service (BusRegistry *registry, - _dbus_string_get_const_data (service_name), error)) - goto out; - -- if (!bus_client_policy_check_can_own (policy, service_name)) -+ res = bus_client_policy_check_can_own (policy, service_name, connection, message); -+ if (res == BUS_RESULT_FALSE) - { - dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, - "Connection \"%s\" is not allowed to own the service \"%s\" due " -@@ -478,6 +481,11 @@ bus_registry_acquire_service (BusRegistry *registry, - _dbus_string_get_const_data (service_name)); - goto out; - } -+ else if (res == BUS_RESULT_LATER) -+ { -+ retval = BUS_RESULT_LATER; -+ goto out; -+ } - - limit = bus_context_get_max_services_per_connection (registry->context); - -@@ -603,11 +611,13 @@ bus_registry_acquire_service (BusRegistry *registry, - } - - activation = bus_context_get_activation (registry->context); -- retval = bus_activation_send_pending_auto_activation_messages (activation, -+ -+ if (bus_activation_send_pending_auto_activation_messages (activation, - service, -- transaction); -- if (!retval) -- BUS_SET_OOM (error); -+ transaction)) -+ retval = BUS_RESULT_TRUE; -+ else -+ BUS_SET_OOM (error); - - out: - return retval; -diff --git a/bus/services.h b/bus/services.h -index 056dd9f..3df3dd7 100644 ---- a/bus/services.h -+++ b/bus/services.h -@@ -50,8 +50,9 @@ void bus_registry_foreach (BusRegistry *registry - dbus_bool_t bus_registry_list_services (BusRegistry *registry, - char ***listp, - int *array_len); --dbus_bool_t bus_registry_acquire_service (BusRegistry *registry, -+BusResult bus_registry_acquire_service (BusRegistry *registry, - DBusConnection *connection, -+ DBusMessage *message, - const DBusString *service_name, - dbus_uint32_t flags, - dbus_uint32_t *result, -diff --git a/bus/stats.c b/bus/stats.c -index 1582255..c25be98 100644 ---- a/bus/stats.c -+++ b/bus/stats.c -@@ -36,7 +36,7 @@ - - #ifdef DBUS_ENABLE_STATS - --dbus_bool_t -+BusResult - bus_stats_handle_get_stats (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -51,6 +51,9 @@ bus_stats_handle_get_stats (DBusConnection *connection, - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - -+ if (!bus_driver_check_message_is_for_us (message, error)) -+ return BUS_RESULT_FALSE; -+ - context = bus_transaction_get_context (transaction); - connections = bus_context_get_connections (context); - -@@ -104,17 +107,17 @@ bus_stats_handle_get_stats (DBusConnection *connection, - goto oom; - - dbus_message_unref (reply); -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - if (reply != NULL) - dbus_message_unref (reply); - - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - --dbus_bool_t -+BusResult - bus_stats_handle_get_connection_stats (DBusConnection *caller_connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -209,7 +212,7 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection, - goto oom; - - dbus_message_unref (reply); -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - BUS_SET_OOM (error); -@@ -218,11 +221,11 @@ failed: - if (reply != NULL) - dbus_message_unref (reply); - -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - --dbus_bool_t -+BusResult - bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection, - BusTransaction *transaction, - DBusMessage *message, -@@ -246,7 +249,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection, - matchmaker = bus_context_get_matchmaker (context); - - if (!bus_registry_list_services (registry, &services, &services_len)) -- return FALSE; -+ return BUS_RESULT_FALSE; - - reply = dbus_message_new_method_return (message); - if (reply == NULL) -@@ -325,7 +328,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection, - - dbus_message_unref (reply); - dbus_free_string_array (services); -- return TRUE; -+ return BUS_RESULT_TRUE; - - oom: - if (reply != NULL) -@@ -334,7 +337,7 @@ oom: - dbus_free_string_array (services); - - BUS_SET_OOM (error); -- return FALSE; -+ return BUS_RESULT_FALSE; - } - - #endif -diff --git a/bus/stats.h b/bus/stats.h -index dcb022c..683fa17 100644 ---- a/bus/stats.h -+++ b/bus/stats.h -@@ -25,17 +25,17 @@ - - #define BUS_INTERFACE_STATS "org.freedesktop.DBus.Debug.Stats" - --dbus_bool_t bus_stats_handle_get_stats (DBusConnection *connection, -+BusResult bus_stats_handle_get_stats (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, - DBusError *error); - --dbus_bool_t bus_stats_handle_get_connection_stats (DBusConnection *connection, -+BusResult bus_stats_handle_get_connection_stats (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, - DBusError *error); - --dbus_bool_t bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection, -+BusResult bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection, - BusTransaction *transaction, - DBusMessage *message, - DBusError *error); --- -2.21.1 - diff --git a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0005-Perform-Cynara-runtime-policy-checks-by-default.patch b/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0005-Perform-Cynara-runtime-policy-checks-by-default.patch deleted file mode 100644 index 5f7e96a3b..000000000 --- a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0005-Perform-Cynara-runtime-policy-checks-by-default.patch +++ /dev/null @@ -1,180 +0,0 @@ -From 1f7ba56c9ced669951061d13b06e31d96a170e37 Mon Sep 17 00:00:00 2001 -From: Jacek Bukarewicz <j.bukarewicz@samsung.com> -Date: Tue, 23 Jun 2015 11:08:48 +0200 -Subject: [PATCH 5/8] Perform Cynara runtime policy checks by default -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This change introduces http://tizen.org/privilege/internal/dbus privilege -which is supposed to be available only to trusted system resources. -Checks for this privilege are used in place of certain allow rules to -make security policy more strict. - -For system bus sending and receiving signals now requires -http://tizen.org/privilege/internal/dbus privilege. Requesting name -ownership and sending methods is still denied by default. - -For session bus http://tizen.org/privilege/internal/dbus privilege -is now required for requesting name, calling methods, sending and receiving -signals. - -Services are supposed to override these default settings to implement their -own security policy. - -Cherry picked from e8610297cf7031e94eb314a2e8c11246f4405403 by Jose Bollo - -Updated for dbus 1.10.20 by Scott Murray and José Bollo - -Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com> -Signed-off-by: José Bollo <jose.bollo@iot.bzh> -Signed-off-by: Scott Murray <scott.murray@konsulko.com> ---- - bus/activation.c | 42 ++++++++++++++++++++++++++---------------- - bus/session.conf.in | 32 ++++++++++++++++++++++++++------ - bus/system.conf.in | 19 +++++++++++++++---- - 3 files changed, 67 insertions(+), 26 deletions(-) - -diff --git a/bus/activation.c b/bus/activation.c -index d4b597c..8aabeaa 100644 ---- a/bus/activation.c -+++ b/bus/activation.c -@@ -1840,22 +1840,32 @@ bus_activation_activate_service (BusActivation *activation, - } - - if (auto_activation && -- entry != NULL && -- BUS_RESULT_TRUE != bus_context_check_security_policy (activation->context, -- transaction, -- connection, /* sender */ -- NULL, /* addressed recipient */ -- NULL, /* proposed recipient */ -- activation_message, -- entry, -- error, -- NULL)) -- { -- _DBUS_ASSERT_ERROR_IS_SET (error); -- _dbus_verbose ("activation not authorized: %s: %s\n", -- error != NULL ? error->name : "(error ignored)", -- error != NULL ? error->message : "(error ignored)"); -- return FALSE; -+ entry != NULL) -+ { -+ BusResult result; -+ -+ result = bus_context_check_security_policy (activation->context, -+ transaction, -+ connection, /* sender */ -+ NULL, /* addressed recipient */ -+ NULL, /* proposed recipient */ -+ activation_message, -+ entry, -+ error, -+ NULL); -+ if (result == BUS_RESULT_FALSE) -+ { -+ _DBUS_ASSERT_ERROR_IS_SET (error); -+ _dbus_verbose ("activation not authorized: %s: %s\n", -+ error != NULL ? error->name : "(error ignored)", -+ error != NULL ? error->message : "(error ignored)"); -+ return FALSE; -+ } -+ if (result == BUS_RESULT_LATER) -+ { -+ /* TODO */ -+ _dbus_verbose ("ALERT FIX ME!!!!!!!!!!!!!!!"); -+ } - } - - /* Bypass the registry lookup if we're auto-activating, bus_dispatch would not -diff --git a/bus/session.conf.in b/bus/session.conf.in -index affa7f1..157dfb4 100644 ---- a/bus/session.conf.in -+++ b/bus/session.conf.in -@@ -27,12 +27,32 @@ - <standard_session_servicedirs /> - - <policy context="default"> -- <!-- Allow everything to be sent --> -- <allow send_destination="*" eavesdrop="true"/> -- <!-- Allow everything to be received --> -- <allow eavesdrop="true"/> -- <!-- Allow anyone to own anything --> -- <allow own="*"/> -+ <!-- By default clients require internal/dbus privilege to communicate -+ with D-Bus services and to claim name ownership. This is internal privilege that -+ is only accessible to trusted system services --> -+ <check own="*" privilege="http://tizen.org/privilege/internal/dbus" /> -+ <check send_type="method_call" privilege="http://tizen.org/privilege/internal/dbus" /> -+ <check send_type="signal" privilege="http://tizen.org/privilege/internal/dbus" /> -+ <check receive_type="signal" privilege="http://tizen.org/privilege/internal/dbus" /> -+ -+ <!-- Reply messages (method returns, errors) are allowed -+ by default --> -+ <allow send_requested_reply="true" send_type="method_return"/> -+ <allow send_requested_reply="true" send_type="error"/> -+ -+ <!-- All messages but signals may be received by default --> -+ <allow receive_type="method_call"/> -+ <allow receive_type="method_return"/> -+ <allow receive_type="error"/> -+ -+ <!-- Allow anyone to talk to the message bus --> -+ <allow send_destination="org.freedesktop.DBus"/> -+ <allow receive_sender="org.freedesktop.DBus"/> -+ -+ <!-- But disallow some specific bus services --> -+ <deny send_destination="org.freedesktop.DBus" -+ send_interface="org.freedesktop.DBus" -+ send_member="UpdateActivationEnvironment"/> - </policy> - - <!-- Include legacy configuration location --> -diff --git a/bus/system.conf.in b/bus/system.conf.in -index f139b55..19d0c04 100644 ---- a/bus/system.conf.in -+++ b/bus/system.conf.in -@@ -50,17 +50,20 @@ - <deny own="*"/> - <deny send_type="method_call"/> - -- <!-- Signals and reply messages (method returns, errors) are allowed -+ <!-- By default clients require internal/dbus privilege to send and receive signaks. -+ This is internal privilege that is only accessible to trusted system services --> -+ <check send_type="signal" privilege="http://tizen.org/privilege/internal/dbus" /> -+ <check receive_type="signal" privilege="http://tizen.org/privilege/internal/dbus" /> -+ -+ <!-- Reply messages (method returns, errors) are allowed - by default --> -- <allow send_type="signal"/> - <allow send_requested_reply="true" send_type="method_return"/> - <allow send_requested_reply="true" send_type="error"/> - -- <!-- All messages may be received by default --> -+ <!-- All messages but signals may be received by default --> - <allow receive_type="method_call"/> - <allow receive_type="method_return"/> - <allow receive_type="error"/> -- <allow receive_type="signal"/> - - <!-- Allow anyone to talk to the message bus --> - <allow send_destination="org.freedesktop.DBus" -@@ -69,6 +72,14 @@ - send_interface="org.freedesktop.DBus.Introspectable"/> - <allow send_destination="org.freedesktop.DBus" - send_interface="org.freedesktop.DBus.Properties"/> -+ <!-- If there is a need specific bus services could be protected by Cynara as well. -+ However, this can lead to deadlock during the boot process when such check is made and -+ Cynara is not yet activated (systemd calls protected method synchronously, -+ dbus daemon tries to consult Cynara, Cynara waits for systemd activation). -+ Therefore it is advised to allow root processes to use bus services. -+ Currently anyone is allowed to talk to the message bus --> -+ <allow receive_sender="org.freedesktop.DBus"/> -+ - <!-- But disallow some specific bus services --> - <deny send_destination="org.freedesktop.DBus" - send_interface="org.freedesktop.DBus" --- -2.21.1 - diff --git a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0006-Fix-SIGSEGV-on-disconnections.patch b/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0006-Fix-SIGSEGV-on-disconnections.patch deleted file mode 100644 index e51ad7ce4..000000000 --- a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0006-Fix-SIGSEGV-on-disconnections.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 28077faa11827e1ca7a7245ffd62ee78091b6bd2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> -Date: Fri, 16 Aug 2019 13:29:23 +0200 -Subject: [PATCH 6/8] Fix SIGSEGV on disconnections -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Sometime, at start of the system, dbus-daemon was crashing -because a pending authorisation were reactivating a closed -connection. - -Also, clean unused function. - -Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - bus/check.c | 5 +++++ - bus/check.h | 1 + - bus/connection.c | 14 +++----------- - bus/connection.h | 3 --- - 4 files changed, 9 insertions(+), 14 deletions(-) - -diff --git a/bus/check.c b/bus/check.c -index f3d283f..b73d08b 100644 ---- a/bus/check.c -+++ b/bus/check.c -@@ -617,3 +617,8 @@ bus_deferred_message_response_received (BusDeferredMessage *deferred_message, - } - } - -+void -+bus_deferred_message_abort (BusDeferredMessage *deferred_message) -+{ -+ deferred_message->response_callback = NULL; -+} -diff --git a/bus/check.h b/bus/check.h -index 9c13c18..d718a69 100644 ---- a/bus/check.h -+++ b/bus/check.h -@@ -93,6 +93,7 @@ void bus_deferred_message_set_policy_check_info (BusDeferredMessa - const char *privilege); - dbus_bool_t bus_deferred_message_check_message_limits (BusDeferredMessage *deferred_message, - DBusError *error); -+void bus_deferred_message_abort (BusDeferredMessage *deferred_message); - - - #ifdef DBUS_ENABLE_EMBEDDED_TESTS -diff --git a/bus/connection.c b/bus/connection.c -index ee93384..b520d57 100644 ---- a/bus/connection.c -+++ b/bus/connection.c -@@ -47,6 +47,7 @@ - #define MAX_LOG_COMMAND_LEN 50 - - static void bus_connection_remove_transactions (DBusConnection *connection); -+static void bus_connection_clear_deferred_messages (DBusConnection *connection); - - typedef struct - { -@@ -2821,17 +2822,7 @@ bus_connection_pop_deferred_message (DBusConnection *connection) - return NULL; - } - --dbus_bool_t --bus_connection_putback_deferred_message (DBusConnection *connection, BusDeferredMessage *message) --{ -- BusConnectionData *d = BUS_CONNECTION_DATA(connection); -- if (_dbus_list_prepend(&d->deferred_messages, message)) -- { -- return TRUE; -- } -- return FALSE; --} -- -+static - void - bus_connection_clear_deferred_messages (DBusConnection *connection) - { -@@ -2846,6 +2837,7 @@ bus_connection_clear_deferred_messages (DBusConnection *connection) - next = _dbus_list_get_next_link (&d->deferred_messages, link); - message = link->data; - -+ bus_deferred_message_abort(message); - bus_deferred_message_unref(message); - _dbus_list_remove_link(&d->deferred_messages, link); - -diff --git a/bus/connection.h b/bus/connection.h -index 97dae96..6af7bf1 100644 ---- a/bus/connection.h -+++ b/bus/connection.h -@@ -90,15 +90,12 @@ dbus_bool_t bus_connection_queue_deferred_message (DBusConnection *con - BusDeferredMessage *message, - dbus_bool_t prepend); - BusDeferredMessage *bus_connection_pop_deferred_message (DBusConnection *connection); --dbus_bool_t bus_connection_putback_deferred_message (DBusConnection *connection, -- BusDeferredMessage *message); - void bus_connection_remove_deferred_message (DBusConnection *connection, - BusDeferredMessage *message); - dbus_bool_t bus_connection_replace_deferred_message (DBusConnection *connection, - BusDeferredMessage *oldMessage, - BusDeferredMessage *newMessage); - void bus_connection_dispatch_deferred (DBusConnection *connection); --void bus_connection_clear_deferred_messages (DBusConnection *connection); - - - /* called by signals.c */ --- -2.21.1 - diff --git a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0007-Switch-from-cynara-to-cynagora.patch b/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0007-Switch-from-cynara-to-cynagora.patch deleted file mode 100644 index 7a69efcd2..000000000 --- a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0007-Switch-from-cynara-to-cynagora.patch +++ /dev/null @@ -1,1048 +0,0 @@ -From 43cc361a5c32c81c0f93451bdb0ef781cd19a1cb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> -Date: Tue, 4 Feb 2020 12:23:36 +0100 -Subject: [PATCH 7/8] Switch from cynara to cynagora -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - bus/Makefile.am | 8 +- - bus/bus.h | 2 +- - bus/check.c | 26 +- - bus/check.h | 2 +- - bus/connection.c | 27 --- - bus/connection.h | 3 - - bus/cynagora-check.c | 330 +++++++++++++++++++++++++ - bus/{cynara.h => cynagora-check.h} | 10 +- - bus/cynara.c | 373 ----------------------------- - bus/system.conf.in | 6 +- - configure.ac | 18 +- - 11 files changed, 366 insertions(+), 439 deletions(-) - create mode 100644 bus/cynagora-check.c - rename bus/{cynara.h => cynagora-check.h} (81%) - delete mode 100644 bus/cynara.c - -diff --git a/bus/Makefile.am b/bus/Makefile.am -index 2a8a72c..1720048 100644 ---- a/bus/Makefile.am -+++ b/bus/Makefile.am -@@ -13,7 +13,7 @@ DBUS_BUS_LIBS = \ - $(THREAD_LIBS) \ - $(ADT_LIBS) \ - $(NETWORK_libs) \ -- $(CYNARA_LIBS) \ -+ $(CYNAGORA_LIBS) \ - $(NULL) - - DBUS_LAUNCHER_LIBS = \ -@@ -31,7 +31,7 @@ AM_CPPFLAGS = \ - $(APPARMOR_CFLAGS) \ - -DDBUS_SYSTEM_CONFIG_FILE=\""$(dbusdatadir)/system.conf"\" \ - -DDBUS_COMPILATION \ -- $(CYNARA_CFLAGS) \ -+ $(CYNAGORA_CFLAGS) \ - $(NULL) - - # if assertions are enabled, improve backtraces -@@ -101,8 +101,8 @@ BUS_SOURCES= \ - config-parser-common.h \ - connection.c \ - connection.h \ -- cynara.c \ -- cynara.h \ -+ cynagora-check.c \ -+ cynagora-check.h \ - desktop-file.c \ - desktop-file.h \ - $(DIR_WATCH_SOURCE) \ -diff --git a/bus/bus.h b/bus/bus.h -index 1b08f7c..e167d9e 100644 ---- a/bus/bus.h -+++ b/bus/bus.h -@@ -47,7 +47,7 @@ typedef struct BusMatchRule BusMatchRule; - typedef struct BusActivationEntry BusActivationEntry; - typedef struct BusCheck BusCheck; - typedef struct BusDeferredMessage BusDeferredMessage; --typedef struct BusCynara BusCynara; -+typedef struct BusCynagora BusCynagora; - - /** - * BusResult is defined as a pointer to a dummy structure to allow detection of type mismatches. -diff --git a/bus/check.c b/bus/check.c -index b73d08b..ec30770 100644 ---- a/bus/check.c -+++ b/bus/check.c -@@ -26,7 +26,7 @@ - #include "check.h" - #include "connection.h" - #include "dispatch.h" --#include "cynara.h" -+#include "cynagora-check.h" - #include "utils.h" - #include <dbus/dbus-connection-internal.h> - #include <dbus/dbus-message-internal.h> -@@ -38,7 +38,7 @@ typedef struct BusCheck - int refcount; - - BusContext *context; -- BusCynara *cynara; -+ BusCynagora *cynagora; - } BusCheck; - - typedef struct BusDeferredMessage -@@ -81,7 +81,7 @@ bus_check_new (BusContext *context, DBusError *error) - - check->refcount = 1; - check->context = context; -- check->cynara = bus_cynara_new(check, error); -+ check->cynagora = bus_cynagora_new(check, error); - if (dbus_error_is_set(error)) - { - dbus_message_free_data_slot(&deferred_message_data_slot); -@@ -110,7 +110,7 @@ bus_check_unref (BusCheck *check) - - if (check->refcount == 0) - { -- bus_cynara_unref(check->cynara); -+ bus_cynagora_unref(check->cynagora); - dbus_message_free_data_slot(&deferred_message_data_slot); - dbus_free(check); - } -@@ -122,10 +122,10 @@ bus_check_get_context (BusCheck *check) - return check->context; - } - --BusCynara * --bus_check_get_cynara (BusCheck *check) -+BusCynagora * -+bus_check_get_cynagora (BusCheck *check) - { -- return check->cynara; -+ return check->cynagora; - } - - static void -@@ -276,8 +276,8 @@ bus_check_privilege (BusCheck *check, - { - BusDeferredMessage *previous_deferred_message; - BusResult result = BUS_RESULT_FALSE; --#ifdef DBUS_ENABLE_CYNARA -- BusCynara *cynara; -+#ifdef DBUS_ENABLE_CYNAGORA -+ BusCynagora *cynagora; - #endif - DBusConnection *connection; - -@@ -304,7 +304,7 @@ bus_check_privilege (BusCheck *check, - * Message has been deferred due to receive or own rule which means that sending this message - * is allowed - it must have been checked previously. - * This might happen when client calls RequestName method which depending on security -- * policy might result in both "can_send" and "can_own" Cynara checks. -+ * policy might result in both "can_send" and "can_own" Cynagora checks. - */ - result = BUS_RESULT_TRUE; - } -@@ -327,9 +327,9 @@ bus_check_privilege (BusCheck *check, - else - { - /* ask policy checkers */ --#ifdef DBUS_ENABLE_CYNARA -- cynara = bus_check_get_cynara(check); -- result = bus_cynara_check_privilege(cynara, message, sender, addressed_recipient, -+#ifdef DBUS_ENABLE_CYNAGORA -+ cynagora = bus_check_get_cynagora(check); -+ result = bus_cynagora_check_privilege(cynagora, message, sender, addressed_recipient, - proposed_recipient, privilege, check_type, deferred_message); - #endif - if (result == BUS_RESULT_LATER && deferred_message != NULL) -diff --git a/bus/check.h b/bus/check.h -index d718a69..ab63c18 100644 ---- a/bus/check.h -+++ b/bus/check.h -@@ -45,7 +45,7 @@ BusCheck *bus_check_ref (BusCheck *check); - void bus_check_unref (BusCheck *check); - - BusContext *bus_check_get_context (BusCheck *check); --BusCynara *bus_check_get_cynara (BusCheck *check); -+BusCynagora *bus_check_get_cynagora (BusCheck *check); - BusResult bus_check_privilege (BusCheck *check, - DBusMessage *message, - DBusConnection *sender, -diff --git a/bus/connection.c b/bus/connection.c -index b520d57..48910e0 100644 ---- a/bus/connection.c -+++ b/bus/connection.c -@@ -38,10 +38,6 @@ - #include <dbus/dbus-connection-internal.h> - #include <dbus/dbus-internals.h> - #include <dbus/dbus-message-internal.h> --#ifdef DBUS_ENABLE_CYNARA --#include <stdlib.h> --#include <cynara-session.h> --#endif - - /* Trim executed commands to this length; we want to keep logs readable */ - #define MAX_LOG_COMMAND_LEN 50 -@@ -124,9 +120,6 @@ typedef struct - - /** non-NULL if and only if this is a monitor */ - DBusList *link_in_monitors; --#ifdef DBUS_ENABLE_CYNARA -- char *cynara_session_id; --#endif - } BusConnectionData; - - static dbus_bool_t bus_pending_reply_expired (BusExpireList *list, -@@ -461,10 +454,6 @@ free_connection_data (void *data) - - dbus_free (d->name); - --#ifdef DBUS_ENABLE_CYNARA -- free (d->cynara_session_id); --#endif -- - dbus_free (d); - } - -@@ -1095,22 +1084,6 @@ bus_connection_get_policy (DBusConnection *connection) - return d->policy; - } - --#ifdef DBUS_ENABLE_CYNARA --const char *bus_connection_get_cynara_session_id (DBusConnection *connection) --{ -- BusConnectionData *d = BUS_CONNECTION_DATA (connection); -- _dbus_assert (d != NULL); -- -- if (d->cynara_session_id == NULL) -- { -- unsigned long pid; -- if (dbus_connection_get_unix_process_id(connection, &pid)) -- d->cynara_session_id = cynara_session_from_pid(pid); -- } -- return d->cynara_session_id; --} --#endif -- - static dbus_bool_t - foreach_active (BusConnections *connections, - BusConnectionForeachFunction function, -diff --git a/bus/connection.h b/bus/connection.h -index 6af7bf1..3116bcf 100644 ---- a/bus/connection.h -+++ b/bus/connection.h -@@ -138,9 +138,6 @@ dbus_bool_t bus_connection_be_monitor (DBusConnection *connection, - BusTransaction *transaction, - DBusList **rules, - DBusError *error); --#ifdef DBUS_ENABLE_CYNARA --const char *bus_connection_get_cynara_session_id (DBusConnection *connection); --#endif - - /* transaction API so we can send or not send a block of messages as a whole */ - -diff --git a/bus/cynagora-check.c b/bus/cynagora-check.c -new file mode 100644 -index 0000000..6c0c635 ---- /dev/null -+++ b/bus/cynagora-check.c -@@ -0,0 +1,330 @@ -+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ -+/* cynagora.c Cynagora runtime privilege checking -+ * -+ * Copyright (c) 2014 Samsung Electronics, Ltd. -+ * -+ * Licensed under the Academic Free License version 2.1 -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -+ * -+ */ -+ -+#include <config.h> -+#include "cynagora-check.h" -+#include "check.h" -+#include "utils.h" -+ -+#include <stdlib.h> -+#include <stdio.h> -+#include <errno.h> -+ -+#include <dbus/dbus.h> -+#include <dbus/dbus-watch.h> -+#include <dbus/dbus-connection-internal.h> -+#include <bus/connection.h> -+ -+#ifndef DBUS_ENABLE_CYNAGORA -+ -+BusCynagora * -+bus_cynagora_new(BusCheck *check, DBusError *error) -+{ -+ return NULL; -+} -+ -+BusCynagora * -+bus_cynagora_ref (BusCynagora *cynagora) -+{ -+ return NULL; -+} -+ -+void -+bus_cynagora_unref (BusCynagora *cynagora) -+{ -+} -+ -+BusResult -+bus_cynagora_check_privilege (BusCynagora *cynagora, -+ DBusMessage *message, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ const char *privilege, -+ BusDeferredMessageStatus check_type, -+ BusDeferredMessage **deferred_message_param) -+{ -+ return BUS_RESULT_FALSE; -+} -+ -+#endif -+ -+#ifdef DBUS_ENABLE_CYNAGORA -+ -+#include <time.h> -+#include <sys/epoll.h> -+ -+#include <cynagora.h> -+ -+#ifndef CYNAGORA_CACHE_SIZE -+#define CYNAGORA_CACHE_SIZE 8000 -+#endif -+ -+typedef struct BusCynagora -+{ -+ int refcount; -+ -+ BusContext *context; -+ BusCheck *check; -+ cynagora_t *cynagora; -+ DBusWatch *cynagora_watch; -+} BusCynagora; -+ -+static int async_callback(void *closure, -+ int op, -+ int fd, -+ uint32_t events); -+ -+BusCynagora * -+bus_cynagora_new(BusCheck *check, DBusError *error) -+{ -+ BusContext *context; -+ BusCynagora *cynagora; -+ int ret; -+ -+ cynagora = dbus_new(BusCynagora, 1); -+ if (cynagora == NULL) -+ { -+ BUS_SET_OOM(error); -+ return NULL; -+ } -+ -+ context = bus_check_get_context(check); -+ -+ cynagora->refcount = 1; -+ cynagora->check = check; -+ cynagora->context = context; -+ cynagora->cynagora_watch = NULL; -+ -+ ret = cynagora_create(&cynagora->cynagora, cynagora_Check, CYNAGORA_CACHE_SIZE, NULL); -+ if (ret < 0) -+ { -+ dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to create Cynagora configuration"); -+ } -+ else -+ { -+ ret = cynagora_async_setup(cynagora->cynagora, async_callback, cynagora); -+ if (ret < 0) -+ { -+ dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to initialize Cynagora client"); -+ } -+ else -+ { -+ return cynagora; -+ } -+ cynagora_destroy(cynagora->cynagora); -+ } -+ -+ dbus_free(cynagora); -+ return NULL; -+} -+ -+BusCynagora * -+bus_cynagora_ref (BusCynagora *cynagora) -+{ -+ _dbus_assert (cynagora->refcount > 0); -+ cynagora->refcount += 1; -+ -+ return cynagora; -+} -+ -+void -+bus_cynagora_unref (BusCynagora *cynagora) -+{ -+ _dbus_assert (cynagora->refcount > 0); -+ -+ cynagora->refcount -= 1; -+ -+ if (cynagora->refcount == 0) -+ { -+ cynagora_destroy(cynagora->cynagora); -+ dbus_free(cynagora); -+ } -+} -+ -+static void -+async_check_callback (void *closure, int status) -+{ -+ BusDeferredMessage *deferred_message = closure; -+ BusResult result; -+ -+ if (deferred_message == NULL) -+ return; -+ -+ if (status == 1) -+ result = BUS_RESULT_TRUE; -+ else -+ result = BUS_RESULT_FALSE; -+ -+ bus_deferred_message_response_received(deferred_message, result); -+ bus_deferred_message_unref(deferred_message); -+} -+ -+BusResult -+bus_cynagora_check_privilege (BusCynagora *cynagora, -+ DBusMessage *message, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ const char *permission, -+ BusDeferredMessageStatus check_type, -+ BusDeferredMessage **deferred_message_param) -+{ -+ int result; -+ unsigned long uid; -+ unsigned long pid; -+ char *label; -+ char user[32]; -+ char session[32]; -+ DBusConnection *connection = check_type == BUS_DEFERRED_MESSAGE_CHECK_RECEIVE ? proposed_recipient : sender; -+ BusDeferredMessage *deferred_message; -+ BusResult ret; -+ cynagora_key_t key; -+ -+ _dbus_assert(connection != NULL); -+ -+ if (dbus_connection_get_unix_user(connection, &uid) == FALSE) -+ return BUS_RESULT_FALSE; -+ -+ if (dbus_connection_get_unix_process_id(connection, &pid) == FALSE) -+ return BUS_RESULT_FALSE; -+ -+ if (_dbus_connection_get_linux_security_label(connection, &label) == FALSE || label == NULL) -+ { -+ _dbus_warn("Failed to obtain security label for connection\n"); -+ return BUS_RESULT_FALSE; -+ } -+ -+ snprintf(user, sizeof(user), "%lu", uid); -+ snprintf(session, sizeof(session), "%lu", pid); -+ -+ key.client = label; -+ key.session = session; -+ key.user = user; -+ key.permission = permission; -+ -+ result = cynagora_cache_check(cynagora->cynagora, &key); -+ switch (result) -+ { -+ case 1: -+ _dbus_verbose("Cynagora: got ALLOWED answer from cache (client=%s session_id=%s user=%s permission=%s)\n", -+ label, session_id, user, permission); -+ ret = BUS_RESULT_TRUE; -+ break; -+ -+ case 0: -+ _dbus_verbose("Cynagora: got DENIED answer from cache (client=%s session_id=%s user=%s permission=%s)\n", -+ label, session_id, user, permission); -+ ret = BUS_RESULT_FALSE; -+ break; -+ -+ default: -+ deferred_message = bus_deferred_message_new(message, sender, addressed_recipient, -+ proposed_recipient, BUS_RESULT_LATER); -+ if (deferred_message == NULL) -+ { -+ _dbus_verbose("Failed to allocate memory for deferred message\n"); -+ ret = BUS_RESULT_FALSE; -+ goto out; -+ } -+ -+ /* callback is supposed to unref deferred_message*/ -+ result = cynagora_async_check(cynagora->cynagora, &key, 1, 0, async_check_callback, deferred_message); -+ if (result == 0) -+ { -+ _dbus_verbose("Created Cynagora request: client=%s session_id=%s user=%s permission=%s " -+ "deferred_message=%p\n", label, session_id, user, permission, deferred_message); -+ if (deferred_message_param != NULL) -+ *deferred_message_param = deferred_message; -+ ret = BUS_RESULT_LATER; -+ } -+ else -+ { -+ _dbus_verbose("Error on cynagora request create: %i\n", result); -+ bus_deferred_message_unref(deferred_message); -+ ret = BUS_RESULT_FALSE; -+ } -+ break; -+ } -+out: -+ dbus_free(label); -+ return ret; -+} -+ -+static dbus_bool_t -+watch_handler_callback(DBusWatch *watch, -+ unsigned int flags, -+ void *data) -+{ -+ BusCynagora *cynagora = (BusCynagora *)data; -+ int result = cynagora_async_process(cynagora->cynagora); -+ if (result < 0) -+ _dbus_verbose("cynagora_async_process returned %d\n", result); -+ -+ return result != -ENOMEM ? TRUE : FALSE; -+} -+ -+static int -+async_callback(void *closure, int op, int fd, uint32_t events) -+{ -+ BusCynagora *cynagora = (BusCynagora *)closure; -+ DBusLoop *loop = bus_context_get_loop(cynagora->context); -+ unsigned int flags; -+ DBusWatch *watch; -+ -+ /* compute flags */ -+ flags = 0; -+ if (events & EPOLLIN) -+ flags |= DBUS_WATCH_READABLE; -+ if (events & EPOLLOUT) -+ flags |= DBUS_WATCH_WRITABLE; -+ -+ /* remove the watch if needed */ -+ watch = cynagora->cynagora_watch; -+ if (watch != NULL) -+ { -+ cynagora->cynagora_watch = NULL; -+ _dbus_loop_remove_watch(loop, watch); -+ _dbus_watch_invalidate(watch); -+ _dbus_watch_unref(watch); -+ } -+ -+ /* create the watch if needed */ -+ watch = cynagora->cynagora_watch; -+ if (op != EPOLL_CTL_DEL) -+ { -+ watch = _dbus_watch_new(fd, flags, TRUE, watch_handler_callback, cynagora, NULL); -+ if (watch == NULL) -+ return -ENOMEM; -+ if (_dbus_loop_add_watch(loop, watch) != TRUE) -+ { -+ _dbus_watch_invalidate(watch); -+ _dbus_watch_unref(watch); -+ return -ENOMEM; -+ } -+ cynagora->cynagora_watch = watch; -+ } -+ return 0; -+} -+ -+#endif /* DBUS_ENABLE_CYNAGORA */ -diff --git a/bus/cynara.h b/bus/cynagora-check.h -similarity index 81% -rename from bus/cynara.h -rename to bus/cynagora-check.h -index c4728bb..c0892c3 100644 ---- a/bus/cynara.h -+++ b/bus/cynagora-check.h -@@ -1,5 +1,5 @@ - /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ --/* cynara.h Cynara runtime privilege checking -+/* cynagora.h Cynagora runtime privilege checking - * - * Copyright (c) 2014 Samsung Electronics, Ltd. - * -@@ -24,10 +24,10 @@ - #include "bus.h" - #include "check.h" - --BusCynara *bus_cynara_new (BusCheck *check, DBusError *error); --BusCynara *bus_cynara_ref (BusCynara *cynara); --void bus_cynara_unref (BusCynara *cynara); --BusResult bus_cynara_check_privilege (BusCynara *cynara, -+BusCynagora *bus_cynagora_new (BusCheck *check, DBusError *error); -+BusCynagora *bus_cynagora_ref (BusCynagora *cynagora); -+void bus_cynagora_unref (BusCynagora *cynagora); -+BusResult bus_cynagora_check_privilege (BusCynagora *cynagora, - DBusMessage *message, - DBusConnection *sender, - DBusConnection *addressed_recipient, -diff --git a/bus/cynara.c b/bus/cynara.c -deleted file mode 100644 -index 77aed62..0000000 ---- a/bus/cynara.c -+++ /dev/null -@@ -1,373 +0,0 @@ --/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ --/* cynara.c Cynara runtime privilege checking -- * -- * Copyright (c) 2014 Samsung Electronics, Ltd. -- * -- * Licensed under the Academic Free License version 2.1 -- * -- * This program is free software; you can redistribute it and/or modify -- * it under the terms of the GNU General Public License as published by -- * the Free Software Foundation; either version 2 of the License, or -- * (at your option) any later version. -- * -- * This program is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- * GNU General Public License for more details. -- * -- * You should have received a copy of the GNU General Public License -- * along with this program; if not, write to the Free Software -- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -- * -- */ -- --#include <config.h> --#include "cynara.h" --#include "check.h" --#include "utils.h" -- --#include <stdio.h> -- --#include <dbus/dbus.h> --#include <dbus/dbus-watch.h> --#include <dbus/dbus-connection-internal.h> --#include <bus/connection.h> --#ifdef DBUS_ENABLE_CYNARA --#include <cynara-client-async.h> --#endif -- --#ifdef DBUS_ENABLE_CYNARA --typedef struct BusCynara --{ -- int refcount; -- -- BusContext *context; -- BusCheck *check; -- cynara_async *cynara; -- DBusWatch *cynara_watch; --} BusCynara; -- --#define USE_CYNARA_CACHE 1 --#ifdef USE_CYNARA_CACHE --#define CYNARA_CACHE_SIZE 1000 --#endif -- --static dbus_bool_t bus_cynara_watch_callback(DBusWatch *watch, -- unsigned int flags, -- void *data); -- --static void status_callback(int old_fd, -- int new_fd, -- cynara_async_status status, -- void *user_status_data); --static void bus_cynara_check_response_callback (cynara_check_id check_id, -- cynara_async_call_cause cause, -- int response, -- void *user_response_data); --#endif -- -- --BusCynara * --bus_cynara_new(BusCheck *check, DBusError *error) --{ --#ifdef DBUS_ENABLE_CYNARA -- BusContext *context; -- BusCynara *cynara; -- cynara_async_configuration *conf = NULL; -- int ret; -- -- cynara = dbus_new(BusCynara, 1); -- if (cynara == NULL) -- { -- BUS_SET_OOM(error); -- return NULL; -- } -- -- context = bus_check_get_context(check); -- -- cynara->refcount = 1; -- cynara->check = check; -- cynara->context = context; -- cynara->cynara_watch = NULL; -- -- ret = cynara_async_configuration_create(&conf); -- if (ret != CYNARA_API_SUCCESS) -- { -- dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to create Cynara configuration"); -- goto out; -- } -- --#ifdef CYNARA_CACHE_SIZE -- ret = cynara_async_configuration_set_cache_size(conf, CYNARA_CACHE_SIZE); -- if (ret != CYNARA_API_SUCCESS) -- { -- dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to Cynara cache size"); -- goto out; -- } --#endif -- -- ret = cynara_async_initialize(&cynara->cynara, conf, &status_callback, cynara); -- if (ret != CYNARA_API_SUCCESS) -- { -- dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to initialize Cynara client"); -- goto out; -- } -- --out: -- cynara_async_configuration_destroy(conf); -- if (ret != CYNARA_API_SUCCESS) -- { -- dbus_free(cynara); -- return NULL; -- } -- -- return cynara; --#else -- return NULL; --#endif --} -- --BusCynara * --bus_cynara_ref (BusCynara *cynara) --{ --#ifdef DBUS_ENABLE_CYNARA -- _dbus_assert (cynara->refcount > 0); -- cynara->refcount += 1; -- -- return cynara; --#else -- return NULL; --#endif --} -- --void --bus_cynara_unref (BusCynara *cynara) --{ --#ifdef DBUS_ENABLE_CYNARA -- _dbus_assert (cynara->refcount > 0); -- -- cynara->refcount -= 1; -- -- if (cynara->refcount == 0) -- { -- cynara_async_finish(cynara->cynara); -- dbus_free(cynara); -- } --#endif --} -- --BusResult --bus_cynara_check_privilege (BusCynara *cynara, -- DBusMessage *message, -- DBusConnection *sender, -- DBusConnection *addressed_recipient, -- DBusConnection *proposed_recipient, -- const char *privilege, -- BusDeferredMessageStatus check_type, -- BusDeferredMessage **deferred_message_param) --{ --#ifdef DBUS_ENABLE_CYNARA -- int result; -- unsigned long uid; -- char *label; -- const char *session_id; -- char user[32]; -- cynara_check_id check_id; -- DBusConnection *connection = check_type == BUS_DEFERRED_MESSAGE_CHECK_RECEIVE ? proposed_recipient : sender; -- BusDeferredMessage *deferred_message; -- BusResult ret; -- -- _dbus_assert(connection != NULL); -- -- if (dbus_connection_get_unix_user(connection, &uid) == FALSE) -- return BUS_RESULT_FALSE; -- -- if (_dbus_connection_get_linux_security_label(connection, &label) == FALSE || label == NULL) -- { -- _dbus_warn("Failed to obtain security label for connection\n"); -- return BUS_RESULT_FALSE; -- } -- -- session_id = bus_connection_get_cynara_session_id (connection); -- if (session_id == NULL) -- { -- ret = BUS_RESULT_FALSE; -- goto out; -- } -- -- snprintf(user, sizeof(user), "%lu", uid); -- --#if USE_CYNARA_CACHE -- result = cynara_async_check_cache(cynara->cynara, label, session_id, user, privilege); --#else -- result = CYNARA_API_CACHE_MISS; --#endif -- -- switch (result) -- { -- case CYNARA_API_ACCESS_ALLOWED: -- _dbus_verbose("Cynara: got ALLOWED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n", -- label, session_id, user, privilege); -- ret = BUS_RESULT_TRUE; -- break; -- -- case CYNARA_API_ACCESS_DENIED: -- _dbus_verbose("Cynara: got DENIED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n", -- label, session_id, user, privilege); -- ret = BUS_RESULT_FALSE; -- break; -- -- case CYNARA_API_CACHE_MISS: -- deferred_message = bus_deferred_message_new(message, sender, addressed_recipient, -- proposed_recipient, BUS_RESULT_LATER); -- if (deferred_message == NULL) -- { -- _dbus_verbose("Failed to allocate memory for deferred message\n"); -- ret = BUS_RESULT_FALSE; -- goto out; -- } -- -- /* callback is supposed to unref deferred_message*/ -- result = cynara_async_create_request(cynara->cynara, label, session_id, user, privilege, &check_id, -- &bus_cynara_check_response_callback, deferred_message); -- if (result == CYNARA_API_SUCCESS) -- { -- _dbus_verbose("Created Cynara request: client=%s session_id=%s user=%s privilege=%s check_id=%u " -- "deferred_message=%p\n", label, session_id, user, privilege, (unsigned int)check_id, deferred_message); -- if (deferred_message_param != NULL) -- *deferred_message_param = deferred_message; -- ret = BUS_RESULT_LATER; -- } -- else -- { -- _dbus_verbose("Error on cynara request create: %i\n", result); -- bus_deferred_message_unref(deferred_message); -- ret = BUS_RESULT_FALSE; -- } -- break; -- default: -- _dbus_verbose("Error when accessing Cynara cache: %i\n", result); -- ret = BUS_RESULT_FALSE; -- } --out: -- dbus_free(label); -- return ret; -- --#else -- return BUS_RESULT_FALSE; --#endif --} -- -- -- --#ifdef DBUS_ENABLE_CYNARA --static void --status_callback(int old_fd, int new_fd, cynara_async_status status, -- void *user_status_data) --{ -- BusCynara *cynara = (BusCynara *)user_status_data; -- DBusLoop *loop = bus_context_get_loop(cynara->context); -- -- if (cynara->cynara_watch != NULL) -- { -- _dbus_loop_remove_watch(loop, cynara->cynara_watch); -- _dbus_watch_invalidate(cynara->cynara_watch); -- _dbus_watch_unref(cynara->cynara_watch); -- cynara->cynara_watch = NULL; -- } -- -- if (new_fd != -1) -- { -- unsigned int flags; -- DBusWatch *watch; -- -- switch (status) -- { -- case CYNARA_STATUS_FOR_READ: -- flags = DBUS_WATCH_READABLE; -- break; -- case CYNARA_STATUS_FOR_RW: -- flags = DBUS_WATCH_READABLE | DBUS_WATCH_WRITABLE; -- break; -- default: -- /* Cynara passed unknown status - warn and add RW watch */ -- _dbus_verbose("Cynara passed unknown status value: 0x%08X\n", (unsigned int)status); -- flags = DBUS_WATCH_READABLE | DBUS_WATCH_WRITABLE; -- break; -- } -- -- watch = _dbus_watch_new(new_fd, flags, TRUE, &bus_cynara_watch_callback, cynara, NULL); -- if (watch != NULL) -- { -- if (_dbus_loop_add_watch(loop, watch) == TRUE) -- { -- cynara->cynara_watch = watch; -- return; -- } -- -- _dbus_watch_invalidate(watch); -- _dbus_watch_unref(watch); -- } -- -- /* It seems like not much can be done at this point. Cynara events won't be processed -- * until next Cynara function call triggering status callback */ -- _dbus_verbose("Failed to add dbus watch\n"); -- } --} -- --static dbus_bool_t --bus_cynara_watch_callback(DBusWatch *watch, -- unsigned int flags, -- void *data) --{ -- BusCynara *cynara = (BusCynara *)data; -- int result = cynara_async_process(cynara->cynara); -- if (result != CYNARA_API_SUCCESS) -- _dbus_verbose("cynara_async_process returned %d\n", result); -- -- return result != CYNARA_API_OUT_OF_MEMORY ? TRUE : FALSE; --} -- --static inline const char * --call_cause_to_string(cynara_async_call_cause cause) --{ -- switch (cause) -- { -- case CYNARA_CALL_CAUSE_ANSWER: -- return "ANSWER"; -- case CYNARA_CALL_CAUSE_CANCEL: -- return "CANCEL"; -- case CYNARA_CALL_CAUSE_FINISH: -- return "FINSIH"; -- case CYNARA_CALL_CAUSE_SERVICE_NOT_AVAILABLE: -- return "SERVICE NOT AVAILABLE"; -- default: -- return "INVALID"; -- } --} -- --static void --bus_cynara_check_response_callback (cynara_check_id check_id, -- cynara_async_call_cause cause, -- int response, -- void *user_response_data) --{ -- BusDeferredMessage *deferred_message = user_response_data; -- BusResult result; -- -- _dbus_verbose("Cynara callback: check_id=%u, cause=%s response=%i response_data=%p\n", -- (unsigned int)check_id, call_cause_to_string(cause), response, user_response_data); -- -- if (deferred_message == NULL) -- return; -- -- if (cause == CYNARA_CALL_CAUSE_ANSWER && response == CYNARA_API_ACCESS_ALLOWED) -- result = BUS_RESULT_TRUE; -- else -- result = BUS_RESULT_FALSE; -- -- bus_deferred_message_response_received(deferred_message, result); -- bus_deferred_message_unref(deferred_message); --} -- --#endif /* DBUS_ENABLE_CYNARA */ -diff --git a/bus/system.conf.in b/bus/system.conf.in -index 19d0c04..81c39c8 100644 ---- a/bus/system.conf.in -+++ b/bus/system.conf.in -@@ -72,10 +72,10 @@ - send_interface="org.freedesktop.DBus.Introspectable"/> - <allow send_destination="org.freedesktop.DBus" - send_interface="org.freedesktop.DBus.Properties"/> -- <!-- If there is a need specific bus services could be protected by Cynara as well. -+ <!-- If there is a need specific bus services could be protected by Cynagora as well. - However, this can lead to deadlock during the boot process when such check is made and -- Cynara is not yet activated (systemd calls protected method synchronously, -- dbus daemon tries to consult Cynara, Cynara waits for systemd activation). -+ Cynagora is not yet activated (systemd calls protected method synchronously, -+ dbus daemon tries to consult Cynagora, Cynagora waits for systemd activation). - Therefore it is advised to allow root processes to use bus services. - Currently anyone is allowed to talk to the message bus --> - <allow receive_sender="org.freedesktop.DBus"/> -diff --git a/configure.ac b/configure.ac -index 11b5ffd..df9341c 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1742,16 +1742,16 @@ AC_ARG_ENABLE([user-session], - AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION], - [test "x$enable_user_session" = xyes]) - --#enable cynara integration --AC_ARG_ENABLE([cynara], [AS_HELP_STRING([--enable-cynara], [enable Cynara integration])], [], [enable_cynara=no]) --if test "x$enable_cynara" = xyes; then -- PKG_CHECK_MODULES([CYNARA], [cynara-client-async >= 0.6.0 cynara-session >= 0.6.0], -- [AC_DEFINE([DBUS_ENABLE_CYNARA], [1], [Define to enable Cynara privilege checks in dbus-daemon])], -- [AC_MSG_ERROR([libcynara-client-async and cynara-session are required to enable Cynara integration])]) -+#enable cynagora integration -+AC_ARG_ENABLE([cynagora], [AS_HELP_STRING([--enable-cynagora], [enable Cynagora integration])], [], [enable_cynagora=no]) -+if test "x$enable_cynagora" = xyes; then -+ PKG_CHECK_MODULES([CYNAGORA], [cynagora], -+ [AC_DEFINE([DBUS_ENABLE_CYNAGORA], [1], [Define to enable Cynagora privilege checks in dbus-daemon])], -+ [AC_MSG_ERROR([libcynagora is required to enable Cynagora integration])]) - fi - --AC_SUBST([CYNARA_CFLAGS]) --AC_SUBST([CYNARA_LIBS]) -+AC_SUBST([CYNAGORA_CFLAGS]) -+AC_SUBST([CYNAGORA_LIBS]) - - AC_CONFIG_FILES([ - Doxyfile -@@ -1835,7 +1835,7 @@ echo " - Building bus stats API: ${enable_stats} - Building SELinux support: ${have_selinux} - Building AppArmor support: ${have_apparmor} -- Building Cynara support: ${enable_cynara} -+ Building Cynagora support: ${enable_cynagora} - Building inotify support: ${have_inotify} - Building kqueue support: ${have_kqueue} - Building systemd support: ${have_systemd} --- -2.21.1 - diff --git a/meta-security/recipes-core/dbus-cynagora/dbus_1.12.16.bbappend b/meta-security/recipes-core/dbus-cynagora/dbus_1.12.16.bbappend deleted file mode 100644 index 177a117b8..000000000 --- a/meta-security/recipes-core/dbus-cynagora/dbus_1.12.16.bbappend +++ /dev/null @@ -1,15 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/dbus-cynagora:" - -SRC_URI_append_class-target = "\ - file://0001-Integration-of-Cynara-asynchronous-security-checks.patch \ - file://0002-Disable-message-dispatching-when-send-rule-result-is.patch \ - file://0003-Handle-unavailability-of-policy-results-for-broadcas.patch \ - file://0004-Add-own-rule-result-unavailability-handling.patch \ - file://0005-Perform-Cynara-runtime-policy-checks-by-default.patch \ - file://0006-Fix-SIGSEGV-on-disconnections.patch \ - file://0007-Switch-from-cynara-to-cynagora.patch \ -" - -DEPENDS_append_class-target = " cynagora smack" -EXTRA_OECONF_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES','smack','--enable-cynagora --disable-selinux','',d)}" - diff --git a/meta-security/recipes-core/packagegroups/packagegroup-security-framework.bb b/meta-security/recipes-core/packagegroups/packagegroup-security-framework.bb deleted file mode 100644 index bc708600f..000000000 --- a/meta-security/recipes-core/packagegroups/packagegroup-security-framework.bb +++ /dev/null @@ -1,23 +0,0 @@ -SUMMARY = "Security middleware components" -LICENSE = "MIT" - -inherit packagegroup - -# Install Cynara and security-manager by default if (and only if) -# Smack is enabled. -# -# Cynara does not have a hard dependency on Smack security, -# but is meant to be used with it. security-manager however -# links against smack and expects Smack to be active, -# so we do not have any choice. -# -# Without configuration, security-manager is not usable. We use -# the policy packaged from the upstream source code here. Adapting -# it for the distro can be done by patching that source. -RDEPENDS_${PN}_append_with-lsm-smack = " \ - cynagora \ - security-manager \ - security-manager-policy \ - smacknet \ - smack-system-setup \ -" diff --git a/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules b/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules deleted file mode 100644 index eca65292f..000000000 --- a/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules +++ /dev/null @@ -1,27 +0,0 @@ -# do not edit this file, it will be overwritten on update - -KERNEL=="null", SECLABEL{smack}="*" -KERNEL=="zero", SECLABEL{smack}="*" -KERNEL=="console", SECLABEL{smack}="*" -KERNEL=="kmsg", SECLABEL{smack}="*" -KERNEL=="video*", SECLABEL{smack}="*" -KERNEL=="card*", SECLABEL{smack}="*" -KERNEL=="ptmx", SECLABEL{smack}="*" -KERNEL=="tty", SECLABEL{smack}="*" -KERNEL=="rfkill", SECLABEL{smack}="*" - -SUBSYSTEM=="most_cdev_aim", SECLABEL{smack}="*" - -SUBSYSTEM=="graphics", GROUP="video", SECLABEL{smack}="*" -SUBSYSTEM=="drm", GROUP="video", SECLABEL{smack}="*" -SUBSYSTEM=="dvb", GROUP="video", SECLABEL{smack}="*" -SUBSYSTEM=="sound", GROUP="audio", SECLABEL{smack}="*" - -SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666", SECLABEL{smack}="*" -SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666", SECLABEL{smack}="*" -SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", GROUP="tty", MODE="0620", SECLABEL{smack}="*" -SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty", SECLABEL{smack}="*" -KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout", SECLABEL{smack}="*" - -SUBSYSTEM=="input", KERNEL=="mouse*|mice|event*", MODE="0640", SECLABEL{smack}="*" -SUBSYSTEM=="input", KERNEL=="ts[0-9]*|uinput", MODE="0640", SECLABEL{smack}="*" diff --git a/meta-security/recipes-core/smack-system-setup/files/systemd-journald.service.conf b/meta-security/recipes-core/smack-system-setup/files/systemd-journald.service.conf deleted file mode 100644 index 7035a1410..000000000 --- a/meta-security/recipes-core/smack-system-setup/files/systemd-journald.service.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Run systemd-journald with the hat ("^") Smack label. -# -# The journal daemon needs global read access to gather information -# about the services spawned by systemd. The hat label is intended -# for this purpose. The journal daemon is the only part of the -# System domain that needs read access to the User domain. Giving -# the journal daemon the hat label means that we can remove the -# System domain's read access to the User domain and we can avoid -# hard-coding a specific label name for that domain. -# -# Original author: Casey Schaufler <casey@schaufler-ca.com> -# -# This is considered a configuration change and thus distro specific. -[Service] -SmackProcessLabel=^ - diff --git a/meta-security/recipes-core/smack-system-setup/files/systemd-tmpfiles-setup.service.conf b/meta-security/recipes-core/smack-system-setup/files/systemd-tmpfiles-setup.service.conf deleted file mode 100644 index db43c8c51..000000000 --- a/meta-security/recipes-core/smack-system-setup/files/systemd-tmpfiles-setup.service.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -ExecStartPost=/bin/sh -c '([ ! -d /var/tmp ] || chsmack -L -a \"*\" /var/tmp) && ([ ! -d /var/log ] || chsmack -L -a System::Log /var/log && chsmack -L -t /var/log)' diff --git a/meta-security/recipes-core/smack-system-setup/files/tmp.mount.conf b/meta-security/recipes-core/smack-system-setup/files/tmp.mount.conf deleted file mode 100644 index 388986e82..000000000 --- a/meta-security/recipes-core/smack-system-setup/files/tmp.mount.conf +++ /dev/null @@ -1,12 +0,0 @@ -# Mount /tmp publicly accessable. Based on patch by Michael Demeter <michael.demeter@intel.com>. -# Upstream systemd temporarily had SmackFileSystemRoot for this (https://github.com/systemd/systemd/pull/1664), -# but it was removed again (https://github.com/systemd/systemd/issues/1696) because -# util-linux mount will ignore smackfsroot when Smack is not active. However, -# busybox is not that intelligent. -# -# When using busybox mount, adding smackfsroot=* and booting without -# Smack (i.e. security=none), tmp.mount will fail with an error about -# "Bad mount option smackfsroot". -[Mount] -Options=smackfsroot=* - diff --git a/meta-security/recipes-core/smack-system-setup/smack-system-setup_1.bb b/meta-security/recipes-core/smack-system-setup/smack-system-setup_1.bb deleted file mode 100644 index 49b12ad3f..000000000 --- a/meta-security/recipes-core/smack-system-setup/smack-system-setup_1.bb +++ /dev/null @@ -1,28 +0,0 @@ -DESCRIPTION = "setup of a system using smack" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" - -SRC_URI = "\ - file://55-udev-smack-default.rules \ - file://systemd-journald.service.conf \ - file://systemd-tmpfiles-setup.service.conf \ - file://tmp.mount.conf \ -" - -RDEPENDS_${PN}_append_with-lsm-smack = " smack" - -do_install_append_with-lsm-smack() { - # tuning systemd units - install -Dm0644 ${WORKDIR}/systemd-tmpfiles-setup.service.conf \ - ${D}${systemd_unitdir}/system/systemd-tmpfiles-setup.service.d/smack.conf - install -Dm0644 ${WORKDIR}/systemd-journald.service.conf \ - ${D}${systemd_unitdir}/system/systemd-journald.service.d/smack.conf - install -Dm0644 ${WORKDIR}/tmp.mount.conf \ - ${D}${systemd_unitdir}/system/tmp.mount.d/smack.conf - - # add udev rules - install -Dm0644 ${WORKDIR}/55-udev-smack-default.rules \ - ${D}${sysconfdir}/udev/rules.d/55-udev-smack-default.rules -} - -FILES_${PN} += "${systemd_unitdir}" diff --git a/meta-security/recipes-core/systemd/systemd/0001-Switch-Smack-label-earlier.patch b/meta-security/recipes-core/systemd/systemd/0001-Switch-Smack-label-earlier.patch deleted file mode 100644 index 46445be73..000000000 --- a/meta-security/recipes-core/systemd/systemd/0001-Switch-Smack-label-earlier.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 6cc74075797edb6f698cb7f312bb1c3d8cc6cb28 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> -Date: Thu, 12 Oct 2017 17:17:56 +0200 -Subject: [PATCH] Switch Smack label earlier -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Switching label after removing capability isn't -possible. - -Change-Id: Ib7dac8f071f36119520ed3205d743c1e3df3cd5e -Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - src/core/execute.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index d72e5bf08..0abffd569 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -2707,6 +2707,13 @@ static int exec_child( - } - } - -+ r = setup_smack(context, command); -+ if (r < 0) { -+ *exit_status = EXIT_SMACK_PROCESS_LABEL; -+ *error_message = strdup("Failed to set SMACK process label"); -+ return r; -+ } -+ - if (!cap_test_all(context->capability_bounding_set)) { - r = capability_bounding_set_drop(context->capability_bounding_set, false); - if (r < 0) { -@@ -2775,13 +2782,6 @@ static int exec_child( - } - #endif - -- r = setup_smack(context, command); -- if (r < 0) { -- *exit_status = EXIT_SMACK_PROCESS_LABEL; -- *error_message = strdup("Failed to set SMACK process label"); -- return r; -- } -- - #ifdef HAVE_APPARMOR - if (context->apparmor_profile && mac_apparmor_use()) { - r = aa_change_onexec(context->apparmor_profile); --- -2.14.3 - diff --git a/meta-security/recipes-core/systemd/systemd_2%.bbappend b/meta-security/recipes-core/systemd/systemd_2%.bbappend deleted file mode 100644 index 789c05f83..000000000 --- a/meta-security/recipes-core/systemd/systemd_2%.bbappend +++ /dev/null @@ -1,40 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -# Ensures systemd runs with label "System" -EXTRA_OEMESON_append_with-lsm-smack = " -Dsmack-run-label=System" - -################################################################################## -# Maintaining trivial, non-upstreamable configuration changes as patches -# is tedious. But in same cases (like early mounting of special directories) -# the configuration has to be in code. We make these changes here directly. -################################################################################## -do_patch[prefuncs] += "patch_systemd" -do_patch[vardeps] += "patch_systemd" -patch_systemd() { - # Handling of /run and /sys/fs/cgroup. Make /run a transmuting directory to - # enable systemd communications with services in the User domain. - # Original patch by Michael Demeter <michael.demeter@intel.com>. - # - # We simplify the patching by touching only lines which check the result of - # mac_smack_use(). Those are the ones which are used when Smack is active. - # - # smackfsroot=* on /sys/fs/cgroup may be upstreamable, but smackfstransmute=System::Run - # is too distro specific (depends on Smack rules) and thus has to remain here. - sed -i -e 's;\("/sys/fs/cgroup", *"[^"]*", *"[^"]*\)\(.*mac_smack_use.*\);\1,smackfsroot=*\2;' \ - -e 's;\("/run", *"[^"]*", *"[^"]*\)\(.*mac_smack_use.*\);\1,smackfstransmute=System::Run\2;' \ - ${S}/src/core/mount-setup.c -} - -################################################################################## -# What follows is temporary. -# This is a solution to the Bug-AGL SPEC-539 -# (see https://jira.automotivelinux.org/browse/SPEC-539). -# -# It renames the file "touchscreen.rules" to "55-touchscreen.rules" -# This comes with the recipe systemd_230/234 of poky (meta/recipes-core/systemd) -# It should be removed when poky changes. -################################################################################## -do_install_prepend() { - mv ${WORKDIR}/touchscreen.rules ${WORKDIR}/55-touchscreen.rules || true -} - diff --git a/meta-security/recipes-core/util-linux/util-linux_%.bbappend b/meta-security/recipes-core/util-linux/util-linux_%.bbappend deleted file mode 100644 index 05286f80d..000000000 --- a/meta-security/recipes-core/util-linux/util-linux_%.bbappend +++ /dev/null @@ -1,8 +0,0 @@ -# Enabling Smack support in util-linux enables special support -# in [lib]mount for Smack mount options: they get removed if -# Smack is not active in the current kernel. Important for -# booting with "security=none" when userspace otherwise is -# compiled to use Smack. - -PACKAGECONFIG_append_with-lsm-smack_class-target = " smack" -PACKAGECONFIG[smack] = "--with-smack, --without-smack" diff --git a/meta-security/recipes-kernel/linux/linux-%.bbappend b/meta-security/recipes-kernel/linux/linux-%.bbappend deleted file mode 100644 index 717d32e3a..000000000 --- a/meta-security/recipes-kernel/linux/linux-%.bbappend +++ /dev/null @@ -1,17 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/linux:" - -IS_KERNEL_RECIPE := "${@bb.data.inherits_class('kernel', d) and 'yes' or 'no'}" -SMACK_KERNEL_SRC_URI_no = "" -SMACK_KERNEL_SRC_URI_yes = "" - -# Kernel config fragment enabling Smack, without making it the default explicitly. -SMACK_KERNEL_SRC_URI_yes += "file://smack.cfg" - -# When added, set Smack as the default LSM. -SMACK_DEFAULT_SECURITY_CFG = "file://smack-default-lsm.cfg" - -# Add it by default, can be overridden by changing this variable here. -SMACK_DEFAULT_SECURITY ??= "${SMACK_DEFAULT_SECURITY_CFG}" -SMACK_KERNEL_SRC_URI_yes += " ${SMACK_DEFAULT_SECURITY}" - -SRC_URI_append_with-lsm-smack = "${SMACK_KERNEL_SRC_URI_${IS_KERNEL_RECIPE}}" diff --git a/meta-security/recipes-kernel/linux/linux/audit.cfg b/meta-security/recipes-kernel/linux/linux/audit.cfg deleted file mode 100644 index 214dbe33f..000000000 --- a/meta-security/recipes-kernel/linux/linux/audit.cfg +++ /dev/null @@ -1,2 +0,0 @@ -CONFIG_AUDIT=y -CONFIG_AUDITSYSCALL=y diff --git a/meta-security/recipes-kernel/linux/linux/smack-default-lsm.cfg b/meta-security/recipes-kernel/linux/linux/smack-default-lsm.cfg deleted file mode 100644 index b5c48454e..000000000 --- a/meta-security/recipes-kernel/linux/linux/smack-default-lsm.cfg +++ /dev/null @@ -1,2 +0,0 @@ -CONFIG_DEFAULT_SECURITY="smack" -CONFIG_DEFAULT_SECURITY_SMACK=y diff --git a/meta-security/recipes-kernel/linux/linux/smack.cfg b/meta-security/recipes-kernel/linux/linux/smack.cfg deleted file mode 100644 index 45a92f148..000000000 --- a/meta-security/recipes-kernel/linux/linux/smack.cfg +++ /dev/null @@ -1,9 +0,0 @@ -CONFIG_IP_NF_SECURITY=m -CONFIG_IP6_NF_SECURITY=m -CONFIG_EXT2_FS_SECURITY=y -CONFIG_EXT3_FS_SECURITY=y -CONFIG_EXT4_FS_SECURITY=y -CONFIG_SECURITY=y -CONFIG_SECURITY_SMACK=y -CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y -CONFIG_TMPFS_XATTR=y diff --git a/meta-security/recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch b/meta-security/recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch deleted file mode 100644 index 6e1827c08..000000000 --- a/meta-security/recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch +++ /dev/null @@ -1,42 +0,0 @@ -From df878b92e01f4d1c3de7f7d8229cea6a431509eb Mon Sep 17 00:00:00 2001 -From: Mingli Yu <mingli.yu@windriver.com> -Date: Wed, 19 Feb 2020 15:23:40 +0800 -Subject: [PATCH] lib/i386_table.h: add new syscall - -On 32bit system, -After upgrade glibc to 2.31 - # strace -o /tmp/test.log date -s 09:16:45 - # tail -f /tmp/test.log - close(3) = 0 - stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=114, ...}) = 0 - clock_settime64(CLOCK_REALTIME, {tv_sec=1582103805, tv_nsec=0}) = 0 - fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x4, 0x40), ...}) = 0 - ioctl(1, TCGETS, {B115200 opost isig icanon echo ...}) = 0 - write(1, "Wed Feb 19 09:16:45 UTC 2020\n", 29) = 29 - close(1) = 0 - close(2) = 0 - exit_group(0) = ? - +++ exited with 0 +++ - -It means the clock_settime64 syscall is used, so -add the syscall. - -Upstream-Status: Submitted [https://github.com/linux-audit/audit-userspace/pull/116] - -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - lib/i386_table.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/i386_table.h b/lib/i386_table.h -index 1a64c88..65fd4d9 100644 ---- a/lib/i386_table.h -+++ b/lib/i386_table.h -@@ -405,3 +405,4 @@ _S(383, "statx") - _S(384, "arch_prctl") - _S(385, "io_pgetevents") - _S(386, "rseq") -+_S(404, "clock_settime64") --- -2.7.4 - diff --git a/meta-security/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch b/meta-security/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch deleted file mode 100644 index bb6c61e80..000000000 --- a/meta-security/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch +++ /dev/null @@ -1,133 +0,0 @@ -From bdcdc3dff4469aac88e718bd15958d5ed4b9392a Mon Sep 17 00:00:00 2001 -From: Steve Grubb <sgrubb@redhat.com> -Date: Tue, 26 Feb 2019 18:33:33 -0500 -Subject: [PATCH] Add substitue functions for strndupa & rawmemchr - -Upstream-Status: Backport -[https://github.com/linux-audit/audit-userspace/commit/d579a08bb1cde71f939c13ac6b2261052ae9f77e] ---- - auparse/auparse.c | 12 +++++++++++- - auparse/interpret.c | 9 ++++++++- - configure.ac | 14 +++++++++++++- - src/ausearch-lol.c | 12 +++++++++++- - 4 files changed, 43 insertions(+), 4 deletions(-) - -diff --git a/auparse/auparse.c b/auparse/auparse.c -index 650db02..2e1c737 100644 ---- a/auparse/auparse.c -+++ b/auparse/auparse.c -@@ -1,5 +1,5 @@ - /* auparse.c -- -- * Copyright 2006-08,2012-17 Red Hat Inc., Durham, North Carolina. -+ * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or -@@ -1118,6 +1118,16 @@ static int str2event(char *s, au_event_t *e) - return 0; - } - -+#ifndef HAVE_STRNDUPA -+static inline char *strndupa(const char *old, size_t n) -+{ -+ size_t len = strnlen(old, n); -+ char *tmp = alloca(len + 1); -+ tmp[len] = 0; -+ return memcpy(tmp, old, len); -+} -+#endif -+ - /* Returns 0 on success and 1 on error */ - static int extract_timestamp(const char *b, au_event_t *e) - { -diff --git a/auparse/interpret.c b/auparse/interpret.c -index 51c4a5e..67b7b77 100644 ---- a/auparse/interpret.c -+++ b/auparse/interpret.c -@@ -853,6 +853,13 @@ err_out: - return print_escaped(id->val); - } - -+// rawmemchr is faster. Let's use it if we have it. -+#ifdef HAVE_RAWMEMCHR -+#define STRCHR rawmemchr -+#else -+#define STRCHR strchr -+#endif -+ - static const char *print_proctitle(const char *val) - { - char *out = (char *)print_escaped(val); -@@ -863,7 +870,7 @@ static const char *print_proctitle(const char *val) - // Proctitle has arguments separated by NUL bytes - // We need to write over the NUL bytes with a space - // so that we can see the arguments -- while ((ptr = rawmemchr(ptr, '\0'))) { -+ while ((ptr = STRCHR(ptr, '\0'))) { - if (ptr >= end) - break; - *ptr = ' '; -diff --git a/configure.ac b/configure.ac -index 54bdbf1..aef07fb 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1,7 +1,7 @@ - dnl - define([AC_INIT_NOTICE], - [### Generated automatically using autoconf version] AC_ACVERSION [ --### Copyright 2005-18 Steve Grubb <sgrubb@redhat.com> -+### Copyright 2005-19 Steve Grubb <sgrubb@redhat.com> - ### - ### Permission is hereby granted, free of charge, to any person obtaining a - ### copy of this software and associated documentation files (the "Software"), -@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote - AC_CHECK_FUNCS([posix_fallocate]) - dnl; signalfd is needed for libev - AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ]) -+dnl; check if rawmemchr is available -+AC_CHECK_FUNCS([rawmemchr]) -+dnl; check if strndupa is available -+AC_LINK_IFELSE( -+ [AC_LANG_SOURCE( -+ [[ -+ #define _GNU_SOURCE -+ #include <string.h> -+ int main() { (void) strndupa("test", 10); return 0; }]])], -+ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])], -+ [] -+) - - ALLWARNS="" - ALLDEBUG="-g" -diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c -index 5d17a72..758c33e 100644 ---- a/src/ausearch-lol.c -+++ b/src/ausearch-lol.c -@@ -1,6 +1,6 @@ - /* - * ausearch-lol.c - linked list of linked lists library --* Copyright (c) 2008,2010,2014,2016 Red Hat Inc., Durham, North Carolina. -+* Copyright (c) 2008,2010,2014,2016,2019 Red Hat Inc., Durham, North Carolina. - * All Rights Reserved. - * - * This software may be freely redistributed and/or modified under the -@@ -152,6 +152,16 @@ static int compare_event_time(event *e1, event *e2) - return 0; - } - -+#ifndef HAVE_STRNDUPA -+static inline char *strndupa(const char *old, size_t n) -+{ -+ size_t len = strnlen(old, n); -+ char *tmp = alloca(len + 1); -+ tmp[len] = 0; -+ return memcpy(tmp, old, len); -+} -+#endif -+ - /* - * This function will look at the line and pick out pieces of it. - */ --- -2.7.4 - diff --git a/meta-security/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch b/meta-security/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch deleted file mode 100644 index 7c2699540..000000000 --- a/meta-security/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch +++ /dev/null @@ -1,57 +0,0 @@ -From a07271f1cce82122610b622bcea4a8a37528f321 Mon Sep 17 00:00:00 2001 -From: Li xin <lixin.fnst@cn.fujitsu.com> -Date: Sun, 19 Jul 2015 02:42:58 +0900 -Subject: [PATCH] audit: Fixed swig host contamination issue - -The audit build uses swig to generate a python wrapper. -Unfortunately, the swig info file references host include -directories. Some of these were previously noticed and -eliminated, but the one fixed here was not. - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com> -Signed-off-by: Joe Slater <jslater@windriver.com> -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - bindings/swig/python3/Makefile.am | 3 ++- - bindings/swig/src/auditswig.i | 2 +- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am -index 9938418..fa46aac 100644 ---- a/bindings/swig/python3/Makefile.am -+++ b/bindings/swig/python3/Makefile.am -@@ -22,6 +22,7 @@ - CONFIG_CLEAN_FILES = *.loT *.rej *.orig - AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS) - AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) -+STDINC ?= /usr/include - LIBS = $(top_builddir)/lib/libaudit.la - SWIG_FLAGS = -python -py3 -modern - SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) -@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi - _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la - nodist__audit_la_SOURCES = audit_wrap.c - audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i -- swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} ${srcdir}/../src/auditswig.i -+ swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} -I$(STDINC) ${srcdir}/../src/auditswig.i - - CLEANFILES = audit.py* audit_wrap.c *~ - -diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i -index 7ebb373..424fb68 100644 ---- a/bindings/swig/src/auditswig.i -+++ b/bindings/swig/src/auditswig.i -@@ -39,7 +39,7 @@ signed - #define __attribute(X) /*nothing*/ - typedef unsigned __u32; - typedef unsigned uid_t; --%include "/usr/include/linux/audit.h" -+%include "linux/audit.h" - #define __extension__ /*nothing*/ - #include <stdint.h> - %include "../lib/libaudit.h" --- -2.7.4 - diff --git a/meta-security/recipes-security/audit/audit/audit-volatile.conf b/meta-security/recipes-security/audit/audit/audit-volatile.conf deleted file mode 100644 index 9cbe1547a..000000000 --- a/meta-security/recipes-security/audit/audit/audit-volatile.conf +++ /dev/null @@ -1 +0,0 @@ -d /var/log/audit 0750 root root - diff --git a/meta-security/recipes-security/audit/audit/auditd b/meta-security/recipes-security/audit/audit/auditd deleted file mode 100755 index cda2e43d4..000000000 --- a/meta-security/recipes-security/audit/audit/auditd +++ /dev/null @@ -1,153 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: auditd -# Required-Start: $local_fs -# Required-Stop: $local_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Audit Daemon -# Description: Collects audit information from Linux 2.6 Kernels. -### END INIT INFO - -# Author: Philipp Matthias Hahn <pmhahn@debian.org> -# Based on Debians /etc/init.d/skeleton and Auditds init.d/auditd.init - -# June, 2012: Adopted for yocto <amy.fong@windriver.com> - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/bin:/usr/sbin:/usr/bin -DESC="audit daemon" -NAME=auditd -DAEMON=/sbin/auditd -PIDFILE=/var/run/"$NAME".pid -SCRIPTNAME=/etc/init.d/"$NAME" - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/"$NAME" ] && . /etc/default/"$NAME" - -. /etc/default/rcS - -. /etc/init.d/functions - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test > /dev/null \ - || return 1 - start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- \ - $EXTRAOPTIONS \ - || return 2 - if [ -f /etc/audit/audit.rules ] - then - /sbin/auditctl -R /etc/audit/audit.rules >/dev/null - fi -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon -K --quiet --pidfile "$PIDFILE" --name "$NAME" - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f "$PIDFILE" - rm -f /var/run/audit_events - # Remove watches so shutdown works cleanly - case "$AUDITD_CLEAN_STOP" in - no|NO) ;; - *) /sbin/auditctl -D >/dev/null ;; - esac - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - start-stop-daemon -K --signal HUP --quiet --pidfile $PIDFILE --name $NAME - return 0 -} - -if [ ! -e /var/log/audit ]; then - mkdir -p /var/log/audit - [ -x /sbin/restorecon ] && /sbin/restorecon -F /var/log/audit -fi - -case "$1" in - start) - [ "$VERBOSE" != no ] && echo "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && echo 0 ;; - 2) [ "$VERBOSE" != no ] && echo 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && echo "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && echo 0 ;; - 2) [ "$VERBOSE" != no ] && echo 1 ;; - esac - ;; - reload|force-reload) - echo "Reloading $DESC" "$NAME" - do_reload - echo $? - ;; - restart) - echo "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) echo 0 ;; - 1) echo 1 ;; # Old process is still running - *) echo 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - echo 1 - ;; - esac - ;; - rotate) - echo "Rotating $DESC logs" "$NAME" - start-stop-daemon -K --signal USR1 --quiet --pidfile "$PIDFILE" --name "$NAME" - echo $? - ;; - status) - pidofproc "$DAEMON" >/dev/null - status=$? - if [ $status -eq 0 ]; then - echo "$NAME is running." - else - echo "$NAME is not running." - fi - exit $status - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|rotate|status}" >&2 - exit 3 - ;; -esac - -: diff --git a/meta-security/recipes-security/audit/audit/auditd.service b/meta-security/recipes-security/audit/audit/auditd.service deleted file mode 100644 index ebc079897..000000000 --- a/meta-security/recipes-security/audit/audit/auditd.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Security Auditing Service -DefaultDependencies=no -After=local-fs.target -Conflicts=shutdown.target -Before=sysinit.target shutdown.target -After=systemd-tmpfiles-setup.service - -[Service] -ExecStart=/sbin/auditd -n -## To use augenrules, copy this file to /etc/systemd/system/auditd.service -## and uncomment the next line and delete/comment out the auditctl line. -## Then copy existing rules to /etc/audit/rules.d/ -## Not doing this last step can cause loss of existing rules -#ExecStartPost=-/sbin/augenrules --load -ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target diff --git a/meta-security/recipes-security/audit/audit_2.8.5.bb b/meta-security/recipes-security/audit/audit_2.8.5.bb deleted file mode 100644 index af36ed5e2..000000000 --- a/meta-security/recipes-security/audit/audit_2.8.5.bb +++ /dev/null @@ -1,106 +0,0 @@ -SUMMARY = "User space tools for kernel auditing" -DESCRIPTION = "The audit package contains the user space utilities for \ -storing and searching the audit records generated by the audit subsystem \ -in the Linux kernel." -HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" -SECTION = "base" -LICENSE = "GPLv2+ & LGPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" - -SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintenance \ - file://Add-substitue-functions-for-strndupa-rawmemchr.patch \ - file://Fixed-swig-host-contamination-issue.patch \ - file://0001-lib-i386_table.h-add-new-syscall.patch \ - file://auditd \ - file://auditd.service \ - file://audit-volatile.conf \ -" - -S = "${WORKDIR}/git" -SRCREV = "5fae55c1ad15b3cefe6890eba7311af163e9133c" - -inherit autotools python3native update-rc.d systemd - -UPDATERCPN = "auditd" -INITSCRIPT_NAME = "auditd" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_PACKAGES = "auditd" -SYSTEMD_SERVICE_auditd = "auditd.service" - -DEPENDS += "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native" - -EXTRA_OECONF += "--without-prelude \ - --with-libwrap \ - --enable-gssapi-krb5=no \ - --with-libcap-ng=yes \ - --with-python3=yes \ - --libdir=${base_libdir} \ - --sbindir=${base_sbindir} \ - --without-python \ - --without-golang \ - --disable-zos-remote \ - " -EXTRA_OECONF_append_arm = " --with-arm=yes" -EXTRA_OECONF_append_aarch64 = " --with-aarch64=yes" - -EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \ - PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \ - pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \ - STDINC='${STAGING_INCDIR}' \ - pkgconfigdir=${libdir}/pkgconfig \ - " - -SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher" -DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ -interface to the audit system, audispd. These plugins can do things \ -like relay events to remote machines or analyze events for suspicious \ -behavior." - -PACKAGES =+ "audispd-plugins" -PACKAGES += "auditd ${PN}-python" - -FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" -FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*" -FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \ - ${sysconfdir}/audisp/plugins.d/au-remote.conf \ - ${sbindir}/audisp-remote ${localstatedir}/spool/audit \ - " -FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" -FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" - -CONFFILES_auditd += "${sysconfdir}/audit/audit.rules" -RDEPENDS_auditd += "bash" - -do_install_append() { - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la - - # reuse auditd config - [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default - mv ${D}/etc/sysconfig/auditd ${D}/etc/default - rmdir ${D}/etc/sysconfig/ - - # replace init.d - install -D -m 0755 ${WORKDIR}/auditd ${D}/etc/init.d/auditd - rm -rf ${D}/etc/rc.d - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d/ - install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ - fi - - # install systemd unit files - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system - - # audit-2.5 doesn't install any rules by default, so we do that here - mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d - cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules - - chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d - chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules - - # Based on the audit.spec "Copy default rules into place on new installation" - cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules -} diff --git a/meta-security/recipes-security/cynagoauth/cynagoauth_0.1.bb b/meta-security/recipes-security/cynagoauth/cynagoauth_0.1.bb deleted file mode 100644 index c77c99189..000000000 --- a/meta-security/recipes-security/cynagoauth/cynagoauth_0.1.bb +++ /dev/null @@ -1,23 +0,0 @@ -DESCRIPTION = "OAuth server using cynagora backend" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" - -SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/cynagoauth.git;protocol=https;branch=${AGL_BRANCH}" -SRCREV = "26a5dbddf3a9bfde481a6fcd2aae16c7ecba665f" -PV = "0.1+git${SRCPV}" - -S = "${WORKDIR}/git" - -DEPENDS = "json-c libmicrohttpd openssl cynagora" - -inherit cmake - -EXTRA_OECMAKE += " \ - -DDEFAULTHOSTS=:7777 \ - -DDEFAULTURL=http://localhost:7777/tok \ - -DUNITDIR_SYSTEM=${systemd_system_unitdir} \ -" - -FILES_${PN} += "${systemd_system_unitdir}" - - diff --git a/meta-security/recipes-security/cynagora/cynagora-cynara-compat_2.1.bb b/meta-security/recipes-security/cynagora/cynagora-cynara-compat_2.1.bb deleted file mode 100644 index f146051cd..000000000 --- a/meta-security/recipes-security/cynagora/cynagora-cynara-compat_2.1.bb +++ /dev/null @@ -1,30 +0,0 @@ -DESCRIPTION = "Cynara service with client libraries" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://Apache-2.0;md5=3b83ef96387f14655fc854ddc3c6bd57" - -SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/cynagora;protocol=https;branch=${AGL_BRANCH}" -SRCREV = "7d7907651c42c5c32deabc17b639e0e1765eae60" -PV = "2.1+git${SRCPV}" - -S = "${WORKDIR}/git" - -inherit cmake - -PROVIDES = "cynara" -RPROVIDES_${PN} = "cynara" -DEPENDS = "libcap" -RDEPENDS_${PN} = "cynagora" - -EXTRA_OECMAKE += " \ - -DWITH_SYSTEMD=OFF \ - -DWITH_CYNARA_COMPAT=ON \ - -DDIRECT_CYNARA_COMPAT=ON \ -" - -do_install_append() { - # remove cynagora stuff - rm $(find ${D} -name '*cynagora*') - # remove stupid test - rm -r ${D}${bindir} -} - diff --git a/meta-security/recipes-security/cynagora/cynagora/run-ptest b/meta-security/recipes-security/cynagora/cynagora/run-ptest deleted file mode 100755 index f95f0725b..000000000 --- a/meta-security/recipes-security/cynagora/cynagora/run-ptest +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -# test access to cynagora server -cynagora-admin list > /dev/null diff --git a/meta-security/recipes-security/cynagora/cynagora_2.1.bb b/meta-security/recipes-security/cynagora/cynagora_2.1.bb deleted file mode 100644 index 73f2f0949..000000000 --- a/meta-security/recipes-security/cynagora/cynagora_2.1.bb +++ /dev/null @@ -1,38 +0,0 @@ -DESCRIPTION = "Cynagora service and client libraries" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://Apache-2.0;md5=3b83ef96387f14655fc854ddc3c6bd57" - -SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/cynagora;protocol=https;branch=${AGL_BRANCH}" -SRCREV = "7d7907651c42c5c32deabc17b639e0e1765eae60" -PV = "2.1+git${SRCPV}" - -S = "${WORKDIR}/git" - -DEPENDS = "systemd libcap" - -inherit cmake - -EXTRA_OECMAKE += " \ - -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir} \ - -DWITH_SYSTEMD=ON \ - -DWITH_CYNARA_COMPAT=OFF \ -" - -inherit useradd -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "-r cynagora" -USERADD_PARAM_${PN} = "\ ---system --home ${localstatedir}/lib/empty \ ---no-create-home --shell /bin/false \ ---gid cynagora cynagora \ -" - -FILES_${PN} += "${systemd_system_unitdir}" - -PACKAGES =+ "${PN}-tools" -FILES_${PN}-tools += "${bindir}/cynagora-admin ${bindir}/cynagora-agent" -RDEPENDS_${PN}_append_agl-devel = " ${PN}-tools" - -inherit ptest -SRC_URI_append = " file://run-ptest" -RDEPENDS_${PN}-ptest_append = " ${PN}-tools" diff --git a/meta-security/recipes-security/security-manager/security-manager.inc b/meta-security/recipes-security/security-manager/security-manager.inc deleted file mode 100644 index e1d1f4011..000000000 --- a/meta-security/recipes-security/security-manager/security-manager.inc +++ /dev/null @@ -1,83 +0,0 @@ -DESCRIPTION = "Security manager and utilities" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327;beginline=3" - -inherit cmake - -B = "${S}" - -DEPENDS = " \ - attr \ - boost \ - cynara \ - icu \ - libcap \ - smack \ - sqlite3 \ - systemd \ -" - -PACKAGECONFIG ??= "" -PACKAGECONFIG[debug] = "-DCMAKE_BUILD_TYPE=DEBUG,-DCMAKE_BUILD_TYPE=RELEASE" - -TZ_SYS_DB ?= "/var/db/security-manager" - -EXTRA_OECMAKE = " \ - -DCMAKE_VERBOSE_MAKEFILE=ON \ - -DVERSION=${PV} \ - -DSYSTEMD_INSTALL_DIR=${systemd_unitdir}/system \ - -DBIN_INSTALL_DIR=${bindir} \ - -DDB_INSTALL_DIR=${TZ_SYS_DB} \ - -DLIB_INSTALL_DIR=${libdir} \ - -DSHARE_INSTALL_PREFIX=${datadir} \ - -DINCLUDE_INSTALL_DIR=${includedir} \ -" - -inherit systemd -SYSTEMD_SERVICE_${PN} = "security-manager.service" - -inherit features_check -REQUIRED_DISTRO_FEATURES += "smack" - -# The upstream source code contains the Tizen-specific policy configuration files. -# To replace them, create a security-manager.bbappend and set the following variable to a -# space-separated list of policy file names (not URIs!), for example: -# SECURITY_MANAGER_POLICY = "privilege-group.list usertype-system.profile" -# -# Leave it empty to use the upstream Tizen policy. -SECURITY_MANAGER_POLICY ?= "" -SRC_URI_append = " ${@' '.join(['file://' + x for x in d.getVar('SECURITY_MANAGER_POLICY', True).split()])}" -python do_patch_append () { - import os - import shutil - import glob - files = d.getVar('SECURITY_MANAGER_POLICY', True).split() - if files: - s = d.getVar('S', True) - workdir = d.getVar('WORKDIR', True) - for pattern in ['*.profile', '*.list']: - for old_file in glob.glob(s + '/policy/' + pattern): - os.unlink(old_file) - for file in files: - shutil.copy(file, s + '/policy') -} - -do_install_append () { - install -d ${D}/${systemd_unitdir}/system/multi-user.target.wants - ln -s ../security-manager.service ${D}/${systemd_unitdir}/system/multi-user.target.wants/security-manager.service - install -d ${D}/${systemd_unitdir}/system/sockets.target.wants - ln -s ../security-manager.socket ${D}/${systemd_unitdir}/system/sockets.target.wants/security-manager.socket -} - -RDEPENDS_${PN} += "sqlite3 cynara" -FILES_${PN} += " \ - ${systemd_unitdir} \ - ${TZ_SYS_DB} \ - ${bindir}/.security-manager-setup \ -" - -PACKAGES =+ "${PN}-policy" -FILES_${PN}-policy = " \ - ${datadir}/${PN} \ - ${bindir}/security-manager-policy-reload \ -" diff --git a/meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch b/meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch deleted file mode 100644 index 91ce81963..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 3d9d1d83fe298a364f51ad752c17aad461beded3 Mon Sep 17 00:00:00 2001 -From: Patrick Ohly <patrick.ohly@intel.com> -Date: Tue, 24 Mar 2015 04:54:03 -0700 -Subject: [PATCH 01/14] systemd: stop using compat libs - -libsystemd-journal and libsystemd-daemon are considered obsolete -in systemd since 2.09 and may not be available (not compiled -by default). - -The code works fine with the current libsystemd, so just -use that. - -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> -Upstream-Status: Submitted (https://github.com/Samsung/security-manager/pull/1 ---- - src/common/CMakeLists.txt | 2 +- - src/server/CMakeLists.txt | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt -index 2da9c3e..968c7c1 100644 ---- a/src/common/CMakeLists.txt -+++ b/src/common/CMakeLists.txt -@@ -3,7 +3,7 @@ SET(COMMON_VERSION ${COMMON_VERSION_MAJOR}.0.2) - - PKG_CHECK_MODULES(COMMON_DEP - REQUIRED -- libsystemd-journal -+ libsystemd - libsmack - db-util - cynara-admin -diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt -index 753eb96..6849d76 100644 ---- a/src/server/CMakeLists.txt -+++ b/src/server/CMakeLists.txt -@@ -1,6 +1,6 @@ - PKG_CHECK_MODULES(SERVER_DEP - REQUIRED -- libsystemd-daemon -+ libsystemd - ) - - FIND_PACKAGE(Boost REQUIRED) --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch b/meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch deleted file mode 100644 index b6346480b..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch +++ /dev/null @@ -1,36 +0,0 @@ -From a90515613f09140049b2bdf471fa83d5dd7bad1c Mon Sep 17 00:00:00 2001 -From: Patrick Ohly <patrick.ohly@intel.com> -Date: Wed, 19 Aug 2015 15:02:32 +0200 -Subject: [PATCH 02/14] security-manager-policy-reload: do not depend on GNU - sed - -\U (= make replacement uppercase) is a GNU sed extension which is not -supported by other sed implementation's (like the one from -busybox). When using busybox, the bucket for user profiles became -USER_TYPE_Uadmin instead USER_TYPE_ADMIN. - -To make SecurityManager more portable, better use tr to turn the -bucket name into uppercase. - -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> -Upstream-Status: Submitted (https://github.com/Samsung/security-manager/pull/1 ---- - policy/security-manager-policy-reload | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload -index 274c49c..6f211c6 100755 ---- a/policy/security-manager-policy-reload -+++ b/policy/security-manager-policy-reload -@@ -33,7 +33,7 @@ END - find "$POLICY_PATH" -name "usertype-*.profile" | - while read file - do -- bucket="`echo $file | sed -r 's|.*/usertype-(.*).profile$|USER_TYPE_\U\1|'`" -+ bucket="`echo $file | sed -r 's|.*/usertype-(.*).profile$|USER_TYPE_\1|' | tr '[:lower:]' '[:upper:]'`" - - # Re-create the bucket with empty contents - cyad --delete-bucket=$bucket || true --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch b/meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch deleted file mode 100644 index d79345e01..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch +++ /dev/null @@ -1,117 +0,0 @@ -From a80e33bc0a10fa4bed5d0b7bf29f45dd2565d309 Mon Sep 17 00:00:00 2001 -From: Alejandro Joya <alejandro.joya.cruz@intel.com> -Date: Wed, 4 Nov 2015 19:01:35 -0600 -Subject: [PATCH 03/14] Smack-rules: create two new functions - -It let to smack-rules to create multiple set of rules -related with the privileges. - -It runs from the same bases than for a static set of rules on the -template, but let you add 1 or many templates for different cases. - -Change-Id: I14f8d4e914ad5a7ba34c96f3cb5589f0b15292de -Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com> ---- - src/common/include/smack-rules.h | 15 +++++++++++ - src/common/smack-rules.cpp | 44 ++++++++++++++++++++++++++++++++ - 2 files changed, 59 insertions(+) - -diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h -index 91446a7..3ad9dd4 100644 ---- a/src/common/include/smack-rules.h -+++ b/src/common/include/smack-rules.h -@@ -47,6 +47,8 @@ public: - void addFromTemplate(const std::vector<std::string> &templateRules, - const std::string &appId, const std::string &pkgId); - void addFromTemplateFile(const std::string &appId, const std::string &pkgId); -+ void addFromTemplateFile(const std::string &appId, const std::string &pkgId, -+ const std::string &path); - - void apply() const; - void clear() const; -@@ -74,6 +76,19 @@ public: - */ - static void installApplicationRules(const std::string &appId, const std::string &pkgId, - const std::vector<std::string> &pkgContents); -+ /** -+ * Install privileges-specific smack rules. -+ * -+ * Function creates smack rules using predefined template. Rules are applied -+ * to the kernel and saved on persistent storage so they are loaded on system boot. -+ * -+ * @param[in] appId - application id that is beeing installed -+ * @param[in] pkgId - package id that the application is in -+ * @param[in] pkgContents - a list of all applications in the package -+ * @param[in] privileges - a list of all prvileges -+ */ -+ static void installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId, -+ const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges); - /** - * Uninstall package-specific smack rules. - * -diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp -index 3629e0f..922a56f 100644 ---- a/src/common/smack-rules.cpp -+++ b/src/common/smack-rules.cpp -@@ -135,6 +135,29 @@ void SmackRules::saveToFile(const std::string &path) const - } - } - -+void SmackRules::addFromTemplateFile(const std::string &appId, -+ const std::string &pkgId, const std::string &path) -+{ -+ std::vector<std::string> templateRules; -+ std::string line; -+ std::ifstream templateRulesFile(path); -+ -+ if (!templateRulesFile.is_open()) { -+ LogError("Cannot open rules template file: " << path); -+ ThrowMsg(SmackException::FileError, "Cannot open rules template file: " << path); -+ } -+ -+ while (std::getline(templateRulesFile, line)) { -+ templateRules.push_back(line); -+ } -+ -+ if (templateRulesFile.bad()) { -+ LogError("Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH); -+ ThrowMsg(SmackException::FileError, "Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH); -+ } -+ -+ addFromTemplate(templateRules, appId, pkgId); -+} - - void SmackRules::addFromTemplateFile(const std::string &appId, - const std::string &pkgId) -@@ -223,7 +246,28 @@ std::string SmackRules::getApplicationRulesFilePath(const std::string &appId) - std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str())); - return path; - } -+void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId, -+ const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges) -+{ -+ SmackRules smackRules; -+ std::string appPath = getApplicationRulesFilePath(appId); -+ smackRules.loadFromFile(appPath); -+ struct stat buffer; -+ for (auto privilege : privileges) { -+ if (privilege.empty()) -+ continue; -+ std::string fprivilege ( privilege + "-template.smack"); -+ std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str())); -+ if( stat(path.c_str(), &buffer) == 0) -+ smackRules.addFromTemplateFile(appId, pkgId, path); -+ } -+ -+ if (smack_smackfs_path() != NULL) -+ smackRules.apply(); - -+ smackRules.saveToFile(appPath); -+ updatePackageRules(pkgId, pkgContents); -+} - void SmackRules::installApplicationRules(const std::string &appId, const std::string &pkgId, - const std::vector<std::string> &pkgContents) - { --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch b/meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch deleted file mode 100644 index 59d4971ff..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch +++ /dev/null @@ -1,34 +0,0 @@ -From a5979d9d674e400ecd7fcdf5d7589cfa0cfeb492 Mon Sep 17 00:00:00 2001 -From: Alejandro Joya <alejandro.joya.cruz@intel.com> -Date: Wed, 4 Nov 2015 19:06:23 -0600 -Subject: [PATCH 04/14] app-install: implement multiple set of smack-rules - -If it's need it could create load multiple set of smack rules -related with the privileges. -It wouldn't affect the case that only the default set of rules is need it. - -Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com> ---- - src/common/service_impl.cpp | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp -index 7fd621c..ae305d3 100644 ---- a/src/common/service_impl.cpp -+++ b/src/common/service_impl.cpp -@@ -338,6 +338,12 @@ int appInstall(const app_inst_req &req, uid_t uid) - LogDebug("Adding Smack rules for new appId: " << req.appId << " with pkgId: " - << req.pkgId << ". Applications in package: " << pkgContents.size()); - SmackRules::installApplicationRules(req.appId, req.pkgId, pkgContents); -+ /*Setup for privileges custom rules*/ -+ LogDebug("Adding Smack rules for new appId: " << req.appId << " with pkgId: " -+ << req.pkgId << ". Applications in package: " << pkgContents.size() -+ << " and Privileges"); -+ SmackRules::installApplicationPrivilegesRules(req.appId, req.pkgId, -+ pkgContents,req.privileges); - } catch (const SmackException::Base &e) { - LogError("Error while applying Smack policy for application: " << e.DumpToString()); - return SECURITY_MANAGER_API_ERROR_SETTING_FILE_LABEL_FAILED; --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch b/meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch deleted file mode 100644 index 0739f28c7..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 198ba9b9782fda19803e94d2afeff91189ac27af Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net> -Date: Wed, 13 Jan 2016 17:30:06 +0100 -Subject: [PATCH 05/14] c++11: replace deprecated auto_ptr -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Upstream-Status: Submitted [https://review.tizen.org/gerrit/#/c/56940/] - -Change-Id: Id793c784c9674eef48f346226c094bdd9f7bbda8 -Signed-off-by: José Bollo <jobol@nonadev.net> ---- - src/dpl/core/include/dpl/binary_queue.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/dpl/core/include/dpl/binary_queue.h b/src/dpl/core/include/dpl/binary_queue.h -index dd03f5e..185b6c7 100644 ---- a/src/dpl/core/include/dpl/binary_queue.h -+++ b/src/dpl/core/include/dpl/binary_queue.h -@@ -33,7 +33,7 @@ namespace SecurityManager { - * Binary queue auto pointer - */ - class BinaryQueue; --typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr; -+typedef std::unique_ptr<BinaryQueue> BinaryQueueAutoPtr; - - /** - * Binary stream implemented as constant size bucket list --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch b/meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch deleted file mode 100644 index 3b8aad98c..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch +++ /dev/null @@ -1,47 +0,0 @@ -From ec098bf03cea23350ca7d1ea2ad88b9c88228943 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> -Date: Fri, 8 Jan 2016 16:53:46 +0100 -Subject: [PATCH 06/14] socket-manager: removes tizen specific call -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The function 'smack_fgetlabel' is specific to Tizen -and is no more maintained upstream. - -Upstream-Status: Accepted [https://review.tizen.org/gerrit/#/c/56507/] - -Change-Id: I3802742b1758efe37b33e6d968ff727d68f2fd1f -Signed-off-by: José Bollo <jobol@nonadev.net> ---- - src/server/main/socket-manager.cpp | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/server/main/socket-manager.cpp b/src/server/main/socket-manager.cpp -index 94c54c6..5e1a79b 100644 ---- a/src/server/main/socket-manager.cpp -+++ b/src/server/main/socket-manager.cpp -@@ -30,6 +30,7 @@ - #include <sys/types.h> - #include <sys/socket.h> - #include <sys/smack.h> -+#include <linux/xattr.h> - #include <sys/un.h> - #include <sys/stat.h> - #include <unistd.h> -@@ -493,9 +494,9 @@ int SocketManager::CreateDomainSocketHelp( - if (smack_check()) { - LogInfo("Set up smack label: " << desc.smackLabel); - -- if (0 != smack_fsetlabel(sockfd, desc.smackLabel.c_str(), SMACK_LABEL_IPIN)) { -- LogError("Error in smack_fsetlabel"); -- ThrowMsg(Exception::InitFailed, "Error in smack_fsetlabel"); -+ if (0 != smack_set_label_for_file(sockfd, XATTR_NAME_SMACKIPIN, desc.smackLabel.c_str())) { -+ LogError("Error in smack_set_label_for_file"); -+ ThrowMsg(Exception::InitFailed, "Error in smack_set_label_for_file"); - } - } else { - LogInfo("No smack on platform. Socket won't be securied with smack label!"); --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch b/meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch deleted file mode 100644 index bad99d25a..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 9d0791dab4b4df086374c5c0ba2a6558e10e81c1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> -Date: Mon, 16 Nov 2015 15:56:27 +0100 -Subject: [PATCH 07/14] removes dependency to libslp-db-utils - -Change-Id: I90471e77d20e04bae58cc42eb2639e4aef97fdec ---- - src/common/CMakeLists.txt | 3 ++- - src/dpl/db/src/sql_connection.cpp | 17 +---------------- - 2 files changed, 3 insertions(+), 17 deletions(-) - -diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt -index 968c7c1..9ae376f 100644 ---- a/src/common/CMakeLists.txt -+++ b/src/common/CMakeLists.txt -@@ -5,7 +5,8 @@ PKG_CHECK_MODULES(COMMON_DEP - REQUIRED - libsystemd - libsmack -- db-util -+ sqlite3 -+ icu-i18n - cynara-admin - cynara-client - ) -diff --git a/src/dpl/db/src/sql_connection.cpp b/src/dpl/db/src/sql_connection.cpp -index fdb4fe4..f49a6dc 100644 ---- a/src/dpl/db/src/sql_connection.cpp -+++ b/src/dpl/db/src/sql_connection.cpp -@@ -26,7 +26,6 @@ - #include <memory> - #include <dpl/noncopyable.h> - #include <dpl/assert.h> --#include <db-util.h> - #include <unistd.h> - #include <cstdio> - #include <cstdarg> -@@ -606,16 +605,7 @@ void SqlConnection::Connect(const std::string &address, - - // Connect to database - int result; -- if (type & Flag::UseLucene) { -- result = db_util_open_with_options( -- address.c_str(), -- &m_connection, -- flag, -- NULL); -- -- m_usingLucene = true; -- LogPedantic("Lucene index enabled"); -- } else { -+ (void)type; - result = sqlite3_open_v2( - address.c_str(), - &m_connection, -@@ -624,7 +614,6 @@ void SqlConnection::Connect(const std::string &address, - - m_usingLucene = false; - LogPedantic("Lucene index disabled"); -- } - - if (result == SQLITE_OK) { - LogPedantic("Connected to DB"); -@@ -653,11 +642,7 @@ void SqlConnection::Disconnect() - - int result; - -- if (m_usingLucene) { -- result = db_util_close(m_connection); -- } else { - result = sqlite3_close(m_connection); -- } - - if (result != SQLITE_OK) { - const char *error = sqlite3_errmsg(m_connection); --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch b/meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch deleted file mode 100644 index 5ece7ef4f..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch +++ /dev/null @@ -1,38 +0,0 @@ -From a1d9b40b4fa2e73d31a53e398c286bffeaae1732 Mon Sep 17 00:00:00 2001 -From: Ronan <ronan.lemartret@iot.bzh> -Date: Wed, 12 Oct 2016 17:48:55 +0200 -Subject: [PATCH 08/14] Fix gcc6 build - -Signed-off-by: ronan <ronan@ot.bzh> ---- - src/client/client-security-manager.cpp | 1 + - src/common/include/privilege_db.h | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp -index 74a6b30..347cddd 100644 ---- a/src/client/client-security-manager.cpp -+++ b/src/client/client-security-manager.cpp -@@ -46,6 +46,7 @@ - #include <service_impl.h> - #include <security-manager.h> - #include <client-offline.h> -+#include <linux/xattr.h> - - static const char *EMPTY = ""; - -diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h -index 4d73d90..08fb9d6 100644 ---- a/src/common/include/privilege_db.h -+++ b/src/common/include/privilege_db.h -@@ -32,6 +32,7 @@ - #include <map> - #include <stdbool.h> - #include <string> -+#include <vector> - - #include <dpl/db/sql_connection.h> - #include <tzplatform_config.h> --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch b/meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch deleted file mode 100644 index 706eb1a93..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 382379d74221bcc60a0ab70d63430a1c0587b2ec Mon Sep 17 00:00:00 2001 -From: Ronan <ronan.lemartret@iot.bzh> -Date: Thu, 13 Oct 2016 11:37:47 +0200 -Subject: [PATCH 09/14] Fix Cmake conf for gcc6 build - -Signed-off-by: Ronan <ronan.lemartret@iot.bzh> ---- - src/cmd/CMakeLists.txt | 4 +--- - src/server/CMakeLists.txt | 1 - - 2 files changed, 1 insertion(+), 4 deletions(-) - -diff --git a/src/cmd/CMakeLists.txt b/src/cmd/CMakeLists.txt -index ee9a160..aa7a12c 100644 ---- a/src/cmd/CMakeLists.txt -+++ b/src/cmd/CMakeLists.txt -@@ -1,8 +1,6 @@ - FIND_PACKAGE(Boost REQUIRED COMPONENTS program_options) - --INCLUDE_DIRECTORIES(SYSTEM -- ${Boost_INCLUDE_DIRS} -- ) -+ - - INCLUDE_DIRECTORIES( - ${INCLUDE_PATH} -diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt -index 6849d76..9598037 100644 ---- a/src/server/CMakeLists.txt -+++ b/src/server/CMakeLists.txt -@@ -8,7 +8,6 @@ FIND_PACKAGE(Threads REQUIRED) - - INCLUDE_DIRECTORIES(SYSTEM - ${SERVER_DEP_INCLUDE_DIRS} -- ${Boost_INCLUDE_DIRS} - ${Threads_INCLUDE_DIRS} - ) - --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch b/meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch deleted file mode 100644 index 0f48c5f68..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 8e93699c0f225716f3cd5eff790270ae9e3880f9 Mon Sep 17 00:00:00 2001 -From: Changhyeok Bae <changhyeok.bae@gmail.com> -Date: Sun, 17 Dec 2017 15:40:58 +0000 -Subject: [PATCH 10/14] gcc-7 requires include <functional> for std::function - -Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> ---- - src/client/client-common.cpp | 1 + - src/common/smack-labels.cpp | 1 + - src/dpl/core/src/binary_queue.cpp | 1 + - 3 files changed, 3 insertions(+) - -diff --git a/src/client/client-common.cpp b/src/client/client-common.cpp -index 883ab8d..1babdf7 100644 ---- a/src/client/client-common.cpp -+++ b/src/client/client-common.cpp -@@ -31,6 +31,7 @@ - #include <sys/xattr.h> - #include <linux/xattr.h> - #include <unistd.h> -+#include <functional> - - #include <dpl/log/log.h> - #include <dpl/serialization.h> -diff --git a/src/common/smack-labels.cpp b/src/common/smack-labels.cpp -index 0294a42..1598099 100644 ---- a/src/common/smack-labels.cpp -+++ b/src/common/smack-labels.cpp -@@ -29,6 +29,7 @@ - #include <sys/xattr.h> - #include <linux/xattr.h> - #include <memory> -+#include <functional> - #include <fts.h> - #include <cstring> - #include <string> -diff --git a/src/dpl/core/src/binary_queue.cpp b/src/dpl/core/src/binary_queue.cpp -index 72817a6..838409f 100644 ---- a/src/dpl/core/src/binary_queue.cpp -+++ b/src/dpl/core/src/binary_queue.cpp -@@ -26,6 +26,7 @@ - #include <malloc.h> - #include <cstring> - #include <new> -+#include <functional> - - namespace SecurityManager { - BinaryQueue::BinaryQueue() : --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch b/meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch deleted file mode 100644 index 5c679fc26..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 243b7ffee16558d7cb9b411f49380138efeffca9 Mon Sep 17 00:00:00 2001 -From: Stephane Desneux <stephane.desneux@iot.bzh> -Date: Fri, 1 Feb 2019 12:26:17 +0000 -Subject: [PATCH 11/14] Fix gcc8 warning/error [-Werror=catch-value=] - -Fixes the following warning/error during compile: - -src/dpl/core/src/assert.cpp:61:14: error: catching polymorphic type 'class SecurityManager::Exception' by value [-Werror=catch-value=] -| } catch (Exception) { -| ^~~~~~~~~ - -Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh> ---- - src/dpl/core/src/assert.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/dpl/core/src/assert.cpp b/src/dpl/core/src/assert.cpp -index 63538a2..fc60ce9 100644 ---- a/src/dpl/core/src/assert.cpp -+++ b/src/dpl/core/src/assert.cpp -@@ -58,7 +58,7 @@ void AssertProc(const char *condition, - INTERNAL_LOG("### Function: " << function); - INTERNAL_LOG( - "################################################################################"); -- } catch (Exception) { -+ } catch (Exception const&) { - // Just ignore possible double errors - } - --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch b/meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch deleted file mode 100644 index 91ccf9ee2..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch +++ /dev/null @@ -1,122 +0,0 @@ -From 5ee51d38575f289c2bf37ed817ef680ed47bb320 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> -Date: Fri, 1 Feb 2019 15:37:44 +0100 -Subject: [PATCH 12/14] Avoid casting from "const T&" to "void*" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Latest version of g++ refuse the cast - - reinterpret_cast<void (Service::*)(void*)>(serviceFunction) - -I made no investigation to know if the problem -is coming from the const or not. - -Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - src/server/main/include/service-thread.h | 42 ++++++++++-------------- - 1 file changed, 18 insertions(+), 24 deletions(-) - -diff --git a/src/server/main/include/service-thread.h b/src/server/main/include/service-thread.h -index 964d168..61fdda8 100644 ---- a/src/server/main/include/service-thread.h -+++ b/src/server/main/include/service-thread.h -@@ -94,7 +94,7 @@ public: - Join(); - while (!m_eventQueue.empty()){ - auto front = m_eventQueue.front(); -- delete front.eventPtr; -+ delete front; - m_eventQueue.pop(); - } - } -@@ -104,34 +104,28 @@ public: - Service *servicePtr, - void (Service::*serviceFunction)(const T &)) - { -- EventDescription description; -- description.serviceFunctionPtr = -- reinterpret_cast<void (Service::*)(void*)>(serviceFunction); -- description.servicePtr = servicePtr; -- description.eventFunctionPtr = &ServiceThread::EventCall<T>; -- description.eventPtr = new T(event); -+ EventCallerBase *ec = new EventCaller<T>(event, servicePtr, serviceFunction); - { - std::lock_guard<std::mutex> lock(m_eventQueueMutex); -- m_eventQueue.push(description); -+ m_eventQueue.push(ec); - } - m_waitCondition.notify_one(); - } - - protected: - -- struct EventDescription { -- void (Service::*serviceFunctionPtr)(void *); -- Service *servicePtr; -- void (ServiceThread::*eventFunctionPtr)(const EventDescription &event); -- GenericEvent* eventPtr; -+ struct EventCallerBase { -+ virtual void fire() = 0; -+ virtual ~EventCallerBase() {} - }; - - template <class T> -- void EventCall(const EventDescription &desc) { -- auto fun = reinterpret_cast<void (Service::*)(const T&)>(desc.serviceFunctionPtr); -- const T& eventLocale = *(static_cast<T*>(desc.eventPtr)); -- (desc.servicePtr->*fun)(eventLocale); -- } -+ struct EventCaller : public EventCallerBase { -+ T *event; Service *target; void (Service::*function)(const T&); -+ EventCaller(const T &e, Service *c, void (Service::*f)(const T&)) : event(new T(e)), target(c), function(f) {} -+ ~EventCaller() { delete event; } -+ void fire() { (target->*function)(*event); } -+ }; - - static void ThreadLoopStatic(ServiceThread *ptr) { - ptr->ThreadLoop(); -@@ -139,33 +133,33 @@ protected: - - void ThreadLoop(){ - for (;;) { -- EventDescription description = {NULL, NULL, NULL, NULL}; -+ EventCallerBase *ec = NULL; - { - std::unique_lock<std::mutex> ulock(m_eventQueueMutex); - if (m_quit) - return; - if (!m_eventQueue.empty()) { -- description = m_eventQueue.front(); -+ ec = m_eventQueue.front(); - m_eventQueue.pop(); - } else { - m_waitCondition.wait(ulock); - } - } - -- if (description.eventPtr != NULL) { -+ if (ec != NULL) { - UNHANDLED_EXCEPTION_HANDLER_BEGIN - { -- (this->*description.eventFunctionPtr)(description); -- delete description.eventPtr; -+ ec->fire(); - } - UNHANDLED_EXCEPTION_HANDLER_END -+ delete ec; - } - } - } - - std::thread m_thread; - std::mutex m_eventQueueMutex; -- std::queue<EventDescription> m_eventQueue; -+ std::queue<EventCallerBase*> m_eventQueue; - std::condition_variable m_waitCondition; - - State m_state; --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch b/meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch deleted file mode 100644 index fb6215923..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch +++ /dev/null @@ -1,259 +0,0 @@ -From 6c96a39ba7a7763ccd47e379dbfd8d376164985f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> -Date: Mon, 16 Nov 2015 14:26:25 +0100 -Subject: [PATCH 13/14] Removing tizen-platform-config - -Change-Id: Ic832a2b75229517b09faba969c27fb1a4b490121 ---- - CMakeLists.txt | 16 +++++++- - db/CMakeLists.txt | 2 +- - policy/CMakeLists.txt | 1 + - ...load => security-manager-policy-reload.in} | 4 +- - src/common/file-lock.cpp | 4 +- - src/common/include/file-lock.h | 1 - - src/common/include/privilege_db.h | 3 +- - src/common/service_impl.cpp | 39 ++++++------------- - src/common/smack-rules.cpp | 12 ++---- - 9 files changed, 37 insertions(+), 45 deletions(-) - rename policy/{security-manager-policy-reload => security-manager-policy-reload.in} (94%) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 28790d8..37a43cc 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -49,7 +49,7 @@ ADD_DEFINITIONS("-Wall") # Generate all warnings - ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings - - STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}") --ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"") -+ADD_DEFINITIONS("-DAPI_VERSION=\"${API_VERSION}\"") - - ADD_DEFINITIONS("-DSMACK_ENABLED") - -@@ -58,6 +58,20 @@ IF (CMAKE_BUILD_TYPE MATCHES "DEBUG") - ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG") - ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG") - -+SET(DATADIR "/usr/share/security-manager" CACHE STRING "path to data directory") -+SET(SMACKRULESDIR "/etc/smack/accesses.d" CACHE STRING "path to Smack rules directory") -+SET(LOCKDIR "/var/run/lock" CACHE STRING "path to lock directory") -+SET(DB_INSTALL_DIR "/var/db/security-manager" CACHE STRING "path to database directory") -+SET(DB_FILENAME ".security-manager.db" CACHE STRING "basename of database") -+SET(GLOBALUSER "userapp" CACHE STRING "name of the global user") -+ -+ADD_DEFINITIONS("-DDATADIR=\"${DATADIR}\"") -+ADD_DEFINITIONS("-DSMACKRULESDIR=\"${SMACKRULESDIR}\"") -+ADD_DEFINITIONS("-DLOCKDIR=\"${LOCKDIR}\"") -+ADD_DEFINITIONS("-DDB_INSTALL_DIR=\"${DB_INSTALL_DIR}\"") -+ADD_DEFINITIONS("-DDB_FILENAME=\"${DB_FILENAME}\"") -+ADD_DEFINITIONS("-DGLOBALUSER=\"${GLOBALUSER}\"") -+ - ADD_SUBDIRECTORY(src) - ADD_SUBDIRECTORY(pc) - ADD_SUBDIRECTORY(systemd) -diff --git a/db/CMakeLists.txt b/db/CMakeLists.txt -index 9e8ffcc..d7af1a0 100644 ---- a/db/CMakeLists.txt -+++ b/db/CMakeLists.txt -@@ -1,4 +1,4 @@ --SET(TARGET_DB ".security-manager.db") -+SET(TARGET_DB "$(DB_FILENAME)") - - ADD_CUSTOM_COMMAND( - OUTPUT ${TARGET_DB} ${TARGET_DB}-journal -diff --git a/policy/CMakeLists.txt b/policy/CMakeLists.txt -index bd08edc..626a2bd 100644 ---- a/policy/CMakeLists.txt -+++ b/policy/CMakeLists.txt -@@ -1,4 +1,5 @@ - FILE(GLOB USERTYPE_POLICY_FILES usertype-*.profile) -+CONFIGURE_FILE(security-manager-policy-reload.in security-manager-policy-reload @ONLY) - INSTALL(FILES ${USERTYPE_POLICY_FILES} DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy) - INSTALL(FILES "app-rules-template.smack" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy) - INSTALL(FILES "privilege-group.list" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy) -diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload.in -similarity index 94% -rename from policy/security-manager-policy-reload -rename to policy/security-manager-policy-reload.in -index 6f211c6..c1bc4e2 100755 ---- a/policy/security-manager-policy-reload -+++ b/policy/security-manager-policy-reload.in -@@ -1,8 +1,8 @@ - #!/bin/sh -e - --POLICY_PATH=/usr/share/security-manager/policy -+POLICY_PATH=@DATADIR@/policy - PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list --DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db -+DB_FILE=@DB_INSTALL_DIR@/@DB_FILENAME@ - - # Create default buckets - while read bucket default_policy -diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp -index 6f3996c..88d2092 100644 ---- a/src/common/file-lock.cpp -+++ b/src/common/file-lock.cpp -@@ -30,9 +30,7 @@ - - namespace SecurityManager { - --char const * const SERVICE_LOCK_FILE = tzplatform_mkpath3(TZ_SYS_RUN, -- "lock", -- "security-manager.lock"); -+char const * const SERVICE_LOCK_FILE = LOCKDIR "/security-manager.lock"; - - FileLocker::FileLocker(const std::string &lockFile, bool blocking) - { -diff --git a/src/common/include/file-lock.h b/src/common/include/file-lock.h -index 604b019..21a86a0 100644 ---- a/src/common/include/file-lock.h -+++ b/src/common/include/file-lock.h -@@ -29,7 +29,6 @@ - - #include <dpl/exception.h> - #include <dpl/noncopyable.h> --#include <tzplatform_config.h> - - namespace SecurityManager { - -diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h -index 08fb9d6..3344987 100644 ---- a/src/common/include/privilege_db.h -+++ b/src/common/include/privilege_db.h -@@ -35,14 +35,13 @@ - #include <vector> - - #include <dpl/db/sql_connection.h> --#include <tzplatform_config.h> - - #ifndef PRIVILEGE_DB_H_ - #define PRIVILEGE_DB_H_ - - namespace SecurityManager { - --const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db"); -+const char *const PRIVILEGE_DB_PATH = DB_INSTALL_DIR "/" DB_FILENAME; - - enum class QueryType { - EGetPkgPrivileges, -diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp -index ae305d3..42150fe 100644 ---- a/src/common/service_impl.cpp -+++ b/src/common/service_impl.cpp -@@ -32,7 +32,6 @@ - #include <algorithm> - - #include <dpl/log/log.h> --#include <tzplatform_config.h> - - #include "protocols.h" - #include "privilege_db.h" -@@ -131,7 +130,13 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr, - - static uid_t getGlobalUserId(void) - { -- static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER); -+ static uid_t globaluid = 0; -+ if (!globaluid) { -+ struct passwd pw, *p; -+ char buf[4096]; -+ int rc = getpwnam_r(GLOBALUSER, &pw, buf, sizeof buf, &p); -+ globaluid = (rc || p == NULL) ? 555 : p->pw_uid; -+ } - return globaluid; - } - -@@ -161,37 +166,17 @@ static inline bool isSubDir(const char *parent, const char *subdir) - - static bool getUserAppDir(const uid_t &uid, std::string &userAppDir) - { -- struct tzplatform_context *tz_ctx = nullptr; -- -- if (tzplatform_context_create(&tz_ctx)) -- return false; -- -- if (tzplatform_context_set_user(tz_ctx, uid)) { -- tzplatform_context_destroy(tz_ctx); -- tz_ctx = nullptr; -+ struct passwd pw, *p; -+ char buf[4096]; -+ int rc = getpwuid_r(uid, &pw, buf, sizeof buf, &p); -+ if (rc || p == NULL) - return false; -- } -- -- enum tzplatform_variable id = -- (uid == getGlobalUserId()) ? TZ_SYS_RW_APP : TZ_USER_APP; -- const char *appDir = tzplatform_context_getenv(tz_ctx, id); -- if (!appDir) { -- tzplatform_context_destroy(tz_ctx); -- tz_ctx = nullptr; -- return false; -- } -- -- userAppDir = appDir; -- -- tzplatform_context_destroy(tz_ctx); -- tz_ctx = nullptr; -- -+ userAppDir = p->pw_dir; - return true; - } - - static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath) - { -- std::string userHome; - std::string userAppDir; - std::stringstream correctPath; - -diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp -index 922a56f..c2e0041 100644 ---- a/src/common/smack-rules.cpp -+++ b/src/common/smack-rules.cpp -@@ -34,7 +34,6 @@ - #include <memory> - - #include <dpl/log/log.h> --#include <tzplatform_config.h> - - #include "smack-labels.h" - #include "smack-rules.h" -@@ -43,7 +42,7 @@ namespace SecurityManager { - - const char *const SMACK_APP_LABEL_TEMPLATE = "~APP~"; - const char *const SMACK_PKG_LABEL_TEMPLATE = "~PKG~"; --const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack"); -+const char *const APP_RULES_TEMPLATE_FILE_PATH = DATADIR "/policy/app-rules-template.smack"; - const char *const SMACK_APP_IN_PACKAGE_PERMS = "rwxat"; - - SmackRules::SmackRules() -@@ -237,14 +236,12 @@ void SmackRules::generatePackageCrossDeps(const std::vector<std::string> &pkgCon - - std::string SmackRules::getPackageRulesFilePath(const std::string &pkgId) - { -- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("pkg_" + pkgId).c_str())); -- return path; -+ return SMACKRULESDIR "/pkg_" + pkgId; - } - - std::string SmackRules::getApplicationRulesFilePath(const std::string &appId) - { -- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str())); -- return path; -+ return SMACKRULESDIR "/app_" + appId; - } - void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId, - const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges) -@@ -256,8 +253,7 @@ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, con - for (auto privilege : privileges) { - if (privilege.empty()) - continue; -- std::string fprivilege ( privilege + "-template.smack"); -- std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str())); -+ std::string path = DATADIR "/policy/" + privilege + "-template.smack"; - if( stat(path.c_str(), &buffer) == 0) - smackRules.addFromTemplateFile(appId, pkgId, path); - } --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch b/meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch deleted file mode 100644 index 542a387d2..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch +++ /dev/null @@ -1,78 +0,0 @@ -From c7f9d14e38a1b6d40b2fffa01433a3025eff9abd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> -Date: Tue, 26 Nov 2019 12:34:39 +0100 -Subject: [PATCH 14/14] Ensure post install initialization of database -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Creation of the database was made during image creation, -leading to issue with SOTA. This adds the creation on -need before launching the service. - -Change-Id: Idfd0676bd87d39f7c10eaafd63f3a318f675c972 -Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - db/CMakeLists.txt | 14 ++++++-------- - db/security-manager-setup | 14 ++++++++++++++ - systemd/security-manager.service.in | 1 + - 3 files changed, 21 insertions(+), 8 deletions(-) - create mode 100644 db/security-manager-setup - -diff --git a/db/CMakeLists.txt b/db/CMakeLists.txt -index d7af1a0..dcf5bc8 100644 ---- a/db/CMakeLists.txt -+++ b/db/CMakeLists.txt -@@ -1,12 +1,10 @@ --SET(TARGET_DB "$(DB_FILENAME)") -- - ADD_CUSTOM_COMMAND( -- OUTPUT ${TARGET_DB} ${TARGET_DB}-journal -- COMMAND sqlite3 ${TARGET_DB} <db.sql -- ) -+ OUTPUT .security-manager-setup -+ COMMAND sed '/--DB\.SQL--/r db.sql' security-manager-setup > .security-manager-setup -+ DEPENDS security-manager-setup db.sql -+) - - # Add a dummy build target to trigger building of ${TARGET_DB} --ADD_CUSTOM_TARGET(DB ALL DEPENDS ${TARGET_DB}) -+ADD_CUSTOM_TARGET(DB ALL DEPENDS .security-manager-setup) - --INSTALL(FILES ${TARGET_DB} DESTINATION ${DB_INSTALL_DIR}) --INSTALL(FILES ${TARGET_DB}-journal DESTINATION ${DB_INSTALL_DIR}) -+INSTALL(PROGRAMS .security-manager-setup DESTINATION ${BIN_INSTALL_DIR}) -diff --git a/db/security-manager-setup b/db/security-manager-setup -new file mode 100644 -index 0000000..5675baf ---- /dev/null -+++ b/db/security-manager-setup -@@ -0,0 +1,14 @@ -+#!/bin/sh -+ -+if test -f "$1"; then exit; fi -+set -e -+dbdir="$(dirname "$1")" -+dbfile="$(basename "$1")" -+test -n "$dbfile" -+test -n "$dbdir" -+mkdir -p "$dbdir" -+cd "$dbdir" -+sqlite3 "$dbfile" << END-OF-CAT -+--DB.SQL-- -+END-OF-CAT -+ -diff --git a/systemd/security-manager.service.in b/systemd/security-manager.service.in -index 23fd1b2..2bf97d7 100644 ---- a/systemd/security-manager.service.in -+++ b/systemd/security-manager.service.in -@@ -3,5 +3,6 @@ Description=Start the security manager - - [Service] - Type=notify -+ExecStartPre=@BIN_INSTALL_DIR@/.security-manager-setup @DB_INSTALL_DIR@/@DB_FILENAME@ - ExecStart=@BIN_INSTALL_DIR@/security-manager - Sockets=security-manager.socket --- -2.21.0 - diff --git a/meta-security/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch b/meta-security/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch deleted file mode 100644 index d9949193b..000000000 --- a/meta-security/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 7cffcd61378a9d7c0e7db5691b2da3a37448c969 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> -Date: Thu, 30 Jan 2020 09:19:25 +0100 -Subject: [PATCH 15/15] Restrict socket accesses -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Ensure that only members of the group and the owner can access -the security manager. - -Bug-AGL: SPEC-3146 - -Change-Id: I68ce6523db4bfd4707c3680555c3cb0cf8858ef2 -Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - systemd/security-manager.socket | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/systemd/security-manager.socket b/systemd/security-manager.socket -index af1c1da..b401f77 100644 ---- a/systemd/security-manager.socket -+++ b/systemd/security-manager.socket -@@ -1,6 +1,6 @@ - [Socket] - ListenStream=/run/security-manager.socket --SocketMode=0777 -+SocketMode=0660 - SmackLabelIPIn=* - SmackLabelIPOut=@ - --- -2.21.1 - diff --git a/meta-security/recipes-security/security-manager/security-manager_git.bb b/meta-security/recipes-security/security-manager/security-manager_git.bb deleted file mode 100644 index b34973519..000000000 --- a/meta-security/recipes-security/security-manager/security-manager_git.bb +++ /dev/null @@ -1,27 +0,0 @@ -require security-manager.inc - -PV = "1.0.2+git${SRCPV}" -SRCREV = "860305a595d681d650024ad07b3b0977e1fcb0a6" -SRC_URI += "git://github.com/Samsung/security-manager.git" -S = "${WORKDIR}/git" - -SRC_URI += " \ - file://0001-systemd-stop-using-compat-libs.patch \ - file://0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch \ - file://0003-Smack-rules-create-two-new-functions.patch \ - file://0004-app-install-implement-multiple-set-of-smack-rules.patch \ - file://0005-c-11-replace-deprecated-auto_ptr.patch \ - file://0006-socket-manager-removes-tizen-specific-call.patch \ - file://0007-removes-dependency-to-libslp-db-utils.patch \ - file://0008-Fix-gcc6-build.patch \ - file://0009-Fix-Cmake-conf-for-gcc6-build.patch \ - file://0010-gcc-7-requires-include-functional-for-std-function.patch \ - file://0011-Fix-gcc8-warning-error-Werror-catch-value.patch \ - file://0012-Avoid-casting-from-const-T-to-void.patch \ - file://0013-Removing-tizen-platform-config.patch \ - file://0014-Ensure-post-install-initialization-of-database.patch \ - file://0015-Restrict-socket-accesses.patch \ -" - -# Use make with cmake and not ninja -OECMAKE_GENERATOR = "Unix Makefiles" diff --git a/meta-security/recipes-security/smacknet/files/smacknet b/meta-security/recipes-security/smacknet/files/smacknet deleted file mode 100644 index 3818d30ae..000000000 --- a/meta-security/recipes-security/smacknet/files/smacknet +++ /dev/null @@ -1,184 +0,0 @@ -#!/usr/bin/python -# Copyright (c) 2012, 2013, Intel Corporation -# Copyright (c) 2009 David Wolinsky <davidiw@ufl.edu), University of Florida -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. The name of the author may not be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -import socket,fcntl, struct, thread -import os.path -import sys - -SMACKFS_LOAD="/sys/fs/smackfs/load2" -SMACKFS_NETLABEL="/sys/fs/smackfs/netlabel" -SIOCGIFADDR = 0x8915 -SIOCGIFNETMASK = 0x891b - -def get_ip_address(ifname): - s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - return fcntl.ioctl(s.fileno(), SIOCGIFADDR, - struct.pack('256s', ifname.encode("utf-8")))[20:24] - -def get_netmask(ifname): - s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - return fcntl.ioctl(s.fileno(), SIOCGIFNETMASK, - struct.pack('256s', ifname.encode("utf-8")))[20:24] - -def applynetlabeltags(interface, addr): - if not interface.startswith("lo"): - bmask = get_netmask(interface.encode("utf-8")) - prefix = bin(struct.unpack(">L", bmask)[0]).count("1") - tags = [ - addr+"/"+str(prefix)+" Network::Local\n", - "0.0.0.0/0 Network::Cloud\n", - "127.0.0.1/8 -CIPSO\n"] - smackfs_netlabel(tags) - -def loadnetlabelrules(): - rulesSystem = [ - "System Network::Cloud w\n", - "System Network::Local w\n", - "Network::Cloud System w\n", - "Network::Local System w\n"] - smackfs_load2(rulesSystem) - -def smackfs_load2 (rules): - with open(SMACKFS_LOAD, "w") as load2: - for rule in rules: - load2.write(rule) - -def smackfs_netlabel (tags): - for tag in tags: - with open(SMACKFS_NETLABEL, "w") as netlabel: - netlabel.write(tag) - -""" - Source of: Class ip monitor, and other functions named bellow. - Original author: David Wolinsky <davidiw@ufl.edu - Copied from: https://github.com/davidiw/Grid-Appliance/blob/master/scripts/ip_monitor.py - -""" - -"""4 byte alignment""" - -def align(inc): - diff = inc % 4 - return inc + ((4 - diff) % 4) - -class ifaddr: - """Parse an ifaddr packet""" - LOCAL = 2 - LABEL = 3 - - def __init__(self, packet): - self.family, self.prefixlen, self.flags, self.scope, self.index = \ - struct.unpack("BBBBI", packet[:8]) - -class rtattr: - """Parse a rtattr packet""" - GRP_IPV4_IFADDR = 0x10 - - NEWADDR = 20 - DELADDR = 21 - GETADDR = 22 - - def __init__(self, packet): - self.len, self.type = struct.unpack("HH", packet[:4]) - if self.type == ifaddr.LOCAL: - addr = struct.unpack("BBBB", packet[4:self.len]) - self.payload = "%s.%s.%s.%s" % (addr[0], addr[1], addr[2], addr[3]) - elif self.type == ifaddr.LABEL: - self.payload = packet[4:self.len].strip("\0") - else: - self.payload = packet[4:self.len] - -class netlink: - """Parse a netlink packet""" - REQUEST = 1 - ROOT = 0x100 - MATCH = 0x200 - DONE = 3 - - def __init__(self, packet): - self.msglen, self.msgtype, self.flags, self.seq, self.pid = \ - struct.unpack("IHHII", packet[:16]) - self.ifa = None - try: - self.ifa = ifaddr(packet[16:24]) - except: - return - - self.rtas = {} - pos = 24 - while pos < self.msglen: - try: - rta = rtattr(packet[pos:]) - except: - break - pos += align(rta.len) - self.rtas[rta.type] = rta.payload - -class ip_monitor: - def __init__(self, callback = None): - if callback == None: - callback = self.print_cb - self._callback = callback - - def print_cb(self, label, addr): - print (label + " => " + addr) - - def request_addrs(self, sock): - sock.send(struct.pack("IHHIIBBBBI", 24, rtattr.GETADDR, \ - netlink.REQUEST | netlink.ROOT | netlink.MATCH, 0, sock.getsockname()[0], \ - socket.AF_INET, 0, 0, 0, 0)) - - def start_thread(self): - thread.start_new_thread(self.run, ()) - - def run(self): - sock = socket.socket(socket.AF_NETLINK, socket.SOCK_RAW, socket.NETLINK_ROUTE) - sock.bind((0, rtattr.GRP_IPV4_IFADDR)) - self.request_addrs(sock) - - while True: - data = sock.recv(4096) - pos = 0 - while pos < len(data): - nl = netlink(data[pos:]) - if nl.msgtype == netlink.DONE: - break - pos += align(nl.msglen) - if nl.msgtype != rtattr.NEWADDR: - continue - self._callback(nl.rtas[ifaddr.LABEL], nl.rtas[ifaddr.LOCAL]) - -def main(): - if not os.path.isfile(SMACKFS_LOAD): - print ("Smack not found.") - return -1 - loadnetlabelrules() - - ip_monitor(applynetlabeltags).run() - -if __name__ == "__main__": - main() diff --git a/meta-security/recipes-security/smacknet/files/smacknet.service b/meta-security/recipes-security/smacknet/files/smacknet.service deleted file mode 100644 index 218d8b896..000000000 --- a/meta-security/recipes-security/smacknet/files/smacknet.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=netlabels configuration for SMACK -Wants=network.target network-online.target -After=network.target network-online.target - -[Service] -TimeoutStartSec=0 -ExecStart=@BINDIR@/smacknet - -[Install] -WantedBy=multi-user.target diff --git a/meta-security/recipes-security/smacknet/smacknet.bb b/meta-security/recipes-security/smacknet/smacknet.bb deleted file mode 100644 index 250cdb132..000000000 --- a/meta-security/recipes-security/smacknet/smacknet.bb +++ /dev/null @@ -1,29 +0,0 @@ -#SMACKNET Description -SUMMARY = "Smack network labels configuration" -DESCRIPTION = "Provide service that will be labeling the network rules" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9" -RDEPENDS_${PN} = "python" - -SRC_URI += "file://smacknet \ - file://smacknet.service \ - " -S = "${WORKDIR}" - -inherit systemd - -inherit features_check -REQUIRED_DISTRO_FEATURES = "smack" - -#netlabel configuration service -SYSTEMD_SERVICE_${PN} = "smacknet.service" -SYSTEMD_AUTO_ENABLE = "enable" -do_install(){ - install -d ${D}${bindir} - install -m 0551 ${WORKDIR}/smacknet ${D}${bindir} - - install -d -m 755 ${D}${systemd_unitdir}/system - install -m 644 ${WORKDIR}/smacknet.service ${D}${systemd_unitdir}/system - sed -i -e 's,@BINDIR@,${bindir},g' ${D}${systemd_unitdir}/system/smacknet.service -} - |