aboutsummaryrefslogtreecommitdiffstats
path: root/meta-security/recipes-core
diff options
context:
space:
mode:
Diffstat (limited to 'meta-security/recipes-core')
-rw-r--r--meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch389
-rw-r--r--meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch104
-rw-r--r--meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch117
-rw-r--r--meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch305
-rw-r--r--meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch22
-rw-r--r--meta-security/recipes-core/dbus-cynara/dbus-cynara_1.12.10.bb (renamed from meta-security/recipes-core/dbus-cynara/dbus-cynara_1.10.20.bb)2
-rw-r--r--meta-security/recipes-core/dbus-cynara/dbus_%.bbappend1
-rw-r--r--meta-security/recipes-core/systemd/systemd_239.bbappend (renamed from meta-security/recipes-core/systemd/systemd_234.bbappend)11
8 files changed, 411 insertions, 540 deletions
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch
index 6a7e8a39d..d04c60cd9 100644
--- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch
+++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch
@@ -19,46 +19,17 @@ Currently such return value results in message denial.
Cherry picked from 4dcfb02f17247ff9de966b62182cd2e08f301238
by José Bollo.
+Updated for dbus 1.10.20 by Scott Murray.
+
Change-Id: I9bcbce34577e5dc2a3cecf6233a0a2b0e43e1108
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- bus/Makefile.am | 6 +
- bus/bus.c | 136 +++++---
- bus/bus.h | 32 +-
- bus/check.c | 217 ++++++++++++
- bus/check.h | 68 ++++
- bus/config-parser-common.c | 6 +
- bus/config-parser-common.h | 1 +
- bus/config-parser.c | 71 +++-
- bus/connection.c | 56 ++-
- bus/connection.h | 4 +
- bus/cynara.c | 374 +++++++++++++++++++++
- bus/cynara.h | 37 ++
- bus/dispatch.c | 44 ++-
- bus/policy.c | 193 +++++++----
- bus/policy.h | 51 ++-
- configure.ac | 12 +
- test/Makefile.am | 1 +
- test/data/invalid-config-files/badcheck-1.conf | 9 +
- test/data/invalid-config-files/badcheck-2.conf | 9 +
- test/data/valid-config-files/check-1.conf | 9 +
- .../valid-config-files/debug-check-some.conf.in | 18 +
- tools/dbus-send.c | 2 +-
- 22 files changed, 1193 insertions(+), 163 deletions(-)
- create mode 100644 bus/check.c
- create mode 100644 bus/check.h
- create mode 100644 bus/cynara.c
- create mode 100644 bus/cynara.h
- create mode 100644 test/data/invalid-config-files/badcheck-1.conf
- create mode 100644 test/data/invalid-config-files/badcheck-2.conf
- create mode 100644 test/data/valid-config-files/check-1.conf
- create mode 100644 test/data/valid-config-files/debug-check-some.conf.in
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
diff --git a/bus/Makefile.am b/bus/Makefile.am
-index 33af09b0..3f57cc48 100644
+index 9ae3071..46afb31 100644
--- a/bus/Makefile.am
+++ b/bus/Makefile.am
-@@ -9,6 +9,7 @@ DBUS_BUS_LIBS = \
+@@ -13,6 +13,7 @@ DBUS_BUS_LIBS = \
$(THREAD_LIBS) \
$(ADT_LIBS) \
$(NETWORK_libs) \
@@ -66,7 +37,7 @@ index 33af09b0..3f57cc48 100644
$(NULL)
DBUS_LAUNCHER_LIBS = \
-@@ -24,6 +25,7 @@ AM_CPPFLAGS = \
+@@ -30,6 +31,7 @@ AM_CPPFLAGS = \
$(APPARMOR_CFLAGS) \
-DDBUS_SYSTEM_CONFIG_FILE=\""$(dbusdatadir)/system.conf"\" \
-DDBUS_COMPILATION \
@@ -74,15 +45,16 @@ index 33af09b0..3f57cc48 100644
$(NULL)
# if assertions are enabled, improve backtraces
-@@ -82,12 +84,16 @@ BUS_SOURCES= \
+@@ -90,6 +92,8 @@ BUS_SOURCES= \
audit.h \
bus.c \
bus.h \
+ check.c \
+ check.h \
+ config-loader-expat.c \
config-parser.c \
config-parser.h \
- config-parser-common.c \
+@@ -97,6 +101,8 @@ BUS_SOURCES= \
config-parser-common.h \
connection.c \
connection.h \
@@ -91,19 +63,33 @@ index 33af09b0..3f57cc48 100644
desktop-file.c \
desktop-file.h \
$(DIR_WATCH_SOURCE) \
+diff --git a/bus/activation.c b/bus/activation.c
+index 6f009f5..451179d 100644
+--- a/bus/activation.c
++++ b/bus/activation.c
+@@ -1795,7 +1795,8 @@ bus_activation_activate_service (BusActivation *activation,
+ NULL, /* proposed recipient */
+ activation_message,
+ entry,
+- error))
++ error,
++ NULL))
+ {
+ _DBUS_ASSERT_ERROR_IS_SET (error);
+ _dbus_verbose ("activation not authorized: %s: %s\n",
diff --git a/bus/bus.c b/bus/bus.c
-index fd4ab9e4..c4008505 100644
+index 30ce4e1..237efe3 100644
--- a/bus/bus.c
+++ b/bus/bus.c
-@@ -37,6 +37,7 @@
+@@ -38,6 +38,7 @@
#include "apparmor.h"
#include "audit.h"
#include "dir-watch.h"
+#include "check.h"
+ #include <dbus/dbus-auth.h>
#include <dbus/dbus-list.h>
#include <dbus/dbus-hash.h>
- #include <dbus/dbus-credentials.h>
-@@ -65,6 +66,7 @@ struct BusContext
+@@ -67,6 +68,7 @@ struct BusContext
BusRegistry *registry;
BusPolicy *policy;
BusMatchmaker *matchmaker;
@@ -111,7 +97,7 @@ index fd4ab9e4..c4008505 100644
BusLimits limits;
DBusRLimit *initial_fd_limit;
unsigned int fork : 1;
-@@ -988,6 +990,10 @@ bus_context_new (const DBusString *config_file,
+@@ -1003,6 +1005,10 @@ bus_context_new (const DBusString *config_file,
parser = NULL;
}
@@ -122,7 +108,7 @@ index fd4ab9e4..c4008505 100644
dbus_server_free_data_slot (&server_data_slot);
return context;
-@@ -1112,6 +1118,12 @@ bus_context_unref (BusContext *context)
+@@ -1127,6 +1133,12 @@ bus_context_unref (BusContext *context)
bus_context_shutdown (context);
@@ -135,7 +121,7 @@ index fd4ab9e4..c4008505 100644
if (context->connections)
{
bus_connections_unref (context->connections);
-@@ -1241,6 +1253,12 @@ bus_context_get_loop (BusContext *context)
+@@ -1256,6 +1268,12 @@ bus_context_get_loop (BusContext *context)
return context->loop;
}
@@ -148,7 +134,7 @@ index fd4ab9e4..c4008505 100644
dbus_bool_t
bus_context_allow_unix_user (BusContext *context,
unsigned long uid)
-@@ -1456,6 +1474,7 @@ complain_about_message (BusContext *context,
+@@ -1451,6 +1469,7 @@ complain_about_message (BusContext *context,
DBusConnection *proposed_recipient,
dbus_bool_t requested_reply,
dbus_bool_t log,
@@ -156,7 +142,7 @@ index fd4ab9e4..c4008505 100644
DBusError *error)
{
DBusError stack_error = DBUS_ERROR_INIT;
-@@ -1485,7 +1504,8 @@ complain_about_message (BusContext *context,
+@@ -1480,7 +1499,8 @@ complain_about_message (BusContext *context,
dbus_set_error (&stack_error, error_name,
"%s, %d matched rules; type=\"%s\", sender=\"%s\" (%s) "
"interface=\"%s\" member=\"%s\" error name=\"%s\" "
@@ -166,7 +152,7 @@ index fd4ab9e4..c4008505 100644
complaint,
matched_rules,
dbus_message_type_to_string (dbus_message_get_type (message)),
-@@ -1496,7 +1516,8 @@ complain_about_message (BusContext *context,
+@@ -1491,7 +1511,8 @@ complain_about_message (BusContext *context,
nonnull (dbus_message_get_error_name (message), "(unset)"),
requested_reply,
nonnull (dbus_message_get_destination (message), DBUS_SERVICE_DBUS),
@@ -176,26 +162,21 @@ index fd4ab9e4..c4008505 100644
/* If we hit OOM while setting the error, this will syslog "out of memory"
* which is itself an indication that something is seriously wrong */
-@@ -1520,14 +1541,15 @@ complain_about_message (BusContext *context,
+@@ -1519,7 +1540,7 @@ complain_about_message (BusContext *context,
* NULL for addressed_recipient may mean the bus driver, or may mean
* no destination was specified in the message (e.g. a signal).
*/
-dbus_bool_t
--bus_context_check_security_policy (BusContext *context,
-- BusTransaction *transaction,
-- DBusConnection *sender,
-- DBusConnection *addressed_recipient,
-- DBusConnection *proposed_recipient,
-- DBusMessage *message,
-- DBusError *error)
+BusResult
-+bus_context_check_security_policy (BusContext *context,
-+ BusTransaction *transaction,
-+ DBusConnection *sender,
-+ DBusConnection *addressed_recipient,
-+ DBusConnection *proposed_recipient,
-+ DBusMessage *message,
-+ DBusError *error,
+ bus_context_check_security_policy (BusContext *context,
+ BusTransaction *transaction,
+ DBusConnection *sender,
+@@ -1527,7 +1548,8 @@ bus_context_check_security_policy (BusContext *context,
+ DBusConnection *proposed_recipient,
+ DBusMessage *message,
+ BusActivationEntry *activation_entry,
+- DBusError *error)
++ DBusError *error,
+ BusDeferredMessage **deferred_message)
{
const char *src, *dest;
@@ -208,7 +189,7 @@ index fd4ab9e4..c4008505 100644
type = dbus_message_get_type (message);
src = dbus_message_get_sender (message);
-@@ -1564,7 +1587,7 @@ bus_context_check_security_policy (BusContext *context,
+@@ -1565,7 +1588,7 @@ bus_context_check_security_policy (BusContext *context,
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"Message bus will not accept messages of unknown type\n");
@@ -217,7 +198,7 @@ index fd4ab9e4..c4008505 100644
}
requested_reply = FALSE;
-@@ -1594,7 +1617,7 @@ bus_context_check_security_policy (BusContext *context,
+@@ -1595,7 +1618,7 @@ bus_context_check_security_policy (BusContext *context,
if (dbus_error_is_set (&error2))
{
dbus_move_error (&error2, error);
@@ -226,7 +207,7 @@ index fd4ab9e4..c4008505 100644
}
}
}
-@@ -1621,11 +1644,11 @@ bus_context_check_security_policy (BusContext *context,
+@@ -1624,11 +1647,11 @@ bus_context_check_security_policy (BusContext *context,
complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
"An SELinux policy prevents this sender from sending this "
"message to this recipient",
@@ -240,16 +221,16 @@ index fd4ab9e4..c4008505 100644
}
/* next verify AppArmor access controls. If allowed then
-@@ -1642,7 +1665,7 @@ bus_context_check_security_policy (BusContext *context,
- dest ? dest : DBUS_SERVICE_DBUS,
+@@ -1646,7 +1669,7 @@ bus_context_check_security_policy (BusContext *context,
src ? src : DBUS_SERVICE_DBUS,
+ activation_entry,
error))
- return FALSE;
+ return BUS_RESULT_FALSE;
if (!bus_connection_is_active (sender))
{
-@@ -1656,7 +1679,7 @@ bus_context_check_security_policy (BusContext *context,
+@@ -1660,7 +1683,7 @@ bus_context_check_security_policy (BusContext *context,
{
_dbus_verbose ("security check allowing %s message\n",
"Hello");
@@ -258,7 +239,7 @@ index fd4ab9e4..c4008505 100644
}
else
{
-@@ -1667,7 +1690,7 @@ bus_context_check_security_policy (BusContext *context,
+@@ -1671,7 +1694,7 @@ bus_context_check_security_policy (BusContext *context,
"Client tried to send a message other than %s without being registered",
"Hello");
@@ -267,7 +248,7 @@ index fd4ab9e4..c4008505 100644
}
}
}
-@@ -1716,20 +1739,29 @@ bus_context_check_security_policy (BusContext *context,
+@@ -1720,20 +1743,29 @@ bus_context_check_security_policy (BusContext *context,
(proposed_recipient == NULL && recipient_policy == NULL));
log = FALSE;
@@ -311,7 +292,7 @@ index fd4ab9e4..c4008505 100644
if (log)
{
-@@ -1738,23 +1770,29 @@ bus_context_check_security_policy (BusContext *context,
+@@ -1742,23 +1774,29 @@ bus_context_check_security_policy (BusContext *context,
complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
"Would reject message", toggles,
message, sender, proposed_recipient, requested_reply,
@@ -355,7 +336,7 @@ index fd4ab9e4..c4008505 100644
}
/* See if limits on size have been exceeded */
-@@ -1764,10 +1802,10 @@ bus_context_check_security_policy (BusContext *context,
+@@ -1768,10 +1806,10 @@ bus_context_check_security_policy (BusContext *context,
{
complain_about_message (context, DBUS_ERROR_LIMITS_EXCEEDED,
"Rejected: destination has a full message queue",
@@ -368,7 +349,7 @@ index fd4ab9e4..c4008505 100644
}
/* Record that we will allow a reply here in the future (don't
-@@ -1784,11 +1822,11 @@ bus_context_check_security_policy (BusContext *context,
+@@ -1792,11 +1830,11 @@ bus_context_check_security_policy (BusContext *context,
message, error))
{
_dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n");
@@ -383,13 +364,13 @@ index fd4ab9e4..c4008505 100644
void
diff --git a/bus/bus.h b/bus/bus.h
-index 3fab59ff..dab7791f 100644
+index 2e0de82..82c32c8 100644
--- a/bus/bus.h
+++ b/bus/bus.h
-@@ -44,6 +44,22 @@ typedef struct BusOwner BusOwner;
- typedef struct BusTransaction BusTransaction;
+@@ -45,6 +45,22 @@ typedef struct BusTransaction BusTransaction;
typedef struct BusMatchmaker BusMatchmaker;
typedef struct BusMatchRule BusMatchRule;
+ typedef struct BusActivationEntry BusActivationEntry;
+typedef struct BusCheck BusCheck;
+typedef struct BusDeferredMessage BusDeferredMessage;
+typedef struct BusCynara BusCynara;
@@ -409,7 +390,7 @@ index 3fab59ff..dab7791f 100644
typedef struct
{
-@@ -97,6 +113,7 @@ BusConnections* bus_context_get_connections (BusContext
+@@ -101,6 +117,7 @@ BusConnections* bus_context_get_connections (BusContext
BusActivation* bus_context_get_activation (BusContext *context);
BusMatchmaker* bus_context_get_matchmaker (BusContext *context);
DBusLoop* bus_context_get_loop (BusContext *context);
@@ -417,31 +398,27 @@ index 3fab59ff..dab7791f 100644
dbus_bool_t bus_context_allow_unix_user (BusContext *context,
unsigned long uid);
dbus_bool_t bus_context_allow_windows_user (BusContext *context,
-@@ -131,13 +148,14 @@ void bus_context_log_and_set_error (BusContext
+@@ -136,14 +153,15 @@ void bus_context_log_and_set_error (BusContext
const char *name,
const char *msg,
...) _DBUS_GNUC_PRINTF (5, 6);
-dbus_bool_t bus_context_check_security_policy (BusContext *context,
-- BusTransaction *transaction,
-- DBusConnection *sender,
-- DBusConnection *addressed_recipient,
-- DBusConnection *proposed_recipient,
-- DBusMessage *message,
++BusResult bus_context_check_security_policy (BusContext *context,
+ BusTransaction *transaction,
+ DBusConnection *sender,
+ DBusConnection *addressed_recipient,
+ DBusConnection *proposed_recipient,
+ DBusMessage *message,
+ BusActivationEntry *activation_entry,
- DBusError *error);
-+BusResult bus_context_check_security_policy (BusContext *context,
-+ BusTransaction *transaction,
-+ DBusConnection *sender,
-+ DBusConnection *addressed_recipient,
-+ DBusConnection *proposed_recipient,
-+ DBusMessage *message,
-+ DBusError *error,
++ DBusError *error,
+ BusDeferredMessage **deferred_message);
void bus_context_check_all_watches (BusContext *context);
#endif /* BUS_BUS_H */
diff --git a/bus/check.c b/bus/check.c
new file mode 100644
-index 00000000..5b72d31c
+index 0000000..5b72d31
--- /dev/null
+++ b/bus/check.c
@@ -0,0 +1,217 @@
@@ -664,7 +641,7 @@ index 00000000..5b72d31c
+}
diff --git a/bus/check.h b/bus/check.h
new file mode 100644
-index 00000000..c3fcaf90
+index 0000000..c3fcaf9
--- /dev/null
+++ b/bus/check.h
@@ -0,0 +1,68 @@
@@ -737,7 +714,7 @@ index 00000000..c3fcaf90
+ BusResult result);
+#endif /* BUS_CHECK_H */
diff --git a/bus/config-parser-common.c b/bus/config-parser-common.c
-index 5db6b289..ea25f5e6 100644
+index c1c4191..e2f253d 100644
--- a/bus/config-parser-common.c
+++ b/bus/config-parser-common.c
@@ -75,6 +75,10 @@ bus_config_parser_element_name_to_type (const char *name)
@@ -761,7 +738,7 @@ index 5db6b289..ea25f5e6 100644
return "fork";
case ELEMENT_PIDFILE:
diff --git a/bus/config-parser-common.h b/bus/config-parser-common.h
-index 382a0141..9e026d10 100644
+index 382a014..9e026d1 100644
--- a/bus/config-parser-common.h
+++ b/bus/config-parser-common.h
@@ -36,6 +36,7 @@ typedef enum
@@ -773,10 +750,10 @@ index 382a0141..9e026d10 100644
ELEMENT_PIDFILE,
ELEMENT_SERVICEDIR,
diff --git a/bus/config-parser.c b/bus/config-parser.c
-index d9f6042c..a8c4ca5d 100644
+index be27d38..b54b0e4 100644
--- a/bus/config-parser.c
+++ b/bus/config-parser.c
-@@ -1172,7 +1172,7 @@ append_rule_from_element (BusConfigParser *parser,
+@@ -1318,7 +1318,7 @@ append_rule_from_element (BusConfigParser *parser,
const char *element_name,
const char **attribute_names,
const char **attribute_values,
@@ -785,15 +762,15 @@ index d9f6042c..a8c4ca5d 100644
DBusError *error)
{
const char *log;
-@@ -1195,6 +1195,7 @@ append_rule_from_element (BusConfigParser *parser,
+@@ -1360,6 +1360,7 @@ append_rule_from_element (BusConfigParser *parser,
const char *own_prefix;
const char *user;
const char *group;
+ const char *privilege;
BusPolicyRule *rule;
-
-@@ -1222,6 +1223,7 @@ append_rule_from_element (BusConfigParser *parser,
+
+@@ -1390,6 +1391,7 @@ append_rule_from_element (BusConfigParser *parser,
"user", &user,
"group", &group,
"log", &log,
@@ -801,15 +778,15 @@ index d9f6042c..a8c4ca5d 100644
NULL))
return FALSE;
-@@ -1230,6 +1232,7 @@ append_rule_from_element (BusConfigParser *parser,
- receive_interface || receive_member || receive_error || receive_sender ||
- receive_type || receive_path || eavesdrop ||
- send_requested_reply || receive_requested_reply ||
+@@ -1422,6 +1424,7 @@ append_rule_from_element (BusConfigParser *parser,
+
+ if (!(any_send_attribute ||
+ any_receive_attribute ||
+ privilege ||
own || own_prefix || user || group))
{
dbus_set_error (error, DBUS_ERROR_FAILED,
-@@ -1246,7 +1249,30 @@ append_rule_from_element (BusConfigParser *parser,
+@@ -1438,7 +1441,30 @@ append_rule_from_element (BusConfigParser *parser,
element_name);
return FALSE;
}
@@ -841,25 +818,25 @@ index d9f6042c..a8c4ca5d 100644
/* Allowed combinations of elements are:
*
* base, must be all send or all receive:
-@@ -1420,7 +1446,7 @@ append_rule_from_element (BusConfigParser *parser,
- return FALSE;
- }
-
+@@ -1589,7 +1615,7 @@ append_rule_from_element (BusConfigParser *parser,
+ error))
+ return FALSE;
+
- rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, allow);
-+ rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, access);
++ rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, access);
if (rule == NULL)
goto nomem;
-@@ -1502,7 +1528,7 @@ append_rule_from_element (BusConfigParser *parser,
- return FALSE;
- }
-
+@@ -1694,7 +1720,7 @@ append_rule_from_element (BusConfigParser *parser,
+ error))
+ return FALSE;
+
- rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, allow);
-+ rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, access);
++ rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, access);
if (rule == NULL)
goto nomem;
-@@ -1532,7 +1558,7 @@ append_rule_from_element (BusConfigParser *parser,
+@@ -1726,7 +1752,7 @@ append_rule_from_element (BusConfigParser *parser,
}
else if (own || own_prefix)
{
@@ -868,7 +845,7 @@ index d9f6042c..a8c4ca5d 100644
if (rule == NULL)
goto nomem;
-@@ -1558,7 +1584,7 @@ append_rule_from_element (BusConfigParser *parser,
+@@ -1752,7 +1778,7 @@ append_rule_from_element (BusConfigParser *parser,
{
if (IS_WILDCARD (user))
{
@@ -877,7 +854,7 @@ index d9f6042c..a8c4ca5d 100644
if (rule == NULL)
goto nomem;
-@@ -1573,7 +1599,7 @@ append_rule_from_element (BusConfigParser *parser,
+@@ -1767,7 +1793,7 @@ append_rule_from_element (BusConfigParser *parser,
if (_dbus_parse_unix_user_from_config (&username, &uid))
{
@@ -886,7 +863,7 @@ index d9f6042c..a8c4ca5d 100644
if (rule == NULL)
goto nomem;
-@@ -1590,7 +1616,7 @@ append_rule_from_element (BusConfigParser *parser,
+@@ -1784,7 +1810,7 @@ append_rule_from_element (BusConfigParser *parser,
{
if (IS_WILDCARD (group))
{
@@ -895,7 +872,7 @@ index d9f6042c..a8c4ca5d 100644
if (rule == NULL)
goto nomem;
-@@ -1605,7 +1631,7 @@ append_rule_from_element (BusConfigParser *parser,
+@@ -1799,7 +1825,7 @@ append_rule_from_element (BusConfigParser *parser,
if (_dbus_parse_unix_group_from_config (&groupname, &gid))
{
@@ -904,7 +881,7 @@ index d9f6042c..a8c4ca5d 100644
if (rule == NULL)
goto nomem;
-@@ -1629,6 +1655,10 @@ append_rule_from_element (BusConfigParser *parser,
+@@ -1823,6 +1849,10 @@ append_rule_from_element (BusConfigParser *parser,
_dbus_assert (pe != NULL);
_dbus_assert (pe->type == ELEMENT_POLICY);
@@ -915,7 +892,7 @@ index d9f6042c..a8c4ca5d 100644
switch (pe->d.policy.type)
{
case POLICY_IGNORED:
-@@ -1703,7 +1733,7 @@ start_policy_child (BusConfigParser *parser,
+@@ -1898,7 +1928,7 @@ start_policy_child (BusConfigParser *parser,
{
if (!append_rule_from_element (parser, element_name,
attribute_names, attribute_values,
@@ -924,7 +901,7 @@ index d9f6042c..a8c4ca5d 100644
return FALSE;
if (push_element (parser, ELEMENT_ALLOW) == NULL)
-@@ -1718,7 +1748,7 @@ start_policy_child (BusConfigParser *parser,
+@@ -1913,7 +1943,7 @@ start_policy_child (BusConfigParser *parser,
{
if (!append_rule_from_element (parser, element_name,
attribute_names, attribute_values,
@@ -933,7 +910,7 @@ index d9f6042c..a8c4ca5d 100644
return FALSE;
if (push_element (parser, ELEMENT_DENY) == NULL)
-@@ -1727,6 +1757,21 @@ start_policy_child (BusConfigParser *parser,
+@@ -1922,6 +1952,21 @@ start_policy_child (BusConfigParser *parser,
return FALSE;
}
@@ -955,7 +932,7 @@ index d9f6042c..a8c4ca5d 100644
return TRUE;
}
else
-@@ -2088,6 +2133,7 @@ bus_config_parser_end_element (BusConfigParser *parser,
+@@ -2284,6 +2329,7 @@ bus_config_parser_end_element (BusConfigParser *parser,
case ELEMENT_POLICY:
case ELEMENT_ALLOW:
case ELEMENT_DENY:
@@ -963,7 +940,7 @@ index d9f6042c..a8c4ca5d 100644
case ELEMENT_FORK:
case ELEMENT_SYSLOG:
case ELEMENT_KEEP_UMASK:
-@@ -2397,6 +2443,7 @@ bus_config_parser_content (BusConfigParser *parser,
+@@ -2600,6 +2646,7 @@ bus_config_parser_content (BusConfigParser *parser,
case ELEMENT_POLICY:
case ELEMENT_ALLOW:
case ELEMENT_DENY:
@@ -971,7 +948,7 @@ index d9f6042c..a8c4ca5d 100644
case ELEMENT_FORK:
case ELEMENT_SYSLOG:
case ELEMENT_KEEP_UMASK:
-@@ -2862,6 +2909,8 @@ do_load (const DBusString *full_path,
+@@ -3127,6 +3174,8 @@ do_load (const DBusString *full_path,
dbus_error_init (&error);
parser = bus_config_load (full_path, TRUE, NULL, &error);
@@ -981,7 +958,7 @@ index d9f6042c..a8c4ca5d 100644
{
_DBUS_ASSERT_ERROR_IS_SET (&error);
diff --git a/bus/connection.c b/bus/connection.c
-index 02d6c220..eea50ecd 100644
+index 53605fa..deebde3 100644
--- a/bus/connection.c
+++ b/bus/connection.c
@@ -36,6 +36,10 @@
@@ -1061,7 +1038,7 @@ index 02d6c220..eea50ecd 100644
}
static void
-@@ -451,6 +458,10 @@ free_connection_data (void *data)
+@@ -448,6 +455,10 @@ free_connection_data (void *data)
dbus_free (d->name);
@@ -1072,7 +1049,7 @@ index 02d6c220..eea50ecd 100644
dbus_free (d);
}
-@@ -1063,6 +1074,22 @@ bus_connection_get_policy (DBusConnection *connection)
+@@ -1078,6 +1089,22 @@ bus_connection_get_policy (DBusConnection *connection)
return d->policy;
}
@@ -1095,7 +1072,7 @@ index 02d6c220..eea50ecd 100644
static dbus_bool_t
foreach_active (BusConnections *connections,
BusConnectionForeachFunction function,
-@@ -2289,6 +2316,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+@@ -2333,6 +2360,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
DBusMessage *message)
{
DBusError error = DBUS_ERROR_INIT;
@@ -1103,22 +1080,24 @@ index 02d6c220..eea50ecd 100644
/* We have to set the sender to the driver, and have
* to check security policy since it was not done in
-@@ -2326,9 +2354,11 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+@@ -2370,10 +2398,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
* if we're actively capturing messages, it's nice to log that we
* tried to send it and did not allow ourselves to do so.
*/
- if (!bus_context_check_security_policy (bus_transaction_get_context (transaction),
- transaction,
-- NULL, connection, connection, message, &error))
+- NULL, connection, connection,
+- message, NULL, &error))
+ res = bus_context_check_security_policy (bus_transaction_get_context (transaction),
+ transaction,
-+ NULL, connection, connection, message, &error,
++ NULL, connection, connection,
++ message, NULL, &error,
+ NULL);
+ if (res == BUS_RESULT_FALSE)
{
- if (!bus_transaction_capture_error_reply (transaction, &error, message))
- {
-@@ -2342,6 +2372,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+ if (!bus_transaction_capture_error_reply (transaction, connection,
+ &error, message))
+@@ -2388,6 +2418,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
dbus_error_free (&error);
return TRUE;
}
@@ -1132,7 +1111,7 @@ index 02d6c220..eea50ecd 100644
return bus_transaction_send (transaction, connection, message);
}
diff --git a/bus/connection.h b/bus/connection.h
-index 8c68d0a0..a6e5dfde 100644
+index 9e253ae..71078ea 100644
--- a/bus/connection.h
+++ b/bus/connection.h
@@ -31,6 +31,7 @@
@@ -1143,7 +1122,7 @@ index 8c68d0a0..a6e5dfde 100644
BusConnections* bus_connections_new (BusContext *context);
BusConnections* bus_connections_ref (BusConnections *connections);
-@@ -122,6 +123,9 @@ dbus_bool_t bus_connection_be_monitor (DBusConnection *connection,
+@@ -124,6 +125,9 @@ dbus_bool_t bus_connection_be_monitor (DBusConnection *connection,
BusTransaction *transaction,
DBusList **rules,
DBusError *error);
@@ -1155,7 +1134,7 @@ index 8c68d0a0..a6e5dfde 100644
diff --git a/bus/cynara.c b/bus/cynara.c
new file mode 100644
-index 00000000..57a4c45c
+index 0000000..57a4c45
--- /dev/null
+++ b/bus/cynara.c
@@ -0,0 +1,374 @@
@@ -1535,7 +1514,7 @@ index 00000000..57a4c45c
+#endif /* DBUS_ENABLE_CYNARA */
diff --git a/bus/cynara.h b/bus/cynara.h
new file mode 100644
-index 00000000..c4728bb7
+index 0000000..c4728bb
--- /dev/null
+++ b/bus/cynara.h
@@ -0,0 +1,37 @@
@@ -1577,7 +1556,7 @@ index 00000000..c4728bb7
+ BusDeferredMessageStatus check_type,
+ BusDeferredMessage **deferred_message);
diff --git a/bus/dispatch.c b/bus/dispatch.c
-index edfa1b44..05be3bdf 100644
+index 19228be..7e51bc1 100644
--- a/bus/dispatch.c
+++ b/bus/dispatch.c
@@ -25,6 +25,7 @@
@@ -1588,7 +1567,7 @@ index edfa1b44..05be3bdf 100644
#include "connection.h"
#include "driver.h"
#include "services.h"
-@@ -64,13 +65,17 @@ send_one_message (DBusConnection *connection,
+@@ -64,14 +65,18 @@ send_one_message (DBusConnection *connection,
DBusError *error)
{
DBusError stack_error = DBUS_ERROR_INIT;
@@ -1601,14 +1580,15 @@ index edfa1b44..05be3bdf 100644
addressed_recipient,
connection,
message,
+ NULL,
- &stack_error))
+ &stack_error,
+ &deferred_message);
+ if (result != BUS_RESULT_TRUE)
{
- if (!bus_transaction_capture_error_reply (transaction, &stack_error,
- message))
-@@ -129,6 +134,7 @@ bus_dispatch_matches (BusTransaction *transaction,
+ if (!bus_transaction_capture_error_reply (transaction, sender,
+ &stack_error, message))
+@@ -130,6 +135,7 @@ bus_dispatch_matches (BusTransaction *transaction,
BusMatchmaker *matchmaker;
DBusList *link;
BusContext *context;
@@ -1616,19 +1596,19 @@ index edfa1b44..05be3bdf 100644
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-@@ -144,11 +150,21 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -145,11 +151,21 @@ bus_dispatch_matches (BusTransaction *transaction,
/* First, send the message to the addressed_recipient, if there is one. */
if (addressed_recipient != NULL)
{
- if (!bus_context_check_security_policy (context, transaction,
- sender, addressed_recipient,
- addressed_recipient,
-- message, error))
+- message, NULL, error))
+ BusResult res;
+ res = bus_context_check_security_policy (context, transaction,
+ sender, addressed_recipient,
+ addressed_recipient,
-+ message, error,
++ message, NULL, error,
+ &deferred_message);
+ if (res == BUS_RESULT_FALSE)
return FALSE;
@@ -1642,16 +1622,25 @@ index edfa1b44..05be3bdf 100644
if (dbus_message_contains_unix_fds (message) &&
!dbus_connection_can_send_type (addressed_recipient,
-@@ -379,12 +395,24 @@ bus_dispatch (DBusConnection *connection,
+@@ -374,19 +390,32 @@ bus_dispatch (DBusConnection *connection,
if (service_name &&
strcmp (service_name, DBUS_SERVICE_DBUS) == 0) /* to bus driver */
{
-- if (!bus_context_check_security_policy (context, transaction,
-- connection, NULL, NULL, message, &error))
+ BusDeferredMessage *deferred_message;
+ BusResult res;
++
+ if (!bus_transaction_capture (transaction, connection, NULL, message))
+ {
+ BUS_SET_OOM (&error);
+ goto out;
+ }
+
+- if (!bus_context_check_security_policy (context, transaction,
+- connection, NULL, NULL, message,
+- NULL, &error))
+ res = bus_context_check_security_policy (context, transaction,
-+ connection, NULL, NULL, message, &error,
++ connection, NULL, NULL, message,
++ NULL, &error,
+ &deferred_message);
+ if (res == BUS_RESULT_FALSE)
{
@@ -1670,7 +1659,7 @@ index edfa1b44..05be3bdf 100644
_dbus_verbose ("Giving message to %s\n", DBUS_SERVICE_DBUS);
if (!bus_driver_handle_message (connection, transaction, message, &error))
diff --git a/bus/policy.c b/bus/policy.c
-index 082f3853..bcade176 100644
+index a37be80..7ee1ce5 100644
--- a/bus/policy.c
+++ b/bus/policy.c
@@ -22,6 +22,7 @@
@@ -1681,7 +1670,7 @@ index 082f3853..bcade176 100644
#include "policy.h"
#include "services.h"
#include "test.h"
-@@ -32,7 +33,7 @@
+@@ -33,7 +34,7 @@
BusPolicyRule*
bus_policy_rule_new (BusPolicyRuleType type,
@@ -1690,7 +1679,7 @@ index 082f3853..bcade176 100644
{
BusPolicyRule *rule;
-@@ -42,7 +43,7 @@ bus_policy_rule_new (BusPolicyRuleType type,
+@@ -43,7 +44,7 @@ bus_policy_rule_new (BusPolicyRuleType type,
rule->type = type;
rule->refcount = 1;
@@ -1699,7 +1688,7 @@ index 082f3853..bcade176 100644
switch (rule->type)
{
-@@ -54,18 +55,19 @@ bus_policy_rule_new (BusPolicyRuleType type,
+@@ -55,18 +56,19 @@ bus_policy_rule_new (BusPolicyRuleType type,
break;
case BUS_POLICY_RULE_SEND:
rule->d.send.message_type = DBUS_MESSAGE_TYPE_INVALID;
@@ -1722,9 +1711,9 @@ index 082f3853..bcade176 100644
break;
case BUS_POLICY_RULE_OWN:
break;
-@@ -117,7 +119,8 @@ bus_policy_rule_unref (BusPolicyRule *rule)
- case BUS_POLICY_RULE_GROUP:
- break;
+@@ -122,7 +124,8 @@ bus_policy_rule_unref (BusPolicyRule *rule)
+ default:
+ _dbus_assert_not_reached ("invalid rule");
}
-
+
@@ -1732,7 +1721,7 @@ index 082f3853..bcade176 100644
dbus_free (rule);
}
}
-@@ -427,7 +430,10 @@ list_allows_user (dbus_bool_t def,
+@@ -435,7 +438,10 @@ list_allows_user (dbus_bool_t def,
else
continue;
@@ -1744,7 +1733,7 @@ index 082f3853..bcade176 100644
}
return allowed;
-@@ -862,18 +868,23 @@ bus_client_policy_append_rule (BusClientPolicy *policy,
+@@ -873,18 +879,23 @@ bus_client_policy_append_rule (BusClientPolicy *policy,
return TRUE;
}
@@ -1778,7 +1767,7 @@ index 082f3853..bcade176 100644
/* policy->rules is in the order the rules appeared
* in the config file, i.e. last rule that applies wins
*/
-@@ -881,7 +892,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
+@@ -892,7 +903,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
_dbus_verbose (" (policy) checking send rules\n");
*toggles = 0;
@@ -1787,7 +1776,7 @@ index 082f3853..bcade176 100644
link = _dbus_list_get_first_link (&policy->rules);
while (link != NULL)
{
-@@ -912,13 +923,14 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
+@@ -923,13 +934,14 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
/* If it's a reply, the requested_reply flag kicks in */
if (dbus_message_get_reply_serial (message) != 0)
{
@@ -1807,7 +1796,7 @@ index 082f3853..bcade176 100644
continue;
}
-@@ -926,7 +938,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
+@@ -937,7 +949,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
* when the reply was not requested. requested_reply=true means the
* rule always applies.
*/
@@ -1816,7 +1805,7 @@ index 082f3853..bcade176 100644
{
_dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n");
continue;
-@@ -949,13 +961,15 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
+@@ -960,13 +972,15 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
/* The interface is optional in messages. For allow rules, if the message
* has no interface we want to skip the rule (and thus not allow);
* for deny rules, if the message has no interface we want to use the
@@ -1834,7 +1823,7 @@ index 082f3853..bcade176 100644
(!no_interface &&
strcmp (dbus_message_get_interface (message),
rule->d.send.interface) != 0))
-@@ -1029,33 +1043,63 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
+@@ -1079,33 +1093,63 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
}
/* Use this rule */
@@ -1912,7 +1901,7 @@ index 082f3853..bcade176 100644
eavesdropping =
addressed_recipient != proposed_recipient &&
-@@ -1068,7 +1112,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
+@@ -1118,7 +1162,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
_dbus_verbose (" (policy) checking receive rules, eavesdropping = %d\n", eavesdropping);
*toggles = 0;
@@ -1921,7 +1910,7 @@ index 082f3853..bcade176 100644
link = _dbus_list_get_first_link (&policy->rules);
while (link != NULL)
{
-@@ -1091,19 +1135,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
+@@ -1141,19 +1185,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
}
}
@@ -1948,7 +1937,7 @@ index 082f3853..bcade176 100644
{
_dbus_verbose (" (policy) skipping deny rule since it only applies to eavesdropping\n");
continue;
-@@ -1112,13 +1158,14 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
+@@ -1162,13 +1208,14 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
/* If it's a reply, the requested_reply flag kicks in */
if (dbus_message_get_reply_serial (message) != 0)
{
@@ -1968,7 +1957,7 @@ index 082f3853..bcade176 100644
continue;
}
-@@ -1126,7 +1173,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
+@@ -1176,7 +1223,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
* when the reply was not requested. requested_reply=true means the
* rule always applies.
*/
@@ -1977,7 +1966,7 @@ index 082f3853..bcade176 100644
{
_dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n");
continue;
-@@ -1149,13 +1196,13 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
+@@ -1199,13 +1246,13 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
/* The interface is optional in messages. For allow rules, if the message
* has no interface we want to skip the rule (and thus not allow);
* for deny rules, if the message has no interface we want to use the
@@ -1993,9 +1982,9 @@ index 082f3853..bcade176 100644
(!no_interface &&
strcmp (dbus_message_get_interface (message),
rule->d.receive.interface) != 0))
-@@ -1230,14 +1277,42 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
+@@ -1295,14 +1342,42 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
}
-
+
/* Use this rule */
- allowed = rule->allow;
+ switch (rule->access)
@@ -2040,7 +2029,7 @@ index 082f3853..bcade176 100644
}
-@@ -1289,7 +1364,7 @@ bus_rules_check_can_own (DBusList *rules,
+@@ -1354,7 +1429,7 @@ bus_rules_check_can_own (DBusList *rules,
}
/* Use this rule */
@@ -2050,12 +2039,12 @@ index 082f3853..bcade176 100644
return allowed;
diff --git a/bus/policy.h b/bus/policy.h
-index d1d3e72b..e9f193af 100644
+index ec43ffa..f306a3c 100644
--- a/bus/policy.h
+++ b/bus/policy.h
-@@ -39,6 +39,14 @@ typedef enum
- BUS_POLICY_RULE_GROUP
- } BusPolicyRuleType;
+@@ -46,6 +46,14 @@ typedef enum
+ BUS_POLICY_TRISTATE_TRUE
+ } BusPolicyTristate;
+typedef enum
+{
@@ -2068,7 +2057,7 @@ index d1d3e72b..e9f193af 100644
/** determines whether the rule affects a connection, or some global item */
#define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \
(rule)->type == BUS_POLICY_RULE_GROUP))
-@@ -49,8 +57,9 @@ struct BusPolicyRule
+@@ -56,8 +64,9 @@ struct BusPolicyRule
BusPolicyRuleType type;
@@ -2080,7 +2069,7 @@ index d1d3e72b..e9f193af 100644
union
{
struct
-@@ -106,7 +115,7 @@ struct BusPolicyRule
+@@ -118,7 +127,7 @@ struct BusPolicyRule
};
BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type,
@@ -2089,7 +2078,7 @@ index d1d3e72b..e9f193af 100644
BusPolicyRule* bus_policy_rule_ref (BusPolicyRule *rule);
void bus_policy_rule_unref (BusPolicyRule *rule);
-@@ -140,21 +149,27 @@ dbus_bool_t bus_policy_merge (BusPolicy *policy,
+@@ -152,21 +161,27 @@ dbus_bool_t bus_policy_merge (BusPolicy *policy,
BusClientPolicy* bus_client_policy_new (void);
BusClientPolicy* bus_client_policy_ref (BusClientPolicy *policy);
void bus_client_policy_unref (BusClientPolicy *policy);
@@ -2133,10 +2122,10 @@ index d1d3e72b..e9f193af 100644
const DBusString *service_name);
dbus_bool_t bus_client_policy_append_rule (BusClientPolicy *policy,
diff --git a/configure.ac b/configure.ac
-index 71e3515c..f3a2ffc1 100644
+index 80671b2..d975b04 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1873,6 +1873,17 @@ AC_ARG_ENABLE([user-session],
+@@ -1761,6 +1761,17 @@ AC_ARG_ENABLE([user-session],
AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION],
[test "x$enable_user_session" = xyes])
@@ -2154,7 +2143,7 @@ index 71e3515c..f3a2ffc1 100644
AC_CONFIG_FILES([
Doxyfile
dbus/Version
-@@ -1952,6 +1963,7 @@ echo "
+@@ -1843,6 +1854,7 @@ echo "
Building bus stats API: ${enable_stats}
Building SELinux support: ${have_selinux}
Building AppArmor support: ${have_apparmor}
@@ -2163,20 +2152,20 @@ index 71e3515c..f3a2ffc1 100644
Building kqueue support: ${have_kqueue}
Building systemd support: ${have_systemd}
diff --git a/test/Makefile.am b/test/Makefile.am
-index 914dd7f2..86882537 100644
+index 6a6e1a3..ce84dbc 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
-@@ -341,6 +341,7 @@ in_data = \
+@@ -439,6 +439,7 @@ in_data = \
data/valid-config-files/debug-allow-all.conf.in \
data/valid-config-files/finite-timeout.conf.in \
data/valid-config-files/forbidding.conf.in \
+ data/valid-config-files/debug-check-some.conf.in \
data/valid-config-files/incoming-limit.conf.in \
- data/valid-config-files/multi-user.conf.in \
- data/valid-config-files/systemd-activation.conf.in \
+ data/valid-config-files/max-completed-connections.conf.in \
+ data/valid-config-files/max-connections-per-user.conf.in \
diff --git a/test/data/invalid-config-files/badcheck-1.conf b/test/data/invalid-config-files/badcheck-1.conf
new file mode 100644
-index 00000000..fad9f502
+index 0000000..fad9f50
--- /dev/null
+++ b/test/data/invalid-config-files/badcheck-1.conf
@@ -0,0 +1,9 @@
@@ -2191,7 +2180,7 @@ index 00000000..fad9f502
+</busconfig>
diff --git a/test/data/invalid-config-files/badcheck-2.conf b/test/data/invalid-config-files/badcheck-2.conf
new file mode 100644
-index 00000000..63c7ef25
+index 0000000..63c7ef2
--- /dev/null
+++ b/test/data/invalid-config-files/badcheck-2.conf
@@ -0,0 +1,9 @@
@@ -2206,7 +2195,7 @@ index 00000000..63c7ef25
+</busconfig>
diff --git a/test/data/valid-config-files/check-1.conf b/test/data/valid-config-files/check-1.conf
new file mode 100644
-index 00000000..ad714733
+index 0000000..ad71473
--- /dev/null
+++ b/test/data/valid-config-files/check-1.conf
@@ -0,0 +1,9 @@
@@ -2221,7 +2210,7 @@ index 00000000..ad714733
+</busconfig>
diff --git a/test/data/valid-config-files/debug-check-some.conf.in b/test/data/valid-config-files/debug-check-some.conf.in
new file mode 100644
-index 00000000..47ee8548
+index 0000000..47ee854
--- /dev/null
+++ b/test/data/valid-config-files/debug-check-some.conf.in
@@ -0,0 +1,18 @@
@@ -2243,19 +2232,3 @@ index 00000000..47ee8548
+ <check privilege="foo" send_interface="org.freedesktop.TestSuite" send_member="Echo"/>
+ </policy>
+</busconfig>
-diff --git a/tools/dbus-send.c b/tools/dbus-send.c
-index 0dc1f5b3..76ddab3f 100644
---- a/tools/dbus-send.c
-+++ b/tools/dbus-send.c
-@@ -458,7 +458,7 @@ main (int argc, char *argv[])
- char *arg;
- char *c;
- int type;
-- int secondary_type;
-+ int secondary_type = 0;
- int container_type;
- DBusMessageIter *target_iter;
- DBusMessageIter container_iter;
---
-2.14.3
-
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch
index b1c3f3fdc..4fd75510e 100644
--- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch
+++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0002-Disable-message-dispatching-when-send-rule-result-is.patch
@@ -22,27 +22,16 @@ Change-Id: I57eccbf973525fd51369c7d4e58908292f44da80
Cherry-picked from b1b87ad9f20b2052c28431b48e81073078a745ce
by Jose Bollo.
+Updated for dbus 1.12.10 by Scott Murray.
+
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- bus/activation.c | 78 +++++++++++++++--
- bus/check.c | 109 ++++++++++++++++++++++--
- bus/check.h | 10 +++
- bus/cynara.c | 1 -
- bus/dispatch.c | 184 ++++++++++++++++++++++++++++++++++++----
- bus/dispatch.h | 2 +-
- bus/driver.c | 12 ++-
- dbus/dbus-connection-internal.h | 15 ++++
- dbus/dbus-connection.c | 125 +++++++++++++++++++++++++--
- dbus/dbus-list.c | 29 +++++++
- dbus/dbus-list.h | 3 +
- dbus/dbus-shared.h | 3 +-
- 12 files changed, 528 insertions(+), 43 deletions(-)
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
diff --git a/bus/activation.c b/bus/activation.c
-index 1a98af6d..343d3f22 100644
+index 451179d..5f02153 100644
--- a/bus/activation.c
+++ b/bus/activation.c
-@@ -31,6 +31,7 @@
+@@ -32,6 +32,7 @@
#include "services.h"
#include "test.h"
#include "utils.h"
@@ -50,7 +39,7 @@ index 1a98af6d..343d3f22 100644
#include <dbus/dbus-internals.h>
#include <dbus/dbus-hash.h>
#include <dbus/dbus-list.h>
-@@ -91,6 +92,8 @@ struct BusPendingActivationEntry
+@@ -94,6 +95,8 @@ struct BusPendingActivationEntry
DBusConnection *connection;
dbus_bool_t auto_activation;
@@ -59,7 +48,7 @@ index 1a98af6d..343d3f22 100644
};
typedef struct
-@@ -1180,20 +1183,23 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation
+@@ -1241,20 +1244,23 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation
BusPendingActivationEntry *entry = link->data;
DBusList *next = _dbus_list_get_next_link (&pending_activation->entries, link);
@@ -88,7 +77,7 @@ index 1a98af6d..343d3f22 100644
{
/* If permission is denied, we just want to return the error
* to the original method invoker; in particular, we don't
-@@ -1205,9 +1211,40 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation
+@@ -1266,9 +1272,40 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation
bus_connection_send_oom_error (entry->connection,
entry->activation_message);
}
@@ -131,7 +120,7 @@ index 1a98af6d..343d3f22 100644
}
}
-@@ -1225,6 +1262,19 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation
+@@ -1286,6 +1323,19 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation
return TRUE;
error:
@@ -151,20 +140,22 @@ index 1a98af6d..343d3f22 100644
return FALSE;
}
-@@ -2028,13 +2078,23 @@ bus_activation_activate_service (BusActivation *activation,
+@@ -2078,6 +2128,7 @@ bus_activation_activate_service (BusActivation *activation,
if (service != NULL)
{
+ BusResult res;
bus_context_log (activation->context,
- DBUS_SYSTEM_LOG_INFO, "Activating via systemd: service name='%s' unit='%s'",
+ DBUS_SYSTEM_LOG_INFO, "Activating via systemd: service name='%s' unit='%s' requested by '%s' (%s)",
service_name,
- entry->systemd_service);
+@@ -2085,8 +2136,17 @@ bus_activation_activate_service (BusActivation *activation,
+ bus_connection_get_name (connection),
+ bus_connection_get_loginfo (connection));
/* Wonderful, systemd is connected, let's just send the msg */
-- retval = bus_dispatch_matches (activation_transaction, NULL, bus_service_get_primary_owners_connection (service),
-- message, error);
-+ res = bus_dispatch_matches (activation_transaction, NULL, bus_service_get_primary_owners_connection (service),
-+ message, error);
+- retval = bus_dispatch_matches (activation_transaction, NULL,
+- systemd, message, error);
++ res = bus_dispatch_matches (activation_transaction, NULL,
++ systemd, message, error);
+
+ if (res == BUS_RESULT_TRUE)
+ retval = TRUE;
@@ -178,7 +169,7 @@ index 1a98af6d..343d3f22 100644
else
{
diff --git a/bus/check.c b/bus/check.c
-index 5b72d31c..4b8a6994 100644
+index 5b72d31..4b8a699 100644
--- a/bus/check.c
+++ b/bus/check.c
@@ -55,6 +55,8 @@ typedef struct BusDeferredMessage
@@ -348,7 +339,7 @@ index 5b72d31c..4b8a6994 100644
bus_deferred_message_response_received (BusDeferredMessage *deferred_message,
BusResult result)
diff --git a/bus/check.h b/bus/check.h
-index c3fcaf90..d1775497 100644
+index c3fcaf9..d177549 100644
--- a/bus/check.h
+++ b/bus/check.h
@@ -55,6 +55,7 @@ BusResult bus_check_privilege (BusCheck *check,
@@ -374,7 +365,7 @@ index c3fcaf90..d1775497 100644
+
#endif /* BUS_CHECK_H */
diff --git a/bus/cynara.c b/bus/cynara.c
-index 57a4c45c..77aed623 100644
+index 57a4c45..77aed62 100644
--- a/bus/cynara.c
+++ b/bus/cynara.c
@@ -36,7 +36,6 @@
@@ -386,7 +377,7 @@ index 57a4c45c..77aed623 100644
typedef struct BusCynara
{
diff --git a/bus/dispatch.c b/bus/dispatch.c
-index 05be3bdf..7353501b 100644
+index 7e51bc1..0250b53 100644
--- a/bus/dispatch.c
+++ b/bus/dispatch.c
@@ -35,6 +35,7 @@
@@ -397,7 +388,7 @@ index 05be3bdf..7353501b 100644
#include <dbus/dbus-misc.h>
#include <string.h>
-@@ -121,7 +122,7 @@ send_one_message (DBusConnection *connection,
+@@ -122,7 +123,7 @@ send_one_message (DBusConnection *connection,
return TRUE;
}
@@ -406,8 +397,8 @@ index 05be3bdf..7353501b 100644
bus_dispatch_matches (BusTransaction *transaction,
DBusConnection *sender,
DBusConnection *addressed_recipient,
-@@ -157,13 +158,29 @@ bus_dispatch_matches (BusTransaction *transaction,
- message, error,
+@@ -158,13 +159,29 @@ bus_dispatch_matches (BusTransaction *transaction,
+ message, NULL, error,
&deferred_message);
if (res == BUS_RESULT_FALSE)
- return FALSE;
@@ -441,7 +432,7 @@ index 05be3bdf..7353501b 100644
}
if (dbus_message_contains_unix_fds (message) &&
-@@ -174,14 +191,14 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -175,14 +192,14 @@ bus_dispatch_matches (BusTransaction *transaction,
DBUS_ERROR_NOT_SUPPORTED,
"Tried to send message with Unix file descriptors"
"to a client that doesn't support that.");
@@ -459,7 +450,7 @@ index 05be3bdf..7353501b 100644
}
}
-@@ -196,7 +213,7 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -197,7 +214,7 @@ bus_dispatch_matches (BusTransaction *transaction,
&recipients))
{
BUS_SET_OOM (error);
@@ -468,7 +459,7 @@ index 05be3bdf..7353501b 100644
}
link = _dbus_list_get_first_link (&recipients);
-@@ -218,10 +235,10 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -219,10 +236,10 @@ bus_dispatch_matches (BusTransaction *transaction,
if (dbus_error_is_set (&tmp_error))
{
dbus_move_error (&tmp_error, error);
@@ -481,7 +472,7 @@ index 05be3bdf..7353501b 100644
}
static DBusHandlerResult
-@@ -407,10 +424,12 @@ bus_dispatch (DBusConnection *connection,
+@@ -410,10 +427,12 @@ bus_dispatch (DBusConnection *connection,
}
else if (res == BUS_RESULT_LATER)
{
@@ -498,7 +489,7 @@ index 05be3bdf..7353501b 100644
goto out;
}
-@@ -475,8 +494,14 @@ bus_dispatch (DBusConnection *connection,
+@@ -515,8 +534,14 @@ bus_dispatch (DBusConnection *connection,
* addressed_recipient == NULL), and match it against other connections'
* match rules.
*/
@@ -515,9 +506,9 @@ index 05be3bdf..7353501b 100644
out:
if (dbus_error_is_set (&error))
-@@ -5001,9 +5026,132 @@ bus_dispatch_test_conf_fail (const DBusString *test_data_dir,
- return TRUE;
+@@ -5061,9 +5086,132 @@ bus_dispatch_test_conf_fail (const DBusString *test_data_dir,
}
+ #endif
+typedef struct {
+ DBusTimeout *timeout;
@@ -649,7 +640,7 @@ index 05be3bdf..7353501b 100644
_dbus_verbose ("Normal activation tests\n");
if (!bus_dispatch_test_conf (test_data_dir,
diff --git a/bus/dispatch.h b/bus/dispatch.h
-index fb5ba7a5..afba6a24 100644
+index fb5ba7a..afba6a2 100644
--- a/bus/dispatch.h
+++ b/bus/dispatch.h
@@ -29,7 +29,7 @@
@@ -662,10 +653,10 @@ index fb5ba7a5..afba6a24 100644
DBusConnection *recipient,
DBusMessage *message,
diff --git a/bus/driver.c b/bus/driver.c
-index b7e1a0a0..a5823d4d 100644
+index cd0a714..f414f64 100644
--- a/bus/driver.c
+++ b/bus/driver.c
-@@ -225,6 +225,7 @@ bus_driver_send_service_owner_changed (const char *service_name,
+@@ -218,6 +218,7 @@ bus_driver_send_service_owner_changed (const char *service_name,
{
DBusMessage *message;
dbus_bool_t retval;
@@ -673,8 +664,8 @@ index b7e1a0a0..a5823d4d 100644
const char *null_service;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-@@ -260,7 +261,16 @@ bus_driver_send_service_owner_changed (const char *service_name,
- if (!bus_transaction_capture (transaction, NULL, message))
+@@ -253,7 +254,16 @@ bus_driver_send_service_owner_changed (const char *service_name,
+ if (!bus_transaction_capture (transaction, NULL, NULL, message))
goto oom;
- retval = bus_dispatch_matches (transaction, NULL, NULL, message, error);
@@ -692,7 +683,7 @@ index b7e1a0a0..a5823d4d 100644
return retval;
diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h
-index 48357321..94b1c951 100644
+index 4835732..94b1c95 100644
--- a/dbus/dbus-connection-internal.h
+++ b/dbus/dbus-connection-internal.h
@@ -118,6 +118,21 @@ DBUS_PRIVATE_EXPORT
@@ -718,7 +709,7 @@ index 48357321..94b1c951 100644
DBUS_PRIVATE_EXPORT
void _dbus_connection_get_stats (DBusConnection *connection,
diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c
-index 7f5b3292..ed0be70d 100644
+index c525b6d..f1b0ea0 100644
--- a/dbus/dbus-connection.c
+++ b/dbus/dbus-connection.c
@@ -311,7 +311,8 @@ struct DBusConnection
@@ -771,7 +762,7 @@ index 7f5b3292..ed0be70d 100644
#ifdef DBUS_ENABLE_EMBEDDED_TESTS
/**
* Gets the locks so we can examine them
-@@ -4070,6 +4104,82 @@ _dbus_connection_putback_message_link_unlocked (DBusConnection *connection,
+@@ -4069,6 +4103,82 @@ _dbus_connection_putback_message_link_unlocked (DBusConnection *connection,
"_dbus_connection_putback_message_link_unlocked");
}
@@ -854,7 +845,7 @@ index 7f5b3292..ed0be70d 100644
/**
* Returns the first-received message from the incoming message queue,
* removing it from the queue. The caller owns a reference to the
-@@ -4253,8 +4363,9 @@ static DBusDispatchStatus
+@@ -4252,8 +4362,9 @@ static DBusDispatchStatus
_dbus_connection_get_dispatch_status_unlocked (DBusConnection *connection)
{
HAVE_LOCK_CHECK (connection);
@@ -866,7 +857,7 @@ index 7f5b3292..ed0be70d 100644
return DBUS_DISPATCH_DATA_REMAINS;
else if (!_dbus_transport_queue_messages (connection->transport))
return DBUS_DISPATCH_NEED_MEMORY;
-@@ -4717,6 +4828,8 @@ dbus_connection_dispatch (DBusConnection *connection)
+@@ -4716,6 +4827,8 @@ dbus_connection_dispatch (DBusConnection *connection)
CONNECTION_LOCK (connection);
@@ -875,7 +866,7 @@ index 7f5b3292..ed0be70d 100644
if (result == DBUS_HANDLER_RESULT_NEED_MEMORY)
{
_dbus_verbose ("No memory\n");
-@@ -4839,9 +4952,11 @@ dbus_connection_dispatch (DBusConnection *connection)
+@@ -4838,9 +4951,11 @@ dbus_connection_dispatch (DBusConnection *connection)
connection);
out:
@@ -890,7 +881,7 @@ index 7f5b3292..ed0be70d 100644
/* Put message back, and we'll start over.
* Yes this means handlers must be idempotent if they
diff --git a/dbus/dbus-list.c b/dbus/dbus-list.c
-index c4c1856f..f84918b1 100644
+index 8e713c0..32ea871 100644
--- a/dbus/dbus-list.c
+++ b/dbus/dbus-list.c
@@ -458,6 +458,35 @@ _dbus_list_remove_last (DBusList **list,
@@ -930,7 +921,7 @@ index c4c1856f..f84918b1 100644
* Finds a value in the list. Returns the last link
* with value equal to the given data pointer.
diff --git a/dbus/dbus-list.h b/dbus/dbus-list.h
-index 9350a0da..fee9f1bc 100644
+index 9350a0d..fee9f1b 100644
--- a/dbus/dbus-list.h
+++ b/dbus/dbus-list.h
@@ -68,6 +68,9 @@ DBUS_PRIVATE_EXPORT
@@ -944,7 +935,7 @@ index 9350a0da..fee9f1bc 100644
void *data);
DBUS_PRIVATE_EXPORT
diff --git a/dbus/dbus-shared.h b/dbus/dbus-shared.h
-index 7ab91035..e5bfbed6 100644
+index 7ab9103..e5bfbed 100644
--- a/dbus/dbus-shared.h
+++ b/dbus/dbus-shared.h
@@ -67,7 +67,8 @@ typedef enum
@@ -957,6 +948,3 @@ index 7ab91035..e5bfbed6 100644
} DBusHandlerResult;
/* Bus names */
---
-2.14.3
-
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch
index b797064ec..7f17bd00a 100644
--- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch
+++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch
@@ -23,26 +23,16 @@ Change-Id: Iecd5395f75a4c7811fa97247a37d8fc4d42e8814
Cherry picked from 1e231194610892dd4360224998d91336097b05a1 by Jose Bollo
+Updated for dbus 1.12.10 by Scott Murray.
+
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- bus/activation.c | 4 +-
- bus/bus.c | 50 +++++++--
- bus/bus.h | 19 ++++
- bus/check.c | 307 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
- bus/check.h | 25 +++++
- bus/connection.c | 169 ++++++++++++++++++++++++++++--
- bus/connection.h | 19 +++-
- bus/dispatch.c | 121 ++++++++++++++++++----
- bus/dispatch.h | 11 +-
- bus/driver.c | 2 +-
- bus/policy.c | 6 ++
- 11 files changed, 686 insertions(+), 47 deletions(-)
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
diff --git a/bus/activation.c b/bus/activation.c
-index 343d3f22..11bd8386 100644
+index 5f02153..f2981e1 100644
--- a/bus/activation.c
+++ b/bus/activation.c
-@@ -1198,7 +1198,7 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation
+@@ -1259,7 +1259,7 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation
res = bus_dispatch_matches (transaction,
entry->connection,
addressed_recipient,
@@ -51,20 +41,20 @@ index 343d3f22..11bd8386 100644
if (res == BUS_RESULT_FALSE)
{
/* If permission is denied, we just want to return the error
-@@ -2085,7 +2085,7 @@ bus_activation_activate_service (BusActivation *activation,
- entry->systemd_service);
+@@ -2137,7 +2137,7 @@ bus_activation_activate_service (BusActivation *activation,
+ bus_connection_get_loginfo (connection));
/* Wonderful, systemd is connected, let's just send the msg */
- res = bus_dispatch_matches (activation_transaction, NULL, bus_service_get_primary_owners_connection (service),
-- message, error);
-+ message, NULL, error);
+ res = bus_dispatch_matches (activation_transaction, NULL,
+- systemd, message, error);
++ systemd, message, NULL, error);
if (res == BUS_RESULT_TRUE)
retval = TRUE;
diff --git a/bus/bus.c b/bus/bus.c
-index c4008505..911e2340 100644
+index 237efe3..5bb5637 100644
--- a/bus/bus.c
+++ b/bus/bus.c
-@@ -1796,17 +1796,9 @@ bus_context_check_security_policy (BusContext *context,
+@@ -1800,17 +1800,9 @@ bus_context_check_security_policy (BusContext *context,
}
/* See if limits on size have been exceeded */
@@ -84,7 +74,7 @@ index c4008505..911e2340 100644
/* Record that we will allow a reply here in the future (don't
* bother if the recipient is the bus or this is an eavesdropping
-@@ -1861,3 +1853,41 @@ bus_context_check_all_watches (BusContext *context)
+@@ -1869,3 +1861,41 @@ bus_context_check_all_watches (BusContext *context)
_dbus_server_toggle_all_watches (server, enabled);
}
}
@@ -127,10 +117,10 @@ index c4008505..911e2340 100644
+ return TRUE;
+}
diff --git a/bus/bus.h b/bus/bus.h
-index dab7791f..445165c9 100644
+index 82c32c8..1b08f7c 100644
--- a/bus/bus.h
+++ b/bus/bus.h
-@@ -158,4 +158,23 @@ BusResult bus_context_check_security_policy (BusContext
+@@ -164,4 +164,23 @@ BusResult bus_context_check_security_policy (BusContext
BusDeferredMessage **deferred_message);
void bus_context_check_all_watches (BusContext *context);
@@ -155,7 +145,7 @@ index dab7791f..445165c9 100644
+
#endif /* BUS_BUS_H */
diff --git a/bus/check.c b/bus/check.c
-index 4b8a6994..b8833349 100644
+index 4b8a699..f3d283f 100644
--- a/bus/check.c
+++ b/bus/check.c
@@ -49,6 +49,9 @@ typedef struct BusDeferredMessage
@@ -370,7 +360,7 @@ index 4b8a6994..b8833349 100644
+ deferred_message->sender,
+ deferred_message->addressed_recipient,
+ deferred_message->proposed_recipient,
-+ deferred_message->message, NULL,
++ deferred_message->message, NULL, NULL,
+ &deferred_message2);
+
+ if (result == BUS_RESULT_LATER)
@@ -511,7 +501,7 @@ index 4b8a6994..b8833349 100644
}
+
diff --git a/bus/check.h b/bus/check.h
-index d1775497..9c13c184 100644
+index d177549..9c13c18 100644
--- a/bus/check.h
+++ b/bus/check.h
@@ -64,12 +64,37 @@ BusDeferredMessage *bus_deferred_message_new (DBusMessage *messag
@@ -553,7 +543,7 @@ index d1775497..9c13c184 100644
extern BusResult (*bus_check_test_override) (DBusConnection *connection,
const char *privilege);
diff --git a/bus/connection.c b/bus/connection.c
-index eea50ecd..1c0bdffb 100644
+index deebde3..f9e563b 100644
--- a/bus/connection.c
+++ b/bus/connection.c
@@ -31,11 +31,13 @@
@@ -587,7 +577,7 @@ index eea50ecd..1c0bdffb 100644
bus_dispatch_remove_connection (connection);
/* no more watching */
-@@ -2264,7 +2269,7 @@ bus_transaction_capture (BusTransaction *transaction,
+@@ -2307,7 +2312,7 @@ bus_transaction_capture (BusTransaction *transaction,
{
DBusConnection *recipient = link->data;
@@ -596,7 +586,7 @@ index eea50ecd..1c0bdffb 100644
goto out;
}
-@@ -2317,6 +2322,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+@@ -2361,6 +2366,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
{
DBusError error = DBUS_ERROR_INIT;
BusResult res;
@@ -604,17 +594,17 @@ index eea50ecd..1c0bdffb 100644
/* We have to set the sender to the driver, and have
* to check security policy since it was not done in
-@@ -2357,7 +2363,8 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
- res = bus_context_check_security_policy (bus_transaction_get_context (transaction),
+@@ -2402,7 +2408,8 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
transaction,
- NULL, connection, connection, message, &error,
+ NULL, connection, connection,
+ message, NULL, &error,
- NULL);
+ &deferred_message);
+
if (res == BUS_RESULT_FALSE)
{
- if (!bus_transaction_capture_error_reply (transaction, &error, message))
-@@ -2374,18 +2381,20 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+ if (!bus_transaction_capture_error_reply (transaction, connection,
+@@ -2420,18 +2427,20 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
}
else if (res == BUS_RESULT_LATER)
{
@@ -639,7 +629,7 @@ index eea50ecd..1c0bdffb 100644
{
MessageToSend *to_send;
BusConnectionData *d;
-@@ -2411,7 +2420,28 @@ bus_transaction_send (BusTransaction *transaction,
+@@ -2457,7 +2466,28 @@ bus_transaction_send (BusTransaction *transaction,
d = BUS_CONNECTION_DATA (connection);
_dbus_assert (d != NULL);
@@ -669,7 +659,7 @@ index eea50ecd..1c0bdffb 100644
to_send = dbus_new (MessageToSend, 1);
if (to_send == NULL)
{
-@@ -2663,6 +2693,131 @@ bus_transaction_add_cancel_hook (BusTransaction *transaction,
+@@ -2709,6 +2739,131 @@ bus_transaction_add_cancel_hook (BusTransaction *transaction,
return TRUE;
}
@@ -802,10 +792,10 @@ index eea50ecd..1c0bdffb 100644
bus_connections_get_n_active (BusConnections *connections)
{
diff --git a/bus/connection.h b/bus/connection.h
-index a6e5dfde..46e883e6 100644
+index 71078ea..97dae96 100644
--- a/bus/connection.h
+++ b/bus/connection.h
-@@ -83,6 +83,22 @@ dbus_bool_t bus_connection_preallocate_oom_error (DBusConnection *connection);
+@@ -85,6 +85,22 @@ dbus_bool_t bus_connection_preallocate_oom_error (DBusConnection *connection);
void bus_connection_send_oom_error (DBusConnection *connection,
DBusMessage *in_reply_to);
@@ -828,7 +818,7 @@ index a6e5dfde..46e883e6 100644
/* called by signals.c */
dbus_bool_t bus_connection_add_match_rule (DBusConnection *connection,
BusMatchRule *rule);
-@@ -135,7 +151,8 @@ BusTransaction* bus_transaction_new (BusContext *
+@@ -137,7 +153,8 @@ BusTransaction* bus_transaction_new (BusContext *
BusContext* bus_transaction_get_context (BusTransaction *transaction);
dbus_bool_t bus_transaction_send (BusTransaction *transaction,
DBusConnection *connection,
@@ -837,9 +827,9 @@ index a6e5dfde..46e883e6 100644
+ dbus_bool_t deferred_dispatch);
dbus_bool_t bus_transaction_capture (BusTransaction *transaction,
DBusConnection *connection,
- DBusMessage *message);
+ DBusConnection *addressed_recipient,
diff --git a/bus/dispatch.c b/bus/dispatch.c
-index 7353501b..e32c9263 100644
+index 0250b53..1bdcbf0 100644
--- a/bus/dispatch.c
+++ b/bus/dispatch.c
@@ -33,6 +33,7 @@
@@ -850,16 +840,16 @@ index 7353501b..e32c9263 100644
#include "test.h"
#include <dbus/dbus-internals.h>
#include <dbus/dbus-connection-internal.h>
-@@ -76,7 +77,7 @@ send_one_message (DBusConnection *connection,
- message,
+@@ -77,7 +78,7 @@ send_one_message (DBusConnection *connection,
+ NULL,
&stack_error,
&deferred_message);
- if (result != BUS_RESULT_TRUE)
+ if (result == BUS_RESULT_FALSE)
{
- if (!bus_transaction_capture_error_reply (transaction, &stack_error,
- message))
-@@ -111,9 +112,19 @@ send_one_message (DBusConnection *connection,
+ if (!bus_transaction_capture_error_reply (transaction, sender,
+ &stack_error, message))
+@@ -112,9 +113,19 @@ send_one_message (DBusConnection *connection,
return TRUE; /* don't send it but don't return an error either */
}
@@ -880,7 +870,7 @@ index 7353501b..e32c9263 100644
{
BUS_SET_OOM (error);
return FALSE;
-@@ -123,11 +134,12 @@ send_one_message (DBusConnection *connection,
+@@ -124,11 +135,12 @@ send_one_message (DBusConnection *connection,
}
BusResult
@@ -898,7 +888,7 @@ index 7353501b..e32c9263 100644
{
DBusError tmp_error;
BusConnections *connections;
-@@ -151,17 +163,78 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -152,17 +164,78 @@ bus_dispatch_matches (BusTransaction *transaction,
/* First, send the message to the addressed_recipient, if there is one. */
if (addressed_recipient != NULL)
{
@@ -906,7 +896,7 @@ index 7353501b..e32c9263 100644
- res = bus_context_check_security_policy (context, transaction,
- sender, addressed_recipient,
- addressed_recipient,
-- message, error,
+- message, NULL, error,
- &deferred_message);
- if (res == BUS_RESULT_FALSE)
+ BusResult result;
@@ -961,7 +951,7 @@ index 7353501b..e32c9263 100644
+
+ if (result == BUS_RESULT_LATER)
+ result = bus_context_check_security_policy(context, transaction,
-+ sender, addressed_recipient, addressed_recipient, message, error,
++ sender, addressed_recipient, addressed_recipient, message, NULL, error,
+ &deferred_message);
+
+ if (result == BUS_RESULT_FALSE)
@@ -985,7 +975,7 @@ index 7353501b..e32c9263 100644
status = bus_deferred_message_get_status(deferred_message);
if (status & BUS_DEFERRED_MESSAGE_CHECK_SEND)
-@@ -172,13 +245,18 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -173,13 +246,18 @@ bus_dispatch_matches (BusTransaction *transaction,
}
else if (status & BUS_DEFERRED_MESSAGE_CHECK_RECEIVE)
{
@@ -1008,7 +998,7 @@ index 7353501b..e32c9263 100644
return BUS_RESULT_FALSE;
}
}
-@@ -195,7 +273,8 @@ bus_dispatch_matches (BusTransaction *transaction,
+@@ -196,7 +274,8 @@ bus_dispatch_matches (BusTransaction *transaction,
}
/* Dispatch the message */
@@ -1018,7 +1008,7 @@ index 7353501b..e32c9263 100644
{
BUS_SET_OOM (error);
return BUS_RESULT_FALSE;
-@@ -495,7 +574,7 @@ bus_dispatch (DBusConnection *connection,
+@@ -535,7 +614,7 @@ bus_dispatch (DBusConnection *connection,
* match rules.
*/
if (BUS_RESULT_LATER == bus_dispatch_matches (transaction, connection, addressed_recipient,
@@ -1028,7 +1018,7 @@ index 7353501b..e32c9263 100644
/* Roll back and dispatch the message once the policy result is available */
bus_transaction_cancel_and_free (transaction);
diff --git a/bus/dispatch.h b/bus/dispatch.h
-index afba6a24..f6102e80 100644
+index afba6a2..f6102e8 100644
--- a/bus/dispatch.h
+++ b/bus/dispatch.h
@@ -29,10 +29,11 @@
@@ -1049,11 +1039,11 @@ index afba6a24..f6102e80 100644
#endif /* BUS_DISPATCH_H */
diff --git a/bus/driver.c b/bus/driver.c
-index a5823d4d..5acdd62a 100644
+index f414f64..d89a658 100644
--- a/bus/driver.c
+++ b/bus/driver.c
-@@ -261,7 +261,7 @@ bus_driver_send_service_owner_changed (const char *service_name,
- if (!bus_transaction_capture (transaction, NULL, message))
+@@ -254,7 +254,7 @@ bus_driver_send_service_owner_changed (const char *service_name,
+ if (!bus_transaction_capture (transaction, NULL, NULL, message))
goto oom;
- res = bus_dispatch_matches (transaction, NULL, NULL, message, error);
@@ -1062,10 +1052,10 @@ index a5823d4d..5acdd62a 100644
retval = TRUE;
else
diff --git a/bus/policy.c b/bus/policy.c
-index bcade176..47bd1a24 100644
+index 7ee1ce5..b1fab0d 100644
--- a/bus/policy.c
+++ b/bus/policy.c
-@@ -1071,6 +1071,9 @@ bus_client_policy_check_can_send (DBusConnection *sender,
+@@ -1121,6 +1121,9 @@ bus_client_policy_check_can_send (DBusConnection *sender,
result = bus_check_privilege(check, message, sender, addressed_recipient, receiver,
privilege, BUS_DEFERRED_MESSAGE_CHECK_SEND, deferred_message);
@@ -1075,7 +1065,7 @@ index bcade176..47bd1a24 100644
}
else
privilege = NULL;
-@@ -1305,6 +1308,9 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
+@@ -1370,6 +1373,9 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
result = bus_check_privilege(check, message, sender, addressed_recipient, proposed_recipient,
privilege, BUS_DEFERRED_MESSAGE_CHECK_RECEIVE, deferred_message);
@@ -1085,6 +1075,3 @@ index bcade176..47bd1a24 100644
}
else
privilege = NULL;
---
-2.14.3
-
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch
index 1086f5b12..bde785241 100644
--- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch
+++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0004-Add-own-rule-result-unavailability-handling.patch
@@ -19,24 +19,16 @@ Change-Id: I4c2cbd4585e41fccd8a30f825a8f0d342ab56755
Cherry-picked from 35ef89cd6777ea2430077fc621d21bd01df92349 by Jose.bollo
+Updated for dbus 1.12.10 by Scott Murray.
+
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- bus/dispatch.c | 11 ++-
- bus/driver.c | 259 ++++++++++++++++++++++++++++++---------------------------
- bus/driver.h | 2 +-
- bus/policy.c | 51 +++++++++---
- bus/policy.h | 6 +-
- bus/services.c | 26 ++++--
- bus/services.h | 3 +-
- bus/stats.c | 28 +++----
- bus/stats.h | 6 +-
- 9 files changed, 229 insertions(+), 163 deletions(-)
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
diff --git a/bus/dispatch.c b/bus/dispatch.c
-index e32c9263..4d57c556 100644
+index 1bdcbf0..625add5 100644
--- a/bus/dispatch.c
+++ b/bus/dispatch.c
-@@ -513,8 +513,17 @@ bus_dispatch (DBusConnection *connection,
+@@ -516,8 +516,17 @@ bus_dispatch (DBusConnection *connection,
}
_dbus_verbose ("Giving message to %s\n", DBUS_SERVICE_DBUS);
@@ -56,10 +48,10 @@ index e32c9263..4d57c556 100644
else if (!bus_connection_is_active (connection)) /* clients must talk to bus driver first */
{
diff --git a/bus/driver.c b/bus/driver.c
-index 5acdd62a..bc4ce0b5 100644
+index d89a658..5ee60cb 100644
--- a/bus/driver.c
+++ b/bus/driver.c
-@@ -427,7 +427,7 @@ create_unique_client_name (BusRegistry *registry,
+@@ -420,7 +420,7 @@ create_unique_client_name (BusRegistry *registry,
return TRUE;
}
@@ -68,7 +60,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_hello (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -435,7 +435,7 @@ bus_driver_handle_hello (DBusConnection *connection,
+@@ -428,7 +428,7 @@ bus_driver_handle_hello (DBusConnection *connection,
{
DBusString unique_name;
BusService *service;
@@ -76,8 +68,8 @@ index 5acdd62a..bc4ce0b5 100644
+ BusResult retval;
BusRegistry *registry;
BusConnections *connections;
-
-@@ -446,7 +446,7 @@ bus_driver_handle_hello (DBusConnection *connection,
+ DBusError tmp_error;
+@@ -442,7 +442,7 @@ bus_driver_handle_hello (DBusConnection *connection,
/* We already handled an Hello message for this connection. */
dbus_set_error (error, DBUS_ERROR_FAILED,
"Already handled an Hello message");
@@ -86,10 +78,10 @@ index 5acdd62a..bc4ce0b5 100644
}
/* Note that when these limits are exceeded we don't disconnect the
-@@ -460,16 +460,16 @@ bus_driver_handle_hello (DBusConnection *connection,
- error))
- {
- _DBUS_ASSERT_ERROR_IS_SET (error);
+@@ -464,16 +464,16 @@ bus_driver_handle_hello (DBusConnection *connection,
+ bus_context_log (context, DBUS_SYSTEM_LOG_WARNING, "%s (%s=%d)",
+ tmp_error.message, limit_name, limit);
+ dbus_move_error (&tmp_error, error);
- return FALSE;
+ return BUS_RESULT_FALSE;
}
@@ -106,7 +98,7 @@ index 5acdd62a..bc4ce0b5 100644
registry = bus_connection_get_registry (connection);
-@@ -502,7 +502,7 @@ bus_driver_handle_hello (DBusConnection *connection,
+@@ -506,7 +506,7 @@ bus_driver_handle_hello (DBusConnection *connection,
goto out_0;
_dbus_assert (bus_connection_is_active (connection));
@@ -115,7 +107,7 @@ index 5acdd62a..bc4ce0b5 100644
out_0:
_dbus_string_free (&unique_name);
-@@ -554,7 +554,7 @@ bus_driver_send_welcome_message (DBusConnection *connection,
+@@ -558,7 +558,7 @@ bus_driver_send_welcome_message (DBusConnection *connection,
}
}
@@ -124,7 +116,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_list_services (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -576,14 +576,14 @@ bus_driver_handle_list_services (DBusConnection *connection,
+@@ -580,14 +580,14 @@ bus_driver_handle_list_services (DBusConnection *connection,
if (reply == NULL)
{
BUS_SET_OOM (error);
@@ -141,7 +133,7 @@ index 5acdd62a..bc4ce0b5 100644
}
dbus_message_iter_init_append (reply, &iter);
-@@ -595,7 +595,7 @@ bus_driver_handle_list_services (DBusConnection *connection,
+@@ -599,7 +599,7 @@ bus_driver_handle_list_services (DBusConnection *connection,
dbus_free_string_array (services);
dbus_message_unref (reply);
BUS_SET_OOM (error);
@@ -150,7 +142,7 @@ index 5acdd62a..bc4ce0b5 100644
}
{
-@@ -607,7 +607,7 @@ bus_driver_handle_list_services (DBusConnection *connection,
+@@ -611,7 +611,7 @@ bus_driver_handle_list_services (DBusConnection *connection,
dbus_free_string_array (services);
dbus_message_unref (reply);
BUS_SET_OOM (error);
@@ -159,7 +151,7 @@ index 5acdd62a..bc4ce0b5 100644
}
}
-@@ -620,7 +620,7 @@ bus_driver_handle_list_services (DBusConnection *connection,
+@@ -624,7 +624,7 @@ bus_driver_handle_list_services (DBusConnection *connection,
dbus_free_string_array (services);
dbus_message_unref (reply);
BUS_SET_OOM (error);
@@ -168,7 +160,7 @@ index 5acdd62a..bc4ce0b5 100644
}
++i;
}
-@@ -631,23 +631,23 @@ bus_driver_handle_list_services (DBusConnection *connection,
+@@ -635,23 +635,23 @@ bus_driver_handle_list_services (DBusConnection *connection,
{
dbus_message_unref (reply);
BUS_SET_OOM (error);
@@ -196,7 +188,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_list_activatable_services (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -669,14 +669,14 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection,
+@@ -673,14 +673,14 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection,
if (reply == NULL)
{
BUS_SET_OOM (error);
@@ -213,7 +205,7 @@ index 5acdd62a..bc4ce0b5 100644
}
dbus_message_iter_init_append (reply, &iter);
-@@ -688,7 +688,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection,
+@@ -692,7 +692,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection,
dbus_free_string_array (services);
dbus_message_unref (reply);
BUS_SET_OOM (error);
@@ -222,7 +214,7 @@ index 5acdd62a..bc4ce0b5 100644
}
{
-@@ -700,7 +700,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection,
+@@ -704,7 +704,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection,
dbus_free_string_array (services);
dbus_message_unref (reply);
BUS_SET_OOM (error);
@@ -231,7 +223,7 @@ index 5acdd62a..bc4ce0b5 100644
}
}
-@@ -713,7 +713,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection,
+@@ -717,7 +717,7 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection,
dbus_free_string_array (services);
dbus_message_unref (reply);
BUS_SET_OOM (error);
@@ -240,7 +232,7 @@ index 5acdd62a..bc4ce0b5 100644
}
++i;
}
-@@ -724,23 +724,23 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection,
+@@ -728,23 +728,23 @@ bus_driver_handle_list_activatable_services (DBusConnection *connection,
{
dbus_message_unref (reply);
BUS_SET_OOM (error);
@@ -268,7 +260,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_acquire_service (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -751,7 +751,8 @@ bus_driver_handle_acquire_service (DBusConnection *connection,
+@@ -755,7 +755,8 @@ bus_driver_handle_acquire_service (DBusConnection *connection,
const char *name;
dbus_uint32_t service_reply;
dbus_uint32_t flags;
@@ -278,7 +270,7 @@ index 5acdd62a..bc4ce0b5 100644
BusRegistry *registry;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-@@ -762,20 +763,24 @@ bus_driver_handle_acquire_service (DBusConnection *connection,
+@@ -766,20 +767,24 @@ bus_driver_handle_acquire_service (DBusConnection *connection,
DBUS_TYPE_STRING, &name,
DBUS_TYPE_UINT32, &flags,
DBUS_TYPE_INVALID))
@@ -310,7 +302,7 @@ index 5acdd62a..bc4ce0b5 100644
reply = dbus_message_new_method_return (message);
if (reply == NULL)
-@@ -796,7 +801,7 @@ bus_driver_handle_acquire_service (DBusConnection *connection,
+@@ -800,7 +805,7 @@ bus_driver_handle_acquire_service (DBusConnection *connection,
goto out;
}
@@ -319,7 +311,7 @@ index 5acdd62a..bc4ce0b5 100644
out:
if (reply)
-@@ -804,7 +809,7 @@ bus_driver_handle_acquire_service (DBusConnection *connection,
+@@ -808,7 +813,7 @@ bus_driver_handle_acquire_service (DBusConnection *connection,
return retval;
}
@@ -328,7 +320,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_release_service (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -814,7 +819,7 @@ bus_driver_handle_release_service (DBusConnection *connection,
+@@ -818,7 +823,7 @@ bus_driver_handle_release_service (DBusConnection *connection,
DBusString service_name;
const char *name;
dbus_uint32_t service_reply;
@@ -337,7 +329,7 @@ index 5acdd62a..bc4ce0b5 100644
BusRegistry *registry;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-@@ -824,11 +829,11 @@ bus_driver_handle_release_service (DBusConnection *connection,
+@@ -828,11 +833,11 @@ bus_driver_handle_release_service (DBusConnection *connection,
if (!dbus_message_get_args (message, error,
DBUS_TYPE_STRING, &name,
DBUS_TYPE_INVALID))
@@ -351,7 +343,7 @@ index 5acdd62a..bc4ce0b5 100644
reply = NULL;
_dbus_string_init_const (&service_name, name);
-@@ -857,7 +862,7 @@ bus_driver_handle_release_service (DBusConnection *connection,
+@@ -861,7 +866,7 @@ bus_driver_handle_release_service (DBusConnection *connection,
goto out;
}
@@ -360,7 +352,7 @@ index 5acdd62a..bc4ce0b5 100644
out:
if (reply)
-@@ -865,7 +870,7 @@ bus_driver_handle_release_service (DBusConnection *connection,
+@@ -869,7 +874,7 @@ bus_driver_handle_release_service (DBusConnection *connection,
return retval;
}
@@ -369,7 +361,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_service_exists (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -876,7 +881,7 @@ bus_driver_handle_service_exists (DBusConnection *connection,
+@@ -880,7 +885,7 @@ bus_driver_handle_service_exists (DBusConnection *connection,
BusService *service;
dbus_bool_t service_exists;
const char *name;
@@ -378,7 +370,7 @@ index 5acdd62a..bc4ce0b5 100644
BusRegistry *registry;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-@@ -886,9 +891,9 @@ bus_driver_handle_service_exists (DBusConnection *connection,
+@@ -890,9 +895,9 @@ bus_driver_handle_service_exists (DBusConnection *connection,
if (!dbus_message_get_args (message, error,
DBUS_TYPE_STRING, &name,
DBUS_TYPE_INVALID))
@@ -390,7 +382,7 @@ index 5acdd62a..bc4ce0b5 100644
if (strcmp (name, DBUS_SERVICE_DBUS) == 0)
{
-@@ -922,7 +927,7 @@ bus_driver_handle_service_exists (DBusConnection *connection,
+@@ -926,7 +931,7 @@ bus_driver_handle_service_exists (DBusConnection *connection,
goto out;
}
@@ -399,7 +391,7 @@ index 5acdd62a..bc4ce0b5 100644
out:
if (reply)
-@@ -931,7 +936,7 @@ bus_driver_handle_service_exists (DBusConnection *connection,
+@@ -935,7 +940,7 @@ bus_driver_handle_service_exists (DBusConnection *connection,
return retval;
}
@@ -408,7 +400,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_activate_service (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -939,7 +944,7 @@ bus_driver_handle_activate_service (DBusConnection *connection,
+@@ -943,7 +948,7 @@ bus_driver_handle_activate_service (DBusConnection *connection,
{
dbus_uint32_t flags;
const char *name;
@@ -417,7 +409,7 @@ index 5acdd62a..bc4ce0b5 100644
BusActivation *activation;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-@@ -953,10 +958,10 @@ bus_driver_handle_activate_service (DBusConnection *connection,
+@@ -957,10 +962,10 @@ bus_driver_handle_activate_service (DBusConnection *connection,
{
_DBUS_ASSERT_ERROR_IS_SET (error);
_dbus_verbose ("No memory to get arguments to StartServiceByName\n");
@@ -430,7 +422,7 @@ index 5acdd62a..bc4ce0b5 100644
if (!bus_activation_activate_service (activation, connection, transaction, FALSE,
message, name, error))
-@@ -966,7 +971,7 @@ bus_driver_handle_activate_service (DBusConnection *connection,
+@@ -970,7 +975,7 @@ bus_driver_handle_activate_service (DBusConnection *connection,
goto out;
}
@@ -439,7 +431,7 @@ index 5acdd62a..bc4ce0b5 100644
out:
return retval;
-@@ -1068,13 +1073,13 @@ bus_driver_send_or_activate (BusTransaction *transaction,
+@@ -1072,13 +1077,13 @@ bus_driver_send_or_activate (BusTransaction *transaction,
return TRUE;
}
@@ -455,25 +447,7 @@ index 5acdd62a..bc4ce0b5 100644
BusActivation *activation;
BusContext *context;
DBusMessageIter iter;
-@@ -1090,7 +1095,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection,
- _DBUS_ASSERT_ERROR_IS_CLEAR (error);
-
- if (!bus_driver_check_message_is_for_us (message, error))
-- return FALSE;
-+ return BUS_RESULT_FALSE;
-
- #ifdef DBUS_UNIX
- {
@@ -1100,7 +1105,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection,
- */
- if (!bus_driver_check_caller_is_privileged (connection, transaction,
- message, error))
-- return FALSE;
-+ return BUS_RESULT_FALSE;
- }
- #endif
-
-@@ -1111,7 +1116,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection,
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"Cannot change activation environment "
"on a system bus.");
@@ -482,7 +456,7 @@ index 5acdd62a..bc4ce0b5 100644
}
activation = bus_connection_get_activation (connection);
-@@ -1125,7 +1130,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection,
+@@ -1114,7 +1119,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection,
dbus_message_iter_recurse (&iter, &dict_iter);
@@ -491,8 +465,8 @@ index 5acdd62a..bc4ce0b5 100644
systemd_message = NULL;
/* Then loop through the sent dictionary, add the location of
-@@ -1291,7 +1296,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection,
- message, error))
+@@ -1279,7 +1284,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection,
+ if (!bus_driver_send_ack_reply (connection, transaction, message, error))
goto out;
- retval = TRUE;
@@ -500,7 +474,7 @@ index 5acdd62a..bc4ce0b5 100644
out:
if (systemd_message != NULL)
-@@ -1301,7 +1306,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection,
+@@ -1289,7 +1294,7 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection,
return retval;
}
@@ -509,7 +483,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_add_match (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -1367,16 +1372,16 @@ bus_driver_handle_add_match (DBusConnection *connection,
+@@ -1371,16 +1376,16 @@ bus_driver_handle_add_match (DBusConnection *connection,
bus_match_rule_unref (rule);
@@ -529,7 +503,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_remove_match (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -1420,16 +1425,16 @@ bus_driver_handle_remove_match (DBusConnection *connection,
+@@ -1423,16 +1428,16 @@ bus_driver_handle_remove_match (DBusConnection *connection,
bus_match_rule_unref (rule);
@@ -549,7 +523,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_get_service_owner (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -1499,7 +1504,7 @@ bus_driver_handle_get_service_owner (DBusConnection *connection,
+@@ -1502,7 +1507,7 @@ bus_driver_handle_get_service_owner (DBusConnection *connection,
dbus_message_unref (reply);
@@ -558,7 +532,7 @@ index 5acdd62a..bc4ce0b5 100644
oom:
BUS_SET_OOM (error);
-@@ -1508,10 +1513,10 @@ bus_driver_handle_get_service_owner (DBusConnection *connection,
+@@ -1511,10 +1516,10 @@ bus_driver_handle_get_service_owner (DBusConnection *connection,
_DBUS_ASSERT_ERROR_IS_SET (error);
if (reply)
dbus_message_unref (reply);
@@ -571,7 +545,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_list_queued_owners (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -1602,7 +1607,7 @@ bus_driver_handle_list_queued_owners (DBusConnection *connection,
+@@ -1606,7 +1611,7 @@ bus_driver_handle_list_queued_owners (DBusConnection *connection,
dbus_message_unref (reply);
@@ -580,7 +554,7 @@ index 5acdd62a..bc4ce0b5 100644
oom:
BUS_SET_OOM (error);
-@@ -1615,10 +1620,10 @@ bus_driver_handle_list_queued_owners (DBusConnection *connection,
+@@ -1619,10 +1624,10 @@ bus_driver_handle_list_queued_owners (DBusConnection *connection,
if (base_names)
_dbus_list_clear (&base_names);
@@ -593,7 +567,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_get_connection_unix_user (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -1673,7 +1678,7 @@ bus_driver_handle_get_connection_unix_user (DBusConnection *connection,
+@@ -1679,7 +1684,7 @@ bus_driver_handle_get_connection_unix_user (DBusConnection *connection,
dbus_message_unref (reply);
@@ -602,7 +576,7 @@ index 5acdd62a..bc4ce0b5 100644
oom:
BUS_SET_OOM (error);
-@@ -1682,10 +1687,10 @@ bus_driver_handle_get_connection_unix_user (DBusConnection *connection,
+@@ -1688,10 +1693,10 @@ bus_driver_handle_get_connection_unix_user (DBusConnection *connection,
_DBUS_ASSERT_ERROR_IS_SET (error);
if (reply)
dbus_message_unref (reply);
@@ -615,7 +589,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -1740,7 +1745,7 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection,
+@@ -1748,7 +1753,7 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection,
dbus_message_unref (reply);
@@ -624,7 +598,7 @@ index 5acdd62a..bc4ce0b5 100644
oom:
BUS_SET_OOM (error);
-@@ -1749,10 +1754,10 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection,
+@@ -1757,10 +1762,10 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection,
_DBUS_ASSERT_ERROR_IS_SET (error);
if (reply)
dbus_message_unref (reply);
@@ -637,7 +611,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_get_adt_audit_session_data (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -1803,7 +1808,7 @@ bus_driver_handle_get_adt_audit_session_data (DBusConnection *connection,
+@@ -1811,7 +1816,7 @@ bus_driver_handle_get_adt_audit_session_data (DBusConnection *connection,
dbus_message_unref (reply);
@@ -646,7 +620,7 @@ index 5acdd62a..bc4ce0b5 100644
oom:
BUS_SET_OOM (error);
-@@ -1812,10 +1817,10 @@ bus_driver_handle_get_adt_audit_session_data (DBusConnection *connection,
+@@ -1820,10 +1825,10 @@ bus_driver_handle_get_adt_audit_session_data (DBusConnection *connection,
_DBUS_ASSERT_ERROR_IS_SET (error);
if (reply)
dbus_message_unref (reply);
@@ -659,7 +633,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_get_connection_selinux_security_context (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -1863,7 +1868,7 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne
+@@ -1872,7 +1877,7 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne
dbus_message_unref (reply);
@@ -668,7 +642,7 @@ index 5acdd62a..bc4ce0b5 100644
oom:
BUS_SET_OOM (error);
-@@ -1872,10 +1877,10 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne
+@@ -1881,10 +1886,10 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne
_DBUS_ASSERT_ERROR_IS_SET (error);
if (reply)
dbus_message_unref (reply);
@@ -681,7 +655,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_get_connection_credentials (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -1987,7 +1992,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection,
+@@ -1998,7 +2003,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection,
dbus_message_unref (reply);
@@ -690,7 +664,7 @@ index 5acdd62a..bc4ce0b5 100644
oom:
BUS_SET_OOM (error);
-@@ -2001,10 +2006,10 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection,
+@@ -2012,10 +2017,10 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection,
dbus_message_unref (reply);
}
@@ -703,7 +677,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_reload_config (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -2029,7 +2034,7 @@ bus_driver_handle_reload_config (DBusConnection *connection,
+@@ -2040,7 +2045,7 @@ bus_driver_handle_reload_config (DBusConnection *connection,
goto oom;
dbus_message_unref (reply);
@@ -712,7 +686,7 @@ index 5acdd62a..bc4ce0b5 100644
oom:
BUS_SET_OOM (error);
-@@ -2038,11 +2043,11 @@ bus_driver_handle_reload_config (DBusConnection *connection,
+@@ -2049,11 +2054,11 @@ bus_driver_handle_reload_config (DBusConnection *connection,
_DBUS_ASSERT_ERROR_IS_SET (error);
if (reply)
dbus_message_unref (reply);
@@ -726,7 +700,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_enable_verbose (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -2062,7 +2067,7 @@ bus_driver_handle_enable_verbose (DBusConnection *connection,
+@@ -2073,7 +2078,7 @@ bus_driver_handle_enable_verbose (DBusConnection *connection,
_dbus_set_verbose(TRUE);
dbus_message_unref (reply);
@@ -735,7 +709,7 @@ index 5acdd62a..bc4ce0b5 100644
oom:
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-@@ -2071,10 +2076,10 @@ bus_driver_handle_enable_verbose (DBusConnection *connection,
+@@ -2082,10 +2087,10 @@ bus_driver_handle_enable_verbose (DBusConnection *connection,
if (reply)
dbus_message_unref (reply);
@@ -748,7 +722,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_disable_verbose (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -2094,7 +2099,7 @@ bus_driver_handle_disable_verbose (DBusConnection *connection,
+@@ -2105,7 +2110,7 @@ bus_driver_handle_disable_verbose (DBusConnection *connection,
_dbus_set_verbose(FALSE);
dbus_message_unref (reply);
@@ -757,7 +731,7 @@ index 5acdd62a..bc4ce0b5 100644
oom:
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-@@ -2103,11 +2108,11 @@ bus_driver_handle_disable_verbose (DBusConnection *connection,
+@@ -2114,11 +2119,11 @@ bus_driver_handle_disable_verbose (DBusConnection *connection,
if (reply)
dbus_message_unref (reply);
@@ -771,7 +745,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_get_id (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -2123,7 +2128,7 @@ bus_driver_handle_get_id (DBusConnection *connection,
+@@ -2134,7 +2139,7 @@ bus_driver_handle_get_id (DBusConnection *connection,
if (!_dbus_string_init (&uuid))
{
BUS_SET_OOM (error);
@@ -780,7 +754,7 @@ index 5acdd62a..bc4ce0b5 100644
}
reply = NULL;
-@@ -2149,7 +2154,7 @@ bus_driver_handle_get_id (DBusConnection *connection,
+@@ -2160,7 +2165,7 @@ bus_driver_handle_get_id (DBusConnection *connection,
_dbus_string_free (&uuid);
dbus_message_unref (reply);
@@ -789,7 +763,7 @@ index 5acdd62a..bc4ce0b5 100644
oom:
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-@@ -2159,10 +2164,10 @@ bus_driver_handle_get_id (DBusConnection *connection,
+@@ -2170,10 +2175,10 @@ bus_driver_handle_get_id (DBusConnection *connection,
if (reply)
dbus_message_unref (reply);
_dbus_string_free (&uuid);
@@ -802,7 +776,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_become_monitor (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -2178,7 +2183,7 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
+@@ -2189,7 +2194,7 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
int i;
int n_match_rules;
dbus_uint32_t flags;
@@ -811,7 +785,7 @@ index 5acdd62a..bc4ce0b5 100644
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-@@ -2258,10 +2263,10 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
+@@ -2262,10 +2267,10 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
if (!bus_connection_be_monitor (connection, transaction, &rules, error))
goto out;
@@ -824,7 +798,7 @@ index 5acdd62a..bc4ce0b5 100644
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
else
_DBUS_ASSERT_ERROR_IS_SET (error);
-@@ -2282,10 +2287,10 @@ typedef struct
+@@ -2389,10 +2394,10 @@ typedef struct
const char *name;
const char *in_args;
const char *out_args;
@@ -836,19 +810,19 @@ index 5acdd62a..bc4ce0b5 100644
+ BusTransaction *transaction,
+ DBusMessage *message,
+ DBusError *error);
+ MethodFlags flags;
} MessageHandler;
- /* For speed it might be useful to sort this in order of
-@@ -2370,7 +2375,7 @@ static const MessageHandler dbus_message_handlers[] = {
- { NULL, NULL, NULL, NULL }
+@@ -2511,7 +2516,7 @@ static const PropertyHandler dbus_property_handlers[] = {
+ { NULL, NULL, NULL }
};
-static dbus_bool_t bus_driver_handle_introspect (DBusConnection *,
+static BusResult bus_driver_handle_introspect (DBusConnection *,
BusTransaction *, DBusMessage *, DBusError *);
- static const MessageHandler introspectable_message_handlers[] = {
-@@ -2514,7 +2519,7 @@ bus_driver_generate_introspect_string (DBusString *xml)
+ static const MessageHandler properties_message_handlers[] = {
+@@ -2763,7 +2768,7 @@ bus_driver_generate_introspect_string (DBusString *xml,
return TRUE;
}
@@ -857,7 +831,7 @@ index 5acdd62a..bc4ce0b5 100644
bus_driver_handle_introspect (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -2534,13 +2539,13 @@ bus_driver_handle_introspect (DBusConnection *connection,
+@@ -2784,13 +2789,13 @@ bus_driver_handle_introspect (DBusConnection *connection,
DBUS_TYPE_INVALID))
{
_DBUS_ASSERT_ERROR_IS_SET (error);
@@ -872,8 +846,8 @@ index 5acdd62a..bc4ce0b5 100644
+ return BUS_RESULT_FALSE;
}
- if (!bus_driver_generate_introspect_string (&xml))
-@@ -2563,7 +2568,7 @@ bus_driver_handle_introspect (DBusConnection *connection,
+ is_canonical_path = dbus_message_has_path (message, DBUS_PATH_DBUS);
+@@ -2815,7 +2820,7 @@ bus_driver_handle_introspect (DBusConnection *connection,
dbus_message_unref (reply);
_dbus_string_free (&xml);
@@ -882,7 +856,7 @@ index 5acdd62a..bc4ce0b5 100644
oom:
BUS_SET_OOM (error);
-@@ -2573,7 +2578,7 @@ bus_driver_handle_introspect (DBusConnection *connection,
+@@ -2825,10 +2830,10 @@ bus_driver_handle_introspect (DBusConnection *connection,
_dbus_string_free (&xml);
@@ -890,25 +864,20 @@ index 5acdd62a..bc4ce0b5 100644
+ return BUS_RESULT_FALSE;
}
- /*
-@@ -2608,7 +2613,7 @@ bus_driver_check_message_is_for_us (DBusMessage *message,
- return TRUE;
- }
-
-dbus_bool_t
+BusResult
bus_driver_handle_message (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -2618,6 +2623,7 @@ bus_driver_handle_message (DBusConnection *connection,
- const InterfaceHandler *ih;
+@@ -2839,6 +2844,7 @@ bus_driver_handle_message (DBusConnection *connection,
const MessageHandler *mh;
dbus_bool_t found_interface = FALSE;
+ dbus_bool_t is_canonical_path;
+ BusResult res;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-@@ -2633,7 +2639,7 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2854,7 +2860,7 @@ bus_driver_handle_message (DBusConnection *connection,
transaction,
message,
error))
@@ -917,7 +886,7 @@ index 5acdd62a..bc4ce0b5 100644
context = bus_connection_get_context (connection);
systemd = bus_driver_get_owner_of_name (connection,
-@@ -2650,7 +2656,7 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2871,7 +2877,7 @@ bus_driver_handle_message (DBusConnection *connection,
attacker ? attacker : "(unauthenticated)",
bus_connection_get_loginfo (connection));
/* ignore it */
@@ -926,7 +895,7 @@ index 5acdd62a..bc4ce0b5 100644
}
if (!bus_context_get_systemd_activation (context))
-@@ -2658,16 +2664,16 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2879,16 +2885,16 @@ bus_driver_handle_message (DBusConnection *connection,
bus_context_log (context, DBUS_SYSTEM_LOG_WARNING,
"Ignoring unexpected ActivationFailure message "
"while not using systemd activation");
@@ -946,7 +915,7 @@ index 5acdd62a..bc4ce0b5 100644
}
/* may be NULL, which means "any interface will do" */
-@@ -2709,20 +2715,27 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2953,20 +2959,27 @@ bus_driver_handle_message (DBusConnection *connection,
name, dbus_message_get_signature (message),
mh->in_args);
_DBUS_ASSERT_ERROR_IS_SET (error);
@@ -979,7 +948,7 @@ index 5acdd62a..bc4ce0b5 100644
}
}
}
-@@ -2734,7 +2747,7 @@ bus_driver_handle_message (DBusConnection *connection,
+@@ -2978,7 +2991,7 @@ bus_driver_handle_message (DBusConnection *connection,
"%s does not understand message %s",
DBUS_SERVICE_DBUS, name);
@@ -989,11 +958,11 @@ index 5acdd62a..bc4ce0b5 100644
void
diff --git a/bus/driver.h b/bus/driver.h
-index 201709c4..3ff4ff15 100644
+index ac1289d..183c28b 100644
--- a/bus/driver.h
+++ b/bus/driver.h
-@@ -28,7 +28,7 @@
- #include "connection.h"
+@@ -35,7 +35,7 @@ typedef enum
+ } BusDriverFound;
void bus_driver_remove_connection (DBusConnection *connection);
-dbus_bool_t bus_driver_handle_message (DBusConnection *connection,
@@ -1002,10 +971,10 @@ index 201709c4..3ff4ff15 100644
DBusMessage *message,
DBusError *error);
diff --git a/bus/policy.c b/bus/policy.c
-index 47bd1a24..7244a46f 100644
+index b1fab0d..27b66d1 100644
--- a/bus/policy.c
+++ b/bus/policy.c
-@@ -1323,18 +1323,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
+@@ -1388,18 +1388,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
@@ -1031,7 +1000,7 @@ index 47bd1a24..7244a46f 100644
link = _dbus_list_get_first_link (&rules);
while (link != NULL)
{
-@@ -1370,17 +1373,45 @@ bus_rules_check_can_own (DBusList *rules,
+@@ -1435,17 +1438,45 @@ bus_rules_check_can_own (DBusList *rules,
}
/* Use this rule */
@@ -1082,7 +1051,7 @@ index 47bd1a24..7244a46f 100644
}
#ifdef DBUS_ENABLE_EMBEDDED_TESTS
-@@ -1388,7 +1419,7 @@ dbus_bool_t
+@@ -1453,7 +1484,7 @@ dbus_bool_t
bus_policy_check_can_own (BusPolicy *policy,
const DBusString *service_name)
{
@@ -1092,10 +1061,10 @@ index 47bd1a24..7244a46f 100644
#endif /* DBUS_ENABLE_EMBEDDED_TESTS */
diff --git a/bus/policy.h b/bus/policy.h
-index e9f193af..1f234310 100644
+index f306a3c..39d7cc5 100644
--- a/bus/policy.h
+++ b/bus/policy.h
-@@ -170,8 +170,10 @@ BusResult bus_client_policy_check_can_receive (BusClientPolicy *polic
+@@ -182,8 +182,10 @@ BusResult bus_client_policy_check_can_receive (BusClientPolicy *polic
dbus_int32_t *toggles,
const char **privilege_param,
BusDeferredMessage **deferred_message);
@@ -1109,10 +1078,10 @@ index e9f193af..1f234310 100644
BusPolicyRule *rule);
void bus_client_policy_optimize (BusClientPolicy *policy);
diff --git a/bus/services.c b/bus/services.c
-index 6a4c8848..fcc2d261 100644
+index 127edda..586af18 100644
--- a/bus/services.c
+++ b/bus/services.c
-@@ -376,24 +376,26 @@ bus_registry_list_services (BusRegistry *registry,
+@@ -376,16 +376,17 @@ bus_registry_list_services (BusRegistry *registry,
return FALSE;
}
@@ -1132,17 +1101,18 @@ index 6a4c8848..fcc2d261 100644
DBusConnection *old_owner_conn;
BusClientPolicy *policy;
BusService *service;
- BusActivation *activation;
+@@ -393,8 +394,9 @@ bus_registry_acquire_service (BusRegistry *registry,
BusSELinuxID *sid;
BusOwner *primary_owner;
+ int limit;
+ BusResult res;
-
+
- retval = FALSE;
+ retval = BUS_RESULT_FALSE;
if (!_dbus_validate_bus_name (service_name, 0,
_dbus_string_get_length (service_name)))
-@@ -466,7 +468,8 @@ bus_registry_acquire_service (BusRegistry *registry,
+@@ -467,7 +469,8 @@ bus_registry_acquire_service (BusRegistry *registry,
_dbus_string_get_const_data (service_name), error))
goto out;
@@ -1152,7 +1122,7 @@ index 6a4c8848..fcc2d261 100644
{
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"Connection \"%s\" is not allowed to own the service \"%s\" due "
-@@ -477,6 +480,11 @@ bus_registry_acquire_service (BusRegistry *registry,
+@@ -478,6 +481,11 @@ bus_registry_acquire_service (BusRegistry *registry,
_dbus_string_get_const_data (service_name));
goto out;
}
@@ -1162,9 +1132,9 @@ index 6a4c8848..fcc2d261 100644
+ goto out;
+ }
- if (bus_connection_get_n_services_owned (connection) >=
- bus_context_get_max_services_per_connection (registry->context))
-@@ -593,11 +601,13 @@ bus_registry_acquire_service (BusRegistry *registry,
+ limit = bus_context_get_max_services_per_connection (registry->context);
+
+@@ -603,11 +611,13 @@ bus_registry_acquire_service (BusRegistry *registry,
}
activation = bus_context_get_activation (registry->context);
@@ -1183,7 +1153,7 @@ index 6a4c8848..fcc2d261 100644
out:
return retval;
diff --git a/bus/services.h b/bus/services.h
-index 056dd9fa..3df3dd7d 100644
+index 056dd9f..3df3dd7 100644
--- a/bus/services.h
+++ b/bus/services.h
@@ -50,8 +50,9 @@ void bus_registry_foreach (BusRegistry *registry
@@ -1198,7 +1168,7 @@ index 056dd9fa..3df3dd7d 100644
dbus_uint32_t flags,
dbus_uint32_t *result,
diff --git a/bus/stats.c b/bus/stats.c
-index dace0e29..aab0e5c9 100644
+index 1582255..4ba72d6 100644
--- a/bus/stats.c
+++ b/bus/stats.c
@@ -36,7 +36,7 @@
@@ -1210,16 +1180,7 @@ index dace0e29..aab0e5c9 100644
bus_stats_handle_get_stats (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -52,7 +52,7 @@ bus_stats_handle_get_stats (DBusConnection *connection,
- _DBUS_ASSERT_ERROR_IS_CLEAR (error);
-
- if (!bus_driver_check_message_is_for_us (message, error))
-- return FALSE;
-+ return BUS_RESULT_FALSE;
-
- context = bus_transaction_get_context (transaction);
- connections = bus_context_get_connections (context);
-@@ -107,17 +107,17 @@ bus_stats_handle_get_stats (DBusConnection *connection,
+@@ -104,17 +104,17 @@ bus_stats_handle_get_stats (DBusConnection *connection,
goto oom;
dbus_message_unref (reply);
@@ -1240,33 +1201,7 @@ index dace0e29..aab0e5c9 100644
bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -137,14 +137,14 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,
- _DBUS_ASSERT_ERROR_IS_CLEAR (error);
-
- if (!bus_driver_check_message_is_for_us (message, error))
-- return FALSE;
-+ return BUS_RESULT_FALSE;
-
- registry = bus_connection_get_registry (caller_connection);
-
- if (! dbus_message_get_args (message, error,
- DBUS_TYPE_STRING, &bus_name,
- DBUS_TYPE_INVALID))
-- return FALSE;
-+ return BUS_RESULT_FALSE;
-
- _dbus_string_init_const (&bus_name_str, bus_name);
- service = bus_registry_lookup (registry, &bus_name_str);
-@@ -153,7 +153,7 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,
- {
- dbus_set_error (error, DBUS_ERROR_NAME_HAS_NO_OWNER,
- "Bus name '%s' has no owner", bus_name);
-- return FALSE;
-+ return BUS_RESULT_FALSE;
- }
-
- stats_connection = bus_service_get_primary_owners_connection (service);
-@@ -215,18 +215,18 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,
+@@ -209,7 +209,7 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,
goto oom;
dbus_message_unref (reply);
@@ -1274,10 +1209,11 @@ index dace0e29..aab0e5c9 100644
+ return BUS_RESULT_TRUE;
oom:
+ BUS_SET_OOM (error);
+@@ -218,11 +218,11 @@ failed:
if (reply != NULL)
dbus_message_unref (reply);
- BUS_SET_OOM (error);
- return FALSE;
+ return BUS_RESULT_FALSE;
}
@@ -1288,7 +1224,7 @@ index dace0e29..aab0e5c9 100644
bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
BusTransaction *transaction,
DBusMessage *message,
-@@ -250,7 +250,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
+@@ -246,7 +246,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
matchmaker = bus_context_get_matchmaker (context);
if (!bus_registry_list_services (registry, &services, &services_len))
@@ -1297,7 +1233,7 @@ index dace0e29..aab0e5c9 100644
reply = dbus_message_new_method_return (message);
if (reply == NULL)
-@@ -329,7 +329,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
+@@ -325,7 +325,7 @@ bus_stats_handle_get_all_match_rules (DBusConnection *caller_connection,
dbus_message_unref (reply);
dbus_free_string_array (services);
@@ -1306,7 +1242,7 @@ index dace0e29..aab0e5c9 100644
oom:
if (reply != NULL)
-@@ -338,7 +338,7 @@ oom:
+@@ -334,7 +334,7 @@ oom:
dbus_free_string_array (services);
BUS_SET_OOM (error);
@@ -1316,7 +1252,7 @@ index dace0e29..aab0e5c9 100644
#endif
diff --git a/bus/stats.h b/bus/stats.h
-index dcb022c4..683fa175 100644
+index dcb022c..683fa17 100644
--- a/bus/stats.h
+++ b/bus/stats.h
@@ -25,17 +25,17 @@
@@ -1340,6 +1276,3 @@ index dcb022c4..683fa175 100644
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
---
-2.14.3
-
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch
index d30b2dbf8..6cc7c19c4 100644
--- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch
+++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0005-Perform-Cynara-runtime-policy-checks-by-default.patch
@@ -26,14 +26,14 @@ Change-Id: Ifb4a160bf6e0638404e0295a2e4fa3077efd881c
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Cherry picked from e8610297cf7031e94eb314a2e8c11246f4405403 by Jose Bollo
+
+Updated for dbus 1.12.10 by Scott Murray.
+
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- bus/session.conf.in | 32 ++++++++++++++++++++++++++------
- bus/system.conf.in | 19 +++++++++++++++----
- 2 files changed, 41 insertions(+), 10 deletions(-)
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
diff --git a/bus/session.conf.in b/bus/session.conf.in
-index affa7f1d..157dfb4d 100644
+index affa7f1..157dfb4 100644
--- a/bus/session.conf.in
+++ b/bus/session.conf.in
@@ -27,12 +27,32 @@
@@ -76,10 +76,10 @@ index affa7f1d..157dfb4d 100644
<!-- Include legacy configuration location -->
diff --git a/bus/system.conf.in b/bus/system.conf.in
-index 014f67ee..ebbd468a 100644
+index f139b55..19d0c04 100644
--- a/bus/system.conf.in
+++ b/bus/system.conf.in
-@@ -50,23 +50,34 @@
+@@ -50,17 +50,20 @@
<deny own="*"/>
<deny send_type="method_call"/>
@@ -104,9 +104,10 @@ index 014f67ee..ebbd468a 100644
<!-- Allow anyone to talk to the message bus -->
<allow send_destination="org.freedesktop.DBus"
- send_interface="org.freedesktop.DBus" />
- <allow send_destination="org.freedesktop.DBus"
+@@ -69,6 +72,14 @@
send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <!-- If there is a need specific bus services could be protected by Cynara as well.
+ However, this can lead to deadlock during the boot process when such check is made and
+ Cynara is not yet activated (systemd calls protected method synchronously,
@@ -118,6 +119,3 @@ index 014f67ee..ebbd468a 100644
<!-- But disallow some specific bus services -->
<deny send_destination="org.freedesktop.DBus"
send_interface="org.freedesktop.DBus"
---
-2.14.3
-
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara_1.10.20.bb b/meta-security/recipes-core/dbus-cynara/dbus-cynara_1.12.10.bb
index a97148366..2b494becb 100644
--- a/meta-security/recipes-core/dbus-cynara/dbus-cynara_1.10.20.bb
+++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara_1.12.10.bb
@@ -1,4 +1,4 @@
-require ${COREBASE}/meta/recipes-core/dbus/dbus_1.10.20.bb
+require ${COREBASE}/meta/recipes-core/dbus/dbus_1.12.10.bb
FILESEXTRAPATHS_prepend := "${COREBASE}/meta/recipes-core/dbus/dbus:${THISDIR}/dbus-cynara:"
S = "${WORKDIR}/dbus-${PV}"
diff --git a/meta-security/recipes-core/dbus-cynara/dbus_%.bbappend b/meta-security/recipes-core/dbus-cynara/dbus_%.bbappend
index 78df8ec3c..2923c5c18 100644
--- a/meta-security/recipes-core/dbus-cynara/dbus_%.bbappend
+++ b/meta-security/recipes-core/dbus-cynara/dbus_%.bbappend
@@ -1,4 +1,5 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/dbus-cynara:"
+
SRC_URI_append = "\
file://0001-Integration-of-Cynara-asynchronous-security-checks.patch \
file://0002-Disable-message-dispatching-when-send-rule-result-is.patch \
diff --git a/meta-security/recipes-core/systemd/systemd_234.bbappend b/meta-security/recipes-core/systemd/systemd_239.bbappend
index 79753a2d6..789c05f83 100644
--- a/meta-security/recipes-core/systemd/systemd_234.bbappend
+++ b/meta-security/recipes-core/systemd/systemd_239.bbappend
@@ -1,16 +1,7 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-##################################################################################
-# What follows is temporary.
-# This patch is still needed for systemd 234 but is normally upstreamed
-# and thus should be removed in later versions.
-##################################################################################
-SRC_URI_append_with-lsm-smack = "\
- file://0001-Switch-Smack-label-earlier.patch \
-"
-
# Ensures systemd runs with label "System"
-EXTRA_OECONF_append_with-lsm-smack = " --with-smack-run-label=System"
+EXTRA_OEMESON_append_with-lsm-smack = " -Dsmack-run-label=System"
##################################################################################
# Maintaining trivial, non-upstreamable configuration changes as patches