Lines Matching refs:policy
2 /* policy.c Bus security policy
25 #include "policy.h"
129 DBusList *default_rules; /**< Default policy rules */
130 DBusList *mandatory_rules; /**< Mandatory policy rules */
131 DBusHashTable *rules_by_uid; /**< per-UID policy rules */
132 DBusHashTable *rules_by_gid; /**< per-GID policy rules */
133 DBusList *at_console_true_rules; /**< console user policy rules where at_console="true"*/
134 DBusList *at_console_false_rules; /**< console user policy rules where at_console="false"*/
164 BusPolicy *policy;
166 policy = dbus_new0 (BusPolicy, 1);
167 if (policy == NULL)
170 policy->refcount = 1;
172 policy->rules_by_uid = _dbus_hash_table_new (DBUS_HASH_UINTPTR,
175 if (policy->rules_by_uid == NULL)
178 policy->rules_by_gid = _dbus_hash_table_new (DBUS_HASH_UINTPTR,
181 if (policy->rules_by_gid == NULL)
184 return policy;
187 bus_policy_unref (policy);
192 bus_policy_ref (BusPolicy *policy)
194 _dbus_assert (policy->refcount > 0);
196 policy->refcount += 1;
198 return policy;
202 bus_policy_unref (BusPolicy *policy)
204 _dbus_assert (policy->refcount > 0);
206 policy->refcount -= 1;
208 if (policy->refcount == 0)
210 _dbus_list_foreach (&policy->default_rules, free_rule_func, NULL);
211 _dbus_list_clear (&policy->default_rules);
213 _dbus_list_foreach (&policy->mandatory_rules, free_rule_func, NULL);
214 _dbus_list_clear (&policy->mandatory_rules);
216 _dbus_list_foreach (&policy->at_console_true_rules, free_rule_func, NULL);
217 _dbus_list_clear (&policy->at_console_true_rules);
219 _dbus_list_foreach (&policy->at_console_false_rules, free_rule_func, NULL);
220 _dbus_list_clear (&policy->at_console_false_rules);
222 if (policy->rules_by_uid)
224 _dbus_hash_table_unref (policy->rules_by_uid);
225 policy->rules_by_uid = NULL;
228 if (policy->rules_by_gid)
230 _dbus_hash_table_unref (policy->rules_by_gid);
231 policy->rules_by_gid = NULL;
234 dbus_free (policy);
271 bus_policy_create_client_policy (BusPolicy *policy,
286 if (!add_list_to_client (&policy->default_rules,
293 if (_dbus_hash_table_get_n_entries (policy->rules_by_gid) > 0)
307 list = _dbus_hash_table_lookup_uintptr (policy->rules_by_gid,
327 if (_dbus_hash_table_get_n_entries (policy->rules_by_uid) > 0)
331 list = _dbus_hash_table_lookup_uintptr (policy->rules_by_uid,
346 if (!add_list_to_client (&policy->at_console_true_rules, client))
353 else if (!add_list_to_client (&policy->at_console_false_rules, client))
359 if (!add_list_to_client (&policy->mandatory_rules,
437 bus_policy_allow_unix_user (BusPolicy *policy,
456 &policy->default_rules,
461 &policy->mandatory_rules,
479 bus_policy_allow_windows_user (BusPolicy *policy,
490 bus_policy_append_default_rule (BusPolicy *policy,
493 if (!_dbus_list_append (&policy->default_rules, rule))
502 bus_policy_append_mandatory_rule (BusPolicy *policy,
505 if (!_dbus_list_append (&policy->mandatory_rules, rule))
540 bus_policy_append_user_rule (BusPolicy *policy,
546 list = get_list (policy->rules_by_uid, uid);
560 bus_policy_append_group_rule (BusPolicy *policy,
566 list = get_list (policy->rules_by_gid, gid);
580 bus_policy_append_console_rule (BusPolicy *policy,
586 if (!_dbus_list_append (&policy->at_console_true_rules, rule))
591 if (!_dbus_list_append (&policy->at_console_false_rules, rule))
657 bus_policy_merge (BusPolicy *policy,
664 if (!append_copy_of_policy_list (&policy->default_rules,
668 if (!append_copy_of_policy_list (&policy->mandatory_rules,
672 if (!append_copy_of_policy_list (&policy->at_console_true_rules,
676 if (!append_copy_of_policy_list (&policy->at_console_false_rules,
680 if (!merge_id_hash (policy->rules_by_uid,
684 if (!merge_id_hash (policy->rules_by_gid,
701 BusClientPolicy *policy;
703 policy = dbus_new0 (BusClientPolicy, 1);
704 if (policy == NULL)
707 policy->refcount = 1;
709 return policy;
713 bus_client_policy_ref (BusClientPolicy *policy)
715 _dbus_assert (policy->refcount > 0);
717 policy->refcount += 1;
719 return policy;
732 bus_client_policy_unref (BusClientPolicy *policy)
734 _dbus_assert (policy->refcount > 0);
736 policy->refcount -= 1;
738 if (policy->refcount == 0)
740 _dbus_list_foreach (&policy->rules,
744 _dbus_list_clear (&policy->rules);
746 dbus_free (policy);
751 remove_rules_by_type_up_to (BusClientPolicy *policy,
757 link = _dbus_list_get_first_link (&policy->rules);
761 DBusList *next = _dbus_list_get_next_link (&policy->rules, link);
765 _dbus_list_remove_link (&policy->rules, link);
774 bus_client_policy_optimize (BusClientPolicy *policy)
792 _dbus_verbose ("Optimizing policy with %d rules\n",
793 _dbus_list_get_length (&policy->rules));
795 link = _dbus_list_get_first_link (&policy->rules);
802 next = _dbus_list_get_next_link (&policy->rules, link);
840 remove_rules_by_type_up_to (policy, rule->type,
846 _dbus_verbose ("After optimization, policy has %d rules\n",
847 _dbus_list_get_length (&policy->rules));
851 bus_client_policy_append_rule (BusClientPolicy *policy,
854 _dbus_verbose ("Appending rule %p with type %d to policy %p\n",
855 rule, rule->type, policy);
857 if (!_dbus_list_append (&policy->rules, rule))
866 bus_client_policy_check_can_send (BusClientPolicy *policy,
877 /* policy->rules is in the order the rules appeared
881 _dbus_verbose (" (policy) checking send rules\n");
885 link = _dbus_list_get_first_link (&policy->rules);
890 link = _dbus_list_get_next_link (&policy->rules, link);
899 _dbus_verbose (" (policy) skipping non-send rule\n");
907 _dbus_verbose (" (policy) skipping rule for different message type\n");
921 _dbus_verbose (" (policy) skipping allow rule since it only applies to requested replies and does not allow eavesdropping\n");
931 _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n");
942 _dbus_verbose (" (policy) skipping rule for different path\n");
963 _dbus_verbose (" (policy) skipping rule for different interface\n");
974 _dbus_verbose (" (policy) skipping rule for different member\n");
985 _dbus_verbose (" (policy) skipping rule for different error name\n");
1002 _dbus_verbose (" (policy) skipping rule because message dest is not %s\n",
1017 _dbus_verbose (" (policy) skipping rule because dest %s doesn't exist\n",
1024 _dbus_verbose (" (policy) skipping rule because dest %s isn't owned by receiver\n",
1036 _dbus_verbose (" (policy) used rule, allow now = %d\n",
1047 bus_client_policy_check_can_receive (BusClientPolicy *policy,
1064 /* policy->rules is in the order the rules appeared
1068 _dbus_verbose (" (policy) checking receive rules, eavesdropping = %d\n", eavesdropping);
1072 link = _dbus_list_get_first_link (&policy->rules);
1077 link = _dbus_list_get_next_link (&policy->rules, link);
1081 _dbus_verbose (" (policy) skipping non-receive rule\n");
1089 _dbus_verbose (" (policy) skipping rule for different message type\n");
1099 _dbus_verbose (" (policy) skipping allow rule since it doesn't apply to eavesdropping\n");
1108 _dbus_verbose (" (policy) skipping deny rule since it only applies to eavesdropping\n");
1121 _dbus_verbose (" (policy) skipping allow rule since it only applies to requested replies and does not allow eavesdropping\n");
1131 _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n");
1142 _dbus_verbose (" (policy) skipping rule for different path\n");
1163 _dbus_verbose (" (policy) skipping rule for different interface\n");
1174 _dbus_verbose (" (policy) skipping rule for different member\n");
1185 _dbus_verbose (" (policy) skipping rule for different error name\n");
1202 _dbus_verbose (" (policy) skipping rule because message sender is not %s\n",
1218 _dbus_verbose (" (policy) skipping rule because origin %s doesn't exist\n",
1225 _dbus_verbose (" (policy) skipping rule because origin %s isn't owned by sender\n",
1236 _dbus_verbose (" (policy) used rule, allow now = %d\n",
1299 bus_client_policy_check_can_own (BusClientPolicy *policy,
1302 return bus_rules_check_can_own (policy->rules, service_name);
1307 bus_policy_check_can_own (BusPolicy *policy,
1310 return bus_rules_check_can_own (policy->default_rules, service_name);