[systemd-commits] src/bus-proxyd

David Herrmann dvdhrm at kemper.freedesktop.org
Sun Jan 11 05:18:48 PST 2015 

 src/bus-proxyd/bus-proxyd.c |   16 ++++++++++++++++
 1 file changed, 16 insertions(+)

New commits:
commit 0042d824e3616aaf2e3eec23d3b2e6aec7c0470c
Author: David Herrmann <dh.herrmann at gmail.com>
Date:   Sun Jan 11 14:13:19 2015 +0100

    bus-proxy: fix policy for expected/non-expected reply tags
    
    dbus-1 distinguishes expected and non-expected replies. An expected reply
    is a reply that is sent as answer to a previously forwarded method-call
    before the timeout fires. Those replies are, by default, forwarded and
    DENY policy tags are ignored on them (unless explicitly stated otherwise).
    
    We don't track reply-windows in the bus-proxy as the kernel already does
    this. Furthermore, the kernel prohibits any non-expected replies (which
    breaks dbus-1, but it was an odd feature, anyway).
    
    Therefore, skip policy checks on replies and always let the kernel deal
    with it!
    
    To be correct, we should still process DENY tags marked as
    send_expected_reply=true (which is *NOT* the default!). However, so far we
    don't parse those attributes, and no-one really uses it, so lets not
    implement it for now. It's marked as TODO if anyone feels like fixing it.

diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 4d0a265..3cbbab7 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -992,6 +992,22 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
         if (!policy)
                 return 0;
 
+        /*
+         * dbus-1 distinguishes expected and non-expected replies by tracking
+         * method-calls and timeouts. By default, DENY rules are *NEVER* applied
+         * on expected replies, unless explicitly specified. But we dont track
+         * method-calls, thus, we cannot know whether a reply is expected.
+         * Fortunately, the kdbus forbids non-expected replies, so we can safely
+         * ignore any policy on those and let the kernel deal with it.
+         *
+         * TODO: To be correct, we should only ignore policy-tags that are
+         * applied on non-expected replies. However, so far we don't parse those
+         * tags so we let everything pass. I haven't seen a DENY policy tag on
+         * expected-replies, ever, so don't bother..
+         */
+        if (m->reply_cookie > 0)
+                return 0;
+
         if (from->is_kernel) {
                 uid_t sender_uid = UID_INVALID;
                 gid_t sender_gid = GID_INVALID;

More information about the systemd-commits mailing list