[systemd-devel] [PATCH 11/12] policy: kdbus_policy_check_own_access() returns 0 on success not true
Daniel Mack
daniel at zonque.org
Fri Jun 20 10:33:08 PDT 2014
On 06/20/2014 06:50 PM, Djalal Harouni wrote:
> kdbus_policy_check_own_access() returns 0 if access is granted,
> otherwise a negative errno.
>
> So fix this by returning 0. We did not hit this since callers were
> checking negative values for errors.
Applied, thanks.
Daniel
> Signed-off-by: Djalal Harouni <tixxdz at opendz.org>
> ---
> policy.c | 13 +++++++++++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/policy.c b/policy.c
> index d75c2ef..58ab6a5 100644
> --- a/policy.c
> +++ b/policy.c
> @@ -231,7 +231,7 @@ static int kdbus_policy_check_access(const struct kdbus_policy_db_entry *e,
> * @conn: The connection to check
> * @name: The name to check
> *
> - * Return: t0 if the connection is allowed to own the name, -EPERM otherwise
> + * Return: 0 if the connection is allowed to own the name, -EPERM otherwise
> */
> int kdbus_policy_check_own_access(struct kdbus_policy_db *db,
> const struct kdbus_conn *conn,
> @@ -307,8 +307,17 @@ int kdbus_policy_check_talk_access(struct kdbus_policy_db *db,
> unsigned int hash = 0;
> int ret;
>
> + /*
> + * user->uid maps to a fsuid at the time of a KDBUS_CMD_HELLO
> + * cmd, if they equal allow the TALK access, otherwise we
> + * proceed and perform checks against current's cred.
> + *
> + * By using the user->uid check first we reduce the exposure to
> + * creds changes. Privileged processes should be careful about
> + * what to do with a file descriptor.
> + */
> if (uid_eq(conn_src->user->uid, conn_dst->user->uid))
> - return true;
> + return 0;
>
> /*
> * If there was a positive match for these two connections before,
>
More information about the systemd-devel
mailing list