1 /* -*- mode: C; c-file-style: "gnu" -*- */ 2 /* policy.h Bus security policy 3 * 4 * Copyright (C) 2003 Red Hat, Inc. 5 * 6 * Licensed under the Academic Free License version 2.1 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #ifndef BUS_POLICY_H 25 #define BUS_POLICY_H 26 27 #include <dbus/dbus.h> 28 #include <dbus/dbus-string.h> 29 #include <dbus/dbus-list.h> 30 #include <dbus/dbus-sysdeps.h> 31 #include "bus.h" 32 33 typedef enum 34 { 35 BUS_POLICY_RULE_SEND, 36 BUS_POLICY_RULE_RECEIVE, 37 BUS_POLICY_RULE_OWN, 38 BUS_POLICY_RULE_USER, 39 BUS_POLICY_RULE_GROUP 40 } BusPolicyRuleType; 41 42 /** determines whether the rule affects a connection, or some global item */ 43 #define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \ 44 (rule)->type == BUS_POLICY_RULE_GROUP)) 45 46 struct BusPolicyRule 47 { 48 int refcount; 49 50 BusPolicyRuleType type; 51 52 unsigned int allow : 1; /**< #TRUE if this allows, #FALSE if it denies */ 53 54 union 55 { 56 struct 57 { 58 /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */ 59 int message_type; 60 /* any of these can be NULL meaning "any" */ 61 char *path; 62 char *interface; 63 char *member; 64 char *error; 65 char *destination; 66 unsigned int requested_reply : 1; 67 } send; 68 69 struct 70 { 71 /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */ 72 int message_type; 73 /* any of these can be NULL meaning "any" */ 74 char *path; 75 char *interface; 76 char *member; 77 char *error; 78 char *origin; 79 unsigned int eavesdrop : 1; 80 unsigned int requested_reply : 1; 81 } receive; 82 83 struct 84 { 85 /* can be NULL meaning "any" */ 86 char *service_name; 87 } own; 88 89 struct 90 { 91 /* can be DBUS_UID_UNSET meaning "any" */ 92 dbus_uid_t uid; 93 } user; 94 95 struct 96 { 97 /* can be DBUS_GID_UNSET meaning "any" */ 98 dbus_gid_t gid; 99 } group; 100 101 } d; 102 }; 103 104 BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type, 105 dbus_bool_t allow); 106 BusPolicyRule* bus_policy_rule_ref (BusPolicyRule *rule); 107 void bus_policy_rule_unref (BusPolicyRule *rule); 108 109 BusPolicy* bus_policy_new (void); 110 BusPolicy* bus_policy_ref (BusPolicy *policy); 111 void bus_policy_unref (BusPolicy *policy); 112 BusClientPolicy* bus_policy_create_client_policy (BusPolicy *policy, 113 DBusConnection *connection, 114 DBusError *error); 115 dbus_bool_t bus_policy_allow_user (BusPolicy *policy, 116 DBusUserDatabase *user_database, 117 unsigned long uid); 118 dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy, 119 BusPolicyRule *rule); 120 dbus_bool_t bus_policy_append_mandatory_rule (BusPolicy *policy, 121 BusPolicyRule *rule); 122 dbus_bool_t bus_policy_append_user_rule (BusPolicy *policy, 123 dbus_uid_t uid, 124 BusPolicyRule *rule); 125 dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy, 126 dbus_gid_t gid, 127 BusPolicyRule *rule); 128 dbus_bool_t bus_policy_append_console_rule (BusPolicy *policy, 129 dbus_bool_t at_console, 130 BusPolicyRule *rule); 131 132 dbus_bool_t bus_policy_merge (BusPolicy *policy, 133 BusPolicy *to_absorb); 134 135 BusClientPolicy* bus_client_policy_new (void); 136 BusClientPolicy* bus_client_policy_ref (BusClientPolicy *policy); 137 void bus_client_policy_unref (BusClientPolicy *policy); 138 dbus_bool_t bus_client_policy_check_can_send (BusClientPolicy *policy, 139 BusRegistry *registry, 140 dbus_bool_t requested_reply, 141 DBusConnection *receiver, 142 DBusMessage *message); 143 dbus_bool_t bus_client_policy_check_can_receive (BusClientPolicy *policy, 144 BusRegistry *registry, 145 dbus_bool_t requested_reply, 146 DBusConnection *sender, 147 DBusConnection *addressed_recipient, 148 DBusConnection *proposed_recipient, 149 DBusMessage *message); 150 dbus_bool_t bus_client_policy_check_can_own (BusClientPolicy *policy, 151 DBusConnection *connection, 152 const DBusString *service_name); 153 dbus_bool_t bus_client_policy_append_rule (BusClientPolicy *policy, 154 BusPolicyRule *rule); 155 void bus_client_policy_optimize (BusClientPolicy *policy); 156 157 158 #endif /* BUS_POLICY_H */ 159