diff options
author | Chengwei Yang <chengwei.yang@intel.com> | 2013-12-10 17:11:25 +0800 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-01-06 15:18:51 +0000 |
commit | 1794c245e2869c5f7d35f38c38b42f17c157541f (patch) | |
tree | 29e8630024ca82ec85f009ca4e80621290090c3f | |
parent | 00211794ed8e85cb49538ee32703f71566cb48f2 (diff) | |
download | dbus-1794c245e2869c5f7d35f38c38b42f17c157541f.tar.gz |
Reload policy rules for completed connections
The message bus which can monitor its conf dirs for changes and reload
confs immediately if dir monitor enabled, for example, inotify in Linux,
kqueue in *BSD.
However, it doesn't apply policy rules change for completed connections,
so to apply policy rules change, the client connection has to disconnect
first and then re-connect to message bus.
For imcomplete connections, it always has the latest review of policy
rules.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39463
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-rw-r--r-- | bus/bus.c | 12 | ||||
-rw-r--r-- | bus/connection.c | 36 | ||||
-rw-r--r-- | bus/connection.h | 2 |
3 files changed, 50 insertions, 0 deletions
@@ -526,6 +526,18 @@ process_config_every_time (BusContext *context, context->policy = bus_config_parser_steal_policy (parser); _dbus_assert (context->policy != NULL); + /* context->connections is NULL when creating new BusContext */ + if (context->connections) + { + _dbus_verbose ("Reload policy rules for completed connections\n"); + retval = bus_connections_reload_policy (context->connections, error); + if (!retval) + { + _DBUS_ASSERT_ERROR_IS_SET (error); + goto failed; + } + } + /* We have to build the address backward, so that * <listen> later in the config file have priority */ diff --git a/bus/connection.c b/bus/connection.c index fddbc78a..8d741d6f 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -1435,6 +1435,42 @@ fail: return FALSE; } +dbus_bool_t +bus_connections_reload_policy (BusConnections *connections, + DBusError *error) +{ + BusConnectionData *d; + DBusConnection *connection; + DBusList *link; + + _dbus_assert (connections != NULL); + _DBUS_ASSERT_ERROR_IS_CLEAR (error); + + for (link = _dbus_list_get_first_link (&(connections->completed)); + link; + link = _dbus_list_get_next_link (&(connections->completed), link)) + { + connection = link->data; + d = BUS_CONNECTION_DATA (connection); + _dbus_assert (d != NULL); + _dbus_assert (d->policy != NULL); + + bus_client_policy_unref (d->policy); + d->policy = bus_context_create_client_policy (connections->context, + connection, + error); + if (d->policy == NULL) + { + _dbus_verbose ("Failed to create security policy for connection %p\n", + connection); + _DBUS_ASSERT_ERROR_IS_SET (error); + return FALSE; + } + } + + return TRUE; +} + const char * bus_connection_get_name (DBusConnection *connection) { diff --git a/bus/connection.h b/bus/connection.h index c9360212..13c8b99f 100644 --- a/bus/connection.h +++ b/bus/connection.h @@ -45,6 +45,8 @@ void bus_connections_foreach_active (BusConnections void *data); BusContext* bus_connections_get_context (BusConnections *connections); void bus_connections_increment_stamp (BusConnections *connections); +dbus_bool_t bus_connections_reload_policy (BusConnections *connections, + DBusError *error); BusContext* bus_connection_get_context (DBusConnection *connection); BusConnections* bus_connection_get_connections (DBusConnection *connection); BusRegistry* bus_connection_get_registry (DBusConnection *connection); |