Reload policy rules for completed connections

The message bus which can monitor its conf dirs for changes and reload confs immediately if dir monitor enabled, for example, inotify in Linux, kqueue in *BSD. However, it doesn't apply policy rules change for completed connections, so to apply policy rules change, the client connection has to disconnect first and then re-connect to message bus. For imcomplete connections, it always has the latest review of policy rules. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39463 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2026-05-09 10:48:26 +02:00 · 2013-12-10 17:11:25 +08:00 · 2013-12-10 17:11:25 +08:00 · 1794c245e2
commit 1794c245e2
parent 00211794ed
3 changed files with 50 additions and 0 deletions
--- a/bus/bus.c
+++ b/bus/bus.c
@ -526,6 +526,18 @@ process_config_every_time (BusContext      *context,
  context->policy = bus_config_parser_steal_policy (parser);
  _dbus_assert (context->policy != NULL);

+  /* context->connections is NULL when creating new BusContext */
+  if (context->connections)
+    {
+      _dbus_verbose ("Reload policy rules for completed connections\n");
+      retval = bus_connections_reload_policy (context->connections, error);
+      if (!retval)
+        {
+          _DBUS_ASSERT_ERROR_IS_SET (error);
+          goto failed;
+        }
+    }
+
  /* We have to build the address backward, so that
   * <listen> later in the config file have priority
   */
--- a/bus/connection.c
+++ b/bus/connection.c
@ -1435,6 +1435,42 @@ fail:
  return FALSE;
 }

+dbus_bool_t
+bus_connections_reload_policy (BusConnections *connections,
+                               DBusError      *error)
+{
+  BusConnectionData *d;
+  DBusConnection *connection;
+  DBusList *link;
+
+  _dbus_assert (connections != NULL);
+  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+  for (link = _dbus_list_get_first_link (&(connections->completed));
+       link;
+       link = _dbus_list_get_next_link (&(connections->completed), link))
+    {
+      connection = link->data;
+      d = BUS_CONNECTION_DATA (connection);
+      _dbus_assert (d != NULL);
+      _dbus_assert (d->policy != NULL);
+
+      bus_client_policy_unref (d->policy);
+      d->policy = bus_context_create_client_policy (connections->context,
+                                                    connection,
+                                                    error);
+      if (d->policy == NULL)
+        {
+          _dbus_verbose ("Failed to create security policy for connection %p\n",
+                      connection);
+          _DBUS_ASSERT_ERROR_IS_SET (error);
+          return FALSE;
+        }
+    }
+
+  return TRUE;
+}
+
 const char *
 bus_connection_get_name (DBusConnection *connection)
 {
--- a/bus/connection.h
+++ b/bus/connection.h
@ -45,6 +45,8 @@ void            bus_connections_foreach_active    (BusConnections
                                                   void                         *data);
 BusContext*     bus_connections_get_context       (BusConnections               *connections);
 void            bus_connections_increment_stamp   (BusConnections               *connections);
+dbus_bool_t     bus_connections_reload_policy     (BusConnections               *connections,
+                                                   DBusError                    *error);
 BusContext*     bus_connection_get_context        (DBusConnection               *connection);
 BusConnections* bus_connection_get_connections    (DBusConnection               *connection);
 BusRegistry*    bus_connection_get_registry       (DBusConnection               *connection);