forked from openSUSE/rpmlint-checks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CheckDBusPolicy.py
80 lines (66 loc) · 3.48 KB
/
CheckDBusPolicy.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# vim:sw=4:et
#############################################################################
# File : CheckDBusPolicy.py
# Package : rpmlint
# Author : Ludwig Nussel
# Purpose : Check for broken DBus policies
#############################################################################
# causes extraction of package if it contains files in /etc/dbus-1/system.d/
from Filter import *
import AbstractCheck
from xml.dom.minidom import parse
class DBusPolicyCheck(AbstractCheck.AbstractCheck):
def __init__(self):
AbstractCheck.AbstractCheck.__init__(self, "CheckDBusPolicy")
def check(self, pkg):
if pkg.isSource():
return
files = pkg.files()
for f in files:
if f in pkg.ghostFiles():
continue
# catch xml exceptions
try:
if f.startswith("/etc/dbus-1/system.d/"):
send_policy_seen = False
lf = pkg.dirName() + f
xml = parse(lf)
for p in xml.getElementsByTagName("policy"):
for allow in p.getElementsByTagName("allow"):
if ( allow.hasAttribute('send_interface') \
or allow.hasAttribute('send_member') \
or allow.hasAttribute('send_path')) \
and not allow.hasAttribute('send_destination'):
send_policy_seen = True
printError(pkg, 'dbus-policy-allow-without-destination', "%(file)s: %(xml)s" % { 'file':f, 'xml':allow.toxml() })
elif allow.hasAttribute('send_destination'):
send_policy_seen = True
if allow.hasAttribute('receive_sender') \
or allow.hasAttribute('receive_interface'):
printInfo(pkg, 'dbus-policy-allow-receive', "%(file)s: %(xml)s" % { 'file':f, 'xml':allow.toxml() })
for deny in p.getElementsByTagName("deny"):
if ( deny.hasAttribute('send_interface') \
and not deny.hasAttribute('send_destination')):
printError(pkg, 'dbus-policy-deny-without-destination', "%(file)s: %(xml)s" % { 'file':f, 'xml':deny.toxml() })
if not send_policy_seen:
printError(pkg, 'dbus-policy-missing-allow', "%(file)s does not allow communication" % { 'file':f })
except Exception as x:
printError(pkg, 'rpmlint-exception', "%(file)s raised an exception: %(x)s" % {'file':f, 'x':x})
continue
check=DBusPolicyCheck()
if Config.info:
addDetails(
'dbus-policy-allow-without-destination',
"""'allow' directives must always specify a 'send_destination'""",
'dbus-policy-allow-receive',
"""allow receive_* is normally not needed as that is the default""",
'dbus-policy-deny-without-destination',
"""'deny' directives must always specify a 'send_destination' otherwise messages to other services could be blocked""",
'dbus-policy-missing-allow',
"""every dbus config normally needs a line of the form
<allow send_destination="org.foo.bar"/>
or similar. If that is missing the service will not work with a dbus that uses
deny as default policy""",
'rpmlint-exception',
"""A python exception was raised which prevents further analysis""",
)