Add dbus-*.call and dbus-*.broadcast commands

This allows setting per-member and per-object path policies for xdg-dbus-proxy.
author: Kristóf Marussy <kris7topher@gmail.com> 2020-05-03 20:43:32 +0200
committer: Kristóf Marussy <kristof@marussy.com> 2020-05-07 01:56:40 +0200
commit: 8e719e0257bb92c143f56e9765e196c35fd57368 (patch)
tree: 3e0b0049926214ec4f320bcc80e955bed7d2de3d /src/firejail/profile.c
parent: Add --dbus-*.see options (diff)
download: firejail-8e719e0257bb92c143f56e9765e196c35fd57368.tar.gz
firejail-8e719e0257bb92c143f56e9765e196c35fd57368.tar.zst
firejail-8e719e0257bb92c143f56e9765e196c35fd57368.zip
1 files changed, 28 insertions, 0 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index f2959686a..699ca4bea 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -473,6 +473,20 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                }
                return 1;
        }
+        else if (strncmp(ptr, "dbus-user.call ", 15) == 0) {
+                if (!dbus_check_call_rule(ptr + 15)) {
+                        fprintf(stderr, "Invalid dbus-user.call rule: %s\n", ptr + 15);
+                        exit(1);
+                }
+                return 1;
+        }
+        else if (strncmp(ptr, "dbus-user.broadcast ", 20) == 0) {
+                if (!dbus_check_call_rule(ptr + 20)) {
+                        fprintf(stderr, "Invalid dbus-user.broadcast rule: %s\n", ptr + 20);
+                        exit(1);
+                }
+                return 1;
+        }
        else if (strncmp("dbus-system ", ptr, 12) == 0) {
                ptr += 12;
                if (strcmp("filter", ptr) == 0) {
@@ -510,6 +524,20 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                }
                return 1;
        }
+        else if (strncmp(ptr, "dbus-system.call ", 17) == 0) {
+                if (!dbus_check_call_rule(ptr + 17)) {
+                        fprintf(stderr, "Invalid dbus-system.call rule: %s\n", ptr + 17);
+                        exit(1);
+                }
+                return 1;
+        }
+        else if (strncmp(ptr, "dbus-system.broadcast ", 22) == 0) {
+                if (!dbus_check_call_rule(ptr + 22)) {
+                        fprintf(stderr, "Invalid dbus-system.broadcast rule: %s\n", ptr + 22);
+                        exit(1);
+                }
+                return 1;
+        }
        else if (strcmp(ptr, "nou2f") == 0) {
                arg_nou2f = 1;
                return 0;
author	Kristóf Marussy <kris7topher@gmail.com>	2020-05-03 20:43:32 +0200
committer	Kristóf Marussy <kristof@marussy.com>	2020-05-07 01:56:40 +0200
commit	8e719e0257bb92c143f56e9765e196c35fd57368 (patch)
tree	3e0b0049926214ec4f320bcc80e955bed7d2de3d /src/firejail/profile.c
parent	Add --dbus-*.see options (diff)
download	firejail-8e719e0257bb92c143f56e9765e196c35fd57368.tar.gz firejail-8e719e0257bb92c143f56e9765e196c35fd57368.tar.zst firejail-8e719e0257bb92c143f56e9765e196c35fd57368.zip

diff --git a/src/firejail/profile.c b/src/firejail/profile.c index f2959686a..699ca4bea 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -473,6 +473,20 @@ int profile_check_line(char ptr, int lineno, const char fname) {
473	}	473	}
474	return 1;	474	return 1;
475	}	475	}
		476	else if (strncmp(ptr, "dbus-user.call ", 15) == 0) {
		477	if (!dbus_check_call_rule(ptr + 15)) {
		478	fprintf(stderr, "Invalid dbus-user.call rule: %s\n", ptr + 15);
		479	exit(1);
		480	}
		481	return 1;
		482	}
		483	else if (strncmp(ptr, "dbus-user.broadcast ", 20) == 0) {
		484	if (!dbus_check_call_rule(ptr + 20)) {
		485	fprintf(stderr, "Invalid dbus-user.broadcast rule: %s\n", ptr + 20);
		486	exit(1);
		487	}
		488	return 1;
		489	}
476	else if (strncmp("dbus-system ", ptr, 12) == 0) {	490	else if (strncmp("dbus-system ", ptr, 12) == 0) {
477	ptr += 12;	491	ptr += 12;
478	if (strcmp("filter", ptr) == 0) {	492	if (strcmp("filter", ptr) == 0) {
@@ -510,6 +524,20 @@ int profile_check_line(char ptr, int lineno, const char fname) {
510	}	524	}
511	return 1;	525	return 1;
512	}	526	}
		527	else if (strncmp(ptr, "dbus-system.call ", 17) == 0) {
		528	if (!dbus_check_call_rule(ptr + 17)) {
		529	fprintf(stderr, "Invalid dbus-system.call rule: %s\n", ptr + 17);
		530	exit(1);
		531	}
		532	return 1;
		533	}
		534	else if (strncmp(ptr, "dbus-system.broadcast ", 22) == 0) {
		535	if (!dbus_check_call_rule(ptr + 22)) {
		536	fprintf(stderr, "Invalid dbus-system.broadcast rule: %s\n", ptr + 22);
		537	exit(1);
		538	}
		539	return 1;
		540	}
513	else if (strcmp(ptr, "nou2f") == 0) {	541	else if (strcmp(ptr, "nou2f") == 0) {
514	arg_nou2f = 1;	542	arg_nou2f = 1;
515	return 0;	543	return 0;