GitLab will be down for maintenance this Sunday 13th June, from approx 7-11am UTC. This is for a PostgreSQL migration. See the tracker issue for more informations.

Commit 2b1a2a69 authored by David Zeuthen's avatar David Zeuthen
Browse files

make polkit-policy-file-validate require that actions are properly packaged

Meaning this bit was added to the spec:

   The name of the XML file is significant. Each XML file can only
   declare actions from the namespace of it's own name; for example
   actions org.foobar.action-a, org.foobar.action-b and
   org.foobar.action-c would all go into the file org.foobar.policy
   while actions com.my-company.product-awesome.action-a,
   com.mycompany.product-awesome.action-b would go into the file
   com.mycompany.product-awesome.policy.

This is the output of the validator on a broken .policy file

  $ polkit-policy-file-validate /usr/share/PolicyKit/policy/gnome-clock-applet-mechanism.policy
  WARNING: The action org.gnome.clockapplet.mechanism.configurehwclock does not
           belong in a policy file named gnome-clock-applet-mechanism.policy.
           A future version of PolicyKit will ignore this action.

  WARNING: The action org.gnome.clockapplet.mechanism.settime does not
           belong in a policy file named gnome-clock-applet-mechanism.policy.
           A future version of PolicyKit will ignore this action.

  WARNING: The action org.gnome.clockapplet.mechanism.settimezone does not
           belong in a policy file named gnome-clock-applet-mechanism.policy.
           A future version of PolicyKit will ignore this action.

  ERROR: /usr/share/PolicyKit/policy/gnome-clock-applet-mechanism.policy did not validate

We currently don't enforce this but will in a future version. The
rationale is that we can avoid loading all .policy files at startup
which would be a performance win.
parent b3930e8b
......@@ -10,7 +10,20 @@
<para>
A Mechanism needs to declare what Actions it supports. This is
achieved by dropping one or more XML files with the suffix <literal>.policy</literal>
into the <literal>/usr/share/PolicyKit/policy</literal> directory. An example:
into the <literal>/usr/share/PolicyKit/policy</literal> directory.
</para>
<para>
The name of the XML file is significant. Each XML file can only
declare actions from the namespace of it's own name; for example
actions <literal>org.foobar.action-a</literal>, <literal>org.foobar.action-b</literal>
and <literal>org.foobar.action-c</literal> would all go into the
file <literal>org.foobar.policy</literal> while
actions <literal>com.my-company.product-awesome.action-a</literal>, <literal>com.mycompany.product-awesome.action-b</literal>
would go into the
file <literal>com.mycompany.product-awesome.policy</literal>.
</para>
<para>
An example of a <literal>.policy</literal> file would be the following:
</para>
<programlisting>
<![CDATA[
......
......@@ -42,8 +42,11 @@
#include <unistd.h>
#include <errno.h>
#include <kit/kit.h>
#include <polkit/polkit.h>
static polkit_bool_t warned = FALSE;
static void
usage (int argc, char *argv[])
{
......@@ -52,47 +55,106 @@ usage (int argc, char *argv[])
exit (1);
}
static bool
static polkit_bool_t
entry_foreach_cb (PolKitPolicyFile *policy_file,
PolKitPolicyFileEntry *policy_file_entry,
void *user_data)
{
const char *id;
const char *prefix = user_data;
id = polkit_policy_file_entry_get_id (policy_file_entry);
if (!kit_str_has_prefix (id, prefix) ||
strchr (id + strlen (prefix), '.') != NULL) {
printf ("WARNING: The action %s does not\n"
" belong in a policy file named %spolicy.\n"
" A future version of PolicyKit will ignore this action.\n"
"\n",
id, prefix);
warned = TRUE;
}
return FALSE;
}
static polkit_bool_t
validate_file (const char *file)
{
PolKitPolicyFile *priv_file;
PolKitPolicyFile *policy_file;
PolKitError *error;
char *prefix;
polkit_bool_t ret;
const char *basename;
ret = FALSE;
prefix = NULL;
policy_file = NULL;
if (!kit_str_has_suffix (file, ".policy")) {
printf ("%s doesn't have a .policy suffix\n", file);
goto out;
}
basename = strrchr (file, '/');
if (basename != NULL)
basename++;
else
basename = file;
prefix = kit_strdup (basename);
/* strip out "policy" - retain the dot */
prefix [strlen (prefix) - 6] = '\0';
error = NULL;
priv_file = polkit_policy_file_new (file, TRUE, &error);
if (priv_file == NULL) {
policy_file = polkit_policy_file_new (file, TRUE, &error);
if (policy_file == NULL) {
printf ("%s did not validate: %s\n", file, polkit_error_get_error_message (error));
polkit_error_free (error);
return FALSE;
goto out;
}
warned = FALSE;
polkit_policy_file_entry_foreach (policy_file, entry_foreach_cb, prefix);
if (warned) {
goto out;
}
polkit_policy_file_unref (priv_file);
return TRUE;
ret = TRUE;
out:
kit_free (prefix);
if (policy_file != NULL)
polkit_policy_file_unref (policy_file);
return ret;
}
int
main (int argc, char *argv[])
{
int n;
int ret;
if (argc <= 1) {
usage (argc, argv);
return 1;
ret = 1;
goto out;
}
ret = 0;
for (n = 1; n < argc; n++) {
if (strcmp (argv[n], "--help") == 0) {
usage (argc, argv);
return 0;
goto out;
}
if (strcmp (argv[n], "--version") == 0) {
printf ("polkit-policy-file-validate " PACKAGE_VERSION "\n");
return 0;
goto out;
}
if (!validate_file (argv[n])) {
return 1;
printf ("ERROR: %s did not validate\n"
"\n",
argv[n]);
ret = 1;
}
}
return 0;
out:
return ret;
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment