forked from pool/rpmlint
This commit is contained in:
parent
b092addcc9
commit
4bf6ab48c3
80
CheckDBusPolicy.py
Normal file
80
CheckDBusPolicy.py
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
# vim:sw=4:et
|
||||||
|
#############################################################################
|
||||||
|
# File : CheckDBusPolicy.py
|
||||||
|
# Package : rpmlint
|
||||||
|
# Author : Ludwig Nussel
|
||||||
|
# Purpose : Check for broken DBus policies
|
||||||
|
#############################################################################
|
||||||
|
|
||||||
|
# causes extraction of package if it contains files in /etc/dbus-1/system.d/
|
||||||
|
|
||||||
|
from Filter import *
|
||||||
|
import AbstractCheck
|
||||||
|
from xml.dom.minidom import parse
|
||||||
|
|
||||||
|
class DBusPolicyCheck(AbstractCheck.AbstractCheck):
|
||||||
|
def __init__(self):
|
||||||
|
AbstractCheck.AbstractCheck.__init__(self, "CheckDBusPolicy")
|
||||||
|
|
||||||
|
def check(self, pkg):
|
||||||
|
|
||||||
|
if pkg.isSource():
|
||||||
|
return
|
||||||
|
|
||||||
|
files = pkg.files()
|
||||||
|
|
||||||
|
for f in files:
|
||||||
|
if f in pkg.ghostFiles():
|
||||||
|
continue
|
||||||
|
|
||||||
|
# catch xml exceptions
|
||||||
|
try:
|
||||||
|
if f.startswith("/etc/dbus-1/system.d/"):
|
||||||
|
send_policy_seen = False
|
||||||
|
lf = pkg.dirName() + f
|
||||||
|
xml = parse(lf)
|
||||||
|
for p in xml.getElementsByTagName("policy"):
|
||||||
|
for allow in p.getElementsByTagName("allow"):
|
||||||
|
if ( allow.hasAttribute('send_interface') \
|
||||||
|
or allow.hasAttribute('send_member') \
|
||||||
|
or allow.hasAttribute('send_path')) \
|
||||||
|
and not allow.hasAttribute('send_destination'):
|
||||||
|
send_policy_seen = True
|
||||||
|
printError(pkg, 'dbus-policy-allow-without-destination', "%(file)s: %(xml)s" % { 'file':f, 'xml':allow.toxml() })
|
||||||
|
elif allow.hasAttribute('send_destination'):
|
||||||
|
send_policy_seen = True
|
||||||
|
|
||||||
|
if allow.hasAttribute('receive_sender') \
|
||||||
|
or allow.hasAttribute('receive_interface'):
|
||||||
|
printInfo(pkg, 'dbus-policy-allow-receive', "%(file)s: %(xml)s" % { 'file':f, 'xml':allow.toxml() })
|
||||||
|
|
||||||
|
for deny in p.getElementsByTagName("deny"):
|
||||||
|
if ( deny.hasAttribute('send_interface') \
|
||||||
|
and not deny.hasAttribute('send_destination')):
|
||||||
|
printError(pkg, 'dbus-policy-deny-without-destination', "%(file)s: %(xml)s" % { 'file':f, 'xml':deny.toxml() })
|
||||||
|
|
||||||
|
if not send_policy_seen:
|
||||||
|
printError(pkg, 'dbus-policy-missing-allow', "%(file)s does not allow communication" % { 'file':f })
|
||||||
|
|
||||||
|
except Exception, x:
|
||||||
|
printError(pkg, 'rpmlint-exception', "%(file)s raised an exception: %(x)s" % {'file':f, 'x':x})
|
||||||
|
continue
|
||||||
|
|
||||||
|
check=DBusPolicyCheck()
|
||||||
|
|
||||||
|
if Config.info:
|
||||||
|
addDetails(
|
||||||
|
'dbus-policy-allow-without-destination',
|
||||||
|
"""'allow' directives must always specify a 'send_destination'""",
|
||||||
|
'dbus-policy-allow-receive',
|
||||||
|
"""allow receive_* is normally not needed as that is the default""",
|
||||||
|
'dbus-policy-deny-without-destination',
|
||||||
|
"""'deny' directives must always specify a 'send_destination' otherwise messages to other services could be blocked""",
|
||||||
|
'dbus-policy-missing-allow',
|
||||||
|
"""every dbus config normally needs a line of the form
|
||||||
|
<allow send_destination="org.foo.bar"/>
|
||||||
|
or similar. If that is missing the service will not work with a dbus that uses
|
||||||
|
deny as default policy""",
|
||||||
|
'rpmlint-exception',
|
||||||
|
"""A python exception was raised which prevents further analysis""",
|
||||||
|
)
|
1
config
1
config
@ -29,6 +29,7 @@ addCheck("CheckSUIDPermissions")
|
|||||||
# polkit-default-privs would need to be installed always
|
# polkit-default-privs would need to be installed always
|
||||||
#addCheck("CheckPolkitPrivs")
|
#addCheck("CheckPolkitPrivs")
|
||||||
addCheck("CheckDBUSServices")
|
addCheck("CheckDBUSServices")
|
||||||
|
addCheck("CheckDBusPolicy")
|
||||||
addCheck("CheckFilelist")
|
addCheck("CheckFilelist")
|
||||||
addCheck("CheckKDE4Deps")
|
addCheck("CheckKDE4Deps")
|
||||||
addCheck("KMPPolicyCheck")
|
addCheck("KMPPolicyCheck")
|
||||||
|
@ -29,6 +29,7 @@ addCheck("CheckSUIDPermissions")
|
|||||||
# polkit-default-privs would need to be installed always
|
# polkit-default-privs would need to be installed always
|
||||||
#addCheck("CheckPolkitPrivs")
|
#addCheck("CheckPolkitPrivs")
|
||||||
addCheck("CheckDBUSServices")
|
addCheck("CheckDBUSServices")
|
||||||
|
addCheck("CheckDBusPolicy")
|
||||||
addCheck("CheckFilelist")
|
addCheck("CheckFilelist")
|
||||||
|
|
||||||
# stuff autobuild takes care about
|
# stuff autobuild takes care about
|
||||||
|
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 23 14:00:24 CET 2009 - lnussel@suse.de
|
||||||
|
|
||||||
|
- add check for DBus Policy problems
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jan 13 15:59:15 CET 2009 - lnussel@suse.de
|
Tue Jan 13 15:59:15 CET 2009 - lnussel@suse.de
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@ Name: rpmlint
|
|||||||
BuildRequires: rpm-python
|
BuildRequires: rpm-python
|
||||||
Summary: Rpm correctness checker
|
Summary: Rpm correctness checker
|
||||||
Version: 0.84
|
Version: 0.84
|
||||||
Release: 11
|
Release: 12
|
||||||
Source0: %{name}-%{version}.tar.bz2
|
Source0: %{name}-%{version}.tar.bz2
|
||||||
Source1: config
|
Source1: config
|
||||||
Source1001: config.in
|
Source1001: config.in
|
||||||
@ -42,6 +42,7 @@ Source14: CheckSUIDPermissions.py
|
|||||||
Source15: CheckPolkitPrivs.py
|
Source15: CheckPolkitPrivs.py
|
||||||
Source16: CheckDBUSServices.py
|
Source16: CheckDBUSServices.py
|
||||||
Source17: CheckFilelist.py
|
Source17: CheckFilelist.py
|
||||||
|
Source18: CheckDBusPolicy.py
|
||||||
Source100: syntax-validator.py
|
Source100: syntax-validator.py
|
||||||
Url: http://rpmlint.zarb.org/
|
Url: http://rpmlint.zarb.org/
|
||||||
License: GPL v2 or later
|
License: GPL v2 or later
|
||||||
@ -194,6 +195,7 @@ cp -p %{SOURCE14} .
|
|||||||
cp -p %{SOURCE15} .
|
cp -p %{SOURCE15} .
|
||||||
cp -p %{SOURCE16} .
|
cp -p %{SOURCE16} .
|
||||||
cp -p %{SOURCE17} .
|
cp -p %{SOURCE17} .
|
||||||
|
cp -p %{SOURCE18} .
|
||||||
|
|
||||||
%build
|
%build
|
||||||
make
|
make
|
||||||
@ -220,6 +222,8 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
/usr/share/man/man1/rpmlint.1.gz
|
/usr/share/man/man1/rpmlint.1.gz
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 23 2009 lnussel@suse.de
|
||||||
|
- add check for DBus Policy problems
|
||||||
* Tue Jan 13 2009 lnussel@suse.de
|
* Tue Jan 13 2009 lnussel@suse.de
|
||||||
- CheckFilelist: optimize FHS check to only complain about wrong
|
- CheckFilelist: optimize FHS check to only complain about wrong
|
||||||
directories rather than hundreds of individual files
|
directories rather than hundreds of individual files
|
||||||
|
Loading…
Reference in New Issue
Block a user