SHA256
1
0
forked from pool/rpmlint
OBS User unknown 2009-01-23 22:37:26 +00:00 committed by Git OBS Bridge
parent b092addcc9
commit 4bf6ab48c3
5 changed files with 92 additions and 1 deletions

80
CheckDBusPolicy.py Normal file
View File

@ -0,0 +1,80 @@
# vim:sw=4:et
#############################################################################
# File : CheckDBusPolicy.py
# Package : rpmlint
# Author : Ludwig Nussel
# Purpose : Check for broken DBus policies
#############################################################################
# causes extraction of package if it contains files in /etc/dbus-1/system.d/
from Filter import *
import AbstractCheck
from xml.dom.minidom import parse
class DBusPolicyCheck(AbstractCheck.AbstractCheck):
def __init__(self):
AbstractCheck.AbstractCheck.__init__(self, "CheckDBusPolicy")
def check(self, pkg):
if pkg.isSource():
return
files = pkg.files()
for f in files:
if f in pkg.ghostFiles():
continue
# catch xml exceptions
try:
if f.startswith("/etc/dbus-1/system.d/"):
send_policy_seen = False
lf = pkg.dirName() + f
xml = parse(lf)
for p in xml.getElementsByTagName("policy"):
for allow in p.getElementsByTagName("allow"):
if ( allow.hasAttribute('send_interface') \
or allow.hasAttribute('send_member') \
or allow.hasAttribute('send_path')) \
and not allow.hasAttribute('send_destination'):
send_policy_seen = True
printError(pkg, 'dbus-policy-allow-without-destination', "%(file)s: %(xml)s" % { 'file':f, 'xml':allow.toxml() })
elif allow.hasAttribute('send_destination'):
send_policy_seen = True
if allow.hasAttribute('receive_sender') \
or allow.hasAttribute('receive_interface'):
printInfo(pkg, 'dbus-policy-allow-receive', "%(file)s: %(xml)s" % { 'file':f, 'xml':allow.toxml() })
for deny in p.getElementsByTagName("deny"):
if ( deny.hasAttribute('send_interface') \
and not deny.hasAttribute('send_destination')):
printError(pkg, 'dbus-policy-deny-without-destination', "%(file)s: %(xml)s" % { 'file':f, 'xml':deny.toxml() })
if not send_policy_seen:
printError(pkg, 'dbus-policy-missing-allow', "%(file)s does not allow communication" % { 'file':f })
except Exception, x:
printError(pkg, 'rpmlint-exception', "%(file)s raised an exception: %(x)s" % {'file':f, 'x':x})
continue
check=DBusPolicyCheck()
if Config.info:
addDetails(
'dbus-policy-allow-without-destination',
"""'allow' directives must always specify a 'send_destination'""",
'dbus-policy-allow-receive',
"""allow receive_* is normally not needed as that is the default""",
'dbus-policy-deny-without-destination',
"""'deny' directives must always specify a 'send_destination' otherwise messages to other services could be blocked""",
'dbus-policy-missing-allow',
"""every dbus config normally needs a line of the form
<allow send_destination="org.foo.bar"/>
or similar. If that is missing the service will not work with a dbus that uses
deny as default policy""",
'rpmlint-exception',
"""A python exception was raised which prevents further analysis""",
)

1
config
View File

@ -29,6 +29,7 @@ addCheck("CheckSUIDPermissions")
# polkit-default-privs would need to be installed always # polkit-default-privs would need to be installed always
#addCheck("CheckPolkitPrivs") #addCheck("CheckPolkitPrivs")
addCheck("CheckDBUSServices") addCheck("CheckDBUSServices")
addCheck("CheckDBusPolicy")
addCheck("CheckFilelist") addCheck("CheckFilelist")
addCheck("CheckKDE4Deps") addCheck("CheckKDE4Deps")
addCheck("KMPPolicyCheck") addCheck("KMPPolicyCheck")

View File

@ -29,6 +29,7 @@ addCheck("CheckSUIDPermissions")
# polkit-default-privs would need to be installed always # polkit-default-privs would need to be installed always
#addCheck("CheckPolkitPrivs") #addCheck("CheckPolkitPrivs")
addCheck("CheckDBUSServices") addCheck("CheckDBUSServices")
addCheck("CheckDBusPolicy")
addCheck("CheckFilelist") addCheck("CheckFilelist")
# stuff autobuild takes care about # stuff autobuild takes care about

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri Jan 23 14:00:24 CET 2009 - lnussel@suse.de
- add check for DBus Policy problems
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 13 15:59:15 CET 2009 - lnussel@suse.de Tue Jan 13 15:59:15 CET 2009 - lnussel@suse.de

View File

@ -22,7 +22,7 @@ Name: rpmlint
BuildRequires: rpm-python BuildRequires: rpm-python
Summary: Rpm correctness checker Summary: Rpm correctness checker
Version: 0.84 Version: 0.84
Release: 11 Release: 12
Source0: %{name}-%{version}.tar.bz2 Source0: %{name}-%{version}.tar.bz2
Source1: config Source1: config
Source1001: config.in Source1001: config.in
@ -42,6 +42,7 @@ Source14: CheckSUIDPermissions.py
Source15: CheckPolkitPrivs.py Source15: CheckPolkitPrivs.py
Source16: CheckDBUSServices.py Source16: CheckDBUSServices.py
Source17: CheckFilelist.py Source17: CheckFilelist.py
Source18: CheckDBusPolicy.py
Source100: syntax-validator.py Source100: syntax-validator.py
Url: http://rpmlint.zarb.org/ Url: http://rpmlint.zarb.org/
License: GPL v2 or later License: GPL v2 or later
@ -194,6 +195,7 @@ cp -p %{SOURCE14} .
cp -p %{SOURCE15} . cp -p %{SOURCE15} .
cp -p %{SOURCE16} . cp -p %{SOURCE16} .
cp -p %{SOURCE17} . cp -p %{SOURCE17} .
cp -p %{SOURCE18} .
%build %build
make make
@ -220,6 +222,8 @@ rm -rf $RPM_BUILD_ROOT
/usr/share/man/man1/rpmlint.1.gz /usr/share/man/man1/rpmlint.1.gz
%changelog %changelog
* Fri Jan 23 2009 lnussel@suse.de
- add check for DBus Policy problems
* Tue Jan 13 2009 lnussel@suse.de * Tue Jan 13 2009 lnussel@suse.de
- CheckFilelist: optimize FHS check to only complain about wrong - CheckFilelist: optimize FHS check to only complain about wrong
directories rather than hundreds of individual files directories rather than hundreds of individual files