OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rpmlint?expand=0&rev=36

2009-01-23 22:37:26 +00:00 · 2009-01-23 22:37:26 +00:00 · 4bf6ab48c3
commit 4bf6ab48c3
parent b092addcc9
5 changed files with 92 additions and 1 deletions
--- a/CheckDBusPolicy.py
+++ b/CheckDBusPolicy.py
@ -0,0 +1,80 @@
+# vim:sw=4:et
+#############################################################################
+# File          : CheckDBusPolicy.py
+# Package       : rpmlint
+# Author        : Ludwig Nussel
+# Purpose       : Check for broken DBus policies
+#############################################################################
+
+# causes extraction of package if it contains files in /etc/dbus-1/system.d/
+
+from Filter import *
+import AbstractCheck
+from xml.dom.minidom import parse
+
+class DBusPolicyCheck(AbstractCheck.AbstractCheck):
+    def __init__(self):
+        AbstractCheck.AbstractCheck.__init__(self, "CheckDBusPolicy")
+
+    def check(self, pkg):
+
+        if pkg.isSource():
+            return
+
+        files = pkg.files()
+
+        for f in files:
+            if f in pkg.ghostFiles():
+                continue
+
+            # catch xml exceptions 
+            try:
+                if f.startswith("/etc/dbus-1/system.d/"):
+                    send_policy_seen = False
+                    lf = pkg.dirName() + f
+                    xml = parse(lf)
+                    for p in xml.getElementsByTagName("policy"):
+                        for allow in p.getElementsByTagName("allow"):
+                            if ( allow.hasAttribute('send_interface') \
+                                    or allow.hasAttribute('send_member') \
+                                    or allow.hasAttribute('send_path')) \
+                                and not allow.hasAttribute('send_destination'):
+                                    send_policy_seen = True
+                                    printError(pkg, 'dbus-policy-allow-without-destination', "%(file)s: %(xml)s" % { 'file':f, 'xml':allow.toxml() })
+                            elif allow.hasAttribute('send_destination'):
+                                    send_policy_seen = True
+
+                            if allow.hasAttribute('receive_sender') \
+                                or allow.hasAttribute('receive_interface'):
+                                    printInfo(pkg, 'dbus-policy-allow-receive', "%(file)s: %(xml)s" % { 'file':f, 'xml':allow.toxml() })
+
+                        for deny in p.getElementsByTagName("deny"):
+                            if ( deny.hasAttribute('send_interface') \
+                                and not deny.hasAttribute('send_destination')):
+                                    printError(pkg, 'dbus-policy-deny-without-destination', "%(file)s: %(xml)s" % { 'file':f, 'xml':deny.toxml() })
+        
+                    if not send_policy_seen:
+                        printError(pkg, 'dbus-policy-missing-allow', "%(file)s does not allow communication" % { 'file':f })
+
+            except Exception, x:
+                printError(pkg, 'rpmlint-exception', "%(file)s raised an exception: %(x)s" % {'file':f, 'x':x})
+                continue
+
+check=DBusPolicyCheck()
+
+if Config.info:
+    addDetails(
+'dbus-policy-allow-without-destination',
+"""'allow' directives must always specify a 'send_destination'""",
+'dbus-policy-allow-receive',
+"""allow receive_* is normally not needed as that is the default""",
+'dbus-policy-deny-without-destination',
+"""'deny' directives must always specify a 'send_destination' otherwise messages to other services could be blocked""",
+'dbus-policy-missing-allow',
+"""every dbus config normally needs a line of the form
+<allow send_destination="org.foo.bar"/>
+or similar. If that is missing the service will not work with a dbus that uses
+deny as default policy""",
+'rpmlint-exception',
+"""A python exception was raised which prevents further analysis""",
+)
--- a/1
+++ b/1
@ -29,6 +29,7 @@ addCheck("CheckSUIDPermissions")
 # polkit-default-privs would need to be installed always
 #addCheck("CheckPolkitPrivs")
 addCheck("CheckDBUSServices")
+addCheck("CheckDBusPolicy")
 addCheck("CheckFilelist")
 addCheck("CheckKDE4Deps")
 addCheck("KMPPolicyCheck")
--- a/config.in
+++ b/config.in
@ -29,6 +29,7 @@ addCheck("CheckSUIDPermissions")
 # polkit-default-privs would need to be installed always
 #addCheck("CheckPolkitPrivs")
 addCheck("CheckDBUSServices")
+addCheck("CheckDBusPolicy")
 addCheck("CheckFilelist")

 # stuff autobuild takes care about
--- a/rpmlint.changes
+++ b/rpmlint.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Jan 23 14:00:24 CET 2009 - lnussel@suse.de
+
+- add check for DBus Policy problems
+
 -------------------------------------------------------------------
 Tue Jan 13 15:59:15 CET 2009 - lnussel@suse.de

--- a/rpmlint.spec
+++ b/rpmlint.spec
@ -22,7 +22,7 @@ Name:           rpmlint
 BuildRequires:  rpm-python
 Summary:        Rpm correctness checker
 Version:        0.84
-Release:        11
+Release:        12
 Source0:        %{name}-%{version}.tar.bz2
 Source1:        config
 Source1001:     config.in
@ -42,6 +42,7 @@ Source14:       CheckSUIDPermissions.py
 Source15:       CheckPolkitPrivs.py
 Source16:       CheckDBUSServices.py
 Source17:       CheckFilelist.py
+Source18:       CheckDBusPolicy.py
 Source100:      syntax-validator.py
 Url:            http://rpmlint.zarb.org/
 License:        GPL v2 or later
@ -194,6 +195,7 @@ cp -p %{SOURCE14} .
 cp -p %{SOURCE15} .
 cp -p %{SOURCE16} .
 cp -p %{SOURCE17} .
+cp -p %{SOURCE18} .

 %build
 make
@ -220,6 +222,8 @@ rm -rf $RPM_BUILD_ROOT
 /usr/share/man/man1/rpmlint.1.gz

 %changelog
+* Fri Jan 23 2009 lnussel@suse.de
+- add check for DBus Policy problems
 * Tue Jan 13 2009 lnussel@suse.de
 - CheckFilelist: optimize FHS check to only complain about wrong
  directories rather than hundreds of individual files