diff options
| author | Lennart Poettering <lennart@poettering.net> | 2018-06-11 12:22:58 +0200 |
|---|---|---|
| committer | Sven Eden <yamakuzure@gmx.net> | 2018-08-24 16:47:08 +0200 |
| commit | b4706afe06b9a76c44f200491056e8cbb4f1d403 (patch) | |
| tree | ec68a45d976064c58877821433aa4092c8a69905 /src/basic | |
| parent | a16bfc6f7f403147b47d262182a292e98985d0be (diff) | |
core: rework how we validate DeviceAllow= settings
Let's make sure we don't validate "char-*" and "block-*" expressions as
paths.
Diffstat (limited to 'src/basic')
| -rw-r--r-- | src/basic/path-util.c | 29 | ||||
| -rw-r--r-- | src/basic/path-util.h | 4 |
2 files changed, 28 insertions, 5 deletions
diff --git a/src/basic/path-util.c b/src/basic/path-util.c index 422543140..ed6d0f112 100644 --- a/src/basic/path-util.c +++ b/src/basic/path-util.c @@ -902,10 +902,31 @@ bool is_device_path(const char *path) { path_startswith(path, "/sys/"); } -bool is_deviceallow_pattern(const char *path) { - return path_startswith(path, "/dev/") || - startswith(path, "block-") || - startswith(path, "char-"); +bool valid_device_node_path(const char *path) { + + /* Some superficial checks whether the specified path is a valid device node path, all without looking at the + * actual device node. */ + + if (!PATH_STARTSWITH_SET(path, "/dev/", "/run/systemd/inaccessible/")) + return false; + + if (endswith(path, "/")) /* can't be a device node if it ends in a slash */ + return false; + + return path_is_normalized(path); +} + +bool valid_device_allow_pattern(const char *path) { + assert(path); + + /* Like valid_device_node_path(), but also allows full-subsystem expressions, like DeviceAllow= and DeviceDeny= + * accept it */ + + if (startswith(path, "block-") || + startswith(path, "char-")) + return true; + + return valid_device_node_path(path); } int systemd_installation_has_version(const char *root, unsigned minimal_version) { diff --git a/src/basic/path-util.h b/src/basic/path-util.h index 489a6c472..9f356c94d 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h @@ -160,7 +160,9 @@ bool hidden_or_backup_file(const char *filename) _pure_; #if 0 /// UNNEEDED by elogind bool is_device_path(const char *path); -bool is_deviceallow_pattern(const char *path); + +bool valid_device_node_path(const char *path); +bool valid_device_allow_pattern(const char *path); int systemd_installation_has_version(const char *root, unsigned minimal_version); #endif // 0 |