launch/policy: do not warn when ignoring noop policy entries

Do not emit warnings on explicit policy entries that are noops, as they
just confirm our hard-coded defaults. For instance, allowing expected
replies or disallowing unexpected replies.

Only emit warnings on rules that would have had an effect if enforced,
i.e., where there is an actual problem to be addressed.

This eliminates all (harmless) warnings caused by the reference policy:
dbus-broker-launch[740]: Reply/Error policy in /usr/share/dbus-1/system.conf +56: Explicit policies on replies and errors are deprecated and ignored
dbus-broker-launch[740]: Reply/Error policy in /usr/share/dbus-1/system.conf +57: Explicit policies on replies and errors are deprecated and ignored
dbus-broker-launch[740]: Reply/Error policy in /usr/share/dbus-1/system.conf +61: Explicit policies on replies and errors are deprecated and ignored
dbus-broker-launch[740]: Reply/Error policy in /usr/share/dbus-1/system.conf +62: Explicit policies on replies and errors are deprecated and ignored

Signed-off-by: Tom Gundersen <[email protected]>

src/launch/policy.c

@@ -450,17 +450,19 @@ static int policy_import_send(Policy *policy, ConfigNode *cnode) {
         }
 
         if (cnode->allow_deny.send_type == DBUS_MESSAGE_TYPE_METHOD_RETURN ||
-            cnode->allow_deny.send_type == DBUS_MESSAGE_TYPE_ERROR) {
-                fprintf(stderr, "Reply/Error policy in %s +%lu: Explicit policies on replies and errors are deprecated and ignored\n",
-                        cnode->file, cnode->lineno);
-                return 0;
+            cnode->allow_deny.send_type == DBUS_MESSAGE_TYPE_ERROR ||
+            cnode->allow_deny.send_type == DBUS_MESSAGE_TYPE_INVALID) {
+                if (cnode->type == CONFIG_NODE_DENY && cnode->allow_deny.send_requested_reply == CONFIG_TRISTATE_YES)
+                        fprintf(stderr, "Policy to deny expected replies in %s +%lu: Explicit policies on replies and errors are deprecated and ignored\n",
+                                cnode->file, cnode->lineno);
+                else if (cnode->type == CONFIG_NODE_ALLOW && cnode->allow_deny.send_requested_reply == CONFIG_TRISTATE_NO)
+                        fprintf(stderr, "Policy to allow unexpected replies in %s +%lu: Explicit policies on replies and errors are deprecated and ignored\n",
+                                cnode->file, cnode->lineno);
+
+                if (cnode->allow_deny.send_type != DBUS_MESSAGE_TYPE_INVALID)
+                        return 0;
         }
 
-        if (cnode->allow_deny.send_error ||
-            cnode->allow_deny.send_requested_reply)
-                fprintf(stderr, "Expected-reply/Error policy match in %s +%lu: Those attributes are deprecated and ignored\n",
-                        cnode->file, cnode->lineno);
-
         r = policy_record_new_xmit(&record);
         if (r)
                 return error_trace(r);
@@ -532,17 +534,19 @@ static int policy_import_recv(Policy *policy, ConfigNode *cnode) {
         }
 
         if (cnode->allow_deny.recv_type == DBUS_MESSAGE_TYPE_METHOD_RETURN ||
-            cnode->allow_deny.recv_type == DBUS_MESSAGE_TYPE_ERROR) {
-                fprintf(stderr, "Reply/Error policy in %s +%lu: Explicit policies on replies and errors are deprecated and ignored\n",
-                        cnode->file, cnode->lineno);
-                return 0;
+            cnode->allow_deny.recv_type == DBUS_MESSAGE_TYPE_ERROR ||
+            cnode->allow_deny.recv_type == DBUS_MESSAGE_TYPE_INVALID) {
+                if (cnode->type == CONFIG_NODE_DENY && cnode->allow_deny.recv_requested_reply == CONFIG_TRISTATE_YES)
+                        fprintf(stderr, "Policy to deny expected replies in %s +%lu: Explicit policies on replies and errors are deprecated and ignored\n",
+                                cnode->file, cnode->lineno);
+                else if (cnode->type == CONFIG_NODE_ALLOW && cnode->allow_deny.recv_requested_reply == CONFIG_TRISTATE_NO)
+                        fprintf(stderr, "Policy to allow unexpected replies in %s +%lu: Explicit policies on replies and errors are deprecated and ignored\n",
+                                cnode->file, cnode->lineno);
+
+                if (cnode->allow_deny.recv_type != DBUS_MESSAGE_TYPE_INVALID)
+                        return 0;
         }
 
-        if (cnode->allow_deny.recv_error ||
-            cnode->allow_deny.recv_requested_reply)
-                fprintf(stderr, "Expected-reply/Error policy match in %s +%lu: Those attributes are deprecated and ignored\n",
-                        cnode->file, cnode->lineno);
-
         r = policy_record_new_xmit(&record);
         if (r)
                 return error_trace(r);