From 765b810f759a194458030ea0c2c5f33c259c175f Mon Sep 17 00:00:00 2001
From: Ron Waldon-Howe <jokeyrhyme@jokeyrhy.me>
Date: Tue, 12 Nov 2024 22:53:40 +1100
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7=20Ignore=20rule=20attributes=20ign?=
 =?UTF-8?q?ored=20by=20`dbus-broker`?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

See: https://github.com/dbus2/busd/pull/146#issuecomment-2408429760
---
 src/config.rs | 192 +++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 167 insertions(+), 25 deletions(-)

diff --git a/src/config.rs b/src/config.rs
index 815211b..5ba0aa6 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -309,8 +309,8 @@ pub struct Limits {
 pub enum Operation {
     Connect,
     Own,
-    Receive,
-    Send,
+    Receive(ReceiveOperation),
+    Send(SendOperation),
 }
 type OptionalOperation = Option<Operation>;
 impl TryFrom<RuleAttributes> for OptionalOperation {
@@ -320,8 +320,7 @@ impl TryFrom<RuleAttributes> for OptionalOperation {
         let has_connect = false;
         let has_own = value.own.is_some();
         let has_send = value.send_destination.is_some();
-        let has_receive =
-            value.receive_sender.is_some() || (!has_send && value.eavesdrop.is_some());
+        let has_receive = value.receive_sender.is_some();
 
         let operations_count: i8 = vec![has_connect, has_own, has_receive, has_send]
             .into_iter()
@@ -337,9 +336,13 @@ impl TryFrom<RuleAttributes> for OptionalOperation {
         } else if has_own {
             Ok(Some(Operation::Own))
         } else if has_receive {
-            Ok(Some(Operation::Receive))
+            Ok(Some(Operation::Receive(ReceiveOperation {
+                sender: value.receive_sender.unwrap_or(String::from("*")),
+            })))
         } else if has_send {
-            Ok(Some(Operation::Send))
+            Ok(Some(Operation::Send(SendOperation {
+                destination: value.send_destination.unwrap_or(String::from("*")),
+            })))
         } else {
             Err(Error::msg(format!("rule must specify supported attributes for connect, own, receive, or send operations: {value:?}")))
         }
@@ -433,16 +436,87 @@ struct PolicyElement {
     user: Option<String>,
 }
 
+#[derive(Clone, Debug, Default, PartialEq)]
+pub struct ReceiveOperation {
+    pub sender: String,
+}
+
 type OptionalRule = Option<Rule>;
 impl TryFrom<RuleElement> for OptionalRule {
     type Error = Error;
 
     fn try_from(value: RuleElement) -> std::result::Result<Self, Self::Error> {
         match value {
-            RuleElement::Allow(attrs) => match OptionalOperation::try_from(attrs)? {
-                Some(some) => Ok(Some((Access::Allow, some))),
-                None => Ok(None),
-            },
+            RuleElement::Allow(RuleAttributes {
+                eavesdrop: Some(true),
+                group: None,
+                own: None,
+                receive_sender: None,
+                receive_requested_reply: None,
+                send_destination: None,
+                send_requested_reply: None,
+                user: None,
+            }) => {
+                // see: https://github.com/dbus2/busd/pull/146#issuecomment-2408429760
+                eprintln!(
+                    r#"warning: eavesdropping is deprecated and ignored: `<allow eavesdrop="true" />`"#
+                );
+                Ok(None)
+            }
+            RuleElement::Allow(
+                RuleAttributes {
+                    receive_requested_reply: Some(false),
+                    ..
+                }
+                | RuleAttributes {
+                    send_requested_reply: Some(false),
+                    ..
+                },
+            ) => {
+                // see: https://github.com/dbus2/busd/pull/146#issuecomment-2408429760
+                eprintln!(
+                    "warning: explicit policies on replies and errors are deprecated and ignored: `<allow ... (receive|send)_requested_reply=...`"
+                );
+                Ok(None)
+            }
+            RuleElement::Allow(attrs) => {
+                if attrs.eavesdrop == Some(true) {
+                    // see: https://github.com/dbus2/busd/pull/146#issuecomment-2408429760
+                    eprintln!(
+                        r#"warning: eavesdropping is deprecated and ignored: `<allow ... eavesdrop="true" ...`"#
+                    );
+                }
+                match OptionalOperation::try_from(attrs)? {
+                    Some(some) => Ok(Some((Access::Allow, some))),
+                    None => Ok(None),
+                }
+            }
+            RuleElement::Deny(RuleAttributes {
+                eavesdrop: Some(true),
+                ..
+            }) => {
+                // see: https://github.com/dbus2/busd/pull/146#issuecomment-2408429760
+                eprintln!(
+                    r#"warning: eavesdropping is deprecated and ignored: `<deny ... eavesdrop="true" ...`"#
+                );
+                Ok(None)
+            }
+            RuleElement::Deny(
+                RuleAttributes {
+                    receive_requested_reply: Some(true),
+                    ..
+                }
+                | RuleAttributes {
+                    send_requested_reply: Some(true),
+                    ..
+                },
+            ) => {
+                // see: https://github.com/dbus2/busd/pull/146#issuecomment-2408429760
+                eprintln!(
+                    "warning: explicit policies on replies and errors are deprecated and ignored: `<deny ... (receive|send)_requested_reply=...`"
+                );
+                Ok(None)
+            }
             RuleElement::Deny(attrs) => match OptionalOperation::try_from(attrs)? {
                 Some(some) => Ok(Some((Access::Deny, some))),
                 None => Ok(None),
@@ -467,15 +541,19 @@ pub type Rule = (Access, Operation);
 #[derive(Clone, Debug, Default, Deserialize, PartialEq)]
 struct RuleAttributes {
     #[serde(rename = "@eavesdrop")]
-    eavesdrop: Option<String>,
+    eavesdrop: Option<bool>,
     #[serde(rename = "@group")]
     group: Option<String>,
     #[serde(rename = "@own")]
     own: Option<String>,
     #[serde(rename = "@receive_sender")]
     receive_sender: Option<String>,
+    #[serde(rename = "@receive_requested_reply")]
+    receive_requested_reply: Option<bool>,
     #[serde(rename = "@send_destination")]
     send_destination: Option<String>,
+    #[serde(rename = "@send_requested_reply")]
+    send_requested_reply: Option<bool>,
     #[serde(rename = "@user")]
     user: Option<String>,
 }
@@ -487,6 +565,11 @@ enum RuleElement {
     Deny(RuleAttributes),
 }
 
+#[derive(Clone, Debug, Default, PartialEq)]
+pub struct SendOperation {
+    pub destination: String,
+}
+
 #[derive(Clone, Debug, Deserialize, PartialEq)]
 #[serde(rename_all = "lowercase")]
 pub enum Type {
@@ -660,13 +743,8 @@ mod tests {
         "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
         <busconfig>
             <policy context="default">
-                <allow send_destination="*" eavesdrop="true"/>
-                <allow eavesdrop="true"/>
                 <allow own="*"/>
             </policy>
-            <policy at_console="true">
-                <allow send_destination="org.freedesktop.DBus" send_interface="org.freedesktop.systemd1.Activator"/>
-            </policy>
             <policy user="root">
                 <allow send_destination="org.freedesktop.DBus" send_interface="org.freedesktop.systemd1.Activator"/>
             </policy>
@@ -686,23 +764,87 @@ mod tests {
             busconfig,
             BusConfig {
                 policies: vec![
-                    Policy::DefaultContext(vec![
-                        (Access::Allow, Operation::Send),
-                        (Access::Allow, Operation::Receive),
-                        (Access::Allow, Operation::Own),
-                    ]),
+                    Policy::DefaultContext(vec![(Access::Allow, Operation::Own),]),
                     Policy::User(
-                        vec![(Access::Allow, Operation::Send),],
+                        vec![(
+                            Access::Allow,
+                            Operation::Send(SendOperation {
+                                destination: String::from("org.freedesktop.DBus")
+                            })
+                        ),],
                         String::from("root")
                     ),
                     Policy::Group(
                         vec![
-                            (Access::Allow, Operation::Send),
-                            (Access::Allow, Operation::Receive),
+                            (
+                                Access::Allow,
+                                Operation::Send(SendOperation {
+                                    destination: String::from("org.freedesktop.Avahi")
+                                })
+                            ),
+                            (
+                                Access::Allow,
+                                Operation::Receive(ReceiveOperation {
+                                    sender: String::from("org.freedesktop.Avahi")
+                                })
+                            ),
                         ],
                         String::from("network")
                     ),
-                    Policy::MandatoryContext(vec![(Access::Deny, Operation::Send),]),
+                    Policy::MandatoryContext(vec![(
+                        Access::Deny,
+                        Operation::Send(SendOperation {
+                            destination: String::from("net.connman.iwd")
+                        })
+                    ),]),
+                ],
+                ..Default::default()
+            }
+        );
+    }
+
+    #[test]
+    fn bus_config_parse_with_policies_with_ignored_rules_and_rule_attributes_ok() {
+        let input = r#"<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+        "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+        <busconfig>
+            <policy context="default">
+                <allow send_destination="*" eavesdrop="true"/>
+                <allow eavesdrop="true"/>
+                <deny eavesdrop="true"/>
+                <deny send_requested_reply="true" send_type="method_return"/>
+                <allow send_requested_reply="false" send_type="method_return"/>
+                <deny receive_requested_reply="true" receive_type="error"/>
+                <allow receive_requested_reply="false" receive_type="error"/>
+            </policy>
+            <policy at_console="true">
+                <allow send_destination="org.freedesktop.DBus" send_interface="org.freedesktop.systemd1.Activator"/>
+            </policy>
+        </busconfig>
+        "#;
+
+        let busconfig = BusConfig::parse(input).expect("should parse XML input");
+
+        assert_eq!(
+            busconfig,
+            BusConfig {
+                policies: vec![
+                    Policy::DefaultContext(vec![
+                        (
+                            Access::Allow,
+                            // `eavesdrop="true"` is dropped, keep other attributes
+                            Operation::Send(SendOperation {
+                                destination: String::from("*")
+                            })
+                        ),
+                        // `<allow eavesdrop="true"/>` has nothing left after dropping eavesdrop
+                        // `<deny eavesdrop="true" ...` is completely ignored
+                        // `<deny send_requested_reply="true" ...` is completely ignored
+                        // `<allow send_requested_reply="false" ...` is completely ignored
+                        // `<deny receive_requested_reply="true" ...` is completely ignored
+                        // `<allow receive_requested_reply="false" ...` is completely ignored
+                    ]),
+                    // `<policy at_console="true">` is completely ignored
                 ],
                 ..Default::default()
             }