From b750101eb236130cf056c675997decbac904cc49 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 17:35:18 +0200 Subject: Adding upstream version 252.22. Signed-off-by: Daniel Baumann --- src/portable/portabled-image-bus.h | 43 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 src/portable/portabled-image-bus.h (limited to 'src/portable/portabled-image-bus.h') diff --git a/src/portable/portabled-image-bus.h b/src/portable/portabled-image-bus.h new file mode 100644 index 0000000..763a089 --- /dev/null +++ b/src/portable/portabled-image-bus.h @@ -0,0 +1,43 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +#pragma once + +#include "sd-bus.h" + +#include "discover-image.h" +#include "portabled.h" + +int bus_image_common_get_os_release(Manager *m, sd_bus_message *message, const char *name_or_path, Image *image, sd_bus_error *error); +int bus_image_common_get_metadata(Manager *m, sd_bus_message *message, const char *name_or_path, Image *image, sd_bus_error *error); +int bus_image_common_attach(Manager *m, sd_bus_message *message, const char *name_or_path, Image *image, sd_bus_error *error); +int bus_image_common_remove(Manager *m, sd_bus_message *message, const char *name_or_path, Image *image, sd_bus_error *error); +int bus_image_common_reattach(Manager *m, sd_bus_message *message, const char *name_or_path, Image *image, sd_bus_error *error); +int bus_image_common_mark_read_only(Manager *m, sd_bus_message *message, const char *name_or_path, Image *image, sd_bus_error *error); +int bus_image_common_set_limit(Manager *m, sd_bus_message *message, const char *name_or_path, Image *image, sd_bus_error *error); + +extern const sd_bus_vtable image_vtable[]; +extern const BusObjectImplementation image_object; + +int bus_image_path(Image *image, char **ret); + +/* So here's some complexity: some of operations can either take an image name, or a fully qualified file system path + * to an image. We need to authenticate differently when processing these two: images referenced via simple image names + * mean the images are located in the image search path and thus safe for limited read access for unprivileged + * clients. For operations on images located anywhere else we need explicit authentication however, so that + * unprivileged clients can't make us open arbitrary files in the file system. + * + * The "Image" bus objects directly represent images in the image search path, but do not exist for path-referenced + * images. Hence, when requesting a bus object we need to refuse references by file system path, but still allow + * references by image name. Depending on the operation to execute potentially we need to authenticate in all cases. */ + +typedef enum ImageAcquireMode { + BUS_IMAGE_REFUSE_BY_PATH, /* allow by name + prohibit by path */ + BUS_IMAGE_AUTHENTICATE_BY_PATH, /* allow by name + polkit by path */ + BUS_IMAGE_AUTHENTICATE_ALL, /* polkit by name + polkit by path */ + _BUS_IMAGE_ACQUIRE_MODE_MAX, + _BUS_IMAGE_ACQUIRE_MODE_INVALID = -EINVAL, +} ImageAcquireMode; + +int bus_image_acquire(Manager *m, sd_bus_message *message, const char *name_or_path, Image *image, ImageAcquireMode mode, const char *polkit_action, Image **ret, sd_bus_error *error); + +int bus_image_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error); +int bus_image_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error); -- cgit v1.2.3