From 15731b47b7cc0a0b3d76a0bd01ca52b0a2166431 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Fri, 2 Jun 2017 14:51:54 +0100
Subject: [PATCH] driver: Add a stub implementation of the Containers1
 interface

For now, this is considered to be a privileged operation, because the
resource-limiting isn't wired up yet. It only contains the bare minimum
of API.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 bus/Makefile.am          |  2 ++
 bus/containers.c         | 55 ++++++++++++++++++++++++++++++++++++++++++++++++
 bus/containers.h         | 36 +++++++++++++++++++++++++++++++
 bus/driver.c             | 18 ++++++++++++++++
 cmake/CMakeLists.txt     |  1 +
 cmake/bus/CMakeLists.txt |  2 ++
 configure.ac             | 11 ++++++++++
 dbus/dbus-shared.h       |  2 ++
 8 files changed, 127 insertions(+)
 create mode 100644 bus/containers.c
 create mode 100644 bus/containers.h

diff --git a/bus/Makefile.am b/bus/Makefile.am
index 271887ca..c7dd24e7 100644
--- a/bus/Makefile.am
+++ b/bus/Makefile.am
@@ -97,6 +97,8 @@ BUS_SOURCES=					\
 	config-parser-common.h			\
 	connection.c				\
 	connection.h				\
+	containers.c				\
+	containers.h				\
 	desktop-file.c				\
 	desktop-file.h				\
 	$(DIR_WATCH_SOURCE)			\
diff --git a/bus/containers.c b/bus/containers.c
new file mode 100644
index 00000000..e8693600
--- /dev/null
+++ b/bus/containers.c
@@ -0,0 +1,55 @@
+/* containers.c - restricted bus servers for containers
+ *
+ * Copyright © 2017 Collabora Ltd.
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#include <config.h>
+#include "containers.h"
+
+#ifdef DBUS_ENABLE_CONTAINERS
+
+#ifndef DBUS_UNIX
+# error DBUS_ENABLE_CONTAINERS requires DBUS_UNIX
+#endif
+
+dbus_bool_t
+bus_containers_handle_add_container_server (DBusConnection *connection,
+                                            BusTransaction *transaction,
+                                            DBusMessage    *message,
+                                            DBusError      *error)
+{
+  dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED, "Not yet implemented");
+  return FALSE;
+}
+
+dbus_bool_t
+bus_containers_supported_arguments_getter (BusContext *context,
+                                           DBusMessageIter *var_iter)
+{
+  DBusMessageIter arr_iter;
+
+  /* There are none so far */
+  return dbus_message_iter_open_container (var_iter, DBUS_TYPE_ARRAY,
+                                           DBUS_TYPE_STRING_AS_STRING,
+                                           &arr_iter) &&
+         dbus_message_iter_close_container (var_iter, &arr_iter);
+}
+
+#endif /* HAVE_UNIX_FD_PASSING */
diff --git a/bus/containers.h b/bus/containers.h
new file mode 100644
index 00000000..49b20d59
--- /dev/null
+++ b/bus/containers.h
@@ -0,0 +1,36 @@
+/* containers.h - restricted bus servers for containers
+ *
+ * Copyright © 2017 Collabora Ltd.
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#ifndef BUS_CONTAINERS_H
+#define BUS_CONTAINERS_H
+
+#include "bus.h"
+
+dbus_bool_t bus_containers_handle_add_container_server (DBusConnection *connection,
+                                                        BusTransaction *transaction,
+                                                        DBusMessage    *message,
+                                                        DBusError      *error);
+
+dbus_bool_t bus_containers_supported_arguments_getter (BusContext *context,
+                                                       DBusMessageIter *var_iter);
+
+#endif /* multiple-inclusion guard */
diff --git a/bus/driver.c b/bus/driver.c
index cd0a714d..8fcfd020 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -26,6 +26,7 @@
 #include "activation.h"
 #include "apparmor.h"
 #include "connection.h"
+#include "containers.h"
 #include "driver.h"
 #include "dispatch.h"
 #include "services.h"
@@ -2517,6 +2518,19 @@ static const MessageHandler introspectable_message_handlers[] = {
   { NULL, NULL, NULL, NULL }
 };
 
+#ifdef DBUS_ENABLE_CONTAINERS
+static const MessageHandler containers_message_handlers[] = {
+  { "AddContainerServer", "ssa{sv}a{sv}", "oays",
+    bus_containers_handle_add_container_server,
+    METHOD_FLAG_PRIVILEGED },
+  { NULL, NULL, NULL, NULL }
+};
+static const PropertyHandler containers_property_handlers[] = {
+  { "SupportedArguments", "as", bus_containers_supported_arguments_getter },
+  { NULL, NULL, NULL }
+};
+#endif
+
 static const MessageHandler monitoring_message_handlers[] = {
   { "BecomeMonitor", "asu", "", bus_driver_handle_become_monitor,
     METHOD_FLAG_PRIVILEGED },
@@ -2621,6 +2635,10 @@ static InterfaceHandler interface_handlers[] = {
   { BUS_INTERFACE_STATS, stats_message_handlers, NULL,
     INTERFACE_FLAG_NONE },
 #endif
+#ifdef DBUS_ENABLE_CONTAINERS
+  { DBUS_INTERFACE_CONTAINERS1, containers_message_handlers, NULL,
+    INTERFACE_FLAG_NONE, containers_property_handlers },
+#endif
   { DBUS_INTERFACE_PEER, peer_message_handlers, NULL,
     /* Not in the Interfaces property because it's a pseudo-interface
      * on all object paths of all connections, rather than a feature of the
diff --git a/cmake/CMakeLists.txt b/cmake/CMakeLists.txt
index 9f41ca74..07f19d12 100644
--- a/cmake/CMakeLists.txt
+++ b/cmake/CMakeLists.txt
@@ -129,6 +129,7 @@ endif(NOT WIN32)
 option (DBUS_DISABLE_ASSERT "Disable assertion checking" OFF)
 
 option (DBUS_ENABLE_STATS "enable bus daemon usage statistics" OFF)
+option (DBUS_ENABLE_CONTAINERS "enable restricted servers for app-containers" OFF)
 
 if(WIN32)
     set(FD_SETSIZE "8192" CACHE STRING "The maximum number of connections that can be handled at once")
diff --git a/cmake/bus/CMakeLists.txt b/cmake/bus/CMakeLists.txt
index 4c5bdcf2..9e806c4f 100644
--- a/cmake/bus/CMakeLists.txt
+++ b/cmake/bus/CMakeLists.txt
@@ -52,6 +52,8 @@ set (BUS_SOURCES
 #    ${BUS_DIR}/config-parser-trivial.c
 	${BUS_DIR}/connection.c
 	${BUS_DIR}/connection.h				
+	${BUS_DIR}/containers.c
+	${BUS_DIR}/containers.h
 	${BUS_DIR}/desktop-file.c				
 	${BUS_DIR}/desktop-file.h				
 	${BUS_DIR}/dir-watch.h				
diff --git a/configure.ac b/configure.ac
index 53c8b348..cb39750a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1874,6 +1874,16 @@ AC_ARG_ENABLE([user-session],
 AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION],
   [test "x$enable_user_session" = xyes])
 
+AC_ARG_ENABLE([containers],
+  [AS_HELP_STRING([--enable-containers],
+    [enable restricted servers for app containers])],
+  [], [enable_containers=no])
+AS_IF([test "x$enable_containers" = xyes && test "x$dbus_unix" != xyes],
+  [AC_MSG_ERROR([Restricted servers for app containers require Unix])])
+AS_IF([test "x$enable_containers" = xyes],
+  [AC_DEFINE([DBUS_ENABLE_CONTAINERS], [1],
+    [Define to enable restricted servers for app containers])])
+
 AC_CONFIG_FILES([
 Doxyfile
 dbus/Version
@@ -1957,6 +1967,7 @@ echo "
         Building assertions:      ${enable_asserts}
         Building checks:          ${enable_checks}
         Building bus stats API:   ${enable_stats}
+        Building container API:   ${enable_containers}
         Building SELinux support: ${have_selinux}
         Building AppArmor support: ${have_apparmor}
         Building inotify support: ${have_inotify}
diff --git a/dbus/dbus-shared.h b/dbus/dbus-shared.h
index 7ab91035..f20c72ad 100644
--- a/dbus/dbus-shared.h
+++ b/dbus/dbus-shared.h
@@ -86,6 +86,8 @@ typedef enum
  */
 /** The interface exported by the object with #DBUS_SERVICE_DBUS and #DBUS_PATH_DBUS */
 #define DBUS_INTERFACE_DBUS           "org.freedesktop.DBus"
+/** The restricted container interface exported by the dbus-daemon */
+#define DBUS_INTERFACE_CONTAINERS1    "org.freedesktop.DBus.Containers1"
 /** The monitoring interface exported by the dbus-daemon */
 #define DBUS_INTERFACE_MONITORING     "org.freedesktop.DBus.Monitoring"
 
-- 
2.13.2