From 850ed5c6144c45020bd1d1bc0744f5d3d4b7e464 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Fri, 11 May 2018 18:44:30 +0100
Subject: [PATCH 31/39] containers: Don't allow containers to send unsolicited
 replies

Containers are new functionality, so we don't need to preserve
historical warts, like the fact that the behaviour for unsolicited
replies is (inexplicably) sysadmin-configurable.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 bus/containers.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/bus/containers.c b/bus/containers.c
index ea2a117b..242dd7ce 100644
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -1594,10 +1594,40 @@ bus_containers_check_can_send (DBusConnection *sender,
                                DBusMessage *message,
                                DBusError *error)
 {
+#ifdef DBUS_ENABLE_CONTAINERS
+  BusContainerInstance *instance;
+  int type;
+#endif
+
   _dbus_assert (sender != NULL);
   _dbus_assert (message != NULL);
   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
 
+#ifdef DBUS_ENABLE_CONTAINERS
+  instance = connection_get_instance (sender);
+
+  if (instance == NULL)
+    return TRUE;
+
+  /* We don't allow unsolicited replies even if the container has no
+   * particular policy. */
+  type = dbus_message_get_type (message);
+
+  if (type == DBUS_MESSAGE_TYPE_METHOD_RETURN ||
+      type == DBUS_MESSAGE_TYPE_ERROR)
+    {
+      if (!requested_reply)
+        {
+          dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+                          "Connection \"%s\" (%s) is in a container that is "
+                          "not allowed to send unsolicited replies",
+                          bus_connection_get_name (sender),
+                          bus_connection_get_loginfo (sender));
+          return FALSE;
+        }
+    }
+#endif /* DBUS_ENABLE_CONTAINERS */
+
   return TRUE;
 }
 
-- 
2.17.0