From 5f9678e0215f2dd06801a961cdbb6235248d5ad6 Mon Sep 17 00:00:00 2001
From: David Rheinsberg <david@readahead.eu>
Date: Thu, 1 Aug 2024 14:56:40 +0200
Subject: [PATCH] launch/policy: prevent linking policies on invalid gids

Invalid groups/users are reported as `-1` by the config parser, and
generally ignored by the policy import. Unfortunately, the own-policy
importer does not check for it when importing into groups. Fix this and
align it with `policy_import_send/recv`.

Signed-off-by: David Rheinsberg <david@readahead.eu>
---
 src/launch/policy.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/launch/policy.c b/src/launch/policy.c
index 803336fc..97f1bf1a 100644
--- a/src/launch/policy.c
+++ b/src/launch/policy.c
@@ -396,11 +396,13 @@ static int policy_import_own(Policy *policy, ConfigNode *cnode) {
         } else if (cnode->parent->policy.context == CONFIG_POLICY_AT_CONSOLE) {
                 c_list_link_tail(&policy->at_console_entries.own_list, &record->link);
         } else if (cnode->parent->policy.context == CONFIG_POLICY_GROUP) {
-                r = policy_at_gid(policy, &node, cnode->parent->policy.id);
-                if (r)
-                        return error_trace(r);
+                if (cnode->parent->policy.id != (uint32_t)-1) {
+                        r = policy_at_gid(policy, &node, cnode->parent->policy.id);
+                        if (r)
+                                return error_trace(r);
 
-                c_list_link_tail(&node->entries.own_list, &record->link);
+                        c_list_link_tail(&node->entries.own_list, &record->link);
+                }
         } else {
                 c_list_link_tail(&policy->default_entries.own_list, &record->link);
         }