Commit 44656f53 authored by David Zeuthen's avatar David Zeuthen

2005-04-13 David Zeuthen <davidz@redhat.com>

	* bus/selinux.c: Add c-file-style to top of file
	(log_audit_callback): Don't free the data here anymore
	(bus_selinux_check): Don't take spid and tpid since appending
	that to auxdata may OOM.
	(bus_selinux_allows_acquire_service): Handle OOM and signal back
	to the caller if we are OOM by taking an error object.
	(bus_selinux_allows_send): -do-

	* bus/selinux.h: Fix prototypes for bus_selinux_allows_acquire_service
	and bus_selinux_allows_send

	* bus/bus.c (bus_context_check_security_policy): Pass error and
	pass on OOM thrown by bus_selinux_allows_send()

	* bus/services.c (bus_registry_acquire_service): Pass error and
	pass on OOM thrown by bus_selinux_allows_acquire_service()
parent 893f5b7b
2005-04-13 David Zeuthen <davidz@redhat.com>
* bus/selinux.c: Add c-file-style to top of file
(log_audit_callback): Don't free the data here anymore
(bus_selinux_check): Don't take spid and tpid since appending
that to auxdata may OOM.
(bus_selinux_allows_acquire_service): Handle OOM and signal back
to the caller if we are OOM by taking an error object.
(bus_selinux_allows_send): -do-
* bus/selinux.h: Fix prototypes for bus_selinux_allows_acquire_service
and bus_selinux_allows_send
* bus/bus.c (bus_context_check_security_policy): Pass error and
pass on OOM thrown by bus_selinux_allows_send()
* bus/services.c (bus_registry_acquire_service): Pass error and
pass on OOM thrown by bus_selinux_allows_acquire_service()
2005-04-13 Havoc Pennington <hp@redhat.com> 2005-04-13 Havoc Pennington <hp@redhat.com>
* glib/dbus-gmain.c (message_queue_dispatch): only dispatch one * glib/dbus-gmain.c (message_queue_dispatch): only dispatch one
......
...@@ -1139,8 +1139,16 @@ bus_context_check_security_policy (BusContext *context, ...@@ -1139,8 +1139,16 @@ bus_context_check_security_policy (BusContext *context,
dbus_message_get_interface (message), dbus_message_get_interface (message),
dbus_message_get_member (message), dbus_message_get_member (message),
dbus_message_get_error_name (message), dbus_message_get_error_name (message),
dest ? dest : DBUS_SERVICE_DBUS)) dest ? dest : DBUS_SERVICE_DBUS, error))
{ {
if (dbus_error_is_set (error) &&
dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY))
{
return FALSE;
}
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"An SELinux policy prevents this sender " "An SELinux policy prevents this sender "
"from sending this message to this recipient " "from sending this message to this recipient "
......
/* selinux.c SELinux security checks for D-BUS /* -*- mode: C; c-file-style: "gnu" -*-
* selinux.c SELinux security checks for D-BUS
* *
* Author: Matthew Rickard <mjricka@epoch.ncsc.mil> * Author: Matthew Rickard <mjricka@epoch.ncsc.mil>
* *
...@@ -131,8 +132,6 @@ log_audit_callback (void *data, security_class_t class, char *buf, size_t buflef ...@@ -131,8 +132,6 @@ log_audit_callback (void *data, security_class_t class, char *buf, size_t buflef
{ {
DBusString *audmsg = data; DBusString *audmsg = data;
_dbus_string_copy_to_buffer (audmsg, buf, bufleft); _dbus_string_copy_to_buffer (audmsg, buf, bufleft);
_dbus_string_free (audmsg);
dbus_free (audmsg);
} }
/** /**
...@@ -363,21 +362,11 @@ bus_selinux_check (BusSELinuxID *sender_sid, ...@@ -363,21 +362,11 @@ bus_selinux_check (BusSELinuxID *sender_sid,
BusSELinuxID *override_sid, BusSELinuxID *override_sid,
security_class_t target_class, security_class_t target_class,
access_vector_t requested, access_vector_t requested,
unsigned long spid,
unsigned long tpid,
DBusString *auxdata) DBusString *auxdata)
{ {
if (!selinux_enabled) if (!selinux_enabled)
return TRUE; return TRUE;
if (auxdata)
{
if (spid && _dbus_string_append (auxdata, " spid="))
_dbus_string_append_uint (auxdata, spid);
if (tpid && _dbus_string_append (auxdata, " tpid="))
_dbus_string_append_uint (auxdata, tpid);
}
/* Make the security check. AVC checks enforcing mode here as well. */ /* Make the security check. AVC checks enforcing mode here as well. */
if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid), if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid),
override_sid ? override_sid ?
...@@ -404,12 +393,14 @@ bus_selinux_check (BusSELinuxID *sender_sid, ...@@ -404,12 +393,14 @@ bus_selinux_check (BusSELinuxID *sender_sid,
dbus_bool_t dbus_bool_t
bus_selinux_allows_acquire_service (DBusConnection *connection, bus_selinux_allows_acquire_service (DBusConnection *connection,
BusSELinuxID *service_sid, BusSELinuxID *service_sid,
const char *service_name) const char *service_name,
DBusError *error)
{ {
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
BusSELinuxID *connection_sid; BusSELinuxID *connection_sid;
unsigned long spid; unsigned long spid;
DBusString *auxdata; DBusString auxdata;
dbus_bool_t ret;
if (!selinux_enabled) if (!selinux_enabled)
return TRUE; return TRUE;
...@@ -418,25 +409,38 @@ bus_selinux_allows_acquire_service (DBusConnection *connection, ...@@ -418,25 +409,38 @@ bus_selinux_allows_acquire_service (DBusConnection *connection,
if (!dbus_connection_get_unix_process_id (connection, &spid)) if (!dbus_connection_get_unix_process_id (connection, &spid))
spid = 0; spid = 0;
auxdata = dbus_new0 (DBusString, 1); if (!_dbus_string_init (&auxdata))
if (auxdata) goto oom;
{
if (!_dbus_string_init (auxdata)) if (!_dbus_string_append (&auxdata, "service="))
goto oom;
if (!_dbus_string_append (&auxdata, service_name))
goto oom;
if (spid)
{ {
dbus_free (auxdata); if (!_dbus_string_append (&auxdata, " spid="))
auxdata = NULL; goto oom;
}
else if (_dbus_string_append (auxdata, "service=")) if (!_dbus_string_append_uint (&auxdata, spid))
_dbus_string_append (auxdata, service_name); goto oom;
} }
return bus_selinux_check (connection_sid, ret = bus_selinux_check (connection_sid,
service_sid, service_sid,
SECCLASS_DBUS, SECCLASS_DBUS,
DBUS__ACQUIRE_SVC, DBUS__ACQUIRE_SVC,
spid, &auxdata);
0,
auxdata); _dbus_string_free (&auxdata);
return ret;
oom:
_dbus_string_free (&auxdata);
BUS_SET_OOM (error);
return FALSE;
#else #else
return TRUE; return TRUE;
#endif /* HAVE_SELINUX */ #endif /* HAVE_SELINUX */
...@@ -459,13 +463,15 @@ bus_selinux_allows_send (DBusConnection *sender, ...@@ -459,13 +463,15 @@ bus_selinux_allows_send (DBusConnection *sender,
const char *interface, const char *interface,
const char *member, const char *member,
const char *error_name, const char *error_name,
const char *destination) const char *destination,
DBusError *error)
{ {
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
BusSELinuxID *recipient_sid; BusSELinuxID *recipient_sid;
BusSELinuxID *sender_sid; BusSELinuxID *sender_sid;
unsigned long spid, tpid; unsigned long spid, tpid;
DBusString *auxdata; DBusString auxdata;
dbus_bool_t ret;
if (!selinux_enabled) if (!selinux_enabled)
return TRUE; return TRUE;
...@@ -475,27 +481,63 @@ bus_selinux_allows_send (DBusConnection *sender, ...@@ -475,27 +481,63 @@ bus_selinux_allows_send (DBusConnection *sender,
if (!proposed_recipient || !dbus_connection_get_unix_process_id (proposed_recipient, &tpid)) if (!proposed_recipient || !dbus_connection_get_unix_process_id (proposed_recipient, &tpid))
tpid = 0; tpid = 0;
auxdata = dbus_new0 (DBusString, 1); if (!_dbus_string_init (&auxdata))
if (auxdata) goto oom;
if (!_dbus_string_append (&auxdata, "msgtype="))
goto oom;
if (!_dbus_string_append (&auxdata, msgtype))
goto oom;
if (interface)
{ {
if (!_dbus_string_init (auxdata)) if (!_dbus_string_append (&auxdata, " interface="))
goto oom;
if (!_dbus_string_append (&auxdata, interface))
goto oom;
}
if (member)
{ {
dbus_free (auxdata); if (!_dbus_string_append (&auxdata, " member="))
auxdata = NULL; goto oom;
if (!_dbus_string_append (&auxdata, member))
goto oom;
} }
else
if (error_name)
{
if (!_dbus_string_append (&auxdata, " error_name="))
goto oom;
if (!_dbus_string_append (&auxdata, error_name))
goto oom;
}
if (destination)
{ {
if (_dbus_string_append (auxdata, "msgtype=")) if (!_dbus_string_append (&auxdata, " dest="))
_dbus_string_append (auxdata, msgtype); goto oom;
if (interface && _dbus_string_append (auxdata, " interface=")) if (!_dbus_string_append (&auxdata, destination))
_dbus_string_append (auxdata, interface); goto oom;
if (member && _dbus_string_append (auxdata, " member=")) }
_dbus_string_append (auxdata, member);
if (error_name && _dbus_string_append (auxdata, " error_name=")) if (spid)
_dbus_string_append (auxdata, error_name); {
if (destination && _dbus_string_append (auxdata, " dest=")) if (!_dbus_string_append (&auxdata, " spid="))
_dbus_string_append (auxdata, destination); goto oom;
if (!_dbus_string_append_uint (&auxdata, spid))
goto oom;
} }
if (tpid)
{
if (!_dbus_string_append (&auxdata, " tpid="))
goto oom;
if (!_dbus_string_append_uint (&auxdata, tpid))
goto oom;
} }
sender_sid = bus_connection_get_selinux_id (sender); sender_sid = bus_connection_get_selinux_id (sender);
...@@ -505,9 +547,21 @@ bus_selinux_allows_send (DBusConnection *sender, ...@@ -505,9 +547,21 @@ bus_selinux_allows_send (DBusConnection *sender,
else else
recipient_sid = BUS_SID_FROM_SELINUX (bus_sid); recipient_sid = BUS_SID_FROM_SELINUX (bus_sid);
return bus_selinux_check (sender_sid, recipient_sid, ret = bus_selinux_check (sender_sid,
SECCLASS_DBUS, DBUS__SEND_MSG, recipient_sid,
spid, tpid, auxdata); SECCLASS_DBUS,
DBUS__SEND_MSG,
&auxdata);
_dbus_string_free (&auxdata);
return ret;
oom:
_dbus_string_free (&auxdata);
BUS_SET_OOM (error);
return FALSE;
#else #else
return TRUE; return TRUE;
#endif /* HAVE_SELINUX */ #endif /* HAVE_SELINUX */
......
...@@ -48,14 +48,17 @@ const char* bus_selinux_get_policy_root (void); ...@@ -48,14 +48,17 @@ const char* bus_selinux_get_policy_root (void);
dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection, dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection,
BusSELinuxID *service_sid, BusSELinuxID *service_sid,
const char *service_name); const char *service_name,
DBusError *error);
dbus_bool_t bus_selinux_allows_send (DBusConnection *sender, dbus_bool_t bus_selinux_allows_send (DBusConnection *sender,
DBusConnection *proposed_recipient, DBusConnection *proposed_recipient,
const char *msgtype, /* Supplementary audit data */ const char *msgtype, /* Supplementary audit data */
const char *interface, const char *interface,
const char *member, const char *member,
const char *error_name, const char *error_name,
const char *destination); const char *destination,
DBusError *error);
BusSELinuxID* bus_selinux_init_connection_id (DBusConnection *connection, BusSELinuxID* bus_selinux_init_connection_id (DBusConnection *connection,
DBusError *error); DBusError *error);
......
...@@ -319,8 +319,15 @@ bus_registry_acquire_service (BusRegistry *registry, ...@@ -319,8 +319,15 @@ bus_registry_acquire_service (BusRegistry *registry,
service_name); service_name);
if (!bus_selinux_allows_acquire_service (connection, sid, if (!bus_selinux_allows_acquire_service (connection, sid,
_dbus_string_get_const_data (service_name))) _dbus_string_get_const_data (service_name), error))
{ {
if (dbus_error_is_set (error) &&
dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY))
{
goto out;
}
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"Connection \"%s\" is not allowed to own the service \"%s\" due " "Connection \"%s\" is not allowed to own the service \"%s\" due "
"to SELinux policy", "to SELinux policy",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment