Commit 44656f53 authored by David Zeuthen's avatar David Zeuthen

2005-04-13 David Zeuthen <davidz@redhat.com>

	* bus/selinux.c: Add c-file-style to top of file
	(log_audit_callback): Don't free the data here anymore
	(bus_selinux_check): Don't take spid and tpid since appending
	that to auxdata may OOM.
	(bus_selinux_allows_acquire_service): Handle OOM and signal back
	to the caller if we are OOM by taking an error object.
	(bus_selinux_allows_send): -do-

	* bus/selinux.h: Fix prototypes for bus_selinux_allows_acquire_service
	and bus_selinux_allows_send

	* bus/bus.c (bus_context_check_security_policy): Pass error and
	pass on OOM thrown by bus_selinux_allows_send()

	* bus/services.c (bus_registry_acquire_service): Pass error and
	pass on OOM thrown by bus_selinux_allows_acquire_service()
parent 893f5b7b
2005-04-13 David Zeuthen <davidz@redhat.com>
* bus/selinux.c: Add c-file-style to top of file
(log_audit_callback): Don't free the data here anymore
(bus_selinux_check): Don't take spid and tpid since appending
that to auxdata may OOM.
(bus_selinux_allows_acquire_service): Handle OOM and signal back
to the caller if we are OOM by taking an error object.
(bus_selinux_allows_send): -do-
* bus/selinux.h: Fix prototypes for bus_selinux_allows_acquire_service
and bus_selinux_allows_send
* bus/bus.c (bus_context_check_security_policy): Pass error and
pass on OOM thrown by bus_selinux_allows_send()
* bus/services.c (bus_registry_acquire_service): Pass error and
pass on OOM thrown by bus_selinux_allows_acquire_service()
2005-04-13 Havoc Pennington <hp@redhat.com>
* glib/dbus-gmain.c (message_queue_dispatch): only dispatch one
......
......@@ -1139,8 +1139,16 @@ bus_context_check_security_policy (BusContext *context,
dbus_message_get_interface (message),
dbus_message_get_member (message),
dbus_message_get_error_name (message),
dest ? dest : DBUS_SERVICE_DBUS))
dest ? dest : DBUS_SERVICE_DBUS, error))
{
if (dbus_error_is_set (error) &&
dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY))
{
return FALSE;
}
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"An SELinux policy prevents this sender "
"from sending this message to this recipient "
......
/* selinux.c SELinux security checks for D-BUS
/* -*- mode: C; c-file-style: "gnu" -*-
* selinux.c SELinux security checks for D-BUS
*
* Author: Matthew Rickard <mjricka@epoch.ncsc.mil>
*
......@@ -131,8 +132,6 @@ log_audit_callback (void *data, security_class_t class, char *buf, size_t buflef
{
DBusString *audmsg = data;
_dbus_string_copy_to_buffer (audmsg, buf, bufleft);
_dbus_string_free (audmsg);
dbus_free (audmsg);
}
/**
......@@ -363,21 +362,11 @@ bus_selinux_check (BusSELinuxID *sender_sid,
BusSELinuxID *override_sid,
security_class_t target_class,
access_vector_t requested,
unsigned long spid,
unsigned long tpid,
DBusString *auxdata)
{
if (!selinux_enabled)
return TRUE;
if (auxdata)
{
if (spid && _dbus_string_append (auxdata, " spid="))
_dbus_string_append_uint (auxdata, spid);
if (tpid && _dbus_string_append (auxdata, " tpid="))
_dbus_string_append_uint (auxdata, tpid);
}
/* Make the security check. AVC checks enforcing mode here as well. */
if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid),
override_sid ?
......@@ -404,12 +393,14 @@ bus_selinux_check (BusSELinuxID *sender_sid,
dbus_bool_t
bus_selinux_allows_acquire_service (DBusConnection *connection,
BusSELinuxID *service_sid,
const char *service_name)
const char *service_name,
DBusError *error)
{
#ifdef HAVE_SELINUX
BusSELinuxID *connection_sid;
unsigned long spid;
DBusString *auxdata;
DBusString auxdata;
dbus_bool_t ret;
if (!selinux_enabled)
return TRUE;
......@@ -418,25 +409,38 @@ bus_selinux_allows_acquire_service (DBusConnection *connection,
if (!dbus_connection_get_unix_process_id (connection, &spid))
spid = 0;
auxdata = dbus_new0 (DBusString, 1);
if (auxdata)
{
if (!_dbus_string_init (auxdata))
if (!_dbus_string_init (&auxdata))
goto oom;
if (!_dbus_string_append (&auxdata, "service="))
goto oom;
if (!_dbus_string_append (&auxdata, service_name))
goto oom;
if (spid)
{
dbus_free (auxdata);
auxdata = NULL;
}
else if (_dbus_string_append (auxdata, "service="))
_dbus_string_append (auxdata, service_name);
if (!_dbus_string_append (&auxdata, " spid="))
goto oom;
if (!_dbus_string_append_uint (&auxdata, spid))
goto oom;
}
return bus_selinux_check (connection_sid,
ret = bus_selinux_check (connection_sid,
service_sid,
SECCLASS_DBUS,
DBUS__ACQUIRE_SVC,
spid,
0,
auxdata);
&auxdata);
_dbus_string_free (&auxdata);
return ret;
oom:
_dbus_string_free (&auxdata);
BUS_SET_OOM (error);
return FALSE;
#else
return TRUE;
#endif /* HAVE_SELINUX */
......@@ -459,13 +463,15 @@ bus_selinux_allows_send (DBusConnection *sender,
const char *interface,
const char *member,
const char *error_name,
const char *destination)
const char *destination,
DBusError *error)
{
#ifdef HAVE_SELINUX
BusSELinuxID *recipient_sid;
BusSELinuxID *sender_sid;
unsigned long spid, tpid;
DBusString *auxdata;
DBusString auxdata;
dbus_bool_t ret;
if (!selinux_enabled)
return TRUE;
......@@ -475,27 +481,63 @@ bus_selinux_allows_send (DBusConnection *sender,
if (!proposed_recipient || !dbus_connection_get_unix_process_id (proposed_recipient, &tpid))
tpid = 0;
auxdata = dbus_new0 (DBusString, 1);
if (auxdata)
if (!_dbus_string_init (&auxdata))
goto oom;
if (!_dbus_string_append (&auxdata, "msgtype="))
goto oom;
if (!_dbus_string_append (&auxdata, msgtype))
goto oom;
if (interface)
{
if (!_dbus_string_init (auxdata))
if (!_dbus_string_append (&auxdata, " interface="))
goto oom;
if (!_dbus_string_append (&auxdata, interface))
goto oom;
}
if (member)
{
dbus_free (auxdata);
auxdata = NULL;
if (!_dbus_string_append (&auxdata, " member="))
goto oom;
if (!_dbus_string_append (&auxdata, member))
goto oom;
}
else
if (error_name)
{
if (!_dbus_string_append (&auxdata, " error_name="))
goto oom;
if (!_dbus_string_append (&auxdata, error_name))
goto oom;
}
if (destination)
{
if (_dbus_string_append (auxdata, "msgtype="))
_dbus_string_append (auxdata, msgtype);
if (interface && _dbus_string_append (auxdata, " interface="))
_dbus_string_append (auxdata, interface);
if (member && _dbus_string_append (auxdata, " member="))
_dbus_string_append (auxdata, member);
if (error_name && _dbus_string_append (auxdata, " error_name="))
_dbus_string_append (auxdata, error_name);
if (destination && _dbus_string_append (auxdata, " dest="))
_dbus_string_append (auxdata, destination);
if (!_dbus_string_append (&auxdata, " dest="))
goto oom;
if (!_dbus_string_append (&auxdata, destination))
goto oom;
}
if (spid)
{
if (!_dbus_string_append (&auxdata, " spid="))
goto oom;
if (!_dbus_string_append_uint (&auxdata, spid))
goto oom;
}
if (tpid)
{
if (!_dbus_string_append (&auxdata, " tpid="))
goto oom;
if (!_dbus_string_append_uint (&auxdata, tpid))
goto oom;
}
sender_sid = bus_connection_get_selinux_id (sender);
......@@ -505,9 +547,21 @@ bus_selinux_allows_send (DBusConnection *sender,
else
recipient_sid = BUS_SID_FROM_SELINUX (bus_sid);
return bus_selinux_check (sender_sid, recipient_sid,
SECCLASS_DBUS, DBUS__SEND_MSG,
spid, tpid, auxdata);
ret = bus_selinux_check (sender_sid,
recipient_sid,
SECCLASS_DBUS,
DBUS__SEND_MSG,
&auxdata);
_dbus_string_free (&auxdata);
return ret;
oom:
_dbus_string_free (&auxdata);
BUS_SET_OOM (error);
return FALSE;
#else
return TRUE;
#endif /* HAVE_SELINUX */
......
......@@ -48,14 +48,17 @@ const char* bus_selinux_get_policy_root (void);
dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection,
BusSELinuxID *service_sid,
const char *service_name);
const char *service_name,
DBusError *error);
dbus_bool_t bus_selinux_allows_send (DBusConnection *sender,
DBusConnection *proposed_recipient,
const char *msgtype, /* Supplementary audit data */
const char *interface,
const char *member,
const char *error_name,
const char *destination);
const char *destination,
DBusError *error);
BusSELinuxID* bus_selinux_init_connection_id (DBusConnection *connection,
DBusError *error);
......
......@@ -319,8 +319,15 @@ bus_registry_acquire_service (BusRegistry *registry,
service_name);
if (!bus_selinux_allows_acquire_service (connection, sid,
_dbus_string_get_const_data (service_name)))
_dbus_string_get_const_data (service_name), error))
{
if (dbus_error_is_set (error) &&
dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY))
{
goto out;
}
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"Connection \"%s\" is not allowed to own the service \"%s\" due "
"to SELinux policy",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment