Commit 736fa825 authored by Colin Walters's avatar Colin Walters

2004-10-18 Colin Walters <walters@verbum.org>

	* bus/selinux.h: Add bus_selinux_enabled.

	* bus/selinux.c (bus_selinux_enabled): Implement it.

	* bus/config-parser.c (struct include): Add
	if_selinux_enabled member.
	(start_busconfig_child): Parse if_selinux_enabled
	attribute for include.
	(bus_config_parser_content): Handle it.

	* bus/session.conf.in, bus/system.conf.in: Add
	inclusion of context mapping to default config files;
	conditional on SELinux being enabled.

	* doc/busconfig.dtd: Add to if_selinux_enabled to default DTD.

	* test/data/invalid-config-files/badselinux-1.conf,
	test/data/invalid-config-files/badselinux-2.conf:
	Test files for bad syntax.
parent ca293924
2004-10-18 Colin Walters <walters@verbum.org>
* bus/selinux.h: Add bus_selinux_enabled.
* bus/selinux.c (bus_selinux_enabled): Implement it.
* bus/config-parser.c (struct include): Add
if_selinux_enabled member.
(start_busconfig_child): Parse if_selinux_enabled
attribute for include.
(bus_config_parser_content): Handle it.
* bus/session.conf.in, bus/system.conf.in: Add
inclusion of context mapping to default config files;
conditional on SELinux being enabled.
* doc/busconfig.dtd: Add to if_selinux_enabled to default DTD.
* test/data/invalid-config-files/badselinux-1.conf,
test/data/invalid-config-files/badselinux-2.conf:
Test files for bad syntax.
2004-10-17 Colin Walters <walters@verbum.org>
* dbus/dbus-memory.c (_dbus_initialize_malloc_debug, check_guards)
......
......@@ -74,6 +74,7 @@ typedef struct
struct
{
unsigned int ignore_missing : 1;
unsigned int if_selinux_enabled : 1;
unsigned int selinux_root_relative : 1;
} include;
......@@ -718,6 +719,7 @@ start_busconfig_child (BusConfigParser *parser,
else if (strcmp (element_name, "include") == 0)
{
Element *e;
const char *if_selinux_enabled;
const char *ignore_missing;
const char *selinux_root_relative;
......@@ -728,6 +730,7 @@ start_busconfig_child (BusConfigParser *parser,
}
e->d.include.ignore_missing = FALSE;
e->d.include.if_selinux_enabled = FALSE;
e->d.include.selinux_root_relative = FALSE;
if (!locate_attributes (parser, "include",
......@@ -735,6 +738,7 @@ start_busconfig_child (BusConfigParser *parser,
attribute_values,
error,
"ignore_missing", &ignore_missing,
"if_selinux_enabled", &if_selinux_enabled,
"selinux_root_relative", &selinux_root_relative,
NULL))
return FALSE;
......@@ -752,6 +756,21 @@ start_busconfig_child (BusConfigParser *parser,
return FALSE;
}
}
if (if_selinux_enabled != NULL)
{
if (strcmp (if_selinux_enabled, "yes") == 0)
e->d.include.if_selinux_enabled = TRUE;
else if (strcmp (if_selinux_enabled, "no") == 0)
e->d.include.if_selinux_enabled = FALSE;
else
{
dbus_set_error (error, DBUS_ERROR_FAILED,
"if_selinux_enabled attribute must have value"
" \"yes\" or \"no\"");
return FALSE;
}
}
if (selinux_root_relative != NULL)
{
......@@ -2055,6 +2074,10 @@ bus_config_parser_content (BusConfigParser *parser,
e->had_content = TRUE;
if (e->d.include.if_selinux_enabled
&& !bus_selinux_enabled ())
break;
if (!_dbus_string_init (&full_path))
goto nomem;
......
......@@ -190,6 +190,16 @@ avc_free_lock (void *lock)
}
#endif /* HAVE_SELINUX */
/**
* Return whether or not SELinux is enabled; must be
* called after bus_selinux_init.
*/
dbus_bool_t
bus_selinux_enabled (void)
{
return selinux_enabled;
}
/**
* Initialize the user space access vector cache (AVC) for D-BUS and set up
* logging callbacks.
......
......@@ -30,6 +30,8 @@
dbus_bool_t bus_selinux_init (void);
void bus_selinux_shutdown (void);
dbus_bool_t bus_selinux_enabled (void);
void bus_selinux_id_ref (BusSELinuxID *sid);
void bus_selinux_id_unref (BusSELinuxID *sid);
......
......@@ -26,4 +26,7 @@
<!-- This is included last so local configuration can override what's
in this standard file -->
<include ignore_missing="yes">session-local.conf</include>
<include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
</busconfig>
......@@ -57,4 +57,6 @@
in this standard file -->
<include ignore_missing="yes">system-local.conf</include>
<include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
</busconfig>
......@@ -23,6 +23,7 @@
<!ELEMENT include (#PCDATA)>
<!ATTLIST include
ignore_missing (yes|no) "no"
if_selinux_enabled (yes|no) "no"
selinux_root_relative (yes|no) "no">
<!ELEMENT policy (allow|deny)*>
......
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<user>mybususer</user>
<listen>unix:path=/foo/bar</listen>
<listen>tcp:port=1234</listen>
<includedir>basic.d</includedir>
<servicedir>/usr/share/foo</servicedir>
<include selinux_root_relative="jomoma">blah</include>
</busconfig>
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<user>mybususer</user>
<listen>unix:path=/foo/bar</listen>
<listen>tcp:port=1234</listen>
<includedir>basic.d</includedir>
<servicedir>/usr/share/foo</servicedir>
<include if_selinux_enabled="moo">blah</include>
</busconfig>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment