1. 09 Nov, 2004 1 commit
    • Colin Walters's avatar
      2004-11-09 Colin Walters <walters@verbum.org> · 935a41a0
      Colin Walters authored
      	* dbus/dbus-string.c (_dbus_string_get_length): New
      	function, writes DBusString to C buffer.
      
      	* dbus/dbus-string.h: Prototype it.
      
      	* dbus/dbus-message.c (dbus_message_type_to_string): New
      	function, converts message type into C string.
      
      	* dbus/dbus-message.h: Prototype it.
      
      	* bus/selinux.c (bus_selinux_check): Take source pid,
      	target pid, and audit data.  Pass audit data to
      	avc_has_perm.
      	(log_audit_callback): New function, appends extra
      	audit information.
      	(bus_selinux_allows_acquire_service): Also take
      	service name, add it to audit data.
      	(bus_selinux_allows_send): Also take message
      	type, interface, method member, error name,
      	and destination, and add them to audit data.
      	(log_cb): Initialize func_audit.
      
      	* bus/selinux.h (bus_selinux_allows_acquire_service)
      	(bus_selinux_allows_send): Update prototypes
      
      	* bus/services.c (bus_registry_acquire_service): Pass
      	service name to bus_selinux_allows_acquire_service.
      
      	* bus/bus.c (bus_context_check_security_policy): Pass
      	additional audit data.  Move assignment of dest
      	to its own line.
      935a41a0
  2. 07 Nov, 2004 1 commit
    • Colin Walters's avatar
      2004-11-07 Colin Walters <walters@verbum.org> · cdac3e05
      Colin Walters authored
      	* bus/bus.c (load_config): Break into three
      	separate functions: process_config_first_time_only,
      	process_config_every_time, and process_config_postinit.
      	(process_config_every_time): Move call of
      	bus_registry_set_service_context_table into
      	process_config_postinit.
      	(process_config_postinit): New function, does
      	any processing that needs to happen late
      	in initialization (and also on reload).
      	(bus_context_new): Instead of calling load_config,
      	open config parser here and call process_config_first_time_only
      	and process_config_every_time directly.  Later, after
      	we have forked but before changing UID,
      	invoke bus_selinux_full_init, and then call
      	process_config_postinit.
      	(bus_context_reload_config): As in bus_context_new,
      	load parse file inside here, and call process_config_every_time
      	and process_config_postinit.
      
      	* bus/services.h, bus/services.c
      	(bus_registry_set_service_context_table): Rename
      	from bus_registry_set_sid_table.  Take string hash from config
      	parser, and convert them here into SIDs.
      
      	* bus/config-parser.c (struct BusConfigParser): Have
      	config parser only store a mapping of service->context
      	string.
      	(merge_service_context_hash): New function.
      	(merge_included): Merge context string hashes instead
      	of using bus_selinux_id_table_union.
      	(bus_config_parser_new): Don't use bus_selinux_id_table_new;
      	simply create a new string hash.
      	(bus_config_parser_unref): Unref it.
      	(start_selinux_child): Simply insert strings into hash,
      	don't call bus_selinux_id_table_copy_over.
      
      	* bus/selinux.h, bus/selinux.c (bus_selinux_id_table_union)
      	(bus_selinux_id_table_copy_over): Delete.
      cdac3e05
  3. 04 Nov, 2004 2 commits
  4. 02 Nov, 2004 1 commit
    • Colin Walters's avatar
      2004-11-02 Colin Walters <walters@verbum.org> · 73ffe59d
      Colin Walters authored
      	* bus/selinux.c (bus_selinux_init): Split into two functions,
      	bus_selinux_pre_init and bus_selinux_post_init.
      	(bus_selinux_pre_init): Just determine whether SELinux is
      	enabled.
      	(bus_selinux_post_init): Do everything else.
      
      	* bus/main.c (main): Call bus_selinux_pre_init before parsing
      	config file, and bus_selinux_post_init after.  This ensures that
      	we don't lose the policyreload notification thread that
      	bus_selinux_init created before forking previously.
      
      	* bus/test-main.c (test_pre_hook): Update for split.
      73ffe59d
  5. 18 Oct, 2004 2 commits
    • Colin Walters's avatar
      2004-10-18 Colin Walters <walters@verbum.org> · f79e96fc
      Colin Walters authored
      	* bus/selinux.c (bus_selinux_enabled): Handle
      	--disable-selinux case.
      f79e96fc
    • Colin Walters's avatar
      2004-10-18 Colin Walters <walters@verbum.org> · 736fa825
      Colin Walters authored
      	* bus/selinux.h: Add bus_selinux_enabled.
      
      	* bus/selinux.c (bus_selinux_enabled): Implement it.
      
      	* bus/config-parser.c (struct include): Add
      	if_selinux_enabled member.
      	(start_busconfig_child): Parse if_selinux_enabled
      	attribute for include.
      	(bus_config_parser_content): Handle it.
      
      	* bus/session.conf.in, bus/system.conf.in: Add
      	inclusion of context mapping to default config files;
      	conditional on SELinux being enabled.
      
      	* doc/busconfig.dtd: Add to if_selinux_enabled to default DTD.
      
      	* test/data/invalid-config-files/badselinux-1.conf,
      	test/data/invalid-config-files/badselinux-2.conf:
      	Test files for bad syntax.
      736fa825
  6. 23 Aug, 2004 1 commit
    • Colin Walters's avatar
      2004-08-23 Colin Walters <walters@redhat.com> · ee78f280
      Colin Walters authored
      	* bus/selinux.h: Prototype bus_selinux_get_policy_root.
      
      	* bus/selinux.c: Create a thread for policy reload notification.
      	(bus_selinux_get_policy_root): Implement.
      
      	Updated SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
      
      	* bus/config-parser.c (start_busconfig_child)
      	(bus_config_parser_content): Support SELinux-root relative
      	inclusion.
      
      	* configure.in <HAVE_SELINUX>: Add -lpthread.
      
      	* bus/test-main.c (test_pre_hook, test_post_hook): New.
      	(test_post_hook): Move memory checking into here.
      	(test_pre_hook, test_post_hook): Move SELinux checks in
      	here, but conditional on a DBUS_TEST_SELINUX environment
      	variable.  Unfortunately we can't run the SELinux checks
      	as a normal user, since they won't have any permissions
      	for /selinux.  So this will have to be tested manually
      	for now, until we have virtualization for most of
      	libselinux.
      ee78f280
  7. 20 Aug, 2004 1 commit
  8. 10 Aug, 2004 1 commit
  9. 31 Jul, 2004 1 commit
  10. 30 Jul, 2004 1 commit
    • Havoc Pennington's avatar
      2004-07-24 Havoc Pennington <hp@redhat.com> · 1e9b185b
      Havoc Pennington authored
      	SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
      
      	* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
      	functionality
      
      	* configure.in: add --enable-selinux
      
      	* bus/policy.c (bus_policy_merge): add FIXME to a comment
      
      	* bus/main.c (main): initialize and shut down selinux
      
      	* bus/connection.c: store SELinux ID on each connection, to avoid
      	repeated getting of the string context and converting it into
      	an ID
      
      	* bus/bus.c (bus_context_get_policy): new accessor, though it
      	isn't used
      	(bus_context_check_security_policy): check whether the security
      	context of sender connection can send to the security context of
      	recipient connection
      
      	* bus/config-parser.c: add parsing for <selinux> and <associate>
      
      	* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
      	implement dbus_connection_get_unix_fd()
      
      	* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
      	function, used by the selinux stuff
      1e9b185b