Commit 9a94a135 authored by Colin Walters's avatar Colin Walters

2005-07-16 Colin Walters <walters@verbum.org>

	* bus/driver.c (bus_driver_handle_get_connection_selinux_security_context): Renamed
	from bus_driver_handle_get_connection_unix_security_context.  Update for
	error usage.
	(message_handlers): Update for renames.

	* bus/selinux.c (bus_selinux_allows_send): Handle OOM on
	_dbus_string_init failure correctly.
	(bus_selinux_append_context): Convert SID to context.  Append it
	as a byte array.
	(bus_selinux_shutdown): Handle the case where bus_selinux_full_init
	hasn't been called.

	* bus/selinux.h: Update prototype.

	* dbus/dbus-protocol.h (DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN): Renamed
	from DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN.
parent 3b628f92
......@@ -1015,10 +1015,10 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection,
}
static dbus_bool_t
bus_driver_handle_get_connection_unix_security_context (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error)
bus_driver_handle_get_connection_selinux_security_context (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error)
{
const char *service;
DBusString str;
......@@ -1062,13 +1062,13 @@ bus_driver_handle_get_connection_unix_security_context (DBusConnection *connecti
if (!context)
{
dbus_set_error (error,
DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN,
DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN,
"Could not determine security context for '%s'", service);
goto failed;
}
if (! bus_selinux_append_context (reply, context))
goto oom;
if (! bus_selinux_append_context (reply, context, error))
goto failed;
if (! bus_transaction_send_from_driver (transaction, connection, reply))
goto oom;
......@@ -1167,10 +1167,10 @@ struct
DBUS_TYPE_STRING_AS_STRING,
DBUS_TYPE_UINT32_AS_STRING,
bus_driver_handle_get_connection_unix_process_id },
{ "GetConnectionUnixSecurityContext",
DBUS_TYPE_STRING_AS_STRING,
{ "GetConnectionSELinuxSecurityContext",
DBUS_TYPE_STRING_AS_STRING,
bus_driver_handle_get_connection_unix_security_context },
DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_BYTE_AS_STRING,
bus_driver_handle_get_connection_selinux_security_context },
{ "ReloadConfig",
"",
"",
......
......@@ -366,7 +366,7 @@ bus_selinux_check (BusSELinuxID *sender_sid,
{
if (!selinux_enabled)
return TRUE;
/* Make the security check. AVC checks enforcing mode here as well. */
if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid),
override_sid ?
......@@ -472,6 +472,7 @@ bus_selinux_allows_send (DBusConnection *sender,
unsigned long spid, tpid;
DBusString auxdata;
dbus_bool_t ret;
dbus_bool_t string_alloced;
if (!selinux_enabled)
return TRUE;
......@@ -481,8 +482,10 @@ bus_selinux_allows_send (DBusConnection *sender,
if (!proposed_recipient || !dbus_connection_get_unix_process_id (proposed_recipient, &tpid))
tpid = 0;
string_alloced = FALSE;
if (!_dbus_string_init (&auxdata))
goto oom;
string_alloced = TRUE;
if (!_dbus_string_append (&auxdata, "msgtype="))
goto oom;
......@@ -558,7 +561,8 @@ bus_selinux_allows_send (DBusConnection *sender,
return ret;
oom:
_dbus_string_free (&auxdata);
if (string_alloced)
_dbus_string_free (&auxdata);
BUS_SET_OOM (error);
return FALSE;
......@@ -569,18 +573,36 @@ bus_selinux_allows_send (DBusConnection *sender,
dbus_bool_t
bus_selinux_append_context (DBusMessage *message,
BusSELinuxID *context)
BusSELinuxID *sid,
DBusError *error)
{
#ifdef HAVE_SELINUX
/* Note if you change how the context is marshalled (e.g. to ay),
* you also need to change driver.c for the appropriate return value.
*/
return dbus_message_append_args (message,
DBUS_TYPE_STRING,
SELINUX_SID_FROM_BUS (context),
DBUS_TYPE_INVALID);
char *context;
if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0)
{
if (errno == ENOMEM)
BUS_SET_OOM (error);
else
dbus_set_error (error, DBUS_ERROR_FAILED,
"Error getting context from SID: %s\n",
_dbus_strerror (errno));
return FALSE;
}
if (!dbus_message_append_args (message,
DBUS_TYPE_ARRAY,
DBUS_TYPE_BYTE,
&context,
strlen (context),
DBUS_TYPE_INVALID))
{
_DBUS_SET_OOM (error);
return FALSE;
}
freecon (context);
return TRUE;
#else
return FALSE;
return TRUE;
#endif
}
......@@ -893,14 +915,19 @@ bus_selinux_shutdown (void)
if (!selinux_enabled)
return;
sidput (bus_sid);
bus_sid = SECSID_WILD;
_dbus_verbose ("AVC shutdown\n");
if (bus_sid != SECSID_WILD)
{
sidput (bus_sid);
bus_sid = SECSID_WILD;
#ifdef DBUS_ENABLE_VERBOSE_MODE
bus_avc_print_stats ();
bus_avc_print_stats ();
#endif /* DBUS_ENABLE_VERBOSE_MODE */
avc_destroy ();
avc_destroy ();
}
#endif /* HAVE_SELINUX */
}
......@@ -46,7 +46,8 @@ void bus_selinux_id_table_print (DBusHashTable *service_table);
const char* bus_selinux_get_policy_root (void);
dbus_bool_t bus_selinux_append_context (DBusMessage *message,
BusSELinuxID *context);
BusSELinuxID *context,
DBusError *error);
dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection,
BusSELinuxID *service_sid,
......
......@@ -237,7 +237,7 @@ extern "C" {
#define DBUS_ERROR_SPAWN_FAILED "org.freedesktop.DBus.Error.Spawn.Failed"
#define DBUS_ERROR_UNIX_PROCESS_ID_UNKNOWN "org.freedesktop.DBus.Error.UnixProcessIdUnknown"
#define DBUS_ERROR_INVALID_SIGNATURE "org.freedesktop.DBus.Error.InvalidSignature"
#define DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN "org.freedesktop.DBus.Error.UnixSecurityContextUnknown"
#define DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown"
#define DBUS_INTROSPECT_1_0_XML_NAMESPACE "http://www.freedesktop.org/standards/dbus"
#define DBUS_INTROSPECT_1_0_XML_PUBLIC_IDENTIFIER "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment