Commit ad209bd0 authored by Tyler Hicks's avatar Tyler Hicks Committed by Simon McVittie

Do LSM checks after determining if the message is a requested reply

Move the call to bus_selinux_allows_send() after the call to
bus_connections_check_reply().

This allows LSMs to know if the message is a reply and whether or not it
was requested.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
Reviewed-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
parent c2686d53
......@@ -1562,30 +1562,6 @@ bus_context_check_security_policy (BusContext *context,
if (sender != NULL)
{
/* First verify the SELinux access controls. If allowed then
* go on with the standard checks.
*/
if (!bus_selinux_allows_send (sender, proposed_recipient,
dbus_message_type_to_string (dbus_message_get_type (message)),
dbus_message_get_interface (message),
dbus_message_get_member (message),
dbus_message_get_error_name (message),
dest ? dest : DBUS_SERVICE_DBUS, error))
{
if (error != NULL && !dbus_error_is_set (error))
{
/* don't syslog this, just set the error: avc_has_perm should
* have already written to either the audit log or syslog */
complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
"An SELinux policy prevents this sender from sending this "
"message to this recipient",
0, message, sender, proposed_recipient, FALSE, FALSE, error);
_dbus_verbose ("SELinux security check denying send to service\n");
}
return FALSE;
}
if (bus_connection_is_active (sender))
{
sender_policy = bus_connection_get_policy (sender);
......@@ -1615,6 +1591,35 @@ bus_context_check_security_policy (BusContext *context,
}
}
else
{
sender_policy = NULL;
}
/* First verify the SELinux access controls. If allowed then
* go on with the standard checks.
*/
if (!bus_selinux_allows_send (sender, proposed_recipient,
dbus_message_type_to_string (dbus_message_get_type (message)),
dbus_message_get_interface (message),
dbus_message_get_member (message),
dbus_message_get_error_name (message),
dest ? dest : DBUS_SERVICE_DBUS, error))
{
if (error != NULL && !dbus_error_is_set (error))
{
/* don't syslog this, just set the error: avc_has_perm should
* have already written to either the audit log or syslog */
complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
"An SELinux policy prevents this sender from sending this "
"message to this recipient",
0, message, sender, proposed_recipient, FALSE, FALSE, error);
_dbus_verbose ("SELinux security check denying send to service\n");
}
return FALSE;
}
if (!bus_connection_is_active (sender))
{
/* Policy for inactive connections is that they can only send
* the hello message to the bus driver
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment