dbus/bus selinux.h,1.9,1.10 selinux.c,1.16,1.17 driver.c,1.71,1.72
Colin Walters
walters at freedesktop.org
Sun Jul 17 03:34:10 EST 2005
Update of /cvs/dbus/dbus/bus
In directory gabe:/tmp/cvs-serv26465/bus
Modified Files:
selinux.h selinux.c driver.c
Log Message:
2005-07-16 Colin Walters <walters at verbum.org>
* bus/driver.c (bus_driver_handle_get_connection_selinux_security_context): Renamed
from bus_driver_handle_get_connection_unix_security_context. Update for
error usage.
(message_handlers): Update for renames.
* bus/selinux.c (bus_selinux_allows_send): Handle OOM on
_dbus_string_init failure correctly.
(bus_selinux_append_context): Convert SID to context. Append it
as a byte array.
(bus_selinux_shutdown): Handle the case where bus_selinux_full_init
hasn't been called.
* bus/selinux.h: Update prototype.
* dbus/dbus-protocol.h (DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN): Renamed
from DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN.
Index: selinux.h
===================================================================
RCS file: /cvs/dbus/dbus/bus/selinux.h,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- selinux.h 14 Jul 2005 21:45:42 -0000 1.9
+++ selinux.h 16 Jul 2005 17:34:08 -0000 1.10
@@ -46,7 +46,8 @@
const char* bus_selinux_get_policy_root (void);
dbus_bool_t bus_selinux_append_context (DBusMessage *message,
- BusSELinuxID *context);
+ BusSELinuxID *context,
+ DBusError *error);
dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection,
BusSELinuxID *service_sid,
Index: selinux.c
===================================================================
RCS file: /cvs/dbus/dbus/bus/selinux.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- selinux.c 15 Jul 2005 04:04:43 -0000 1.16
+++ selinux.c 16 Jul 2005 17:34:08 -0000 1.17
@@ -366,7 +366,7 @@
{
if (!selinux_enabled)
return TRUE;
-
+
/* Make the security check. AVC checks enforcing mode here as well. */
if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid),
override_sid ?
@@ -472,6 +472,7 @@
unsigned long spid, tpid;
DBusString auxdata;
dbus_bool_t ret;
+ dbus_bool_t string_alloced;
if (!selinux_enabled)
return TRUE;
@@ -481,8 +482,10 @@
if (!proposed_recipient || !dbus_connection_get_unix_process_id (proposed_recipient, &tpid))
tpid = 0;
+ string_alloced = FALSE;
if (!_dbus_string_init (&auxdata))
goto oom;
+ string_alloced = TRUE;
if (!_dbus_string_append (&auxdata, "msgtype="))
goto oom;
@@ -558,7 +561,8 @@
return ret;
oom:
- _dbus_string_free (&auxdata);
+ if (string_alloced)
+ _dbus_string_free (&auxdata);
BUS_SET_OOM (error);
return FALSE;
@@ -569,18 +573,36 @@
dbus_bool_t
bus_selinux_append_context (DBusMessage *message,
- BusSELinuxID *context)
+ BusSELinuxID *sid,
+ DBusError *error)
{
#ifdef HAVE_SELINUX
- /* Note if you change how the context is marshalled (e.g. to ay),
- * you also need to change driver.c for the appropriate return value.
- */
- return dbus_message_append_args (message,
- DBUS_TYPE_STRING,
- SELINUX_SID_FROM_BUS (context),
- DBUS_TYPE_INVALID);
+ char *context;
+
+ if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0)
+ {
+ if (errno == ENOMEM)
+ BUS_SET_OOM (error);
+ else
+ dbus_set_error (error, DBUS_ERROR_FAILED,
+ "Error getting context from SID: %s\n",
+ _dbus_strerror (errno));
+ return FALSE;
+ }
+ if (!dbus_message_append_args (message,
+ DBUS_TYPE_ARRAY,
+ DBUS_TYPE_BYTE,
+ &context,
+ strlen (context),
+ DBUS_TYPE_INVALID))
+ {
+ _DBUS_SET_OOM (error);
+ return FALSE;
+ }
+ freecon (context);
+ return TRUE;
#else
- return FALSE;
+ return TRUE;
#endif
}
@@ -893,14 +915,19 @@
if (!selinux_enabled)
return;
- sidput (bus_sid);
- bus_sid = SECSID_WILD;
-
+ _dbus_verbose ("AVC shutdown\n");
+
+ if (bus_sid != SECSID_WILD)
+ {
+ sidput (bus_sid);
+ bus_sid = SECSID_WILD;
+
#ifdef DBUS_ENABLE_VERBOSE_MODE
- bus_avc_print_stats ();
+ bus_avc_print_stats ();
#endif /* DBUS_ENABLE_VERBOSE_MODE */
- avc_destroy ();
+ avc_destroy ();
+ }
#endif /* HAVE_SELINUX */
}
Index: driver.c
===================================================================
RCS file: /cvs/dbus/dbus/bus/driver.c,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -d -r1.71 -r1.72
--- driver.c 14 Jul 2005 21:45:42 -0000 1.71
+++ driver.c 16 Jul 2005 17:34:08 -0000 1.72
@@ -1015,10 +1015,10 @@
}
static dbus_bool_t
-bus_driver_handle_get_connection_unix_security_context (DBusConnection *connection,
- BusTransaction *transaction,
- DBusMessage *message,
- DBusError *error)
+bus_driver_handle_get_connection_selinux_security_context (DBusConnection *connection,
+ BusTransaction *transaction,
+ DBusMessage *message,
+ DBusError *error)
{
const char *service;
DBusString str;
@@ -1062,13 +1062,13 @@
if (!context)
{
dbus_set_error (error,
- DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN,
+ DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN,
"Could not determine security context for '%s'", service);
goto failed;
}
- if (! bus_selinux_append_context (reply, context))
- goto oom;
+ if (! bus_selinux_append_context (reply, context, error))
+ goto failed;
if (! bus_transaction_send_from_driver (transaction, connection, reply))
goto oom;
@@ -1167,10 +1167,10 @@
DBUS_TYPE_STRING_AS_STRING,
DBUS_TYPE_UINT32_AS_STRING,
bus_driver_handle_get_connection_unix_process_id },
- { "GetConnectionUnixSecurityContext",
- DBUS_TYPE_STRING_AS_STRING,
+ { "GetConnectionSELinuxSecurityContext",
DBUS_TYPE_STRING_AS_STRING,
- bus_driver_handle_get_connection_unix_security_context },
+ DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_BYTE_AS_STRING,
+ bus_driver_handle_get_connection_selinux_security_context },
{ "ReloadConfig",
"",
"",
More information about the dbus-commit
mailing list