SE-DBUS updates
Havoc Pennington
hp at redhat.com
Mon Jul 26 15:05:00 PDT 2004
On Mon, 2004-07-26 at 16:03, Matthew Rickard wrote:
>
> Now this one I'm not quite sure the cause. In
> > bus_selinux_id_table_free_value (BusSELinuxID *sid)
> It seems that sometimes the sid passed in is NULL, which causes
> bus_selinux_id_unref to throw an assertion. I solved this by simply
> testing for NULL before calling bus_selinux_id_unref. However, I'm
> still not sure why this is ever being passed NULL, so I don't know if
> this is the correct solution.
This is just an oddity of how DBusHashTable works, checking for NULL is
the right fix.
> > bus_selinux_allows_send (DBusConnection *sender,
> > DBusConnection *proposed_recipient)
> proposed_recipient can be NULL to represent the bus driver. The
> bus_selinux_allows_send was not testing this, and therefore throwing an
> assertion in bus_connection_get_selinux_id(). Adding a simple check
> here that uses the bus_sid on a NULL proposed_recipient corrected this.
Sounds sensible.
> For the
> > _dbus_assert_not_reached ("FIXME the avc_context_to_sid() error
> > handling");
> The only error avc_context_to_sid should fail on is ENOMEM, so I think
> it should be OK to just return NULL.
Wouldn't hurt to put in a _dbus_assert (errno == ENOMEM), which also
acts as a comment indicating that we thought about this.
> However, in
> > _dbus_assert_not_reached ("bus_selinux_init_id doesn't properly
> > indicate OOM");
> it can fail on errors other than ENOMEM (like failing to get the
> connection context). How should we handle this?
Just need to figure out what to do in each case. On ENOMEM usually what
we want to do is try again. If a connection has no context, then we'd
want to have a NULL context probably - but we have to be able to
distinguish no context from OOM. Typically DBusError is used for this.
> I also noticed that rather than using security_context_t for context
> types you are simply using char* instead. Is there any particular
> reason for this (since we do have the SELinux headers available in
> selinux.c)?
IIRC there were various spots that assumed it was a char* (copying it
with strdup, printing it out, assigning NULL to it) so I thought it was
clearer to just use char* - the type isn't genuinely opaque. Also
matches the general dbus and glib convention, we never typedef char* to
anything.
> I've attached a diff that applies on top of the patch you sent to show
> the few changes that I made. Hopefully we can get this ready in time to
> be included in the next D-BUS release.
Perfect, this is great. Do you want to fix the remaining issues above or
should I? We can commit after that I think, unless someone else sees
bugs.
Havoc
More information about the dbus
mailing list