summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Zeuthen <davidz@redhat.com>2005-04-13 14:27:11 +0000
committerDavid Zeuthen <davidz@redhat.com>2005-04-13 14:27:11 +0000
commit44656f538f69e8f8709ddb6ab285db29f65f62dd (patch)
tree7481890277faf957d3130bd1a9b32e128f786537
parent893f5b7bf561922dafae9d8397b82ee9ee35ad49 (diff)
2005-04-13 David Zeuthen <davidz@redhat.com>
* bus/selinux.c: Add c-file-style to top of file (log_audit_callback): Don't free the data here anymore (bus_selinux_check): Don't take spid and tpid since appending that to auxdata may OOM. (bus_selinux_allows_acquire_service): Handle OOM and signal back to the caller if we are OOM by taking an error object. (bus_selinux_allows_send): -do- * bus/selinux.h: Fix prototypes for bus_selinux_allows_acquire_service and bus_selinux_allows_send * bus/bus.c (bus_context_check_security_policy): Pass error and pass on OOM thrown by bus_selinux_allows_send() * bus/services.c (bus_registry_acquire_service): Pass error and pass on OOM thrown by bus_selinux_allows_acquire_service()
-rw-r--r--ChangeLog19
-rw-r--r--bus/bus.c10
-rw-r--r--bus/selinux.c168
-rw-r--r--bus/selinux.h7
-rw-r--r--bus/services.c9
5 files changed, 152 insertions, 61 deletions
diff --git a/ChangeLog b/ChangeLog
index 61656003..25a74ae1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,22 @@
+2005-04-13 David Zeuthen <davidz@redhat.com>
+
+ * bus/selinux.c: Add c-file-style to top of file
+ (log_audit_callback): Don't free the data here anymore
+ (bus_selinux_check): Don't take spid and tpid since appending
+ that to auxdata may OOM.
+ (bus_selinux_allows_acquire_service): Handle OOM and signal back
+ to the caller if we are OOM by taking an error object.
+ (bus_selinux_allows_send): -do-
+
+ * bus/selinux.h: Fix prototypes for bus_selinux_allows_acquire_service
+ and bus_selinux_allows_send
+
+ * bus/bus.c (bus_context_check_security_policy): Pass error and
+ pass on OOM thrown by bus_selinux_allows_send()
+
+ * bus/services.c (bus_registry_acquire_service): Pass error and
+ pass on OOM thrown by bus_selinux_allows_acquire_service()
+
2005-04-13 Havoc Pennington <hp@redhat.com>
* glib/dbus-gmain.c (message_queue_dispatch): only dispatch one
diff --git a/bus/bus.c b/bus/bus.c
index cd2a0401..0340dd3c 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -1139,8 +1139,16 @@ bus_context_check_security_policy (BusContext *context,
dbus_message_get_interface (message),
dbus_message_get_member (message),
dbus_message_get_error_name (message),
- dest ? dest : DBUS_SERVICE_DBUS))
+ dest ? dest : DBUS_SERVICE_DBUS, error))
{
+
+ if (dbus_error_is_set (error) &&
+ dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY))
+ {
+ return FALSE;
+ }
+
+
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"An SELinux policy prevents this sender "
"from sending this message to this recipient "
diff --git a/bus/selinux.c b/bus/selinux.c
index 5cb4438a..c647a77b 100644
--- a/bus/selinux.c
+++ b/bus/selinux.c
@@ -1,4 +1,5 @@
-/* selinux.c SELinux security checks for D-BUS
+/* -*- mode: C; c-file-style: "gnu" -*-
+ * selinux.c SELinux security checks for D-BUS
*
* Author: Matthew Rickard <mjricka@epoch.ncsc.mil>
*
@@ -131,8 +132,6 @@ log_audit_callback (void *data, security_class_t class, char *buf, size_t buflef
{
DBusString *audmsg = data;
_dbus_string_copy_to_buffer (audmsg, buf, bufleft);
- _dbus_string_free (audmsg);
- dbus_free (audmsg);
}
/**
@@ -363,20 +362,10 @@ bus_selinux_check (BusSELinuxID *sender_sid,
BusSELinuxID *override_sid,
security_class_t target_class,
access_vector_t requested,
- unsigned long spid,
- unsigned long tpid,
DBusString *auxdata)
{
if (!selinux_enabled)
return TRUE;
-
- if (auxdata)
- {
- if (spid && _dbus_string_append (auxdata, " spid="))
- _dbus_string_append_uint (auxdata, spid);
- if (tpid && _dbus_string_append (auxdata, " tpid="))
- _dbus_string_append_uint (auxdata, tpid);
- }
/* Make the security check. AVC checks enforcing mode here as well. */
if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid),
@@ -404,39 +393,54 @@ bus_selinux_check (BusSELinuxID *sender_sid,
dbus_bool_t
bus_selinux_allows_acquire_service (DBusConnection *connection,
BusSELinuxID *service_sid,
- const char *service_name)
+ const char *service_name,
+ DBusError *error)
{
#ifdef HAVE_SELINUX
BusSELinuxID *connection_sid;
unsigned long spid;
- DBusString *auxdata;
+ DBusString auxdata;
+ dbus_bool_t ret;
if (!selinux_enabled)
return TRUE;
-
+
connection_sid = bus_connection_get_selinux_id (connection);
if (!dbus_connection_get_unix_process_id (connection, &spid))
spid = 0;
- auxdata = dbus_new0 (DBusString, 1);
- if (auxdata)
+ if (!_dbus_string_init (&auxdata))
+ goto oom;
+
+ if (!_dbus_string_append (&auxdata, "service="))
+ goto oom;
+
+ if (!_dbus_string_append (&auxdata, service_name))
+ goto oom;
+
+ if (spid)
{
- if (!_dbus_string_init (auxdata))
- {
- dbus_free (auxdata);
- auxdata = NULL;
- }
- else if (_dbus_string_append (auxdata, "service="))
- _dbus_string_append (auxdata, service_name);
+ if (!_dbus_string_append (&auxdata, " spid="))
+ goto oom;
+
+ if (!_dbus_string_append_uint (&auxdata, spid))
+ goto oom;
}
- return bus_selinux_check (connection_sid,
- service_sid,
- SECCLASS_DBUS,
- DBUS__ACQUIRE_SVC,
- spid,
- 0,
- auxdata);
+ ret = bus_selinux_check (connection_sid,
+ service_sid,
+ SECCLASS_DBUS,
+ DBUS__ACQUIRE_SVC,
+ &auxdata);
+
+ _dbus_string_free (&auxdata);
+ return ret;
+
+ oom:
+ _dbus_string_free (&auxdata);
+ BUS_SET_OOM (error);
+ return FALSE;
+
#else
return TRUE;
#endif /* HAVE_SELINUX */
@@ -459,13 +463,15 @@ bus_selinux_allows_send (DBusConnection *sender,
const char *interface,
const char *member,
const char *error_name,
- const char *destination)
+ const char *destination,
+ DBusError *error)
{
#ifdef HAVE_SELINUX
BusSELinuxID *recipient_sid;
BusSELinuxID *sender_sid;
unsigned long spid, tpid;
- DBusString *auxdata;
+ DBusString auxdata;
+ dbus_bool_t ret;
if (!selinux_enabled)
return TRUE;
@@ -475,27 +481,63 @@ bus_selinux_allows_send (DBusConnection *sender,
if (!proposed_recipient || !dbus_connection_get_unix_process_id (proposed_recipient, &tpid))
tpid = 0;
- auxdata = dbus_new0 (DBusString, 1);
- if (auxdata)
+ if (!_dbus_string_init (&auxdata))
+ goto oom;
+
+ if (!_dbus_string_append (&auxdata, "msgtype="))
+ goto oom;
+
+ if (!_dbus_string_append (&auxdata, msgtype))
+ goto oom;
+
+ if (interface)
{
- if (!_dbus_string_init (auxdata))
- {
- dbus_free (auxdata);
- auxdata = NULL;
- }
- else
- {
- if (_dbus_string_append (auxdata, "msgtype="))
- _dbus_string_append (auxdata, msgtype);
- if (interface && _dbus_string_append (auxdata, " interface="))
- _dbus_string_append (auxdata, interface);
- if (member && _dbus_string_append (auxdata, " member="))
- _dbus_string_append (auxdata, member);
- if (error_name && _dbus_string_append (auxdata, " error_name="))
- _dbus_string_append (auxdata, error_name);
- if (destination && _dbus_string_append (auxdata, " dest="))
- _dbus_string_append (auxdata, destination);
- }
+ if (!_dbus_string_append (&auxdata, " interface="))
+ goto oom;
+ if (!_dbus_string_append (&auxdata, interface))
+ goto oom;
+ }
+
+ if (member)
+ {
+ if (!_dbus_string_append (&auxdata, " member="))
+ goto oom;
+ if (!_dbus_string_append (&auxdata, member))
+ goto oom;
+ }
+
+ if (error_name)
+ {
+ if (!_dbus_string_append (&auxdata, " error_name="))
+ goto oom;
+ if (!_dbus_string_append (&auxdata, error_name))
+ goto oom;
+ }
+
+ if (destination)
+ {
+ if (!_dbus_string_append (&auxdata, " dest="))
+ goto oom;
+ if (!_dbus_string_append (&auxdata, destination))
+ goto oom;
+ }
+
+ if (spid)
+ {
+ if (!_dbus_string_append (&auxdata, " spid="))
+ goto oom;
+
+ if (!_dbus_string_append_uint (&auxdata, spid))
+ goto oom;
+ }
+
+ if (tpid)
+ {
+ if (!_dbus_string_append (&auxdata, " tpid="))
+ goto oom;
+
+ if (!_dbus_string_append_uint (&auxdata, tpid))
+ goto oom;
}
sender_sid = bus_connection_get_selinux_id (sender);
@@ -505,9 +547,21 @@ bus_selinux_allows_send (DBusConnection *sender,
else
recipient_sid = BUS_SID_FROM_SELINUX (bus_sid);
- return bus_selinux_check (sender_sid, recipient_sid,
- SECCLASS_DBUS, DBUS__SEND_MSG,
- spid, tpid, auxdata);
+ ret = bus_selinux_check (sender_sid,
+ recipient_sid,
+ SECCLASS_DBUS,
+ DBUS__SEND_MSG,
+ &auxdata);
+
+ _dbus_string_free (&auxdata);
+
+ return ret;
+
+ oom:
+ _dbus_string_free (&auxdata);
+ BUS_SET_OOM (error);
+ return FALSE;
+
#else
return TRUE;
#endif /* HAVE_SELINUX */
diff --git a/bus/selinux.h b/bus/selinux.h
index 3627126c..4424fa82 100644
--- a/bus/selinux.h
+++ b/bus/selinux.h
@@ -48,14 +48,17 @@ const char* bus_selinux_get_policy_root (void);
dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection,
BusSELinuxID *service_sid,
- const char *service_name);
+ const char *service_name,
+ DBusError *error);
+
dbus_bool_t bus_selinux_allows_send (DBusConnection *sender,
DBusConnection *proposed_recipient,
const char *msgtype, /* Supplementary audit data */
const char *interface,
const char *member,
const char *error_name,
- const char *destination);
+ const char *destination,
+ DBusError *error);
BusSELinuxID* bus_selinux_init_connection_id (DBusConnection *connection,
DBusError *error);
diff --git a/bus/services.c b/bus/services.c
index 4392daa2..7a22dce7 100644
--- a/bus/services.c
+++ b/bus/services.c
@@ -319,8 +319,15 @@ bus_registry_acquire_service (BusRegistry *registry,
service_name);
if (!bus_selinux_allows_acquire_service (connection, sid,
- _dbus_string_get_const_data (service_name)))
+ _dbus_string_get_const_data (service_name), error))
{
+
+ if (dbus_error_is_set (error) &&
+ dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY))
+ {
+ goto out;
+ }
+
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"Connection \"%s\" is not allowed to own the service \"%s\" due "
"to SELinux policy",