diff options
| author | Colin Walters <walters@verbum.org> | 2004-10-18 04:04:12 +0000 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2004-10-18 04:04:12 +0000 |
| commit | 736fa825e15c8d72eac85080e6cdf028c2f8df43 (patch) | |
| tree | 6775c8bd1b8170ff3312ec055d369fb7d66997ba | |
| parent | ca293924a0320277919c881d36bccdae5b8a32e7 (diff) | |
2004-10-18 Colin Walters <walters@verbum.org>
* bus/selinux.h: Add bus_selinux_enabled.
* bus/selinux.c (bus_selinux_enabled): Implement it.
* bus/config-parser.c (struct include): Add
if_selinux_enabled member.
(start_busconfig_child): Parse if_selinux_enabled
attribute for include.
(bus_config_parser_content): Handle it.
* bus/session.conf.in, bus/system.conf.in: Add
inclusion of context mapping to default config files;
conditional on SELinux being enabled.
* doc/busconfig.dtd: Add to if_selinux_enabled to default DTD.
* test/data/invalid-config-files/badselinux-1.conf,
test/data/invalid-config-files/badselinux-2.conf:
Test files for bad syntax.
| -rw-r--r-- | ChangeLog | 22 | ||||
| -rw-r--r-- | bus/config-parser.c | 23 | ||||
| -rw-r--r-- | bus/selinux.c | 10 | ||||
| -rw-r--r-- | bus/selinux.h | 2 | ||||
| -rw-r--r-- | bus/session.conf.in | 3 | ||||
| -rw-r--r-- | bus/system.conf.in | 2 | ||||
| -rw-r--r-- | doc/busconfig.dtd | 1 | ||||
| -rw-r--r-- | test/data/invalid-config-files/badselinux-1.conf | 10 | ||||
| -rw-r--r-- | test/data/invalid-config-files/badselinux-2.conf | 10 |
9 files changed, 83 insertions, 0 deletions
@@ -1,3 +1,25 @@ +2004-10-18 Colin Walters <walters@verbum.org> + + * bus/selinux.h: Add bus_selinux_enabled. + + * bus/selinux.c (bus_selinux_enabled): Implement it. + + * bus/config-parser.c (struct include): Add + if_selinux_enabled member. + (start_busconfig_child): Parse if_selinux_enabled + attribute for include. + (bus_config_parser_content): Handle it. + + * bus/session.conf.in, bus/system.conf.in: Add + inclusion of context mapping to default config files; + conditional on SELinux being enabled. + + * doc/busconfig.dtd: Add to if_selinux_enabled to default DTD. + + * test/data/invalid-config-files/badselinux-1.conf, + test/data/invalid-config-files/badselinux-2.conf: + Test files for bad syntax. + 2004-10-17 Colin Walters <walters@verbum.org> * dbus/dbus-memory.c (_dbus_initialize_malloc_debug, check_guards) diff --git a/bus/config-parser.c b/bus/config-parser.c index dfc313e3..ba1a434d 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -74,6 +74,7 @@ typedef struct struct { unsigned int ignore_missing : 1; + unsigned int if_selinux_enabled : 1; unsigned int selinux_root_relative : 1; } include; @@ -718,6 +719,7 @@ start_busconfig_child (BusConfigParser *parser, else if (strcmp (element_name, "include") == 0) { Element *e; + const char *if_selinux_enabled; const char *ignore_missing; const char *selinux_root_relative; @@ -728,6 +730,7 @@ start_busconfig_child (BusConfigParser *parser, } e->d.include.ignore_missing = FALSE; + e->d.include.if_selinux_enabled = FALSE; e->d.include.selinux_root_relative = FALSE; if (!locate_attributes (parser, "include", @@ -735,6 +738,7 @@ start_busconfig_child (BusConfigParser *parser, attribute_values, error, "ignore_missing", &ignore_missing, + "if_selinux_enabled", &if_selinux_enabled, "selinux_root_relative", &selinux_root_relative, NULL)) return FALSE; @@ -752,6 +756,21 @@ start_busconfig_child (BusConfigParser *parser, return FALSE; } } + + if (if_selinux_enabled != NULL) + { + if (strcmp (if_selinux_enabled, "yes") == 0) + e->d.include.if_selinux_enabled = TRUE; + else if (strcmp (if_selinux_enabled, "no") == 0) + e->d.include.if_selinux_enabled = FALSE; + else + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "if_selinux_enabled attribute must have value" + " \"yes\" or \"no\""); + return FALSE; + } + } if (selinux_root_relative != NULL) { @@ -2055,6 +2074,10 @@ bus_config_parser_content (BusConfigParser *parser, e->had_content = TRUE; + if (e->d.include.if_selinux_enabled + && !bus_selinux_enabled ()) + break; + if (!_dbus_string_init (&full_path)) goto nomem; diff --git a/bus/selinux.c b/bus/selinux.c index b5fb6371..0946caf9 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -191,6 +191,16 @@ avc_free_lock (void *lock) #endif /* HAVE_SELINUX */ /** + * Return whether or not SELinux is enabled; must be + * called after bus_selinux_init. + */ +dbus_bool_t +bus_selinux_enabled (void) +{ + return selinux_enabled; +} + +/** * Initialize the user space access vector cache (AVC) for D-BUS and set up * logging callbacks. */ diff --git a/bus/selinux.h b/bus/selinux.h index 20803833..886f9c71 100644 --- a/bus/selinux.h +++ b/bus/selinux.h @@ -30,6 +30,8 @@ dbus_bool_t bus_selinux_init (void); void bus_selinux_shutdown (void); +dbus_bool_t bus_selinux_enabled (void); + void bus_selinux_id_ref (BusSELinuxID *sid); void bus_selinux_id_unref (BusSELinuxID *sid); diff --git a/bus/session.conf.in b/bus/session.conf.in index 34d2492c..a537d9dc 100644 --- a/bus/session.conf.in +++ b/bus/session.conf.in @@ -26,4 +26,7 @@ <!-- This is included last so local configuration can override what's in this standard file --> <include ignore_missing="yes">session-local.conf</include> + + <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include> + </busconfig> diff --git a/bus/system.conf.in b/bus/system.conf.in index a45faaef..7b008978 100644 --- a/bus/system.conf.in +++ b/bus/system.conf.in @@ -57,4 +57,6 @@ in this standard file --> <include ignore_missing="yes">system-local.conf</include> + <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include> + </busconfig> diff --git a/doc/busconfig.dtd b/doc/busconfig.dtd index 2e8f577f..7edc1db3 100644 --- a/doc/busconfig.dtd +++ b/doc/busconfig.dtd @@ -23,6 +23,7 @@ <!ELEMENT include (#PCDATA)> <!ATTLIST include ignore_missing (yes|no) "no" + if_selinux_enabled (yes|no) "no" selinux_root_relative (yes|no) "no"> <!ELEMENT policy (allow|deny)*> diff --git a/test/data/invalid-config-files/badselinux-1.conf b/test/data/invalid-config-files/badselinux-1.conf new file mode 100644 index 00000000..4852ded2 --- /dev/null +++ b/test/data/invalid-config-files/badselinux-1.conf @@ -0,0 +1,10 @@ +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <user>mybususer</user> + <listen>unix:path=/foo/bar</listen> + <listen>tcp:port=1234</listen> + <includedir>basic.d</includedir> + <servicedir>/usr/share/foo</servicedir> + <include selinux_root_relative="jomoma">blah</include> +</busconfig> diff --git a/test/data/invalid-config-files/badselinux-2.conf b/test/data/invalid-config-files/badselinux-2.conf new file mode 100644 index 00000000..ac3b95c4 --- /dev/null +++ b/test/data/invalid-config-files/badselinux-2.conf @@ -0,0 +1,10 @@ +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <user>mybususer</user> + <listen>unix:path=/foo/bar</listen> + <listen>tcp:port=1234</listen> + <includedir>basic.d</includedir> + <servicedir>/usr/share/foo</servicedir> + <include if_selinux_enabled="moo">blah</include> +</busconfig> |