diff options
| author | Havoc Pennington <hp@redhat.com> | 2004-07-30 05:59:34 +0000 |
|---|---|---|
| committer | Havoc Pennington <hp@redhat.com> | 2004-07-30 05:59:34 +0000 |
| commit | 1e9b185b0c274ef0d684b1e43418388225321e72 (patch) | |
| tree | 66bb08beb9ea1b4250953294134e2c995f8adf34 /bus/connection.c | |
| parent | 4076d31c71bee332c4a697597a93345b45850b33 (diff) | |
2004-07-24 Havoc Pennington <hp@redhat.com>
SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
functionality
* configure.in: add --enable-selinux
* bus/policy.c (bus_policy_merge): add FIXME to a comment
* bus/main.c (main): initialize and shut down selinux
* bus/connection.c: store SELinux ID on each connection, to avoid
repeated getting of the string context and converting it into
an ID
* bus/bus.c (bus_context_get_policy): new accessor, though it
isn't used
(bus_context_check_security_policy): check whether the security
context of sender connection can send to the security context of
recipient connection
* bus/config-parser.c: add parsing for <selinux> and <associate>
* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
implement dbus_connection_get_unix_fd()
* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
function, used by the selinux stuff
Diffstat (limited to 'bus/connection.c')
| -rw-r--r-- | bus/connection.c | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/bus/connection.c b/bus/connection.c index 6b4fbe73..b751cca8 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -27,6 +27,7 @@ #include "utils.h" #include "signals.h" #include "expirelist.h" +#include "selinux.h" #include <dbus/dbus-list.h> #include <dbus/dbus-hash.h> #include <dbus/dbus-timeout.h> @@ -75,6 +76,8 @@ typedef struct DBusPreallocatedSend *oom_preallocated; BusClientPolicy *policy; + BusSELinuxID *selinux_id; + long connection_tv_sec; /**< Time when we connected (seconds component) */ long connection_tv_usec; /**< Time when we connected (microsec component) */ int stamp; /**< connections->stamp last time we were traversed */ @@ -401,6 +404,9 @@ free_connection_data (void *data) if (d->policy) bus_client_policy_unref (d->policy); + + if (d->selinux_id) + bus_selinux_id_unref (d->selinux_id); dbus_free (d->name); @@ -539,6 +545,7 @@ bus_connections_setup_connection (BusConnections *connections, { BusConnectionData *d; dbus_bool_t retval; + DBusError error; d = dbus_new0 (BusConnectionData, 1); @@ -562,6 +569,20 @@ bus_connections_setup_connection (BusConnections *connections, } retval = FALSE; + + dbus_error_init (&error); + d->selinux_id = bus_selinux_init_connection_id (connection, + &error); + if (dbus_error_is_set (&error)) + { + /* This is a bit bogus because we pretend all errors + * are OOM; this is done because we know that in bus.c + * an OOM error disconnects the connection, which is + * the same thing we want on any other error. + */ + dbus_error_free (&error); + goto out; + } if (!dbus_connection_set_watch_functions (connection, add_connection_watch, @@ -639,7 +660,11 @@ bus_connections_setup_connection (BusConnections *connections, out: if (!retval) - { + { + if (d->selinux_id) + bus_selinux_id_unref (d->selinux_id); + d->selinux_id = NULL; + if (!dbus_connection_set_watch_functions (connection, NULL, NULL, NULL, connection, @@ -1008,6 +1033,18 @@ bus_connection_get_matchmaker (DBusConnection *connection) return bus_context_get_matchmaker (d->connections->context); } +BusSELinuxID* +bus_connection_get_selinux_id (DBusConnection *connection) +{ + BusConnectionData *d; + + d = BUS_CONNECTION_DATA (connection); + + _dbus_assert (d != NULL); + + return d->selinux_id; +} + /** * Checks whether the connection is registered with the message bus. * |