diff options
author | John (J5) Palmieri <johnp@redhat.com> | 2005-07-17 19:36:24 +0000 |
---|---|---|
committer | John (J5) Palmieri <johnp@redhat.com> | 2005-07-17 19:36:24 +0000 |
commit | b91870497d8303baf4c3fd0b8e7f90de44b753e1 (patch) | |
tree | 517b6cfdc938d24310f92d6783b03bfc955ad01b /bus/selinux.c | |
parent | 8f854c99d85ea2df9f5e2be100a97ba2466bf988 (diff) |
* NEWS: Updated to 0.35.2
* python/_dbus.py: Remove import of the dbus.services
module as it no longer exists (patch from Dimitur Kirov)
* python/service.py (Object::__init__): Fixed typo
s/name/bus_name (patch from Dimitur Kirov)
* python/examples/example-signal-emitter.py: import dbus.glib
to get the main loop and use glib mainloop instead of gtk so
X doesn't have to be running.
* python/examples/example-signal-recipient.py: import dbus.glib
to get the main loop and use glib mainloop instead of gtk so
X doesn't have to be running. Import the decorators module
directly.
* test/glib/Makefile.am: Added DIST_EXTRA files that distcheck
didn't pick up on but are needed to build
* configure.in: upped version to 0.35.2
* bus/driver.c, bus/selinux.c, bus/selinux.h, dbus/dbus-protocol.h:
added Colin Walters' SELinux API rename patch from head
s/unix sercurity context/selinux security context/
Diffstat (limited to 'bus/selinux.c')
-rw-r--r-- | bus/selinux.c | 59 |
1 files changed, 43 insertions, 16 deletions
diff --git a/bus/selinux.c b/bus/selinux.c index 2b88a60d..ad95f1c2 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -366,7 +366,7 @@ bus_selinux_check (BusSELinuxID *sender_sid, { if (!selinux_enabled) return TRUE; - + /* Make the security check. AVC checks enforcing mode here as well. */ if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid), override_sid ? @@ -472,6 +472,7 @@ bus_selinux_allows_send (DBusConnection *sender, unsigned long spid, tpid; DBusString auxdata; dbus_bool_t ret; + dbus_bool_t string_alloced; if (!selinux_enabled) return TRUE; @@ -481,8 +482,10 @@ bus_selinux_allows_send (DBusConnection *sender, if (!proposed_recipient || !dbus_connection_get_unix_process_id (proposed_recipient, &tpid)) tpid = 0; + string_alloced = FALSE; if (!_dbus_string_init (&auxdata)) goto oom; + string_alloced = TRUE; if (!_dbus_string_append (&auxdata, "msgtype=")) goto oom; @@ -558,7 +561,8 @@ bus_selinux_allows_send (DBusConnection *sender, return ret; oom: - _dbus_string_free (&auxdata); + if (string_alloced) + _dbus_string_free (&auxdata); BUS_SET_OOM (error); return FALSE; @@ -569,18 +573,36 @@ bus_selinux_allows_send (DBusConnection *sender, dbus_bool_t bus_selinux_append_context (DBusMessage *message, - BusSELinuxID *context) + BusSELinuxID *sid, + DBusError *error) { #ifdef HAVE_SELINUX - /* Note if you change how the context is marshalled (e.g. to ay), - * you also need to change driver.c for the appropriate return value. - */ - return dbus_message_append_args (message, - DBUS_TYPE_STRING, - SELINUX_SID_FROM_BUS (context), - DBUS_TYPE_INVALID); + char *context; + + if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0) + { + if (errno == ENOMEM) + BUS_SET_OOM (error); + else + dbus_set_error (error, DBUS_ERROR_FAILED, + "Error getting context from SID: %s\n", + _dbus_strerror (errno)); + return FALSE; + } + if (!dbus_message_append_args (message, + DBUS_TYPE_ARRAY, + DBUS_TYPE_BYTE, + &context, + strlen (context), + DBUS_TYPE_INVALID)) + { + _DBUS_SET_OOM (error); + return FALSE; + } + freecon (context); + return TRUE; #else - return FALSE; + return TRUE; #endif } @@ -893,14 +915,19 @@ bus_selinux_shutdown (void) if (!selinux_enabled) return; - sidput (bus_sid); - bus_sid = SECSID_WILD; - + _dbus_verbose ("AVC shutdown\n"); + + if (bus_sid != SECSID_WILD) + { + sidput (bus_sid); + bus_sid = SECSID_WILD; + #ifdef DBUS_ENABLE_VERBOSE_MODE - bus_avc_print_stats (); + bus_avc_print_stats (); #endif /* DBUS_ENABLE_VERBOSE_MODE */ - avc_destroy (); + avc_destroy (); + } #endif /* HAVE_SELINUX */ } |