diff options
author | Havoc Pennington <hp@redhat.com> | 2004-07-30 05:59:34 +0000 |
---|---|---|
committer | Havoc Pennington <hp@redhat.com> | 2004-07-30 05:59:34 +0000 |
commit | 1e9b185b0c274ef0d684b1e43418388225321e72 (patch) | |
tree | 66bb08beb9ea1b4250953294134e2c995f8adf34 /bus/selinux.h | |
parent | 4076d31c71bee332c4a697597a93345b45850b33 (diff) |
2004-07-24 Havoc Pennington <hp@redhat.com>
SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
functionality
* configure.in: add --enable-selinux
* bus/policy.c (bus_policy_merge): add FIXME to a comment
* bus/main.c (main): initialize and shut down selinux
* bus/connection.c: store SELinux ID on each connection, to avoid
repeated getting of the string context and converting it into
an ID
* bus/bus.c (bus_context_get_policy): new accessor, though it
isn't used
(bus_context_check_security_policy): check whether the security
context of sender connection can send to the security context of
recipient connection
* bus/config-parser.c: add parsing for <selinux> and <associate>
* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
implement dbus_connection_get_unix_fd()
* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
function, used by the selinux stuff
Diffstat (limited to 'bus/selinux.h')
-rw-r--r-- | bus/selinux.h | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/bus/selinux.h b/bus/selinux.h new file mode 100644 index 00000000..79a9f98b --- /dev/null +++ b/bus/selinux.h @@ -0,0 +1,60 @@ +/* selinux.h SELinux security check headers for D-BUS + * + * Author: Matthew Rickard <mjricka@epoch.ncsc.mil> + * + * Licensed under the Academic Free License version 2.0 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + */ + +#ifndef BUS_SELINUX_H +#define BUS_SELINUX_H + +#include <dbus/dbus-hash.h> +#include <dbus/dbus-connection.h> +#include "services.h" + +dbus_bool_t bus_selinux_init (void); +void bus_selinux_shutdown (void); + +void bus_selinux_id_ref (BusSELinuxID *sid); +void bus_selinux_id_unref (BusSELinuxID *sid); + +DBusHashTable* bus_selinux_id_table_new (void); +BusSELinuxID* bus_selinux_id_table_lookup (DBusHashTable *service_table, + const DBusString *service_name); +dbus_bool_t bus_selinux_id_table_insert (DBusHashTable *service_table, + const char *service_name, + const char *service_context); +DBusHashTable* bus_selinux_id_table_union (DBusHashTable *base, + DBusHashTable *override); +void bus_selinux_id_table_print (DBusHashTable *service_table); + + + +dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection, + BusSELinuxID *service_sid); +dbus_bool_t bus_selinux_allows_send (DBusConnection *sender, + DBusConnection *proposed_recipient); + + + +BusSELinuxID* bus_selinux_init_connection_id (DBusConnection *connection, + DBusError *error); + + + +#endif /* BUS_SELINUX_H */ |