diff options
| author | Havoc Pennington <hp@redhat.com> | 2004-07-30 05:59:34 +0000 |
|---|---|---|
| committer | Havoc Pennington <hp@redhat.com> | 2004-07-30 05:59:34 +0000 |
| commit | 1e9b185b0c274ef0d684b1e43418388225321e72 (patch) | |
| tree | 66bb08beb9ea1b4250953294134e2c995f8adf34 /dbus/dbus-connection.c | |
| parent | 4076d31c71bee332c4a697597a93345b45850b33 (diff) | |
2004-07-24 Havoc Pennington <hp@redhat.com>
SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
functionality
* configure.in: add --enable-selinux
* bus/policy.c (bus_policy_merge): add FIXME to a comment
* bus/main.c (main): initialize and shut down selinux
* bus/connection.c: store SELinux ID on each connection, to avoid
repeated getting of the string context and converting it into
an ID
* bus/bus.c (bus_context_get_policy): new accessor, though it
isn't used
(bus_context_check_security_policy): check whether the security
context of sender connection can send to the security context of
recipient connection
* bus/config-parser.c: add parsing for <selinux> and <associate>
* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
implement dbus_connection_get_unix_fd()
* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
function, used by the selinux stuff
Diffstat (limited to 'dbus/dbus-connection.c')
| -rw-r--r-- | dbus/dbus-connection.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c index 58ab7900..91a2100e 100644 --- a/dbus/dbus-connection.c +++ b/dbus/dbus-connection.c @@ -2953,6 +2953,37 @@ dbus_connection_set_dispatch_status_function (DBusConnection *connec } /** + * Get the UNIX file descriptor of the connection, if any. This can + * be used for SELinux access control checks with getpeercon() for + * example. DO NOT read or write to the file descriptor, or try to + * select() on it; use DBusWatch for main loop integration. Not all + * connections will have a file descriptor. So for adding descriptors + * to the main loop, use dbus_watch_get_fd() and so forth. + * + * @param connection the connection + * @param fd return location for the file descriptor. + * @returns #TRUE if fd is successfully obtained. + */ +dbus_bool_t +dbus_connection_get_unix_fd (DBusConnection *connection, + int *fd) +{ + dbus_bool_t retval; + + _dbus_return_val_if_fail (connection != NULL, FALSE); + _dbus_return_val_if_fail (connection->transport != NULL, FALSE); + + CONNECTION_LOCK (connection); + + retval = _dbus_transport_get_unix_fd (connection->transport, + fd); + + CONNECTION_UNLOCK (connection); + + return retval; +} + +/** * Gets the UNIX user ID of the connection if any. * Returns #TRUE if the uid is filled in. * Always returns #FALSE on non-UNIX platforms. |