2004-07-24 Havoc Pennington <hp@redhat.com>

SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil> * bus/selinux.c, bus/selinux.h: new file encapsulating selinux functionality * configure.in: add --enable-selinux * bus/policy.c (bus_policy_merge): add FIXME to a comment * bus/main.c (main): initialize and shut down selinux * bus/connection.c: store SELinux ID on each connection, to avoid repeated getting of the string context and converting it into an ID * bus/bus.c (bus_context_get_policy): new accessor, though it isn't used (bus_context_check_security_policy): check whether the security context of sender connection can send to the security context of recipient connection * bus/config-parser.c: add parsing for <selinux> and <associate> * dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to implement dbus_connection_get_unix_fd() * dbus/dbus-connection.c (dbus_connection_get_unix_fd): new function, used by the selinux stuff
author: Havoc Pennington <hp@redhat.com> 2004-07-30 05:59:34 +0000
committer: Havoc Pennington <hp@redhat.com> 2004-07-30 05:59:34 +0000
commit: 1e9b185b0c274ef0d684b1e43418388225321e72 (patch)
tree: 66bb08beb9ea1b4250953294134e2c995f8adf34 /dbus
parent: 4076d31c71bee332c4a697597a93345b45850b33 (diff)
6 files changed, 85 insertions, 1 deletions
diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c
index 58ab7900..91a2100e 100644
--- a/dbus/dbus-connection.c
+++ b/dbus/dbus-connection.c
@@ -2953,6 +2953,37 @@ dbus_connection_set_dispatch_status_function (DBusConnection             *connec
 }
 
 /**
+ * Get the UNIX file descriptor of the connection, if any.  This can
+ * be used for SELinux access control checks with getpeercon() for
+ * example. DO NOT read or write to the file descriptor, or try to
+ * select() on it; use DBusWatch for main loop integration. Not all
+ * connections will have a file descriptor. So for adding descriptors
+ * to the main loop, use dbus_watch_get_fd() and so forth.
+ *
+ * @param connection the connection
+ * @param fd return location for the file descriptor.
+ * @returns #TRUE if fd is successfully obtained.
+ */
+dbus_bool_t
+dbus_connection_get_unix_fd (DBusConnection *connection,
+                             int            *fd)
+{
+  dbus_bool_t retval;
+
+  _dbus_return_val_if_fail (connection != NULL, FALSE);
+  _dbus_return_val_if_fail (connection->transport != NULL, FALSE);
+  
+  CONNECTION_LOCK (connection);
+  
+  retval = _dbus_transport_get_unix_fd (connection->transport,
+                                        fd);
+
+  CONNECTION_UNLOCK (connection);
+
+  return retval;
+}
+
+/**
  * Gets the UNIX user ID of the connection if any.
  * Returns #TRUE if the uid is filled in.
  * Always returns #FALSE on non-UNIX platforms.
diff --git a/dbus/dbus-connection.h b/dbus/dbus-connection.h
index 12de0c05..c8c66a39 100644
--- a/dbus/dbus-connection.h
+++ b/dbus/dbus-connection.h
@@ -242,6 +242,9 @@ dbus_bool_t dbus_connection_list_registered        (DBusConnection
                                                     const char                  *parent_path,
                                                     char                      ***child_entries);
 
+dbus_bool_t dbus_connection_get_unix_fd            (DBusConnection              *connection,
+                                                    int                         *fd);
+
 DBUS_END_DECLS;
 
 #endif /* DBUS_CONNECTION_H */
diff --git a/dbus/dbus-transport-protected.h b/dbus/dbus-transport-protected.h
index 409e683b..4a9ce96d 100644
--- a/dbus/dbus-transport-protected.h
+++ b/dbus/dbus-transport-protected.h
@@ -71,6 +71,10 @@ struct DBusTransportVTable
 
   void        (* live_messages_changed) (DBusTransport *transport);
   /**< Outstanding messages counter changed */
+
+  dbus_bool_t (* get_unix_fd) (DBusTransport *transport,
+                               int           *fd_p);
+  /**< Get UNIX file descriptor */
 };
 
 /**
@@ -102,6 +106,7 @@ struct DBusTransport
   
   DBusAllowUnixUserFunction unix_user_function; /**< Function for checking whether a user is authorized. */
   void *unix_user_data;                         /**< Data for unix_user_function */
+  
   DBusFreeFunction free_unix_user_data;         /**< Function to free unix_user_data */
   
   unsigned int disconnected : 1;              /**< #TRUE if we are disconnected. */
diff --git a/dbus/dbus-transport-unix.c b/dbus/dbus-transport-unix.c
index 37825f1c..3447ae1d 100644
--- a/dbus/dbus-transport-unix.c
+++ b/dbus/dbus-transport-unix.c
@@ -948,6 +948,18 @@ unix_live_messages_changed (DBusTransport *transport)
   check_read_watch (transport);
 }
 
+
+static dbus_bool_t
+unix_get_unix_fd (DBusTransport *transport,
+                  int           *fd_p)
+{
+  DBusTransportUnix *unix_transport = (DBusTransportUnix*) transport;
+  
+  *fd_p = unix_transport->fd;
+
+  return TRUE;
+}
+
 static DBusTransportVTable unix_vtable = {
   unix_finalize,
   unix_handle_watch,
@@ -955,7 +967,8 @@ static DBusTransportVTable unix_vtable = {
   unix_connection_set,
   unix_messages_pending,
   unix_do_iteration,
-  unix_live_messages_changed
+  unix_live_messages_changed,
+  unix_get_unix_fd
 };
 
 /**
diff --git a/dbus/dbus-transport.c b/dbus/dbus-transport.c
index ada960d4..dde1c6d2 100644
--- a/dbus/dbus-transport.c
+++ b/dbus/dbus-transport.c
@@ -637,6 +637,35 @@ _dbus_transport_messages_pending (DBusTransport  *transport,
 }
 
 /**
+ * Get the UNIX file descriptor, if any.
+ *
+ * @param transport the transport
+ * @param fd_p pointer to fill in with the descriptor
+ * @returns #TRUE if a descriptor was available
+ */
+dbus_bool_t
+_dbus_transport_get_unix_fd (DBusTransport *transport,
+                             int           *fd_p)
+{
+  dbus_bool_t retval;
+  
+  if (transport->vtable->get_unix_fd == NULL)
+    return FALSE;
+
+  if (transport->disconnected)
+    return FALSE;
+
+  _dbus_transport_ref (transport);
+
+  retval = (* transport->vtable->get_unix_fd) (transport,
+                                               fd_p);
+  
+  _dbus_transport_unref (transport);
+
+  return retval;
+}
+
+/**
  * Performs a single poll()/select() on the transport's file
  * descriptors and then reads/writes data as appropriate,
  * queueing incoming messages and sending outgoing messages.
diff --git a/dbus/dbus-transport.h b/dbus/dbus-transport.h
index b6c7a4ec..88193f38 100644
--- a/dbus/dbus-transport.h
+++ b/dbus/dbus-transport.h
@@ -59,6 +59,9 @@ void               _dbus_transport_set_max_received_size  (DBusTransport
 long               _dbus_transport_get_max_received_size  (DBusTransport              *transport);
 dbus_bool_t        _dbus_transport_get_unix_user          (DBusTransport              *transport,
                                                            unsigned long              *uid);
+dbus_bool_t        _dbus_transport_get_unix_fd            (DBusTransport              *transport,
+                                                           int                        *fd_p);
+
 dbus_bool_t        _dbus_transport_get_unix_process_id     (DBusTransport              *transport,
                                                            unsigned long              *pid);
 void               _dbus_transport_set_unix_user_function (DBusTransport              *transport,
author	Havoc Pennington <hp@redhat.com>	2004-07-30 05:59:34 +0000
committer	Havoc Pennington <hp@redhat.com>	2004-07-30 05:59:34 +0000
commit	1e9b185b0c274ef0d684b1e43418388225321e72 (patch)
tree	66bb08beb9ea1b4250953294134e2c995f8adf34 /dbus
parent	4076d31c71bee332c4a697597a93345b45850b33 (diff)