diff options
author | Havoc Pennington <hp@redhat.com> | 2004-07-30 05:59:34 +0000 |
---|---|---|
committer | Havoc Pennington <hp@redhat.com> | 2004-07-30 05:59:34 +0000 |
commit | 1e9b185b0c274ef0d684b1e43418388225321e72 (patch) | |
tree | 66bb08beb9ea1b4250953294134e2c995f8adf34 /dbus | |
parent | 4076d31c71bee332c4a697597a93345b45850b33 (diff) |
2004-07-24 Havoc Pennington <hp@redhat.com>
SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
functionality
* configure.in: add --enable-selinux
* bus/policy.c (bus_policy_merge): add FIXME to a comment
* bus/main.c (main): initialize and shut down selinux
* bus/connection.c: store SELinux ID on each connection, to avoid
repeated getting of the string context and converting it into
an ID
* bus/bus.c (bus_context_get_policy): new accessor, though it
isn't used
(bus_context_check_security_policy): check whether the security
context of sender connection can send to the security context of
recipient connection
* bus/config-parser.c: add parsing for <selinux> and <associate>
* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
implement dbus_connection_get_unix_fd()
* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
function, used by the selinux stuff
Diffstat (limited to 'dbus')
-rw-r--r-- | dbus/dbus-connection.c | 31 | ||||
-rw-r--r-- | dbus/dbus-connection.h | 3 | ||||
-rw-r--r-- | dbus/dbus-transport-protected.h | 5 | ||||
-rw-r--r-- | dbus/dbus-transport-unix.c | 15 | ||||
-rw-r--r-- | dbus/dbus-transport.c | 29 | ||||
-rw-r--r-- | dbus/dbus-transport.h | 3 |
6 files changed, 85 insertions, 1 deletions
diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c index 58ab7900..91a2100e 100644 --- a/dbus/dbus-connection.c +++ b/dbus/dbus-connection.c @@ -2953,6 +2953,37 @@ dbus_connection_set_dispatch_status_function (DBusConnection *connec } /** + * Get the UNIX file descriptor of the connection, if any. This can + * be used for SELinux access control checks with getpeercon() for + * example. DO NOT read or write to the file descriptor, or try to + * select() on it; use DBusWatch for main loop integration. Not all + * connections will have a file descriptor. So for adding descriptors + * to the main loop, use dbus_watch_get_fd() and so forth. + * + * @param connection the connection + * @param fd return location for the file descriptor. + * @returns #TRUE if fd is successfully obtained. + */ +dbus_bool_t +dbus_connection_get_unix_fd (DBusConnection *connection, + int *fd) +{ + dbus_bool_t retval; + + _dbus_return_val_if_fail (connection != NULL, FALSE); + _dbus_return_val_if_fail (connection->transport != NULL, FALSE); + + CONNECTION_LOCK (connection); + + retval = _dbus_transport_get_unix_fd (connection->transport, + fd); + + CONNECTION_UNLOCK (connection); + + return retval; +} + +/** * Gets the UNIX user ID of the connection if any. * Returns #TRUE if the uid is filled in. * Always returns #FALSE on non-UNIX platforms. diff --git a/dbus/dbus-connection.h b/dbus/dbus-connection.h index 12de0c05..c8c66a39 100644 --- a/dbus/dbus-connection.h +++ b/dbus/dbus-connection.h @@ -242,6 +242,9 @@ dbus_bool_t dbus_connection_list_registered (DBusConnection const char *parent_path, char ***child_entries); +dbus_bool_t dbus_connection_get_unix_fd (DBusConnection *connection, + int *fd); + DBUS_END_DECLS; #endif /* DBUS_CONNECTION_H */ diff --git a/dbus/dbus-transport-protected.h b/dbus/dbus-transport-protected.h index 409e683b..4a9ce96d 100644 --- a/dbus/dbus-transport-protected.h +++ b/dbus/dbus-transport-protected.h @@ -71,6 +71,10 @@ struct DBusTransportVTable void (* live_messages_changed) (DBusTransport *transport); /**< Outstanding messages counter changed */ + + dbus_bool_t (* get_unix_fd) (DBusTransport *transport, + int *fd_p); + /**< Get UNIX file descriptor */ }; /** @@ -102,6 +106,7 @@ struct DBusTransport DBusAllowUnixUserFunction unix_user_function; /**< Function for checking whether a user is authorized. */ void *unix_user_data; /**< Data for unix_user_function */ + DBusFreeFunction free_unix_user_data; /**< Function to free unix_user_data */ unsigned int disconnected : 1; /**< #TRUE if we are disconnected. */ diff --git a/dbus/dbus-transport-unix.c b/dbus/dbus-transport-unix.c index 37825f1c..3447ae1d 100644 --- a/dbus/dbus-transport-unix.c +++ b/dbus/dbus-transport-unix.c @@ -948,6 +948,18 @@ unix_live_messages_changed (DBusTransport *transport) check_read_watch (transport); } + +static dbus_bool_t +unix_get_unix_fd (DBusTransport *transport, + int *fd_p) +{ + DBusTransportUnix *unix_transport = (DBusTransportUnix*) transport; + + *fd_p = unix_transport->fd; + + return TRUE; +} + static DBusTransportVTable unix_vtable = { unix_finalize, unix_handle_watch, @@ -955,7 +967,8 @@ static DBusTransportVTable unix_vtable = { unix_connection_set, unix_messages_pending, unix_do_iteration, - unix_live_messages_changed + unix_live_messages_changed, + unix_get_unix_fd }; /** diff --git a/dbus/dbus-transport.c b/dbus/dbus-transport.c index ada960d4..dde1c6d2 100644 --- a/dbus/dbus-transport.c +++ b/dbus/dbus-transport.c @@ -637,6 +637,35 @@ _dbus_transport_messages_pending (DBusTransport *transport, } /** + * Get the UNIX file descriptor, if any. + * + * @param transport the transport + * @param fd_p pointer to fill in with the descriptor + * @returns #TRUE if a descriptor was available + */ +dbus_bool_t +_dbus_transport_get_unix_fd (DBusTransport *transport, + int *fd_p) +{ + dbus_bool_t retval; + + if (transport->vtable->get_unix_fd == NULL) + return FALSE; + + if (transport->disconnected) + return FALSE; + + _dbus_transport_ref (transport); + + retval = (* transport->vtable->get_unix_fd) (transport, + fd_p); + + _dbus_transport_unref (transport); + + return retval; +} + +/** * Performs a single poll()/select() on the transport's file * descriptors and then reads/writes data as appropriate, * queueing incoming messages and sending outgoing messages. diff --git a/dbus/dbus-transport.h b/dbus/dbus-transport.h index b6c7a4ec..88193f38 100644 --- a/dbus/dbus-transport.h +++ b/dbus/dbus-transport.h @@ -59,6 +59,9 @@ void _dbus_transport_set_max_received_size (DBusTransport long _dbus_transport_get_max_received_size (DBusTransport *transport); dbus_bool_t _dbus_transport_get_unix_user (DBusTransport *transport, unsigned long *uid); +dbus_bool_t _dbus_transport_get_unix_fd (DBusTransport *transport, + int *fd_p); + dbus_bool_t _dbus_transport_get_unix_process_id (DBusTransport *transport, unsigned long *pid); void _dbus_transport_set_unix_user_function (DBusTransport *transport, |