From 9a94a1350bb93ea395812dd3c983e13e17c1bcb1 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Sat, 16 Jul 2005 17:34:08 +0000
Subject: 2005-07-16  Colin Walters  <walters@verbum.org>

	* bus/driver.c (bus_driver_handle_get_connection_selinux_security_context): Renamed
	from bus_driver_handle_get_connection_unix_security_context.  Update for
	error usage.
	(message_handlers): Update for renames.

	* bus/selinux.c (bus_selinux_allows_send): Handle OOM on
	_dbus_string_init failure correctly.
	(bus_selinux_append_context): Convert SID to context.  Append it
	as a byte array.
	(bus_selinux_shutdown): Handle the case where bus_selinux_full_init
	hasn't been called.

	* bus/selinux.h: Update prototype.

	* dbus/dbus-protocol.h (DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN): Renamed
	from DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN.
---
 bus/driver.c         | 20 +++++++++---------
 bus/selinux.c        | 59 ++++++++++++++++++++++++++++++++++++++--------------
 bus/selinux.h        |  3 ++-
 dbus/dbus-protocol.h |  2 +-
 4 files changed, 56 insertions(+), 28 deletions(-)

diff --git a/bus/driver.c b/bus/driver.c
index 8e8a5366..da4edaa7 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -1015,10 +1015,10 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection,
 }
 
 static dbus_bool_t
-bus_driver_handle_get_connection_unix_security_context (DBusConnection *connection,
-							BusTransaction *transaction,
-							DBusMessage    *message,
-							DBusError      *error)
+bus_driver_handle_get_connection_selinux_security_context (DBusConnection *connection,
+							   BusTransaction *transaction,
+							   DBusMessage    *message,
+							   DBusError      *error)
 {
   const char *service;
   DBusString str;
@@ -1062,13 +1062,13 @@ bus_driver_handle_get_connection_unix_security_context (DBusConnection *connecti
   if (!context)
     {
       dbus_set_error (error,
-                      DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN,
+                      DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN,
                       "Could not determine security context for '%s'", service);
       goto failed;
     }
 
-  if (! bus_selinux_append_context (reply, context))
-    goto oom;
+  if (! bus_selinux_append_context (reply, context, error))
+    goto failed;
 
   if (! bus_transaction_send_from_driver (transaction, connection, reply))
     goto oom;
@@ -1167,10 +1167,10 @@ struct
     DBUS_TYPE_STRING_AS_STRING,
     DBUS_TYPE_UINT32_AS_STRING,
     bus_driver_handle_get_connection_unix_process_id },
-  { "GetConnectionUnixSecurityContext",
-    DBUS_TYPE_STRING_AS_STRING,
+  { "GetConnectionSELinuxSecurityContext",
     DBUS_TYPE_STRING_AS_STRING,
-    bus_driver_handle_get_connection_unix_security_context },
+    DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_BYTE_AS_STRING,
+    bus_driver_handle_get_connection_selinux_security_context },
   { "ReloadConfig",
     "",
     "",
diff --git a/bus/selinux.c b/bus/selinux.c
index 2b88a60d..ad95f1c2 100644
--- a/bus/selinux.c
+++ b/bus/selinux.c
@@ -366,7 +366,7 @@ bus_selinux_check (BusSELinuxID        *sender_sid,
 {
   if (!selinux_enabled)
     return TRUE;
-  
+
   /* Make the security check.  AVC checks enforcing mode here as well. */
   if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid),
                     override_sid ?
@@ -472,6 +472,7 @@ bus_selinux_allows_send (DBusConnection     *sender,
   unsigned long spid, tpid;
   DBusString auxdata;
   dbus_bool_t ret;
+  dbus_bool_t string_alloced;
 
   if (!selinux_enabled)
     return TRUE;
@@ -481,8 +482,10 @@ bus_selinux_allows_send (DBusConnection     *sender,
   if (!proposed_recipient || !dbus_connection_get_unix_process_id (proposed_recipient, &tpid))
     tpid = 0;
 
+  string_alloced = FALSE;
   if (!_dbus_string_init (&auxdata))
     goto oom;
+  string_alloced = TRUE;
 
   if (!_dbus_string_append (&auxdata, "msgtype="))
     goto oom;
@@ -558,7 +561,8 @@ bus_selinux_allows_send (DBusConnection     *sender,
   return ret;
 
  oom:
-  _dbus_string_free (&auxdata);
+  if (string_alloced)
+    _dbus_string_free (&auxdata);
   BUS_SET_OOM (error);
   return FALSE;
   
@@ -569,18 +573,36 @@ bus_selinux_allows_send (DBusConnection     *sender,
 
 dbus_bool_t
 bus_selinux_append_context (DBusMessage    *message,
-			    BusSELinuxID   *context)
+			    BusSELinuxID   *sid,
+			    DBusError      *error)
 {
 #ifdef HAVE_SELINUX
-  /* Note if you change how the context is marshalled (e.g. to ay),
-   * you also need to change driver.c for the appropriate return value.
-   */
-  return dbus_message_append_args (message,
-				   DBUS_TYPE_STRING,
-				   SELINUX_SID_FROM_BUS (context),
-				   DBUS_TYPE_INVALID);
+  char *context;
+
+  if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0)
+    {
+      if (errno == ENOMEM)
+        BUS_SET_OOM (error);
+      else
+        dbus_set_error (error, DBUS_ERROR_FAILED,
+                        "Error getting context from SID: %s\n",
+			_dbus_strerror (errno));
+      return FALSE;
+    }
+  if (!dbus_message_append_args (message,
+				 DBUS_TYPE_ARRAY,
+				 DBUS_TYPE_BYTE,
+				 &context,
+				 strlen (context),
+				 DBUS_TYPE_INVALID))
+    {
+      _DBUS_SET_OOM (error);
+      return FALSE;
+    }
+  freecon (context);
+  return TRUE;
 #else
-  return FALSE;
+  return TRUE;
 #endif
 }
 
@@ -893,14 +915,19 @@ bus_selinux_shutdown (void)
   if (!selinux_enabled)
     return;
 
-  sidput (bus_sid);
-  bus_sid = SECSID_WILD;
-  
+  _dbus_verbose ("AVC shutdown\n");
+
+  if (bus_sid != SECSID_WILD)
+    {
+      sidput (bus_sid);
+      bus_sid = SECSID_WILD;
+      
 #ifdef DBUS_ENABLE_VERBOSE_MODE
-  bus_avc_print_stats ();
+      bus_avc_print_stats ();
 #endif /* DBUS_ENABLE_VERBOSE_MODE */
 
-  avc_destroy ();
+      avc_destroy ();
+    }
 #endif /* HAVE_SELINUX */
 }
 
diff --git a/bus/selinux.h b/bus/selinux.h
index 22339bc1..0d8353d8 100644
--- a/bus/selinux.h
+++ b/bus/selinux.h
@@ -46,7 +46,8 @@ void           bus_selinux_id_table_print  (DBusHashTable    *service_table);
 const char*    bus_selinux_get_policy_root (void);
 
 dbus_bool_t    bus_selinux_append_context      (DBusMessage    *message,
-						BusSELinuxID   *context);
+						BusSELinuxID   *context,
+						DBusError      *error);
 
 dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection,
                                                 BusSELinuxID   *service_sid,
diff --git a/dbus/dbus-protocol.h b/dbus/dbus-protocol.h
index d9ac2434..fe51008d 100644
--- a/dbus/dbus-protocol.h
+++ b/dbus/dbus-protocol.h
@@ -237,7 +237,7 @@ extern "C" {
 #define DBUS_ERROR_SPAWN_FAILED               "org.freedesktop.DBus.Error.Spawn.Failed"
 #define DBUS_ERROR_UNIX_PROCESS_ID_UNKNOWN    "org.freedesktop.DBus.Error.UnixProcessIdUnknown"
 #define DBUS_ERROR_INVALID_SIGNATURE          "org.freedesktop.DBus.Error.InvalidSignature"
-#define DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN    "org.freedesktop.DBus.Error.UnixSecurityContextUnknown"
+#define DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN    "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown"
 
 #define DBUS_INTROSPECT_1_0_XML_NAMESPACE         "http://www.freedesktop.org/standards/dbus"
 #define DBUS_INTROSPECT_1_0_XML_PUBLIC_IDENTIFIER "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
-- 
cgit