From ee78f2800f2642b4fff962b736296d87a7f12a17 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 23 Aug 2004 16:09:54 +0000 Subject: 2004-08-23 Colin Walters * bus/selinux.h: Prototype bus_selinux_get_policy_root. * bus/selinux.c: Create a thread for policy reload notification. (bus_selinux_get_policy_root): Implement. Updated SELinux support from Matthew Rickard * bus/config-parser.c (start_busconfig_child) (bus_config_parser_content): Support SELinux-root relative inclusion. * configure.in : Add -lpthread. * bus/test-main.c (test_pre_hook, test_post_hook): New. (test_post_hook): Move memory checking into here. (test_pre_hook, test_post_hook): Move SELinux checks in here, but conditional on a DBUS_TEST_SELINUX environment variable. Unfortunately we can't run the SELinux checks as a normal user, since they won't have any permissions for /selinux. So this will have to be tested manually for now, until we have virtualization for most of libselinux. --- bus/config-parser.c | 46 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 5 deletions(-) (limited to 'bus/config-parser.c') diff --git a/bus/config-parser.c b/bus/config-parser.c index 73d99418..f276fb52 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -73,6 +73,7 @@ typedef struct struct { unsigned int ignore_missing : 1; + unsigned int selinux_root_relative : 1; } include; struct @@ -717,6 +718,7 @@ start_busconfig_child (BusConfigParser *parser, { Element *e; const char *ignore_missing; + const char *selinux_root_relative; if ((e = push_element (parser, ELEMENT_INCLUDE)) == NULL) { @@ -725,12 +727,14 @@ start_busconfig_child (BusConfigParser *parser, } e->d.include.ignore_missing = FALSE; + e->d.include.selinux_root_relative = FALSE; if (!locate_attributes (parser, "include", attribute_names, attribute_values, error, "ignore_missing", &ignore_missing, + "selinux_root_relative", &selinux_root_relative, NULL)) return FALSE; @@ -747,6 +751,21 @@ start_busconfig_child (BusConfigParser *parser, return FALSE; } } + + if (selinux_root_relative != NULL) + { + if (strcmp (selinux_root_relative, "yes") == 0) + e->d.include.selinux_root_relative = TRUE; + else if (strcmp (selinux_root_relative, "no") == 0) + e->d.include.selinux_root_relative = FALSE; + else + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "selinux_root_relative attribute must have value" + " \"yes\" or \"no\""); + return FALSE; + } + } return TRUE; } @@ -1994,19 +2013,36 @@ bus_config_parser_content (BusConfigParser *parser, case ELEMENT_INCLUDE: { - DBusString full_path; - + DBusString full_path, selinux_policy_root; + e->had_content = TRUE; if (!_dbus_string_init (&full_path)) goto nomem; - - if (!make_full_path (&parser->basedir, content, &full_path)) + + if (e->d.include.selinux_root_relative) + { + if (!bus_selinux_get_policy_root ()) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "Could not determine SELinux policy root for relative inclusion"); + _dbus_string_free (&full_path); + return FALSE; + } + _dbus_string_init_const (&selinux_policy_root, + bus_selinux_get_policy_root ()); + if (!make_full_path (&selinux_policy_root, content, &full_path)) + { + _dbus_string_free (&full_path); + goto nomem; + } + } + else if (!make_full_path (&parser->basedir, content, &full_path)) { _dbus_string_free (&full_path); goto nomem; } - + if (!include_file (parser, &full_path, e->d.include.ignore_missing, error)) { -- cgit