From 1e9b185b0c274ef0d684b1e43418388225321e72 Mon Sep 17 00:00:00 2001 From: Havoc Pennington Date: Fri, 30 Jul 2004 05:59:34 +0000 Subject: 2004-07-24 Havoc Pennington SELinux support from Matthew Rickard * bus/selinux.c, bus/selinux.h: new file encapsulating selinux functionality * configure.in: add --enable-selinux * bus/policy.c (bus_policy_merge): add FIXME to a comment * bus/main.c (main): initialize and shut down selinux * bus/connection.c: store SELinux ID on each connection, to avoid repeated getting of the string context and converting it into an ID * bus/bus.c (bus_context_get_policy): new accessor, though it isn't used (bus_context_check_security_policy): check whether the security context of sender connection can send to the security context of recipient connection * bus/config-parser.c: add parsing for and * dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to implement dbus_connection_get_unix_fd() * dbus/dbus-connection.c (dbus_connection_get_unix_fd): new function, used by the selinux stuff --- bus/connection.c | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) (limited to 'bus/connection.c') diff --git a/bus/connection.c b/bus/connection.c index 6b4fbe73..b751cca8 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -27,6 +27,7 @@ #include "utils.h" #include "signals.h" #include "expirelist.h" +#include "selinux.h" #include #include #include @@ -75,6 +76,8 @@ typedef struct DBusPreallocatedSend *oom_preallocated; BusClientPolicy *policy; + BusSELinuxID *selinux_id; + long connection_tv_sec; /**< Time when we connected (seconds component) */ long connection_tv_usec; /**< Time when we connected (microsec component) */ int stamp; /**< connections->stamp last time we were traversed */ @@ -401,6 +404,9 @@ free_connection_data (void *data) if (d->policy) bus_client_policy_unref (d->policy); + + if (d->selinux_id) + bus_selinux_id_unref (d->selinux_id); dbus_free (d->name); @@ -539,6 +545,7 @@ bus_connections_setup_connection (BusConnections *connections, { BusConnectionData *d; dbus_bool_t retval; + DBusError error; d = dbus_new0 (BusConnectionData, 1); @@ -562,6 +569,20 @@ bus_connections_setup_connection (BusConnections *connections, } retval = FALSE; + + dbus_error_init (&error); + d->selinux_id = bus_selinux_init_connection_id (connection, + &error); + if (dbus_error_is_set (&error)) + { + /* This is a bit bogus because we pretend all errors + * are OOM; this is done because we know that in bus.c + * an OOM error disconnects the connection, which is + * the same thing we want on any other error. + */ + dbus_error_free (&error); + goto out; + } if (!dbus_connection_set_watch_functions (connection, add_connection_watch, @@ -639,7 +660,11 @@ bus_connections_setup_connection (BusConnections *connections, out: if (!retval) - { + { + if (d->selinux_id) + bus_selinux_id_unref (d->selinux_id); + d->selinux_id = NULL; + if (!dbus_connection_set_watch_functions (connection, NULL, NULL, NULL, connection, @@ -1008,6 +1033,18 @@ bus_connection_get_matchmaker (DBusConnection *connection) return bus_context_get_matchmaker (d->connections->context); } +BusSELinuxID* +bus_connection_get_selinux_id (DBusConnection *connection) +{ + BusConnectionData *d; + + d = BUS_CONNECTION_DATA (connection); + + _dbus_assert (d != NULL); + + return d->selinux_id; +} + /** * Checks whether the connection is registered with the message bus. * -- cgit