From 1e9b185b0c274ef0d684b1e43418388225321e72 Mon Sep 17 00:00:00 2001 From: Havoc Pennington Date: Fri, 30 Jul 2004 05:59:34 +0000 Subject: 2004-07-24 Havoc Pennington SELinux support from Matthew Rickard * bus/selinux.c, bus/selinux.h: new file encapsulating selinux functionality * configure.in: add --enable-selinux * bus/policy.c (bus_policy_merge): add FIXME to a comment * bus/main.c (main): initialize and shut down selinux * bus/connection.c: store SELinux ID on each connection, to avoid repeated getting of the string context and converting it into an ID * bus/bus.c (bus_context_get_policy): new accessor, though it isn't used (bus_context_check_security_policy): check whether the security context of sender connection can send to the security context of recipient connection * bus/config-parser.c: add parsing for and * dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to implement dbus_connection_get_unix_fd() * dbus/dbus-connection.c (dbus_connection_get_unix_fd): new function, used by the selinux stuff --- bus/policy.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'bus/policy.c') diff --git a/bus/policy.c b/bus/policy.c index 3c7bba9b..c7359c8d 100644 --- a/bus/policy.c +++ b/bus/policy.c @@ -177,7 +177,7 @@ bus_policy_new (void) free_rule_list_func); if (policy->rules_by_gid == NULL) goto failed; - + return policy; failed: @@ -594,9 +594,10 @@ dbus_bool_t bus_policy_merge (BusPolicy *policy, BusPolicy *to_absorb) { - /* Not properly atomic, but as used for configuration files - * we don't rely on it. - */ + /* FIXME Not properly atomic, but as used for configuration files we + * don't rely on it quite so much. + */ + if (!append_copy_of_policy_list (&policy->default_rules, &to_absorb->default_rules)) return FALSE; @@ -670,7 +671,7 @@ bus_client_policy_unref (BusClientPolicy *policy) NULL); _dbus_list_clear (&policy->rules); - + dbus_free (policy); } } -- cgit