From 1e9b185b0c274ef0d684b1e43418388225321e72 Mon Sep 17 00:00:00 2001 From: Havoc Pennington Date: Fri, 30 Jul 2004 05:59:34 +0000 Subject: 2004-07-24 Havoc Pennington SELinux support from Matthew Rickard * bus/selinux.c, bus/selinux.h: new file encapsulating selinux functionality * configure.in: add --enable-selinux * bus/policy.c (bus_policy_merge): add FIXME to a comment * bus/main.c (main): initialize and shut down selinux * bus/connection.c: store SELinux ID on each connection, to avoid repeated getting of the string context and converting it into an ID * bus/bus.c (bus_context_get_policy): new accessor, though it isn't used (bus_context_check_security_policy): check whether the security context of sender connection can send to the security context of recipient connection * bus/config-parser.c: add parsing for and * dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to implement dbus_connection_get_unix_fd() * dbus/dbus-connection.c (dbus_connection_get_unix_fd): new function, used by the selinux stuff --- bus/selinux.h | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 bus/selinux.h (limited to 'bus/selinux.h') diff --git a/bus/selinux.h b/bus/selinux.h new file mode 100644 index 00000000..79a9f98b --- /dev/null +++ b/bus/selinux.h @@ -0,0 +1,60 @@ +/* selinux.h SELinux security check headers for D-BUS + * + * Author: Matthew Rickard + * + * Licensed under the Academic Free License version 2.0 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + */ + +#ifndef BUS_SELINUX_H +#define BUS_SELINUX_H + +#include +#include +#include "services.h" + +dbus_bool_t bus_selinux_init (void); +void bus_selinux_shutdown (void); + +void bus_selinux_id_ref (BusSELinuxID *sid); +void bus_selinux_id_unref (BusSELinuxID *sid); + +DBusHashTable* bus_selinux_id_table_new (void); +BusSELinuxID* bus_selinux_id_table_lookup (DBusHashTable *service_table, + const DBusString *service_name); +dbus_bool_t bus_selinux_id_table_insert (DBusHashTable *service_table, + const char *service_name, + const char *service_context); +DBusHashTable* bus_selinux_id_table_union (DBusHashTable *base, + DBusHashTable *override); +void bus_selinux_id_table_print (DBusHashTable *service_table); + + + +dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection, + BusSELinuxID *service_sid); +dbus_bool_t bus_selinux_allows_send (DBusConnection *sender, + DBusConnection *proposed_recipient); + + + +BusSELinuxID* bus_selinux_init_connection_id (DBusConnection *connection, + DBusError *error); + + + +#endif /* BUS_SELINUX_H */ -- cgit