From 73ffe59d87864d61b9d22f199fc6375840bf39bb Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Tue, 2 Nov 2004 20:27:48 +0000
Subject: 2004-11-02  Colin Walters  <walters@verbum.org>

	* bus/selinux.c (bus_selinux_init): Split into two functions,
	bus_selinux_pre_init and bus_selinux_post_init.
	(bus_selinux_pre_init): Just determine whether SELinux is
	enabled.
	(bus_selinux_post_init): Do everything else.

	* bus/main.c (main): Call bus_selinux_pre_init before parsing
	config file, and bus_selinux_post_init after.  This ensures that
	we don't lose the policyreload notification thread that
	bus_selinux_init created before forking previously.

	* bus/test-main.c (test_pre_hook): Update for split.
---
 bus/main.c      | 10 ++++++++--
 bus/selinux.c   | 23 ++++++++++++++++++++---
 bus/selinux.h   |  3 ++-
 bus/test-main.c |  4 +++-
 4 files changed, 33 insertions(+), 7 deletions(-)

(limited to 'bus')

diff --git a/bus/main.c b/bus/main.c
index 95727694..296aa63c 100644
--- a/bus/main.c
+++ b/bus/main.c
@@ -377,9 +377,9 @@ main (int argc, char **argv)
     }
   _dbus_string_free (&pid_fd);
 
-  if (!bus_selinux_init ())
+  if (!bus_selinux_pre_init ())
     {
-      _dbus_warn ("SELinux initialization failed\n");
+      _dbus_warn ("SELinux pre-initialization failed\n");
       exit (1);
     }
 
@@ -396,6 +396,12 @@ main (int argc, char **argv)
       exit (1);
     }
 
+  if (!bus_selinux_full_init ())
+    {
+      _dbus_warn ("SELinux initialization failed\n");
+      exit (1);
+    }
+
   setup_reload_pipe (bus_context_get_loop (context));
  
   _dbus_set_signal_handler (SIGHUP, signal_handler);
diff --git a/bus/selinux.c b/bus/selinux.c
index de68da33..96acddfe 100644
--- a/bus/selinux.c
+++ b/bus/selinux.c
@@ -205,11 +205,10 @@ bus_selinux_enabled (void)
 }
 
 /**
- * Initialize the user space access vector cache (AVC) for D-BUS and set up
- * logging callbacks.
+ * Do early initialization; determine whether SELinux is enabled.
  */
 dbus_bool_t
-bus_selinux_init (void)
+bus_selinux_pre_init (void)
 {
 #ifdef HAVE_SELINUX
   int r;
@@ -227,7 +226,25 @@ bus_selinux_init (void)
     }
 
   selinux_enabled = r != 0;
+  return TRUE;
+#else
+  return TRUE;
+#endif
+}
+
+/**
+ * Initialize the user space access vector cache (AVC) for D-BUS and set up
+ * logging callbacks.
+ */
+dbus_bool_t
+bus_selinux_full_init (void)
+{
+#ifdef HAVE_SELINUX
+  int r;
+  char *bus_context;
 
+  _dbus_assert (bus_sid == SECSID_WILD);
+  
   if (!selinux_enabled)
     {
       _dbus_verbose ("SELinux not enabled in this kernel.\n");
diff --git a/bus/selinux.h b/bus/selinux.h
index 886f9c71..13122520 100644
--- a/bus/selinux.h
+++ b/bus/selinux.h
@@ -27,7 +27,8 @@
 #include <dbus/dbus-connection.h>
 #include "services.h"
 
-dbus_bool_t bus_selinux_init     (void);
+dbus_bool_t bus_selinux_pre_init (void);
+dbus_bool_t bus_selinux_full_init(void);
 void        bus_selinux_shutdown (void);
 
 dbus_bool_t bus_selinux_enabled  (void);
diff --git a/bus/test-main.c b/bus/test-main.c
index 4043f6ed..14e35f5f 100644
--- a/bus/test-main.c
+++ b/bus/test-main.c
@@ -56,7 +56,9 @@ static void
 test_pre_hook (void)
 {
   
-  if (_dbus_getenv ("DBUS_TEST_SELINUX") && !bus_selinux_init ())
+  if (_dbus_getenv ("DBUS_TEST_SELINUX")
+      && !bus_selinux_pre_init ()
+      && !bus_selinux_full_init ())
     die ("could not init selinux support");
 }
 
-- 
cgit