From 1e9b185b0c274ef0d684b1e43418388225321e72 Mon Sep 17 00:00:00 2001 From: Havoc Pennington Date: Fri, 30 Jul 2004 05:59:34 +0000 Subject: 2004-07-24 Havoc Pennington SELinux support from Matthew Rickard * bus/selinux.c, bus/selinux.h: new file encapsulating selinux functionality * configure.in: add --enable-selinux * bus/policy.c (bus_policy_merge): add FIXME to a comment * bus/main.c (main): initialize and shut down selinux * bus/connection.c: store SELinux ID on each connection, to avoid repeated getting of the string context and converting it into an ID * bus/bus.c (bus_context_get_policy): new accessor, though it isn't used (bus_context_check_security_policy): check whether the security context of sender connection can send to the security context of recipient connection * bus/config-parser.c: add parsing for and * dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to implement dbus_connection_get_unix_fd() * dbus/dbus-connection.c (dbus_connection_get_unix_fd): new function, used by the selinux stuff --- dbus/dbus-connection.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'dbus/dbus-connection.c') diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c index 58ab7900..91a2100e 100644 --- a/dbus/dbus-connection.c +++ b/dbus/dbus-connection.c @@ -2952,6 +2952,37 @@ dbus_connection_set_dispatch_status_function (DBusConnection *connec (*old_free_data) (old_data); } +/** + * Get the UNIX file descriptor of the connection, if any. This can + * be used for SELinux access control checks with getpeercon() for + * example. DO NOT read or write to the file descriptor, or try to + * select() on it; use DBusWatch for main loop integration. Not all + * connections will have a file descriptor. So for adding descriptors + * to the main loop, use dbus_watch_get_fd() and so forth. + * + * @param connection the connection + * @param fd return location for the file descriptor. + * @returns #TRUE if fd is successfully obtained. + */ +dbus_bool_t +dbus_connection_get_unix_fd (DBusConnection *connection, + int *fd) +{ + dbus_bool_t retval; + + _dbus_return_val_if_fail (connection != NULL, FALSE); + _dbus_return_val_if_fail (connection->transport != NULL, FALSE); + + CONNECTION_LOCK (connection); + + retval = _dbus_transport_get_unix_fd (connection->transport, + fd); + + CONNECTION_UNLOCK (connection); + + return retval; +} + /** * Gets the UNIX user ID of the connection if any. * Returns #TRUE if the uid is filled in. -- cgit