9 files changed, 83 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index e477ccd3..021fe50b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,25 @@
+2004-10-18  Colin Walters  <walters@verbum.org>
+
+	* bus/selinux.h: Add bus_selinux_enabled.
+	
+	* bus/selinux.c (bus_selinux_enabled): Implement it.
+	
+	* bus/config-parser.c (struct include): Add
+	if_selinux_enabled member.
+	(start_busconfig_child): Parse if_selinux_enabled
+	attribute for include.
+	(bus_config_parser_content): Handle it.
+
+	* bus/session.conf.in, bus/system.conf.in: Add
+	inclusion of context mapping to default config files;
+	conditional on SELinux being enabled.
+	
+	* doc/busconfig.dtd: Add to if_selinux_enabled to default DTD.
+	
+	* test/data/invalid-config-files/badselinux-1.conf, 
+	test/data/invalid-config-files/badselinux-2.conf:
+	Test files for bad syntax.
+	
 2004-10-17  Colin Walters  <walters@verbum.org>
 
 	* dbus/dbus-memory.c (_dbus_initialize_malloc_debug, check_guards)
diff --git a/bus/config-parser.c b/bus/config-parser.c
index dfc313e3..ba1a434d 100644
--- a/bus/config-parser.c
+++ b/bus/config-parser.c
@@ -74,6 +74,7 @@ typedef struct
     struct
     {
       unsigned int ignore_missing : 1;
+      unsigned int if_selinux_enabled : 1;
       unsigned int selinux_root_relative : 1;
     } include;
 
@@ -718,6 +719,7 @@ start_busconfig_child (BusConfigParser   *parser,
   else if (strcmp (element_name, "include") == 0)
     {
       Element *e;
+      const char *if_selinux_enabled;
       const char *ignore_missing;
       const char *selinux_root_relative;
 
@@ -728,6 +730,7 @@ start_busconfig_child (BusConfigParser   *parser,
         }
 
       e->d.include.ignore_missing = FALSE;
+      e->d.include.if_selinux_enabled = FALSE;
       e->d.include.selinux_root_relative = FALSE;
 
       if (!locate_attributes (parser, "include",
@@ -735,6 +738,7 @@ start_busconfig_child (BusConfigParser   *parser,
                               attribute_values,
                               error,
                               "ignore_missing", &ignore_missing,
+                              "if_selinux_enabled", &if_selinux_enabled,
                               "selinux_root_relative", &selinux_root_relative,
                               NULL))
         return FALSE;
@@ -752,6 +756,21 @@ start_busconfig_child (BusConfigParser   *parser,
               return FALSE;
             }
         }
+
+      if (if_selinux_enabled != NULL)
+        {
+          if (strcmp (if_selinux_enabled, "yes") == 0)
+            e->d.include.if_selinux_enabled = TRUE;
+          else if (strcmp (if_selinux_enabled, "no") == 0)
+            e->d.include.if_selinux_enabled = FALSE;
+          else
+            {
+              dbus_set_error (error, DBUS_ERROR_FAILED,
+                              "if_selinux_enabled attribute must have value"
+                              " \"yes\" or \"no\"");
+              return FALSE;
+	    }
+        }
       
       if (selinux_root_relative != NULL)
         {
@@ -2055,6 +2074,10 @@ bus_config_parser_content (BusConfigParser   *parser,
 
         e->had_content = TRUE;
 
+	if (e->d.include.if_selinux_enabled
+	    && !bus_selinux_enabled ())
+	  break;
+
         if (!_dbus_string_init (&full_path))
           goto nomem;
 
diff --git a/bus/selinux.c b/bus/selinux.c
index b5fb6371..0946caf9 100644
--- a/bus/selinux.c
+++ b/bus/selinux.c
@@ -191,6 +191,16 @@ avc_free_lock (void *lock)
 #endif /* HAVE_SELINUX */
 
 /**
+ * Return whether or not SELinux is enabled; must be
+ * called after bus_selinux_init.
+ */
+dbus_bool_t
+bus_selinux_enabled (void)
+{
+  return selinux_enabled;
+}
+
+/**
  * Initialize the user space access vector cache (AVC) for D-BUS and set up
  * logging callbacks.
  */
diff --git a/bus/selinux.h b/bus/selinux.h
index 20803833..886f9c71 100644
--- a/bus/selinux.h
+++ b/bus/selinux.h
@@ -30,6 +30,8 @@
 dbus_bool_t bus_selinux_init     (void);
 void        bus_selinux_shutdown (void);
 
+dbus_bool_t bus_selinux_enabled  (void);
+
 void bus_selinux_id_ref    (BusSELinuxID *sid);
 void bus_selinux_id_unref  (BusSELinuxID *sid);
 
diff --git a/bus/session.conf.in b/bus/session.conf.in
index 34d2492c..a537d9dc 100644
--- a/bus/session.conf.in
+++ b/bus/session.conf.in
@@ -26,4 +26,7 @@
   <!-- This is included last so local configuration can override what's 
        in this standard file -->
   <include ignore_missing="yes">session-local.conf</include>
+
+  <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
+
 </busconfig>
diff --git a/bus/system.conf.in b/bus/system.conf.in
index a45faaef..7b008978 100644
--- a/bus/system.conf.in
+++ b/bus/system.conf.in
@@ -57,4 +57,6 @@
        in this standard file -->
   <include ignore_missing="yes">system-local.conf</include>
 
+  <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
+
 </busconfig>
diff --git a/doc/busconfig.dtd b/doc/busconfig.dtd
index 2e8f577f..7edc1db3 100644
--- a/doc/busconfig.dtd
+++ b/doc/busconfig.dtd
@@ -23,6 +23,7 @@
 <!ELEMENT include (#PCDATA)>
 <!ATTLIST include 
           ignore_missing (yes|no) "no"
+          if_selinux_enabled (yes|no) "no"
           selinux_root_relative (yes|no) "no">
 
 <!ELEMENT policy (allow|deny)*>
diff --git a/test/data/invalid-config-files/badselinux-1.conf b/test/data/invalid-config-files/badselinux-1.conf
new file mode 100644
index 00000000..4852ded2
--- /dev/null
+++ b/test/data/invalid-config-files/badselinux-1.conf
@@ -0,0 +1,10 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <user>mybususer</user>
+  <listen>unix:path=/foo/bar</listen>
+  <listen>tcp:port=1234</listen>
+  <includedir>basic.d</includedir>
+  <servicedir>/usr/share/foo</servicedir>
+  <include selinux_root_relative="jomoma">blah</include>
+</busconfig>
diff --git a/test/data/invalid-config-files/badselinux-2.conf b/test/data/invalid-config-files/badselinux-2.conf
new file mode 100644
index 00000000..ac3b95c4
--- /dev/null
+++ b/test/data/invalid-config-files/badselinux-2.conf
@@ -0,0 +1,10 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <user>mybususer</user>
+  <listen>unix:path=/foo/bar</listen>
+  <listen>tcp:port=1234</listen>
+  <includedir>basic.d</includedir>
+  <servicedir>/usr/share/foo</servicedir>
+  <include if_selinux_enabled="moo">blah</include>
+</busconfig>