5 files changed, 107 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 45640f71..39d38e20 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2005-07-14  Colin Walters  <walters@verbum.org>
+
+	* bus/driver.c
+	(bus_driver_handle_get_connection_unix_security_context): New function.
+	(message_handlers): Add.
+
+	* bus/selinux.c (bus_selinux_append_context): New function; appends
+	security context to message.
+
+	* bus/selinux.h: Prototype.
+
+	* dbus/dbus-protocol.h (DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN): New.
+
 2005-07-14  John (J5) Palmieri  <johnp@redhat.com>
 
 	* bus/activation.c: clean up all tabs to be 8 spaces 
diff --git a/bus/driver.c b/bus/driver.c
index 2a58d807..8e8a5366 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -27,6 +27,7 @@
 #include "driver.h"
 #include "dispatch.h"
 #include "services.h"
+#include "selinux.h"
 #include "signals.h"
 #include "utils.h"
 #include <dbus/dbus-string.h>
@@ -1014,6 +1015,79 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection,
 }
 
 static dbus_bool_t
+bus_driver_handle_get_connection_unix_security_context (DBusConnection *connection,
+							BusTransaction *transaction,
+							DBusMessage    *message,
+							DBusError      *error)
+{
+  const char *service;
+  DBusString str;
+  BusRegistry *registry;
+  BusService *serv;
+  DBusConnection *conn;
+  DBusMessage *reply;
+  BusSELinuxID *context;
+
+  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+  registry = bus_connection_get_registry (connection);
+
+  service = NULL;
+  reply = NULL;
+
+  if (! dbus_message_get_args (message, error,
+			       DBUS_TYPE_STRING, &service,
+			       DBUS_TYPE_INVALID))
+      goto failed;
+
+  _dbus_verbose ("asked for security context of connection %s\n", service);
+
+  _dbus_string_init_const (&str, service);
+  serv = bus_registry_lookup (registry, &str);
+  if (serv == NULL)
+    {
+      dbus_set_error (error, 
+		      DBUS_ERROR_NAME_HAS_NO_OWNER,
+		      "Could not get security context of name '%s': no such name", service);
+      goto failed;
+    }
+
+  conn = bus_service_get_primary_owner (serv);
+
+  reply = dbus_message_new_method_return (message);
+  if (reply == NULL)
+    goto oom;
+
+  context = bus_connection_get_selinux_id (conn);
+  if (!context)
+    {
+      dbus_set_error (error,
+                      DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN,
+                      "Could not determine security context for '%s'", service);
+      goto failed;
+    }
+
+  if (! bus_selinux_append_context (reply, context))
+    goto oom;
+
+  if (! bus_transaction_send_from_driver (transaction, connection, reply))
+    goto oom;
+
+  dbus_message_unref (reply);
+
+  return TRUE;
+
+ oom:
+  BUS_SET_OOM (error);
+
+ failed:
+  _DBUS_ASSERT_ERROR_IS_SET (error);
+  if (reply)
+    dbus_message_unref (reply);
+  return FALSE;
+}
+
+static dbus_bool_t
 bus_driver_handle_reload_config (DBusConnection *connection,
 				 BusTransaction *transaction,
 				 DBusMessage    *message,
@@ -1093,6 +1167,10 @@ struct
     DBUS_TYPE_STRING_AS_STRING,
     DBUS_TYPE_UINT32_AS_STRING,
     bus_driver_handle_get_connection_unix_process_id },
+  { "GetConnectionUnixSecurityContext",
+    DBUS_TYPE_STRING_AS_STRING,
+    DBUS_TYPE_STRING_AS_STRING,
+    bus_driver_handle_get_connection_unix_security_context },
   { "ReloadConfig",
     "",
     "",
diff --git a/bus/selinux.c b/bus/selinux.c
index c647a77b..9e73cc63 100644
--- a/bus/selinux.c
+++ b/bus/selinux.c
@@ -567,6 +567,19 @@ bus_selinux_allows_send (DBusConnection     *sender,
 #endif /* HAVE_SELINUX */
 }
 
+dbus_bool_t
+bus_selinux_append_context (DBusMessage    *message,
+			    BusSELinuxID   *context)
+{
+  /* Note if you change how the context is marshalled (e.g. to ay),
+   * you also need to change driver.c for the appropriate return value.
+   */
+  return dbus_message_append_args (message,
+				   DBUS_TYPE_STRING,
+				   SELINUX_SID_FROM_BUS (context),
+				   DBUS_TYPE_INVALID);
+}
+
 /**
  * Gets the security context of a connection to the bus. It is up to
  * the caller to freecon() when they are done. 
diff --git a/bus/selinux.h b/bus/selinux.h
index 4424fa82..22339bc1 100644
--- a/bus/selinux.h
+++ b/bus/selinux.h
@@ -45,6 +45,8 @@ dbus_bool_t    bus_selinux_id_table_insert (DBusHashTable    *service_table,
 void           bus_selinux_id_table_print  (DBusHashTable    *service_table);
 const char*    bus_selinux_get_policy_root (void);
 
+dbus_bool_t    bus_selinux_append_context      (DBusMessage    *message,
+						BusSELinuxID   *context);
 
 dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection,
                                                 BusSELinuxID   *service_sid,
diff --git a/dbus/dbus-protocol.h b/dbus/dbus-protocol.h
index 7f471b3d..d9ac2434 100644
--- a/dbus/dbus-protocol.h
+++ b/dbus/dbus-protocol.h
@@ -237,6 +237,7 @@ extern "C" {
 #define DBUS_ERROR_SPAWN_FAILED               "org.freedesktop.DBus.Error.Spawn.Failed"
 #define DBUS_ERROR_UNIX_PROCESS_ID_UNKNOWN    "org.freedesktop.DBus.Error.UnixProcessIdUnknown"
 #define DBUS_ERROR_INVALID_SIGNATURE          "org.freedesktop.DBus.Error.InvalidSignature"
+#define DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN    "org.freedesktop.DBus.Error.UnixSecurityContextUnknown"
 
 #define DBUS_INTROSPECT_1_0_XML_NAMESPACE         "http://www.freedesktop.org/standards/dbus"
 #define DBUS_INTROSPECT_1_0_XML_PUBLIC_IDENTIFIER "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"