diff options
author | Colin Walters <walters@verbum.org> | 2011-01-07 13:34:22 -0500 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2011-01-07 13:34:22 -0500 |
commit | f352fdccc5659dbec810c4090bb47d01d4ac582f (patch) | |
tree | cdd4ffb7c0cbfc3717864d1c9c9aae3a18a331db | |
parent | d1fe0984e5810547162ba2f9031139879d5fef96 (diff) | |
download | dbus-f352fdccc5659dbec810c4090bb47d01d4ac582f.tar.gz |
RHEL-4: Add dbus-0.22-selinux-get_connection_selinux_security_context.patch
-rw-r--r-- | bus/driver.c | 75 | ||||
-rw-r--r-- | bus/selinux.c | 35 | ||||
-rw-r--r-- | bus/selinux.h | 3 | ||||
-rw-r--r-- | dbus/dbus-protocol.h | 1 |
4 files changed, 114 insertions, 0 deletions
diff --git a/bus/driver.c b/bus/driver.c index 5c4f4020..222c2731 100644 --- a/bus/driver.c +++ b/bus/driver.c @@ -26,6 +26,7 @@ #include "connection.h" #include "driver.h" #include "dispatch.h" +#include "selinux.h" #include "services.h" #include "signals.h" #include "utils.h" @@ -984,6 +985,79 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection, } static dbus_bool_t +bus_driver_handle_get_connection_selinux_security_context (DBusConnection *connection, + BusTransaction *transaction, + DBusMessage *message, + DBusError *error) +{ + const char *service; + DBusString str; + BusRegistry *registry; + BusService *serv; + DBusConnection *conn; + DBusMessage *reply; + BusSELinuxID *context; + + _DBUS_ASSERT_ERROR_IS_CLEAR (error); + + registry = bus_connection_get_registry (connection); + + service = NULL; + reply = NULL; + + if (! dbus_message_get_args (message, error, + DBUS_TYPE_STRING, &service, + DBUS_TYPE_INVALID)) + goto failed; + + _dbus_verbose ("asked for security context of connection %s\n", service); + + _dbus_string_init_const (&str, service); + serv = bus_registry_lookup (registry, &str); + if (serv == NULL) + { + dbus_set_error (error, + DBUS_ERROR_SERVICE_HAS_NO_OWNER, + "Could not get security context of name '%s': no such name", service); + goto failed; + } + + conn = bus_service_get_primary_owner (serv); + + reply = dbus_message_new_method_return (message); + if (reply == NULL) + goto oom; + + context = bus_connection_get_selinux_id (conn); + if (!context) + { + dbus_set_error (error, + DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN, + "Could not determine security context for '%s'", service); + goto failed; + } + + if (! bus_selinux_append_context (reply, context, error)) + goto failed; + + if (! bus_transaction_send_from_driver (transaction, connection, reply)) + goto oom; + + dbus_message_unref (reply); + + return TRUE; + + oom: + BUS_SET_OOM (error); + + failed: + _DBUS_ASSERT_ERROR_IS_SET (error); + if (reply) + dbus_message_unref (reply); + return FALSE; +} + +static dbus_bool_t bus_driver_handle_reload_config (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, @@ -1031,6 +1105,7 @@ struct { "GetServiceOwner", bus_driver_handle_get_service_owner }, { "GetConnectionUnixUser", bus_driver_handle_get_connection_unix_user }, { "GetConnectionUnixProcessID", bus_driver_handle_get_connection_unix_process_id }, + { "GetConnectionSELinuxSecurityContext", bus_driver_handle_get_connection_selinux_security_context }, { "ReloadConfig", bus_driver_handle_reload_config } }; diff --git a/bus/selinux.c b/bus/selinux.c index 33f59873..673b2ca0 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -436,6 +436,41 @@ bus_selinux_allows_send (DBusConnection *sender, #endif /* HAVE_SELINUX */ } +dbus_bool_t +bus_selinux_append_context (DBusMessage *message, + BusSELinuxID *sid, + DBusError *error) +{ +#ifdef HAVE_SELINUX + char *context; + + if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0) + { + if (errno == ENOMEM) + BUS_SET_OOM (error); + else + dbus_set_error (error, DBUS_ERROR_FAILED, + "Error getting context from SID: %s\n", + _dbus_strerror (errno)); + return FALSE; + } + if (!dbus_message_append_args (message, + DBUS_TYPE_ARRAY, + DBUS_TYPE_BYTE, + context, + strlen (context), + DBUS_TYPE_INVALID)) + { + _DBUS_SET_OOM (error); + return FALSE; + } + freecon (context); + return TRUE; +#else + return TRUE; +#endif +} + /** * Gets the security context of a connection to the bus. It is up to * the caller to freecon() when they are done. diff --git a/bus/selinux.h b/bus/selinux.h index 13122520..a29c9ef4 100644 --- a/bus/selinux.h +++ b/bus/selinux.h @@ -47,6 +47,9 @@ DBusHashTable* bus_selinux_id_table_union (DBusHashTable *base, void bus_selinux_id_table_print (DBusHashTable *service_table); const char* bus_selinux_get_policy_root (void); +dbus_bool_t bus_selinux_append_context (DBusMessage *message, + BusSELinuxID *context, + DBusError *error); dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection, BusSELinuxID *service_sid); diff --git a/dbus/dbus-protocol.h b/dbus/dbus-protocol.h index ce49a38d..06e27b7f 100644 --- a/dbus/dbus-protocol.h +++ b/dbus/dbus-protocol.h @@ -155,6 +155,7 @@ extern "C" { #define DBUS_ERROR_SPAWN_CHILD_SIGNALED "org.freedesktop.DBus.Error.Spawn.ChildSignaled" #define DBUS_ERROR_SPAWN_FAILED "org.freedesktop.DBus.Error.Spawn.Failed" #define DBUS_ERROR_UNIX_PROCESS_ID_UNKNOWN "org.freedesktop.DBus.Error.UnixProcessIdUnknown" +#define DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown" #ifdef __cplusplus } |