RHEL-4: Add dbus-0.22-selinux-get_connection_selinux_security_context.patch

4 files changed, 114 insertions, 0 deletions

diff --git a/bus/driver.c b/bus/driver.c
index 5c4f4020..222c2731 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -26,6 +26,7 @@
 #include "connection.h"
 #include "driver.h"
 #include "dispatch.h"
+#include "selinux.h"
 #include "services.h"
 #include "signals.h"
 #include "utils.h"
@@ -984,6 +985,79 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection,
 }
 
 static dbus_bool_t
+bus_driver_handle_get_connection_selinux_security_context (DBusConnection *connection,
+							   BusTransaction *transaction,
+							   DBusMessage    *message,
+							   DBusError      *error)
+{
+  const char *service;
+  DBusString str;
+  BusRegistry *registry;
+  BusService *serv;
+  DBusConnection *conn;
+  DBusMessage *reply;
+  BusSELinuxID *context;
+
+  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+  registry = bus_connection_get_registry (connection);
+
+  service = NULL;
+  reply = NULL;
+
+  if (! dbus_message_get_args (message, error,
+			       DBUS_TYPE_STRING, &service,
+			       DBUS_TYPE_INVALID))
+      goto failed;
+
+  _dbus_verbose ("asked for security context of connection %s\n", service);
+
+  _dbus_string_init_const (&str, service);
+  serv = bus_registry_lookup (registry, &str);
+  if (serv == NULL)
+    {
+      dbus_set_error (error,
+		      DBUS_ERROR_SERVICE_HAS_NO_OWNER,
+		      "Could not get security context of name '%s': no such name", service);
+      goto failed;
+    }
+
+  conn = bus_service_get_primary_owner (serv);
+
+  reply = dbus_message_new_method_return (message);
+  if (reply == NULL)
+    goto oom;
+
+  context = bus_connection_get_selinux_id (conn);
+  if (!context)
+    {
+      dbus_set_error (error,
+                      DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN,
+                      "Could not determine security context for '%s'", service);
+      goto failed;
+    }
+
+  if (! bus_selinux_append_context (reply, context, error))
+    goto failed;
+
+  if (! bus_transaction_send_from_driver (transaction, connection, reply))
+    goto oom;
+
+  dbus_message_unref (reply);
+
+  return TRUE;
+
+ oom:
+  BUS_SET_OOM (error);
+
+ failed:
+  _DBUS_ASSERT_ERROR_IS_SET (error);
+  if (reply)
+    dbus_message_unref (reply);
+  return FALSE;
+}
+
+static dbus_bool_t
 bus_driver_handle_reload_config (DBusConnection *connection,
 				 BusTransaction *transaction,
 				 DBusMessage    *message,
@@ -1031,6 +1105,7 @@ struct
   { "GetServiceOwner", bus_driver_handle_get_service_owner },
   { "GetConnectionUnixUser", bus_driver_handle_get_connection_unix_user },
   { "GetConnectionUnixProcessID", bus_driver_handle_get_connection_unix_process_id },
+  { "GetConnectionSELinuxSecurityContext", bus_driver_handle_get_connection_selinux_security_context },
   { "ReloadConfig", bus_driver_handle_reload_config }
 };
 
diff --git a/bus/selinux.c b/bus/selinux.c
index 33f59873..673b2ca0 100644
--- a/bus/selinux.c
+++ b/bus/selinux.c
@@ -436,6 +436,41 @@ bus_selinux_allows_send (DBusConnection     *sender,
 #endif /* HAVE_SELINUX */
 }
 
+dbus_bool_t
+bus_selinux_append_context (DBusMessage    *message,
+			    BusSELinuxID   *sid,
+			    DBusError      *error)
+{
+#ifdef HAVE_SELINUX
+  char *context;
+
+  if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0)
+    {
+      if (errno == ENOMEM)
+        BUS_SET_OOM (error);
+      else
+        dbus_set_error (error, DBUS_ERROR_FAILED,
+                        "Error getting context from SID: %s\n",
+			_dbus_strerror (errno));
+      return FALSE;
+    }
+  if (!dbus_message_append_args (message,
+				 DBUS_TYPE_ARRAY,
+				 DBUS_TYPE_BYTE,
+				 context,
+				 strlen (context),
+				 DBUS_TYPE_INVALID))
+    {
+      _DBUS_SET_OOM (error);
+      return FALSE;
+    }
+  freecon (context);
+  return TRUE;
+#else
+  return TRUE;
+#endif
+}
+
 /**
  * Gets the security context of a connection to the bus. It is up to
  * the caller to freecon() when they are done. 
diff --git a/bus/selinux.h b/bus/selinux.h
index 13122520..a29c9ef4 100644
--- a/bus/selinux.h
+++ b/bus/selinux.h
@@ -47,6 +47,9 @@ DBusHashTable* bus_selinux_id_table_union  (DBusHashTable    *base,
 void           bus_selinux_id_table_print  (DBusHashTable    *service_table);
 const char*    bus_selinux_get_policy_root (void);
 
+dbus_bool_t    bus_selinux_append_context      (DBusMessage    *message,
+						BusSELinuxID   *context,
+						DBusError      *error);
 
 dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection,
                                                 BusSELinuxID   *service_sid);
diff --git a/dbus/dbus-protocol.h b/dbus/dbus-protocol.h
index ce49a38d..06e27b7f 100644
--- a/dbus/dbus-protocol.h
+++ b/dbus/dbus-protocol.h
@@ -155,6 +155,7 @@ extern "C" {
 #define DBUS_ERROR_SPAWN_CHILD_SIGNALED       "org.freedesktop.DBus.Error.Spawn.ChildSignaled"
 #define DBUS_ERROR_SPAWN_FAILED               "org.freedesktop.DBus.Error.Spawn.Failed"
 #define DBUS_ERROR_UNIX_PROCESS_ID_UNKNOWN    "org.freedesktop.DBus.Error.UnixProcessIdUnknown"
+#define DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN    "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown"
 
 #ifdef __cplusplus
 }