diff options
| author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2011-03-15 14:02:06 +0000 |
|---|---|---|
| committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2011-05-25 18:16:29 +0100 |
| commit | be07ce63621701f1ebebec23436c9e2b61d1d4ec (patch) | |
| tree | 4c43a9906ee5d7e165a8a186dc350f797fa9c2d7 | |
| parent | 79f02ca04a10a5fd553302c389ea02d9171d60d2 (diff) | |
| download | dbus-be07ce63621701f1ebebec23436c9e2b61d1d4ec.tar.gz | |
bus_context_check_security_policy: for SELinux denials, share code to set errors
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35358
Reviewed-by: Colin Walters <walters@verbum.org>
| -rw-r--r-- | bus/bus.c | 21 |
1 files changed, 6 insertions, 15 deletions
@@ -1455,21 +1455,12 @@ bus_context_check_security_policy (BusContext *context, { if (error != NULL && !dbus_error_is_set (error)) { - sender_name = bus_connection_get_name (sender); - - dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, - "An SELinux policy prevents this sender " - "from sending this message to this recipient " - "(rejected message had sender \"%s\" interface \"%s\" " - "member \"%s\" error name \"%s\" destination \"%s\")", - sender_name ? sender_name : "(unset)", - dbus_message_get_interface (message) ? - dbus_message_get_interface (message) : "(unset)", - dbus_message_get_member (message) ? - dbus_message_get_member (message) : "(unset)", - dbus_message_get_error_name (message) ? - dbus_message_get_error_name (message) : "(unset)", - dest ? dest : DBUS_SERVICE_DBUS); + /* don't syslog this, just set the error: avc_has_perm should + * have already written to either the audit log or syslog */ + complain_about_message (context, + "An SELinux policy prevents this sender from sending this " + "message to this recipient", + 0, message, sender, proposed_recipient, FALSE, FALSE, error); _dbus_verbose ("SELinux security check denying send to service\n"); } |