FCL/sf/os/ossrv: ofdbus/dbus/bus/selinux.c@4b03adbd26ca (annotated)

34 5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	1	/* -- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; --
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	2	* Portion Copyright © 2008 Nokia Corporation and/or its subsidiary(-ies). All rights reserved.
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	3	* selinux.c SELinux security checks for D-Bus
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	4	*
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	5	* Author: Matthew Rickard <mjricka@epoch.ncsc.mil>
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	6	*
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	7	* Licensed under the Academic Free License version 2.1
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	8	*
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	9	* This program is free software; you can redistribute it and/or modify
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	10	* it under the terms of the GNU General Public License as published by
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	11	* the Free Software Foundation; either version 2 of the License, or
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	12	* (at your option) any later version.
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	13	*
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	14	* This program is distributed in the hope that it will be useful,
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	17	* GNU General Public License for more details.
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	18	*
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	19	* You should have received a copy of the GNU General Public License
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	20	* along with this program; if not, write to the Free Software
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	21	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	22	*
5fae379060a7 Revision: 201023 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: 31 diff changeset	23	*/
31 ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	24	#ifndef __SYMBIAN32__
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	25	#include <dbus/dbus-internals.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	26	#include <dbus/dbus-string.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	27	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	28	#include "dbus-internals.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	29	#include "dbus-string.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	30	#endif //__SYMBIAN32__
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	31	#include "selinux.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	32	#include "services.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	33	#include "policy.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	34	#include "utils.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	35	#include "config-parser.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	36
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	37	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	38	#include <errno.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	39	#include <pthread.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	40	#include <syslog.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	41	#include <selinux/selinux.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	42	#include <selinux/avc.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	43	#include <selinux/av_permissions.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	44	#include <selinux/flask.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	45	#include <signal.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	46	#include <stdarg.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	47	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	48
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	49	#define BUS_SID_FROM_SELINUX(sid) ((BusSELinuxID*) (sid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	50	#define SELINUX_SID_FROM_BUS(sid) ((security_id_t) (sid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	51
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	52	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	53	/* Store the value telling us if SELinux is enabled in the kernel. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	54	static dbus_bool_t selinux_enabled = FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	55
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	56	/* Store an avc_entry_ref to speed AVC decisions. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	57	static struct avc_entry_ref aeref;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	58
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	59	/* Store the SID of the bus itself to use as the default. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	60	static security_id_t bus_sid = SECSID_WILD;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	61
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	62	/* Thread to listen for SELinux status changes via netlink. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	63	static pthread_t avc_notify_thread;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	64
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	65	/* Prototypes for AVC callback functions. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	66	static void log_callback (const char *fmt, ...);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	67	static void log_audit_callback (void data, security_class_t class, char buf, size_t bufleft);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	68	static void avc_create_thread (void (run) (void));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	69	static void avc_stop_thread (void *thread);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	70	static void *avc_alloc_lock (void);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	71	static void avc_get_lock (void *lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	72	static void avc_release_lock (void *lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	73	static void avc_free_lock (void *lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	74
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	75	/* AVC callback structures for use in avc_init. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	76	static const struct avc_memory_callback mem_cb =
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	77	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	78	.func_malloc = dbus_malloc,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	79	.func_free = dbus_free
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	80	};
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	81	static const struct avc_log_callback log_cb =
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	82	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	83	.func_log = log_callback,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	84	.func_audit = log_audit_callback
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	85	};
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	86	static const struct avc_thread_callback thread_cb =
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	87	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	88	.func_create_thread = avc_create_thread,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	89	.func_stop_thread = avc_stop_thread
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	90	};
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	91	static const struct avc_lock_callback lock_cb =
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	92	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	93	.func_alloc_lock = avc_alloc_lock,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	94	.func_get_lock = avc_get_lock,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	95	.func_release_lock = avc_release_lock,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	96	.func_free_lock = avc_free_lock
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	97	};
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	98	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	99
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	100	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	101	* Log callback to log denial messages from the AVC.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	102	* This is used in avc_init. Logs to both standard
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	103	* error and syslogd.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	104	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	105	* @param fmt the format string
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	106	* @param variable argument list
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	107	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	108	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	109	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	110	log_callback (const char *fmt, ...)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	111	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	112	va_list ap;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	113	va_start(ap, fmt);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	114	vsyslog (LOG_INFO, fmt, ap);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	115	va_end(ap);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	116	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	117
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	118	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	119	* On a policy reload we need to reparse the SELinux configuration file, since
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	120	* this could have changed. Send a SIGHUP to reload all configs.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	121	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	122	static int
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	123	policy_reload_callback (u_int32_t event, security_id_t ssid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	124	security_id_t tsid, security_class_t tclass,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	125	access_vector_t perms, access_vector_t *out_retained)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	126	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	127	if (event == AVC_CALLBACK_RESET)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	128	return raise (SIGHUP);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	129
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	130	return 0;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	131	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	132
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	133	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	134	* Log any auxiliary data
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	135	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	136	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	137	log_audit_callback (void data, security_class_t class, char buf, size_t bufleft)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	138	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	139	DBusString *audmsg = data;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	140	_dbus_string_copy_to_buffer (audmsg, buf, bufleft);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	141	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	142
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	143	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	144	* Create thread to notify the AVC of enforcing and policy reload
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	145	* changes via netlink.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	146	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	147	* @param run the thread run function
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	148	* @return pointer to the thread
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	149	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	150	static void *
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	151	avc_create_thread (void (*run) (void))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	152	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	153	int rc;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	154
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	155	rc = pthread_create (&avc_notify_thread, NULL, (void () (void *)) run, NULL);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	156	if (rc != 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	157	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	158	_dbus_warn ("Failed to start AVC thread: %s\n", _dbus_strerror (rc));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	159	exit (1);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	160	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	161	return &avc_notify_thread;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	162	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	163
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	164	/* Stop AVC netlink thread. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	165	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	166	avc_stop_thread (void *thread)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	167	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	168	pthread_cancel ((pthread_t ) thread);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	169	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	170
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	171	/* Allocate a new AVC lock. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	172	static void *
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	173	avc_alloc_lock (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	174	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	175	pthread_mutex_t *avc_mutex;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	176
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	177	avc_mutex = dbus_new (pthread_mutex_t, 1);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	178	if (avc_mutex == NULL)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	179	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	180	_dbus_warn ("Could not create mutex: %s\n", _dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	181	exit (1);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	182	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	183	pthread_mutex_init (avc_mutex, NULL);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	184
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	185	return avc_mutex;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	186	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	187
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	188	/* Acquire an AVC lock. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	189	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	190	avc_get_lock (void *lock)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	191	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	192	pthread_mutex_lock (lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	193	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	194
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	195	/* Release an AVC lock. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	196	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	197	avc_release_lock (void *lock)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	198	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	199	pthread_mutex_unlock (lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	200	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	201
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	202	/* Free an AVC lock. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	203	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	204	avc_free_lock (void *lock)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	205	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	206	pthread_mutex_destroy (lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	207	dbus_free (lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	208	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	209	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	210
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	211	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	212	* Return whether or not SELinux is enabled; must be
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	213	* called after bus_selinux_init.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	214	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	215	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	216	bus_selinux_enabled (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	217	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	218	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	219	return selinux_enabled;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	220	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	221	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	222	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	223	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	224
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	225	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	226	* Do early initialization; determine whether SELinux is enabled.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	227	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	228	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	229	bus_selinux_pre_init (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	230	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	231	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	232	int r;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	233	_dbus_assert (bus_sid == SECSID_WILD);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	234
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	235	/* Determine if we are running an SELinux kernel. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	236	r = is_selinux_enabled ();
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	237	if (r < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	238	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	239	_dbus_warn ("Could not tell if SELinux is enabled: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	240	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	241	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	242	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	243
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	244	selinux_enabled = r != 0;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	245	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	246	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	247	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	248	#endif
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	249	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	250
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	251	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	252	* Initialize the user space access vector cache (AVC) for D-Bus and set up
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	253	* logging callbacks.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	254	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	255	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	256	bus_selinux_full_init (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	257	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	258	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	259	char *bus_context;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	260
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	261	_dbus_assert (bus_sid == SECSID_WILD);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	262
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	263	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	264	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	265	_dbus_verbose ("SELinux not enabled in this kernel.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	266	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	267	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	268
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	269	_dbus_verbose ("SELinux is enabled in this kernel.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	270
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	271	avc_entry_ref_init (&aeref);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	272	if (avc_init ("avc", &mem_cb, &log_cb, &thread_cb, &lock_cb) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	273	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	274	_dbus_warn ("Failed to start Access Vector Cache (AVC).\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	275	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	276	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	277	else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	278	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	279	openlog ("dbus", LOG_PERROR, LOG_USER);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	280	_dbus_verbose ("Access Vector Cache (AVC) started.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	281	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	282
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	283	if (avc_add_callback (policy_reload_callback, AVC_CALLBACK_RESET,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	284	NULL, NULL, 0, 0) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	285	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	286	_dbus_warn ("Failed to add policy reload callback: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	287	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	288	avc_destroy ();
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	289	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	290	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	291
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	292	bus_context = NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	293	bus_sid = SECSID_WILD;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	294
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	295	if (getcon (&bus_context) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	296	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	297	_dbus_verbose ("Error getting context of bus: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	298	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	299	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	300	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	301
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	302	if (avc_context_to_sid (bus_context, &bus_sid) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	303	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	304	_dbus_verbose ("Error getting SID from bus context: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	305	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	306	freecon (bus_context);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	307	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	308	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	309
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	310	freecon (bus_context);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	311
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	312	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	313	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	314	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	315	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	316	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	317
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	318	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	319	* Decrement SID reference count.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	320	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	321	* @param sid the SID to decrement
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	322	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	323	void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	324	bus_selinux_id_unref (BusSELinuxID *sid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	325	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	326	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	327	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	328	return;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	329
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	330	_dbus_assert (sid != NULL);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	331
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	332	sidput (SELINUX_SID_FROM_BUS (sid));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	333	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	334	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	335
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	336	void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	337	bus_selinux_id_ref (BusSELinuxID *sid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	338	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	339	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	340	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	341	return;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	342
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	343	_dbus_assert (sid != NULL);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	344
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	345	sidget (SELINUX_SID_FROM_BUS (sid));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	346	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	347	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	348
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	349	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	350	* Determine if the SELinux security policy allows the given sender
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	351	* security context to go to the given recipient security context.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	352	* This function determines if the requested permissions are to be
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	353	* granted from the connection to the message bus or to another
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	354	* optionally supplied security identifier (e.g. for a service
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	355	* context). Currently these permissions are either send_msg or
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	356	* acquire_svc in the dbus class.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	357	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	358	* @param sender_sid source security context
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	359	* @param override_sid is the target security context. If SECSID_WILD this will
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	360	* use the context of the bus itself (e.g. the default).
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	361	* @param target_class is the target security class.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	362	* @param requested is the requested permissions.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	363	* @returns #TRUE if security policy allows the send.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	364	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	365	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	366	static dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	367	bus_selinux_check (BusSELinuxID *sender_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	368	BusSELinuxID *override_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	369	security_class_t target_class,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	370	access_vector_t requested,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	371	DBusString *auxdata)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	372	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	373	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	374	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	375
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	376	/* Make the security check. AVC checks enforcing mode here as well. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	377	if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid),
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	378	override_sid ?
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	379	SELINUX_SID_FROM_BUS (override_sid) :
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	380	SELINUX_SID_FROM_BUS (bus_sid),
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	381	target_class, requested, &aeref, auxdata) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	382	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	383	_dbus_verbose ("SELinux denying due to security policy.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	384	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	385	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	386	else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	387	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	388	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	389	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	390
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	391	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	392	* Returns true if the given connection can acquire a service,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	393	* assuming the given security ID is needed for that service.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	394	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	395	* @param connection connection that wants to own the service
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	396	* @param service_sid the SID of the service from the table
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	397	* @returns #TRUE if acquire is permitted.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	398	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	399	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	400	bus_selinux_allows_acquire_service (DBusConnection *connection,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	401	BusSELinuxID *service_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	402	const char *service_name,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	403	DBusError *error)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	404	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	405	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	406	BusSELinuxID *connection_sid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	407	unsigned long spid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	408	DBusString auxdata;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	409	dbus_bool_t ret;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	410
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	411	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	412	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	413
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	414	connection_sid = bus_connection_get_selinux_id (connection);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	415	if (!dbus_connection_get_unix_process_id (connection, &spid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	416	spid = 0;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	417
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	418	if (!_dbus_string_init (&auxdata))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	419	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	420
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	421	if (!_dbus_string_append (&auxdata, "service="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	422	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	423
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	424	if (!_dbus_string_append (&auxdata, service_name))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	425	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	426
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	427	if (spid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	428	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	429	if (!_dbus_string_append (&auxdata, " spid="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	430	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	431
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	432	if (!_dbus_string_append_uint (&auxdata, spid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	433	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	434	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	435
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	436	ret = bus_selinux_check (connection_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	437	service_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	438	SECCLASS_DBUS,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	439	DBUS__ACQUIRE_SVC,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	440	&auxdata);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	441
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	442	_dbus_string_free (&auxdata);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	443	return ret;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	444
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	445	oom:
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	446	_dbus_string_free (&auxdata);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	447	BUS_SET_OOM (error);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	448	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	449
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	450	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	451	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	452	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	453	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	454
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	455	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	456	* Check if SELinux security controls allow the message to be sent to a
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	457	* particular connection based on the security context of the sender and
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	458	* that of the receiver. The destination connection need not be the
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	459	* addressed recipient, it could be an "eavesdropper"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	460	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	461	* @param sender the sender of the message.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	462	* @param proposed_recipient the connection the message is to be sent to.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	463	* @returns whether to allow the send
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	464	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	465	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	466	bus_selinux_allows_send (DBusConnection *sender,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	467	DBusConnection *proposed_recipient,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	468	const char *msgtype,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	469	const char *interface,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	470	const char *member,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	471	const char *error_name,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	472	const char *destination,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	473	DBusError *error)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	474	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	475	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	476	BusSELinuxID *recipient_sid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	477	BusSELinuxID *sender_sid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	478	unsigned long spid, tpid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	479	DBusString auxdata;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	480	dbus_bool_t ret;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	481	dbus_bool_t string_alloced;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	482
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	483	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	484	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	485
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	486	if (!sender \|\| !dbus_connection_get_unix_process_id (sender, &spid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	487	spid = 0;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	488	if (!proposed_recipient \|\| !dbus_connection_get_unix_process_id (proposed_recipient, &tpid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	489	tpid = 0;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	490
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	491	string_alloced = FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	492	if (!_dbus_string_init (&auxdata))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	493	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	494	string_alloced = TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	495
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	496	if (!_dbus_string_append (&auxdata, "msgtype="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	497	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	498
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	499	if (!_dbus_string_append (&auxdata, msgtype))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	500	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	501
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	502	if (interface)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	503	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	504	if (!_dbus_string_append (&auxdata, " interface="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	505	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	506	if (!_dbus_string_append (&auxdata, interface))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	507	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	508	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	509
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	510	if (member)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	511	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	512	if (!_dbus_string_append (&auxdata, " member="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	513	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	514	if (!_dbus_string_append (&auxdata, member))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	515	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	516	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	517
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	518	if (error_name)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	519	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	520	if (!_dbus_string_append (&auxdata, " error_name="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	521	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	522	if (!_dbus_string_append (&auxdata, error_name))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	523	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	524	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	525
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	526	if (destination)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	527	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	528	if (!_dbus_string_append (&auxdata, " dest="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	529	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	530	if (!_dbus_string_append (&auxdata, destination))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	531	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	532	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	533
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	534	if (spid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	535	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	536	if (!_dbus_string_append (&auxdata, " spid="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	537	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	538
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	539	if (!_dbus_string_append_uint (&auxdata, spid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	540	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	541	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	542
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	543	if (tpid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	544	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	545	if (!_dbus_string_append (&auxdata, " tpid="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	546	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	547
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	548	if (!_dbus_string_append_uint (&auxdata, tpid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	549	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	550	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	551
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	552	sender_sid = bus_connection_get_selinux_id (sender);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	553	/* A NULL proposed_recipient means the bus itself. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	554	if (proposed_recipient)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	555	recipient_sid = bus_connection_get_selinux_id (proposed_recipient);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	556	else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	557	recipient_sid = BUS_SID_FROM_SELINUX (bus_sid);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	558
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	559	ret = bus_selinux_check (sender_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	560	recipient_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	561	SECCLASS_DBUS,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	562	DBUS__SEND_MSG,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	563	&auxdata);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	564
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	565	_dbus_string_free (&auxdata);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	566
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	567	return ret;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	568
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	569	oom:
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	570	if (string_alloced)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	571	_dbus_string_free (&auxdata);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	572	BUS_SET_OOM (error);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	573	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	574
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	575	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	576	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	577	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	578	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	579
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	580	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	581	bus_selinux_append_context (DBusMessage *message,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	582	BusSELinuxID *sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	583	DBusError *error)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	584	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	585	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	586	char *context;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	587
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	588	if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	589	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	590	if (errno == ENOMEM)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	591	BUS_SET_OOM (error);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	592	else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	593	dbus_set_error (error, DBUS_ERROR_FAILED,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	594	"Error getting context from SID: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	595	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	596	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	597	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	598	if (!dbus_message_append_args (message,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	599	DBUS_TYPE_ARRAY,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	600	DBUS_TYPE_BYTE,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	601	&context,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	602	strlen (context),
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	603	DBUS_TYPE_INVALID))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	604	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	605	_DBUS_SET_OOM (error);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	606	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	607	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	608	freecon (context);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	609	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	610	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	611	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	612	#endif
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	613	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	614
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	615	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	616	* Gets the security context of a connection to the bus. It is up to
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	617	* the caller to freecon() when they are done.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	618	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	619	* @param connection the connection to get the context of.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	620	* @param con the location to store the security context.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	621	* @returns #TRUE if context is successfully obtained.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	622	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	623	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	624	static dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	625	bus_connection_read_selinux_context (DBusConnection *connection,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	626	char **con)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	627	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	628	int fd;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	629
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	630	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	631	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	632
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	633	_dbus_assert (connection != NULL);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	634
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	635	if (!dbus_connection_get_unix_fd (connection, &fd))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	636	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	637	_dbus_verbose ("Failed to get file descriptor of socket.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	638	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	639	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	640
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	641	if (getpeercon (fd, con) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	642	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	643	_dbus_verbose ("Error getting context of socket peer: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	644	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	645	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	646	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	647
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	648	_dbus_verbose ("Successfully read connection context.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	649	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	650	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	651	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	652
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	653	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	654	* Read the SELinux ID from the connection.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	655	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	656	* @param connection the connection to read from
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	657	* @returns the SID if successfully determined, #NULL otherwise.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	658	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	659	BusSELinuxID*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	660	bus_selinux_init_connection_id (DBusConnection *connection,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	661	DBusError *error)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	662	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	663	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	664	char *con;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	665	security_id_t sid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	666
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	667	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	668	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	669
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	670	if (!bus_connection_read_selinux_context (connection, &con))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	671	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	672	dbus_set_error (error, DBUS_ERROR_FAILED,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	673	"Failed to read an SELinux context from connection");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	674	_dbus_verbose ("Error getting peer context.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	675	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	676	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	677
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	678	_dbus_verbose ("Converting context to SID to store on connection\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	679
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	680	if (avc_context_to_sid (con, &sid) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	681	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	682	if (errno == ENOMEM)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	683	BUS_SET_OOM (error);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	684	else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	685	dbus_set_error (error, DBUS_ERROR_FAILED,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	686	"Error getting SID from context \"%s\": %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	687	con, _dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	688
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	689	_dbus_warn ("Error getting SID from context \"%s\": %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	690	con, _dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	691
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	692	freecon (con);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	693	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	694	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	695
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	696	freecon (con);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	697	return BUS_SID_FROM_SELINUX (sid);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	698	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	699	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	700	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	701	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	702
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	703
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	704	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	705	* Function for freeing hash table data. These SIDs
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	706	* should no longer be referenced.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	707	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	708	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	709	bus_selinux_id_table_free_value (BusSELinuxID *sid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	710	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	711	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	712	/* NULL sometimes due to how DBusHashTable works */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	713	if (sid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	714	bus_selinux_id_unref (sid);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	715	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	716	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	717
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	718	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	719	* Creates a new table mapping service names to security ID.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	720	* A security ID is a "compiled" security context, a security
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	721	* context is just a string.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	722	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	723	* @returns the new table or #NULL if no memory
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	724	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	725	DBusHashTable*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	726	bus_selinux_id_table_new (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	727	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	728	return _dbus_hash_table_new (DBUS_HASH_STRING,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	729	(DBusFreeFunction) dbus_free,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	730	(DBusFreeFunction) bus_selinux_id_table_free_value);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	731	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	732
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	733	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	734	* Hashes a service name and service context into the service SID
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	735	* table as a string and a SID.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	736	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	737	* @param service_name is the name of the service.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	738	* @param service_context is the context of the service.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	739	* @param service_table is the table to hash them into.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	740	* @return #FALSE if not enough memory
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	741	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	742	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	743	bus_selinux_id_table_insert (DBusHashTable *service_table,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	744	const char *service_name,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	745	const char *service_context)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	746	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	747	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	748	dbus_bool_t retval;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	749	security_id_t sid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	750	char *key;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	751
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	752	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	753	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	754
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	755	sid = SECSID_WILD;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	756	retval = FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	757
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	758	key = _dbus_strdup (service_name);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	759	if (key == NULL)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	760	return retval;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	761
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	762	if (avc_context_to_sid ((char *) service_context, &sid) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	763	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	764	if (errno == ENOMEM)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	765	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	766	dbus_free (key);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	767	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	768	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	769
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	770	_dbus_warn ("Error getting SID from context \"%s\": %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	771	(char *) service_context,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	772	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	773	goto out;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	774	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	775
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	776	if (!_dbus_hash_table_insert_string (service_table,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	777	key,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	778	BUS_SID_FROM_SELINUX (sid)))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	779	goto out;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	780
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	781	_dbus_verbose ("Parsed \tservice: %s \n\t\tcontext: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	782	key,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	783	sid->ctx);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	784
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	785	/* These are owned by the hash, so clear them to avoid unref */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	786	key = NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	787	sid = SECSID_WILD;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	788
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	789	retval = TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	790
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	791	out:
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	792	if (sid != SECSID_WILD)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	793	sidput (sid);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	794
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	795	if (key)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	796	dbus_free (key);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	797
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	798	return retval;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	799	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	800	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	801	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	802	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	803
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	804
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	805	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	806	* Find the security identifier associated with a particular service
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	807	* name. Return a pointer to this SID, or #NULL/SECSID_WILD if the
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	808	* service is not found in the hash table. This should be nearly a
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	809	* constant time operation. If SELinux support is not available,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	810	* always return NULL.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	811	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	812	* @param service_table the hash table to check for service name.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	813	* @param service_name the name of the service to look for.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	814	* @returns the SELinux ID associated with the service
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	815	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	816	BusSELinuxID*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	817	bus_selinux_id_table_lookup (DBusHashTable *service_table,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	818	const DBusString *service_name)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	819	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	820	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	821	security_id_t sid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	822
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	823	sid = SECSID_WILD; /* default context */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	824
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	825	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	826	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	827
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	828	_dbus_verbose ("Looking up service SID for %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	829	_dbus_string_get_const_data (service_name));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	830
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	831	sid = _dbus_hash_table_lookup_string (service_table,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	832	_dbus_string_get_const_data (service_name));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	833
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	834	if (sid == SECSID_WILD)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	835	_dbus_verbose ("Service %s not found\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	836	_dbus_string_get_const_data (service_name));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	837	else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	838	_dbus_verbose ("Service %s found\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	839	_dbus_string_get_const_data (service_name));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	840
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	841	return BUS_SID_FROM_SELINUX (sid);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	842	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	843	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	844	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	845
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	846	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	847	* Get the SELinux policy root. This is used to find the D-Bus
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	848	* specific config file within the policy.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	849	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	850	const char *
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	851	bus_selinux_get_policy_root (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	852	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	853	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	854	return selinux_policy_root ();
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	855	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	856	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	857	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	858	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	859
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	860	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	861	* For debugging: Print out the current hash table of service SIDs.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	862	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	863	void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	864	bus_selinux_id_table_print (DBusHashTable *service_table)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	865	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	866	#ifdef DBUS_ENABLE_VERBOSE_MODE
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	867	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	868	DBusHashIter iter;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	869
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	870	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	871	return;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	872
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	873	_dbus_verbose ("Service SID Table:\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	874	_dbus_hash_iter_init (service_table, &iter);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	875	while (_dbus_hash_iter_next (&iter))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	876	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	877	const char *key = _dbus_hash_iter_get_string_key (&iter);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	878	security_id_t sid = _dbus_hash_iter_get_value (&iter);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	879	_dbus_verbose ("The key is %s\n", key);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	880	_dbus_verbose ("The context is %s\n", sid->ctx);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	881	_dbus_verbose ("The refcount is %d\n", sid->refcnt);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	882	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	883	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	884	#endif /* DBUS_ENABLE_VERBOSE_MODE */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	885	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	886
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	887
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	888	#ifdef DBUS_ENABLE_VERBOSE_MODE
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	889	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	890	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	891	* Print out some AVC statistics.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	892	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	893	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	894	bus_avc_print_stats (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	895	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	896	struct avc_cache_stats cstats;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	897
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	898	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	899	return;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	900
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	901	_dbus_verbose ("AVC Statistics:\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	902	avc_cache_stats (&cstats);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	903	avc_av_stats ();
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	904	_dbus_verbose ("AVC Cache Statistics:\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	905	_dbus_verbose ("Entry lookups: %d\n", cstats.entry_lookups);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	906	_dbus_verbose ("Entry hits: %d\n", cstats.entry_hits);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	907	_dbus_verbose ("Entry misses %d\n", cstats.entry_misses);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	908	_dbus_verbose ("Entry discards: %d\n", cstats.entry_discards);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	909	_dbus_verbose ("CAV lookups: %d\n", cstats.cav_lookups);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	910	_dbus_verbose ("CAV hits: %d\n", cstats.cav_hits);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	911	_dbus_verbose ("CAV probes: %d\n", cstats.cav_probes);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	912	_dbus_verbose ("CAV misses: %d\n", cstats.cav_misses);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	913	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	914	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	915	#endif /* DBUS_ENABLE_VERBOSE_MODE */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	916
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	917
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	918	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	919	* Destroy the AVC before we terminate.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	920	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	921	void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	922	bus_selinux_shutdown (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	923	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	924	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	925	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	926	return;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	927
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	928	_dbus_verbose ("AVC shutdown\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	929
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	930	if (bus_sid != SECSID_WILD)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	931	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	932	sidput (bus_sid);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	933	bus_sid = SECSID_WILD;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	934
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	935	#ifdef DBUS_ENABLE_VERBOSE_MODE
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	936	bus_avc_print_stats ();
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	937	#endif /* DBUS_ENABLE_VERBOSE_MODE */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	938
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	939	avc_destroy ();
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	940	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	941	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	942	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	943

author	William Roberts <williamr@symbian.org>
	Thu, 22 Jul 2010 16:48:56 +0100
branch	GCC_SURGE
changeset 45	4b03adbd26ca
parent 18	47c74d1534e1
parent 34	5fae379060a7
permissions	-rw-r--r--