Merge "adns: remove dependency to lynx" into tizen

[scm/bb/meta-tizen.git] / meta-tizen-adaptation / meta / recipes-core / dbus / files / 0012-Enable-checking-of-smack-context-from-DBus-interface.patch

From: Brian McGillion <brian.mcgillion@intel.com>
Date: Mon, 6 Feb 2012 18:46:05 +0200
Subject: Enable checking of smack context from DBus interface

---
 bus/Makefile.am          |   4 ++
 bus/driver.c             |   6 +++
 bus/smack.c              | 132 +++++++++++++++++++++++++++++++++++++++++++++++
 bus/smack.h              |  36 +++++++++++++
 cmake/CMakeLists.txt     |   3 ++
 cmake/bus/CMakeLists.txt |   4 +-
 configure.ac             |  17 +++++-
 7 files changed, 199 insertions(+), 3 deletions(-)
 create mode 100644 bus/smack.c
 create mode 100644 bus/smack.h

diff --git a/bus/Makefile.am b/bus/Makefile.am
index 6cbc09a..7f63d86 100644
--- a/bus/Makefile.am
+++ b/bus/Makefile.am
@@ -7,6 +7,7 @@ DBUS_BUS_LIBS = \
        $(THREAD_LIBS) \
        $(ADT_LIBS) \
        $(NETWORK_libs) \
+       $(LIBSMACK_LIBS) \
        $(NULL)
 
 DBUS_LAUNCHER_LIBS = \
@@ -21,6 +22,7 @@ AM_CPPFLAGS = \
        -DDBUS_SYSTEM_CONFIG_FILE=\""$(configdir)/system.conf"\" \
        -DDBUS_COMPILATION \
        -DDBUS_STATIC_BUILD \
+       $(LIBSMACK_CFLAGS) \
        $(NULL)
 
 # if assertions are enabled, improve backtraces
@@ -93,6 +95,8 @@ BUS_SOURCES=                                  \
        services.h                              \
        signals.c                               \
        signals.h                               \
+       smack.c                                 \
+       smack.h                                 \
        stats.c                                 \
        stats.h                                 \
        test.c                                  \
diff --git a/bus/driver.c b/bus/driver.c
index 574e0f3..c6298d7 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -30,6 +30,7 @@
 #include "services.h"
 #include "selinux.h"
 #include "signals.h"
+#include "smack.h"
 #include "stats.h"
 #include "utils.h"
 #include <dbus/dbus-string.h>
@@ -38,6 +39,7 @@
 #include <dbus/dbus-marshal-recursive.h>
 #include <string.h>
 
+
 static dbus_bool_t bus_driver_send_welcome_message (DBusConnection *connection,
                                                     DBusMessage    *hello_message,
                                                     BusTransaction *transaction,
@@ -1736,6 +1738,10 @@ static const MessageHandler dbus_message_handlers[] = {
     "",
     DBUS_TYPE_STRING_AS_STRING,
     bus_driver_handle_get_id },
+  { "GetConnectionSmackContext",
+    DBUS_TYPE_STRING_AS_STRING,
+    DBUS_TYPE_STRING_AS_STRING,
+    bus_smack_handle_get_connection_context },
   { NULL, NULL, NULL, NULL }
 };
 
diff --git a/bus/smack.c b/bus/smack.c
new file mode 100644
index 0000000..b8542c2
--- /dev/null
+++ b/bus/smack.c
@@ -0,0 +1,132 @@
+/* smack.c - Provide interface to query smack context
+ *
+ * Author: Brian McGillion <brian.mcgillion@intel.com>
+ * Copyright © 2011 Intel Corporation
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#include <config.h>
+#include "smack.h"
+
+#include <dbus/dbus-internals.h>
+
+#include "connection.h"
+#include "services.h"
+#include "utils.h"
+
+#ifdef DBUS_ENABLE_SMACK
+#include <sys/smack.h>
+#endif
+
+#ifdef DBUS_ENABLE_SMACK
+static char *
+bus_smack_get_label (DBusConnection *connection)
+{
+  char *label;
+  int sock_fd;
+
+  if (!dbus_connection_get_socket(connection, &sock_fd))
+    return NULL;
+
+  if (smack_new_label_from_socket(sock_fd, &label) < 0)
+    return NULL;
+  return label;
+}
+#endif
+
+dbus_bool_t
+bus_smack_handle_get_connection_context (DBusConnection *connection,
+                                         BusTransaction *transaction,
+                                         DBusMessage    *message,
+                                         DBusError      *error)
+{
+#ifdef DBUS_ENABLE_SMACK
+  const char *remote_end = NULL;
+  BusRegistry *registry;
+  DBusString remote_end_str;
+  BusService *service;
+  DBusConnection *remote_connection;
+  DBusMessage *reply = NULL;
+  char *label;
+
+  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+  registry = bus_connection_get_registry (connection);
+
+  if (!dbus_message_get_args (message, error, DBUS_TYPE_STRING, &remote_end,
+                              DBUS_TYPE_INVALID))
+    return FALSE;
+
+  _dbus_verbose ("asked for label of connection %s\n", remote_end);
+
+  _dbus_string_init_const (&remote_end_str, remote_end);
+
+  service = bus_registry_lookup (registry, &remote_end_str);
+  if (service == NULL)
+    {
+      dbus_set_error (error, DBUS_ERROR_NAME_HAS_NO_OWNER,
+                      "Bus name '%s' has no owner", remote_end);
+      return FALSE;
+    }
+
+  remote_connection = bus_service_get_primary_owners_connection (service);
+  if (remote_connection == NULL)
+    goto oom;
+
+  reply = dbus_message_new_method_return (message);
+  if (reply == NULL)
+    goto oom;
+
+  label = bus_smack_get_label (remote_connection);
+  if (label == NULL)
+    {
+      dbus_set_error (error, DBUS_ERROR_FAILED,
+                      "Failed to get the socket fd of the connection",
+                      remote_end);
+      goto err;
+    }
+
+  if (!dbus_message_append_args (reply, DBUS_TYPE_STRING,
+                                 &label, DBUS_TYPE_INVALID))
+    goto oom;
+
+  if (!bus_transaction_send_from_driver (transaction, connection, reply))
+    goto oom;
+
+  dbus_message_unref (reply);
+  dbus_free(label);
+
+  return TRUE;
+
+oom:
+  BUS_SET_OOM (error);
+
+err:
+  if (reply != NULL)
+    dbus_message_unref (reply);
+
+  dbus_free(label);
+
+  return FALSE;
+#else
+  dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED,
+                  "SMACK support is not enabled");
+  return FALSE;
+#endif
+}
diff --git a/bus/smack.h b/bus/smack.h
new file mode 100644
index 0000000..04a4a2a
--- /dev/null
+++ b/bus/smack.h
@@ -0,0 +1,36 @@
+/* smack.h - Provide interface to query smack context
+ *
+ * Author: Brian McGillion <brian.mcgillion@intel.com>
+ * Copyright © 2011 Intel Corporation
+ *
+ * Based on example from Stats interface
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#ifndef SMACK_H
+#define SMACK_H
+
+#include "bus.h"
+
+dbus_bool_t bus_smack_handle_get_connection_context (DBusConnection *connection,
+                                                     BusTransaction *transaction,
+                                                     DBusMessage    *message,
+                                                     DBusError      *error);
+
+#endif // SMACK_H
diff --git a/cmake/CMakeLists.txt b/cmake/CMakeLists.txt
index 000acda..68b7a9e 100644
--- a/cmake/CMakeLists.txt
+++ b/cmake/CMakeLists.txt
@@ -94,6 +94,8 @@ option (DBUS_ENABLE_STATS "enable bus daemon usage statistics" OFF)
 
 option (DBUS_ENABLE_STATS "enable bus daemon usage statistics" OFF)
 
+option (DBUS_ENABLE_SMACK "enable smack checks in the daemon" OFF)
+
 if (DBUS_USE_EXPAT)
     find_package(LibExpat)
 else ()
@@ -555,6 +557,7 @@ message("        Building bus stats API:   ${DBUS_ENABLE_STATS}                "
 message("        installing system libs:   ${DBUS_INSTALL_SYSTEM_LIBS}         ")
 #message("        Building SELinux support: ${have_selinux}                     ")
 #message("        Building dnotify support: ${have_dnotify}                     ")
+message("        Building Smack support:   ${DBUS_ENABLE_SMACK}                ")
 message("        Building Doxygen docs:    ${DBUS_ENABLE_DOXYGEN_DOCS}         ")
 message("        Building XML docs:        ${DBUS_ENABLE_XML_DOCS}             ")
 #message("        Gettext libs (empty OK):  ${INTLLIBS}                         ")
diff --git a/cmake/bus/CMakeLists.txt b/cmake/bus/CMakeLists.txt
index 2657605..13fb34c 100644
--- a/cmake/bus/CMakeLists.txt
+++ b/cmake/bus/CMakeLists.txt
@@ -72,7 +72,9 @@ set (BUS_SOURCES
        ${BUS_DIR}/test.c                                       
        ${BUS_DIR}/test.h                                       
        ${BUS_DIR}/utils.c                                      
-       ${BUS_DIR}/utils.h                                      
+       ${BUS_DIR}/utils.h
+       ${BUS_DIR}/smack.c
+       ${BUS_DIR}/smack.h
        ${XML_SOURCES}
        ${DIR_WATCH_SOURCE}
 )
diff --git a/configure.ac b/configure.ac
index a963d4d..95216c5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -207,6 +207,9 @@ if test "x$enable_embedded_tests" = xyes; then
       [Define to build test code into the library and binaries])
 fi
 
+# call early to ensure availability
+PKG_PROG_PKG_CONFIG
+
 # DBUS_ENABLE_MODULAR_TESTS controls tests that work based on public API.
 # These use GTest, from GLib, because life's too short. They're enabled by
 # default (unless you don't have GLib), because they don't bloat the library
@@ -907,8 +910,6 @@ fi
 # unix:path=/foo or unix:abstract=/foo
 AC_SUBST(DBUS_PATH_OR_ABSTRACT)
 
-PKG_PROG_PKG_CONFIG
-
 #### Sort out XML library
 
 # see what we have
@@ -1703,6 +1704,17 @@ if test "x$enable_stats" = xyes; then
     [Define to enable bus daemon usage statistics])
 fi
 
+#enable smack label support
+AC_ARG_ENABLE([smack], [AS_HELP_STRING([--enable-smack], [enable SMACK security checks])], [], [enable_smack=no])
+if test "x$enable_smack" = xyes; then
+  PKG_CHECK_MODULES([LIBSMACK], [libsmack >= 1.0],
+     [AC_DEFINE([DBUS_ENABLE_SMACK], [1], [Define to enable SMACK security features])],
+     [AC_MSG_ERROR([libsmack is required to enable smack support])])
+fi
+
+AC_SUBST([LIBSMACK_CFLAGS])
+AC_SUBST([LIBSMACK_LIBS])
+
 AC_CONFIG_FILES([
 Doxyfile
 dbus/versioninfo.rc
@@ -1781,6 +1793,7 @@ echo "
         Building checks:          ${enable_checks}
         Building bus stats API:   ${enable_stats}
         Building SELinux support: ${have_selinux}
+       Building SMACK support:   ${enable_smack}
         Building inotify support: ${have_inotify}
         Building dnotify support: ${have_dnotify}
         Building kqueue support:  ${have_kqueue}