X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=bus%2Fselinux.c;h=c36c94ecf79017fb38d823ad03e7e2e185023892;hb=7d9239c9c78cb6d0b9c282376fcf3cda1de23209;hp=456723ac58458ca863003bec6c6c1466b1e12e48;hpb=0a3905d7f3b2ff43b09479863775939f9c8acad4;p=platform%2Fupstream%2Fdbus.git

diff --git a/bus/selinux.c b/bus/selinux.c
index 456723a..c36c94e 100644
--- a/bus/selinux.c
+++ b/bus/selinux.c
@@ -20,21 +20,25 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  *
  */
+
+#include <config.h>
 #include <dbus/dbus-internals.h>
 #include <dbus/dbus-string.h>
+#ifndef DBUS_WIN
 #include <dbus/dbus-userdb.h>
+#endif
 #include "selinux.h"
 #include "services.h"
 #include "policy.h"
 #include "utils.h"
 #include "config-parser.h"
 
-#ifdef HAVE_SELINUX
-#include <sys/types.h>
-#include <unistd.h>
 #ifdef HAVE_ERRNO_H
 #include <errno.h>
 #endif
+#ifdef HAVE_SELINUX
+#include <sys/types.h>
+#include <unistd.h>
 #include <limits.h>
 #include <pthread.h>
 #include <syslog.h>
@@ -46,11 +50,11 @@
 #include <stdarg.h>
 #include <stdio.h>
 #include <grp.h>
+#endif /* HAVE_SELINUX */
 #ifdef HAVE_LIBAUDIT
 #include <cap-ng.h>
 #include <libaudit.h>
 #endif /* HAVE_LIBAUDIT */
-#endif /* HAVE_SELINUX */
 
 #define BUS_SID_FROM_SELINUX(sid)  ((BusSELinuxID*) (sid))
 #define SELINUX_SID_FROM_BUS(sid)  ((security_id_t) (sid))
@@ -160,7 +164,7 @@ log_callback (const char *fmt, ...)
   }
 #endif /* HAVE_LIBAUDIT */
   
-  vsyslog (LOG_INFO, fmt, ap);
+  vsyslog (LOG_USER | LOG_INFO, fmt, ap);
   va_end(ap);
 }
 
@@ -338,7 +342,6 @@ bus_selinux_full_init (void)
     }
   else
     {
-      openlog ("dbus", LOG_PERROR, LOG_USER);
       _dbus_verbose ("Access Vector Cache (AVC) started.\n");
     }
 
@@ -933,8 +936,7 @@ bus_selinux_get_policy_root (void)
 void
 bus_selinux_id_table_print (DBusHashTable *service_table)
 {
-#ifdef DBUS_ENABLE_VERBOSE_MODE
-#ifdef HAVE_SELINUX
+#if defined (DBUS_ENABLE_VERBOSE_MODE) && defined (HAVE_SELINUX)
   DBusHashIter iter;
 
   if (!selinux_enabled)
@@ -950,19 +952,18 @@ bus_selinux_id_table_print (DBusHashTable *service_table)
       _dbus_verbose ("The context is %s\n", sid->ctx);
       _dbus_verbose ("The refcount is %d\n", sid->refcnt);
     }
-#endif /* HAVE_SELINUX */
-#endif /* DBUS_ENABLE_VERBOSE_MODE */
+#endif /* DBUS_ENABLE_VERBOSE_MODE && HAVE_SELINUX */
 }
 
 
-#ifdef DBUS_ENABLE_VERBOSE_MODE
-#ifdef HAVE_SELINUX
 /**
  * Print out some AVC statistics.
  */
+#ifdef HAVE_SELINUX
 static void
 bus_avc_print_stats (void)
 {
+#ifdef DBUS_ENABLE_VERBOSE_MODE
   struct avc_cache_stats cstats;
 
   if (!selinux_enabled)
@@ -980,10 +981,9 @@ bus_avc_print_stats (void)
   _dbus_verbose ("CAV hits: %d\n", cstats.cav_hits);
   _dbus_verbose ("CAV probes: %d\n", cstats.cav_probes);
   _dbus_verbose ("CAV misses: %d\n", cstats.cav_misses);
+#endif /* DBUS_ENABLE_VERBOSE_MODE */
 }
 #endif /* HAVE_SELINUX */
-#endif /* DBUS_ENABLE_VERBOSE_MODE */
-
 
 /**
  * Destroy the AVC before we terminate.
@@ -1002,12 +1002,7 @@ bus_selinux_shutdown (void)
       sidput (bus_sid);
       bus_sid = SECSID_WILD;
 
-#ifdef DBUS_ENABLE_VERBOSE_MODE
- 
-      if (_dbus_is_verbose()) 
-        bus_avc_print_stats ();
- 
-#endif /* DBUS_ENABLE_VERBOSE_MODE */
+      bus_avc_print_stats ();
 
       avc_destroy ();
 #ifdef HAVE_LIBAUDIT
@@ -1017,6 +1012,8 @@ bus_selinux_shutdown (void)
 #endif /* HAVE_SELINUX */
 }
 
+/* The !HAVE_LIBAUDIT case lives in dbus-sysdeps-util-unix.c */
+#ifdef HAVE_LIBAUDIT
 /**
  * Changes the user and group the bus is running as.
  *
@@ -1042,7 +1039,6 @@ _dbus_change_to_daemon_user  (const char    *user,
       return FALSE;
     }
 
-#ifdef HAVE_LIBAUDIT
   /* If we were root */
   if (_dbus_geteuid () == 0)
     {
@@ -1051,7 +1047,7 @@ _dbus_change_to_daemon_user  (const char    *user,
       capng_clear (CAPNG_SELECT_BOTH);
       capng_update (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
                     CAP_AUDIT_WRITE);
-      rc = capng_change_id (uid, gid, 0);
+      rc = capng_change_id (uid, gid, CAPNG_DROP_SUPP_GRP);
       if (rc)
         {
           switch (rc) {
@@ -1083,38 +1079,7 @@ _dbus_change_to_daemon_user  (const char    *user,
           return FALSE;
         }
     }
-#else
-  /* setgroups() only works if we are a privileged process,
-   * so we don't return error on failure; the only possible
-   * failure is that we don't have perms to do it.
-   *
-   * not sure this is right, maybe if setuid()
-   * is going to work then setgroups() should also work.
-   */
-  if (setgroups (0, NULL) < 0)
-    _dbus_warn ("Failed to drop supplementary groups: %s\n",
-                _dbus_strerror (errno));
-
-  /* Set GID first, or the setuid may remove our permission
-   * to change the GID
-   */
-  if (setgid (gid) < 0)
-    {
-      dbus_set_error (error, _dbus_error_from_errno (errno),
-                      "Failed to set GID to %lu: %s", gid,
-                      _dbus_strerror (errno));
-      return FALSE;
-    }
-
-  if (setuid (uid) < 0)
-    {
-      dbus_set_error (error, _dbus_error_from_errno (errno),
-                      "Failed to set UID to %lu: %s", uid,
-                      _dbus_strerror (errno));
-      return FALSE;
-    }
-#endif /* !HAVE_LIBAUDIT */
 
  return TRUE;
 }
-
+#endif