$(THREAD_LIBS) \
$(ADT_LIBS) \
$(NETWORK_libs) \
- $(LIBSMACK_LIBS) \
$(CYNARA_LIBS) \
$(NULL)
$(APPARMOR_CFLAGS) \
-DDBUS_SYSTEM_CONFIG_FILE=\""$(dbusdatadir)/system.conf"\" \
-DDBUS_COMPILATION \
- -DDBUS_STATIC_BUILD \
- $(LIBSMACK_CFLAGS) \
$(CYNARA_CFLAGS) \
$(NULL)
services.h \
signals.c \
signals.h \
- smack.c \
- smack.h \
stats.c \
stats.h \
test.c \
POLICY_MANDATORY,
POLICY_USER,
POLICY_GROUP,
- POLICY_SMACK,
POLICY_CONSOLE
} PolicyType;
struct
{
PolicyType type;
- union
- {
- unsigned long gid_uid_or_at_console;
- char *smack_label;
- };
+ unsigned long gid_uid_or_at_console;
} policy;
struct
{
if (e->type == ELEMENT_LIMIT)
dbus_free (e->d.limit.name);
- else if (e->type == ELEMENT_POLICY && e->d.policy.type == POLICY_SMACK)
- dbus_free (e->d.policy.smack_label);
dbus_free (e);
}
const char *user;
const char *group;
const char *at_console;
- const char *smack;
if ((e = push_element (parser, ELEMENT_POLICY)) == NULL)
{
"context", &context,
"user", &user,
"group", &group,
- "smack", &smack,
"at_console", &at_console,
NULL))
return FALSE;
- if (((context != NULL) + (user != NULL) + (group != NULL) +
- (smack != NULL) + (at_console != NULL)) != 1)
+ if (((context && user) ||
+ (context && group) ||
+ (context && at_console)) ||
+ ((user && group) ||
+ (user && at_console)) ||
+ (group && at_console) ||
+ !(context || user || group || at_console))
{
dbus_set_error (error, DBUS_ERROR_FAILED,
- "<policy> element must have exactly one of (context|user|group|smack|at_console) attributes");
+ "<policy> element must have exactly one of (context|user|group|at_console) attributes");
return FALSE;
}
_dbus_warn ("Unknown group \"%s\" in message bus configuration file\n",
group);
}
- else if (smack != NULL)
- {
- e->d.policy.type = POLICY_SMACK;
- e->d.policy.smack_label = _dbus_strdup (smack);
- if (e->d.policy.smack_label == NULL)
- {
- BUS_SET_OOM (error);
- return FALSE;
- }
- }
else if (at_console != NULL)
{
dbus_bool_t t;
rule))
goto nomem;
break;
- case POLICY_SMACK:
- if (!bus_policy_append_smack_rule (parser->policy, pe->d.policy.smack_label, rule))
- goto nomem;
- break;
case POLICY_CONSOLE:
if (!bus_policy_append_console_rule (parser->policy, pe->d.policy.gid_uid_or_at_console,
rule))
#include <bus/connection.h>
#ifdef DBUS_ENABLE_CYNARA
#include <cynara-client-async.h>
+#include <dbus/dbus-connection-internal.h>
#endif
#define USE_CYNARA_CACHE 1
cynara_check_id check_id;
DBusConnection *connection = check_type == BUS_DEFERRED_MESSAGE_CHECK_RECEIVE ? proposed_recipient : sender;
BusDeferredMessage *deferred_message;
+ BusResult return_result;
_dbus_assert(connection != NULL);
if (dbus_connection_get_unix_user(connection, &uid) == FALSE)
return BUS_RESULT_FALSE;
-#ifdef DBUS_ENABLE_SMACK
- if (dbus_connection_get_smack_label (connection, &label) == FALSE)
+ if (_dbus_connection_get_linux_security_label (connection, &label) == FALSE)
return BUS_RESULT_FALSE;
-#else
-#error Cannot get connection label with smack disabled
-#endif
session_id = bus_connection_get_cynara_session_id (connection);
if (session_id == NULL)
- return BUS_RESULT_FALSE;
+ {
+ dbus_free ((char*)label);
+ return BUS_RESULT_FALSE;
+ }
snprintf(user, sizeof(user), "%lu", uid);
case CYNARA_API_ACCESS_ALLOWED:
_dbus_verbose("Cynara: got ALLOWED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n",
label, session_id, user, privilege);
- return BUS_RESULT_TRUE;
+ return_result = BUS_RESULT_TRUE;
+ break;
case CYNARA_API_ACCESS_DENIED:
_dbus_verbose("Cynara: got DENIED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n",
label, session_id, user, privilege);
- return BUS_RESULT_FALSE;
+ return_result = BUS_RESULT_FALSE;
+ break;
case CYNARA_API_CACHE_MISS:
deferred_message = bus_deferred_message_new(message, sender, addressed_recipient,
if (deferred_message == NULL)
{
_dbus_verbose("Failed to allocate memory for deferred message\n");
- return BUS_RESULT_FALSE;
+ return_result = BUS_RESULT_FALSE;
+ break;
}
/* callback is supposed to unref deferred_message*/
"deferred_message=%p\n", label, session_id, user, privilege, (unsigned int)check_id, deferred_message);
if (deferred_message_param != NULL)
*deferred_message_param = deferred_message;
- return BUS_RESULT_LATER;
+ return_result = BUS_RESULT_LATER;
+ break;
}
else
{
_dbus_verbose("Error on cynara request create: %i\n", result);
bus_deferred_message_unref(deferred_message);
- return BUS_RESULT_FALSE;
+ return_result = BUS_RESULT_FALSE;
+ break;
}
break;
default:
_dbus_verbose("Error when accessing Cynara cache: %i\n", result);
- return BUS_RESULT_FALSE;
+ return_result = BUS_RESULT_FALSE;
+ break;
}
+ dbus_free ((char*)label);
+ return return_result;
+
#else
return BUS_RESULT_FALSE;
#endif
#include "services.h"
#include "selinux.h"
#include "signals.h"
-#include "smack.h"
#include "stats.h"
#include "utils.h"
dbus_free (s);
}
-#ifdef DBUS_ENABLE_SMACK
- {
- const char *smack_label;
- if (dbus_connection_get_smack_label (conn, &smack_label)) {
- if (!_dbus_asv_add_string (&array_iter, "SmackLabel", smack_label))
- goto oom;
- }
- }
-#endif
-
if (!_dbus_asv_close (&reply_iter, &array_iter))
goto oom;
bus_driver_handle_get_id },
{ "GetConnectionCredentials", "s", "a{sv}",
bus_driver_handle_get_connection_credentials },
- { "GetConnectionSmackContext",
- DBUS_TYPE_STRING_AS_STRING,
- DBUS_TYPE_STRING_AS_STRING,
- bus_smack_handle_get_connection_context },
{ NULL, NULL, NULL, NULL }
};
#include "services.h"
#include "test.h"
#include "utils.h"
-#include "smack.h"
#include <dbus/dbus-list.h>
#include <dbus/dbus-hash.h>
#include <dbus/dbus-internals.h>
{
int refcount;
- DBusList *default_rules; /**< Default policy rules */
- DBusList *mandatory_rules; /**< Mandatory policy rules */
- DBusHashTable *rules_by_uid; /**< per-UID policy rules */
- DBusHashTable *rules_by_gid; /**< per-GID policy rules */
- DBusHashTable *rules_by_smack_label; /**< per-SMACK label policy rules */
- DBusList *at_console_true_rules; /**< console user policy rules where at_console="true"*/
- DBusList *at_console_false_rules; /**< console user policy rules where at_console="false"*/
+ DBusList *default_rules; /**< Default policy rules */
+ DBusList *mandatory_rules; /**< Mandatory policy rules */
+ DBusHashTable *rules_by_uid; /**< per-UID policy rules */
+ DBusHashTable *rules_by_gid; /**< per-GID policy rules */
+ DBusList *at_console_true_rules; /**< console user policy rules where at_console="true"*/
+ DBusList *at_console_false_rules; /**< console user policy rules where at_console="false"*/
};
static void
if (policy->rules_by_gid == NULL)
goto failed;
-#ifdef DBUS_ENABLE_SMACK
- policy->rules_by_smack_label = _dbus_hash_table_new (DBUS_HASH_STRING,
- (DBusFreeFunction) dbus_free,
- free_rule_list_func);
- if (policy->rules_by_smack_label == NULL)
- goto failed;
-#endif
-
return policy;
failed:
policy->rules_by_gid = NULL;
}
- if (policy->rules_by_smack_label)
- {
- _dbus_hash_table_unref (policy->rules_by_smack_label);
- policy->rules_by_smack_label = NULL;
- }
-
dbus_free (policy);
}
}
}
}
- if (policy->rules_by_smack_label &&
- _dbus_hash_table_get_n_entries (policy->rules_by_smack_label) > 0)
- {
- DBusList **list;
- dbus_bool_t nomem_err = FALSE;
-
- list = bus_smack_generate_allowed_list(connection, policy->rules_by_smack_label, &nomem_err);
-
- if (list != NULL)
- {
- nomem_err = !add_list_to_client (list, client);
- _dbus_list_clear (list);
- dbus_free(list);
- }
-
- if (nomem_err)
- goto nomem;
- }
-
if (!add_list_to_client (&policy->mandatory_rules,
client))
goto nomem;
return TRUE;
}
-#ifdef DBUS_ENABLE_SMACK
-static DBusList **
-get_list_string (DBusHashTable *table,
- const char *key)
-{
- DBusList **list;
-
- if (key == NULL)
- return NULL;
-
- list = _dbus_hash_table_lookup_string (table, key);
-
- if (list == NULL)
- {
- char *new_key;
-
- list = dbus_new0 (DBusList*, 1);
- if (list == NULL)
- return NULL;
-
- new_key = _dbus_strdup (key);
- if (new_key == NULL)
- {
- dbus_free (list);
- return NULL;
- }
-
- if (!_dbus_hash_table_insert_string (table, new_key, list))
- {
- dbus_free (list);
- dbus_free (new_key);
- return NULL;
- }
- }
-
- return list;
-}
-#endif
-
-dbus_bool_t
-bus_policy_append_smack_rule (BusPolicy *policy,
- const char *label,
- BusPolicyRule *rule)
-{
-#ifdef DBUS_ENABLE_SMACK
- DBusList **list;
-
- list = get_list_string (policy->rules_by_smack_label, label);
- if (list == NULL)
- return FALSE;
-
- if (!_dbus_list_append (list, rule))
- return FALSE;
-
- bus_policy_rule_ref (rule);
-#endif
-
- return TRUE;
-}
-
dbus_bool_t
bus_policy_append_console_rule (BusPolicy *policy,
dbus_bool_t at_console,
return TRUE;
}
-#ifdef DBUS_ENABLE_SMACK
-static dbus_bool_t
-merge_string_hash (DBusHashTable *dest,
- DBusHashTable *to_absorb)
-{
- DBusHashIter iter;
-
- _dbus_hash_iter_init (to_absorb, &iter);
- while (_dbus_hash_iter_next (&iter))
- {
- const char *absorb_label = _dbus_hash_iter_get_string_key(&iter);
- DBusList **list = _dbus_hash_iter_get_value (&iter);
- DBusList **target = get_list_string (dest, absorb_label);
-
- if (target == NULL)
- return FALSE;
-
- if (!append_copy_of_policy_list (target, list))
- return FALSE;
- }
-
- return TRUE;
-}
-#endif
-
dbus_bool_t
bus_policy_merge (BusPolicy *policy,
BusPolicy *to_absorb)
to_absorb->rules_by_gid))
return FALSE;
-#ifdef DBUS_ENABLE_SMACK
- if (!merge_string_hash (policy->rules_by_smack_label,
- to_absorb->rules_by_smack_label))
- return FALSE;
-#endif
-
return TRUE;
}
dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy,
dbus_gid_t gid,
BusPolicyRule *rule);
-dbus_bool_t bus_policy_append_smack_rule (BusPolicy *policy,
- const char *label,
- BusPolicyRule *rule);
dbus_bool_t bus_policy_append_console_rule (BusPolicy *policy,
dbus_bool_t at_console,
BusPolicyRule *rule);
+++ /dev/null
-/* smack.c - Provide interface to query smack context
- *
- * Author: Brian McGillion <brian.mcgillion@intel.com>
- * Copyright © 2011 Intel Corporation
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301 USA
- */
-
-#include <config.h>
-#include "smack.h"
-
-#include <dbus/dbus-internals.h>
-
-#include "connection.h"
-#include "services.h"
-#include "utils.h"
-#include "policy.h"
-
-#ifdef DBUS_ENABLE_SMACK
-#include <sys/smack.h>
-#endif
-
-#define SMACK_WRITE "W"
-#define SMACK_READ "R"
-#define SMACK_READ_WRITE "RW"
-
-
-BusResult
-bus_smack_handle_get_connection_context (DBusConnection *connection,
- BusTransaction *transaction,
- DBusMessage *message,
- DBusError *error)
-{
-#ifdef DBUS_ENABLE_SMACK
- const char *remote_end = NULL;
- BusRegistry *registry;
- DBusString remote_end_str;
- BusService *service;
- DBusConnection *remote_connection;
- DBusMessage *reply = NULL;
- const char *label;
-
- _DBUS_ASSERT_ERROR_IS_CLEAR (error);
-
- registry = bus_connection_get_registry (connection);
-
- if (!dbus_message_get_args (message, error, DBUS_TYPE_STRING, &remote_end,
- DBUS_TYPE_INVALID))
- return BUS_RESULT_FALSE;
-
- _dbus_verbose ("asked for label of connection %s\n", remote_end);
-
- _dbus_string_init_const (&remote_end_str, remote_end);
-
- service = bus_registry_lookup (registry, &remote_end_str);
- if (service == NULL)
- {
- dbus_set_error (error, DBUS_ERROR_NAME_HAS_NO_OWNER,
- "Bus name '%s' has no owner", remote_end);
- return BUS_RESULT_FALSE;
- }
-
- remote_connection = bus_service_get_primary_owners_connection (service);
- if (remote_connection == NULL)
- goto oom;
-
- reply = dbus_message_new_method_return (message);
- if (reply == NULL)
- goto oom;
-
- if (!dbus_connection_get_smack_label(remote_connection, &label))
- {
- dbus_set_error (error, DBUS_ERROR_FAILED,
- "Failed to get the socket fd of the connection",
- remote_end);
- goto err;
- }
-
- if (!dbus_message_append_args (reply, DBUS_TYPE_STRING,
- &label, DBUS_TYPE_INVALID))
- goto oom;
-
- if (!bus_transaction_send_from_driver (transaction, connection, reply))
- goto oom;
-
- dbus_message_unref (reply);
-
- return BUS_RESULT_TRUE;
-
-oom:
- BUS_SET_OOM (error);
-
-err:
- if (reply != NULL)
- dbus_message_unref (reply);
-
- return BUS_RESULT_FALSE;
-#else
- dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED,
- "SMACK support is not enabled");
- return BUS_RESULT_FALSE;
-#endif
-}
-
-#ifdef DBUS_ENABLE_SMACK
-static dbus_bool_t
-bus_smack_has_access (const char *subject, const char *object,
- const char *access)
-{
- return (smack_have_access (subject, object, access) == 1 ? TRUE : FALSE);
-}
-#endif
-
-
-/**
- * Calculate the list of rules that apply to a connection.
- *
- * @param connection The inbound conenction
- * @param rules_by_smack_label The table of object labels -> rules mapping
- * @param nomem_err (out) If a nomem situation is encountered this value is set to TRUE.
- * @returns the list of permitted rules if it exists and no errors were encountered otherwise NULL.
- */
-DBusList**
-bus_smack_generate_allowed_list (DBusConnection *connection,
- DBusHashTable *rules_by_smack_label,
- dbus_bool_t *nomem_err)
-{
-#ifdef DBUS_ENABLE_SMACK
- const char *subject_label;
- DBusHashIter iter;
- dbus_bool_t is_allowed;
- DBusList **allowed_list;
-
- /* the label of the subject, is the label on the new connection,
- either the service itself or one of its clients */
-
- if (!dbus_connection_get_smack_label(connection, &subject_label))
- return NULL;
-
- allowed_list = dbus_new0 (DBusList*, 1);
- if (allowed_list == NULL)
- goto nomem;
-
- /* Iterate over all the smack labels we have parsed from the .conf files */
- _dbus_hash_iter_init (rules_by_smack_label, &iter);
- while (_dbus_hash_iter_next (&iter))
- {
- DBusList *link;
- const char *object_label = _dbus_hash_iter_get_string_key (&iter);
- /* the list here is all the rules that are 'protected'
- by the SMACK label named $object_label */
- DBusList **list = _dbus_hash_iter_get_value (&iter);
-
- link = _dbus_list_get_first_link (list);
- while (link != NULL)
- {
- BusPolicyRule *rule = link->data;
- link = _dbus_list_get_next_link (list, link);
- is_allowed = FALSE;
-
- switch (rule->type)
- {
- case BUS_POLICY_RULE_OWN:
- is_allowed = bus_smack_has_access (subject_label,
- object_label,
- SMACK_READ_WRITE);
- break;
- case BUS_POLICY_RULE_SEND:
- is_allowed = bus_smack_has_access (subject_label,
- object_label,
- SMACK_WRITE);
- break;
- case BUS_POLICY_RULE_RECEIVE:
- is_allowed = bus_smack_has_access (subject_label,
- object_label,
- SMACK_READ);
- break;
- default:
- continue;
- }
-
- if (is_allowed)
- {
- if (!_dbus_list_append (allowed_list, rule))
- goto nomem;
-
- bus_policy_rule_ref (rule);
- }
-
- _dbus_verbose ("permission request subject (%s) -> object (%s) : %s", subject_label, object_label, (is_allowed ? "GRANTED" : "REJECTED"));
- }
- }
-
- return allowed_list;
-
-nomem:
- if (allowed_list != NULL) {
- _dbus_list_clear (allowed_list);
- dbus_free (allowed_list);
- }
-
- *nomem_err = TRUE;
- return NULL;
-
-#else
- return NULL;
-#endif
-}
+++ /dev/null
-/* smack.h - Provide interface to query smack context
- *
- * Author: Brian McGillion <brian.mcgillion@intel.com>
- * Copyright © 2011 Intel Corporation
- *
- * Based on example from Stats interface
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301 USA
- */
-
-#ifndef SMACK_H
-#define SMACK_H
-
-#include "bus.h"
-#include <dbus/dbus-hash.h>
-
-dbus_bool_t bus_smack_handle_get_connection_context (DBusConnection *connection,
- BusTransaction *transaction,
- DBusMessage *message,
- DBusError *error);
-
-DBusList **bus_smack_generate_allowed_list (DBusConnection *connection,
- DBusHashTable *label_rules,
- dbus_bool_t *error);
-#endif // SMACK_H
set(FD_SETSIZE "8192" CACHE STRING "The maximum number of connections that can be handled at once")
endif()
-option (DBUS_ENABLE_SMACK "enable smack checks in the daemon" OFF)
-
find_package(EXPAT)
find_package(X11)
find_package(GLib2)
message(" installing system libs: ${DBUS_INSTALL_SYSTEM_LIBS} ")
message(" Building inotify support: ${DBUS_BUS_ENABLE_INOTIFY} ")
message(" Building kqueue support: ${DBUS_BUS_ENABLE_KQUEUE} ")
-message(" Building Smack support: ${DBUS_ENABLE_SMACK} ")
message(" Building Doxygen docs: ${DBUS_ENABLE_DOXYGEN_DOCS} ")
message(" Building XML docs: ${DBUS_ENABLE_XML_DOCS} ")
message(" Daemon executable name: ${DBUS_DAEMON_NAME}")
${BUS_DIR}/test.c
${BUS_DIR}/test.h
${BUS_DIR}/utils.c
- ${BUS_DIR}/utils.h
- ${BUS_DIR}/smack.c
- ${BUS_DIR}/smack.h
+ ${BUS_DIR}/utils.h
${XML_SOURCES}
${DIR_WATCH_SOURCE}
)
[Define to build test code into the library and binaries])
fi
-# call early to ensure availability
-PKG_PROG_PKG_CONFIG
-
# DBUS_ENABLE_MODULAR_TESTS controls tests that work based on public API.
# These use GTest, from GLib, because life's too short. They're enabled by
# default (unless you don't have GLib), because they don't bloat the library
AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION],
[test "x$enable_user_session" = xyes])
-#enable smack label support
-AC_ARG_ENABLE([smack], [AS_HELP_STRING([--enable-smack], [enable SMACK security checks])], [], [enable_smack=no])
-if test "x$enable_smack" = xyes; then
- PKG_CHECK_MODULES([LIBSMACK], [libsmack >= 1.0],
- [AC_DEFINE([DBUS_ENABLE_SMACK], [1], [Define to enable SMACK security features])],
- [AC_MSG_ERROR([libsmack is required to enable smack support])])
-fi
-
-AC_SUBST([LIBSMACK_CFLAGS])
-AC_SUBST([LIBSMACK_LIBS])
#enable cynara integration
AC_ARG_ENABLE([cynara], [AS_HELP_STRING([--enable-cynara], [enable Cynara integration])], [], [enable_cynara=no])
Building bus stats API: ${enable_stats}
Building SELinux support: ${have_selinux}
Building AppArmor support: ${have_apparmor}
- Building SMACK support: ${enable_smack}
Building inotify support: ${have_inotify}
Building kqueue support: ${have_kqueue}
Building systemd support: ${have_systemd}
-I$(top_srcdir) \
$(DBUS_STATIC_BUILD_CPPFLAGS) \
$(SYSTEMD_CFLAGS) \
- $(LIBSMACK_CFLAGS) \
$(VALGRIND_CFLAGS) \
-DDBUS_COMPILATION \
-DDBUS_MACHINE_UUID_FILE=\""$(localstatedir)/lib/dbus/machine-id"\" \
SYMBOL_EXPORT_LDFLAGS=
endif
-libdbus_1_la_LIBADD= $(LIBDBUS_LIBS) $(LIBSMACK_LIBS)
+libdbus_1_la_LIBADD= $(LIBDBUS_LIBS)
libdbus_1_la_LDFLAGS = \
$(AM_LDFLAGS) \
-version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) \
$(AM_CPPFLAGS) \
-DDBUS_STATIC_BUILD \
$(NULL)
-libdbus_internal_la_LIBADD=$(LIBDBUS_LIBS) libdbus-1.la $(SYSTEMD_LIBS) $(LIBSMACK_LIBS)
+libdbus_internal_la_LIBADD=$(LIBDBUS_LIBS) libdbus-1.la $(SYSTEMD_LIBS)
if LIBDBUSPOLICY
libdbus_internal_la_CPPFLAGS += $(LIBDBUSPOLICY1_FLAGS)
#include "dbus-bus.h"
#include "dbus-marshal-basic.h"
-#ifdef DBUS_ENABLE_SMACK
-#include <sys/smack.h>
-#include <stdlib.h>
-#endif
-
#ifdef DBUS_DISABLE_CHECKS
#define TOOK_LOCK_CHECK(connection)
#define RELEASING_LOCK_CHECK(connection)
DBusObjectTree *objects; /**< Object path handlers registered with this connection */
char *server_guid; /**< GUID of server if we are in shared_connections, #NULL if server GUID is unknown or connection is private */
-#ifdef DBUS_ENABLE_SMACK
- char *peer_smack_label; /** Smack label of the peer at the time when the connection was established. Allocated with malloc(), NULL if unknown. */
-#endif
/* These two MUST be bools and not bitfields, because they are protected by a separate lock
* from connection->mutex and all bitfields in a word have to be read/written together.
if (connection == NULL)
goto error;
-#ifdef DBUS_ENABLE_SMACK
- /* If we cannot get the Smack label, proceed without. */
- {
- DBusSocket sock_fd;
- if (_dbus_transport_get_socket_fd(transport, &sock_fd)) {
- char *label;
- if (smack_new_label_from_socket(_dbus_socket_get_int (sock_fd), &label) >= 0) {
- connection->peer_smack_label = label;
- }
- }
- }
-#endif
-
_dbus_rmutex_new_at_location (&connection->mutex);
if (connection->mutex == NULL)
goto error;
_dbus_rmutex_free_at_location (&connection->mutex);
-#ifdef DBUS_ENABLE_SMACK
- if (connection->peer_smack_label)
- free (connection->peer_smack_label);
-#endif
-
dbus_free (connection);
}
return result;
}
-#ifdef DBUS_ENABLE_SMACK
-/**
- * Gets the Smack label of the peer at the time when the connection
- * was established. Returns #TRUE if the label is filled in.
- *
- * @param connection the connection
- * @param label return location for the Smack label; returned value is valid as long as the connection exists
- * @returns #TRUE if uid is filled in with a valid process ID
- */
-dbus_bool_t
-dbus_connection_get_smack_label (DBusConnection *connection,
- const char **label)
-{
- _dbus_return_val_if_fail (connection != NULL, FALSE);
- _dbus_return_val_if_fail (label != NULL, FALSE);
-
- *label = connection->peer_smack_label;
- return *label != NULL;
-}
-#endif
-
/**
* Gets the ADT audit data of the connection if any.
* Returns #TRUE if the structure pointer is returned.
DBUS_EXPORT
dbus_bool_t dbus_connection_get_unix_process_id (DBusConnection *connection,
unsigned long *pid);
-#ifdef DBUS_ENABLE_SMACK
-DBUS_EXPORT
-dbus_bool_t dbus_connection_get_smack_label (DBusConnection *connection,
- const char **label);
-#endif
DBUS_EXPORT
dbus_bool_t dbus_connection_get_adt_audit_session_data (DBusConnection *connection,
void **data,
</para>
</entry>
</row>
- <row>
- <entry>SmackLabel</entry>
- <entry>STRING</entry>
- <entry>The Smack label of the process at the time when it connected
- to D-Bus, on platforms that have this concept.</entry>
- </row>
</tbody>
</tgroup>
</informaltable>
-* Mon Oct 07 2013 Patrick McCarty <patrick.mccarty@linux.intel.com> 4d8ccdf
-- packaging: enable Smack support
-
* Mon Jul 22 2013 Michael Leibowitz <michael.leibowitz@intel.com> accepted/tizen/20130710.220936@43a3a39
-- Enforce smack policy from conf file
-- Enable checking of smack context from DBus interface
- resetting manifest requested domain to floor
* Thu Jun 20 2013 Anas Nashif <anas.nashif@intel.com> dbus-1.6.12@46d2277
BuildRequires: pkgconfig(libsystemd)
%endif
BuildRequires: pkgconfig(glib-2.0)
-BuildRequires: pkgconfig(libsmack)
BuildRequires: pkgconfig(cynara-client)
BuildRequires: pkgconfig(cynara-session)
BuildRequires: pkgconfig(cynara-client-async)
--with-systemdsystemunitdir=%{_unitdir} \
--with-systemduserunitdir=%{_unitdir_user} \
--enable-user-session \
- --enable-smack \
--enable-cynara \
--enable-modular-tests \
--enable-installed-tests
--with-systemdsystemunitdir=%{_unitdir} \
--with-systemduserunitdir=%{_unitdir_user} \
--enable-user-session \
- --enable-smack \
--enable-cynara \
--enable-modular-tests \
--enable-installed-tests \
--with-systemdsystemunitdir=%{_unitdir} \
--with-systemduserunitdir=%{_unitdir_user} \
--enable-user-session \
- --enable-smack \
--enable-cynara \
--enable-modular-tests \
--enable-installed-tests