* bus/selinux.h: Add bus_selinux_enabled.
* bus/selinux.c (bus_selinux_enabled): Implement it.
* bus/config-parser.c (struct include): Add
if_selinux_enabled member.
(start_busconfig_child): Parse if_selinux_enabled
attribute for include.
(bus_config_parser_content): Handle it.
* bus/session.conf.in, bus/system.conf.in: Add
inclusion of context mapping to default config files;
conditional on SELinux being enabled.
* doc/busconfig.dtd: Add to if_selinux_enabled to default DTD.
* test/data/invalid-config-files/badselinux-1.conf,
test/data/invalid-config-files/badselinux-2.conf:
Test files for bad syntax.
+2004-10-18 Colin Walters <walters@verbum.org>
+
+ * bus/selinux.h: Add bus_selinux_enabled.
+
+ * bus/selinux.c (bus_selinux_enabled): Implement it.
+
+ * bus/config-parser.c (struct include): Add
+ if_selinux_enabled member.
+ (start_busconfig_child): Parse if_selinux_enabled
+ attribute for include.
+ (bus_config_parser_content): Handle it.
+
+ * bus/session.conf.in, bus/system.conf.in: Add
+ inclusion of context mapping to default config files;
+ conditional on SELinux being enabled.
+
+ * doc/busconfig.dtd: Add to if_selinux_enabled to default DTD.
+
+ * test/data/invalid-config-files/badselinux-1.conf,
+ test/data/invalid-config-files/badselinux-2.conf:
+ Test files for bad syntax.
+
2004-10-17 Colin Walters <walters@verbum.org>
* dbus/dbus-memory.c (_dbus_initialize_malloc_debug, check_guards)
struct
{
unsigned int ignore_missing : 1;
+ unsigned int if_selinux_enabled : 1;
unsigned int selinux_root_relative : 1;
} include;
else if (strcmp (element_name, "include") == 0)
{
Element *e;
+ const char *if_selinux_enabled;
const char *ignore_missing;
const char *selinux_root_relative;
}
e->d.include.ignore_missing = FALSE;
+ e->d.include.if_selinux_enabled = FALSE;
e->d.include.selinux_root_relative = FALSE;
if (!locate_attributes (parser, "include",
attribute_values,
error,
"ignore_missing", &ignore_missing,
+ "if_selinux_enabled", &if_selinux_enabled,
"selinux_root_relative", &selinux_root_relative,
NULL))
return FALSE;
return FALSE;
}
}
+
+ if (if_selinux_enabled != NULL)
+ {
+ if (strcmp (if_selinux_enabled, "yes") == 0)
+ e->d.include.if_selinux_enabled = TRUE;
+ else if (strcmp (if_selinux_enabled, "no") == 0)
+ e->d.include.if_selinux_enabled = FALSE;
+ else
+ {
+ dbus_set_error (error, DBUS_ERROR_FAILED,
+ "if_selinux_enabled attribute must have value"
+ " \"yes\" or \"no\"");
+ return FALSE;
+ }
+ }
if (selinux_root_relative != NULL)
{
e->had_content = TRUE;
+ if (e->d.include.if_selinux_enabled
+ && !bus_selinux_enabled ())
+ break;
+
if (!_dbus_string_init (&full_path))
goto nomem;
#endif /* HAVE_SELINUX */
/**
+ * Return whether or not SELinux is enabled; must be
+ * called after bus_selinux_init.
+ */
+dbus_bool_t
+bus_selinux_enabled (void)
+{
+ return selinux_enabled;
+}
+
+/**
* Initialize the user space access vector cache (AVC) for D-BUS and set up
* logging callbacks.
*/
dbus_bool_t bus_selinux_init (void);
void bus_selinux_shutdown (void);
+dbus_bool_t bus_selinux_enabled (void);
+
void bus_selinux_id_ref (BusSELinuxID *sid);
void bus_selinux_id_unref (BusSELinuxID *sid);
<!-- This is included last so local configuration can override what's
in this standard file -->
<include ignore_missing="yes">session-local.conf</include>
+
+ <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
+
</busconfig>
in this standard file -->
<include ignore_missing="yes">system-local.conf</include>
+ <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
+
</busconfig>
<!ELEMENT include (#PCDATA)>
<!ATTLIST include
ignore_missing (yes|no) "no"
+ if_selinux_enabled (yes|no) "no"
selinux_root_relative (yes|no) "no">
<!ELEMENT policy (allow|deny)*>
--- /dev/null
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <user>mybususer</user>
+ <listen>unix:path=/foo/bar</listen>
+ <listen>tcp:port=1234</listen>
+ <includedir>basic.d</includedir>
+ <servicedir>/usr/share/foo</servicedir>
+ <include selinux_root_relative="jomoma">blah</include>
+</busconfig>
--- /dev/null
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <user>mybususer</user>
+ <listen>unix:path=/foo/bar</listen>
+ <listen>tcp:port=1234</listen>
+ <includedir>basic.d</includedir>
+ <servicedir>/usr/share/foo</servicedir>
+ <include if_selinux_enabled="moo">blah</include>
+</busconfig>
projects / platform / upstream / dbus.git / commitdiff