$(THREAD_LIBS) \
$(ADT_LIBS) \
$(NETWORK_libs) \
+ $(LIBSMACK_LIBS) \
$(NULL)
DBUS_LAUNCHER_LIBS = \
$(APPARMOR_CFLAGS) \
-DDBUS_SYSTEM_CONFIG_FILE=\""$(dbusdatadir)/system.conf"\" \
-DDBUS_COMPILATION \
+ -DDBUS_STATIC_BUILD \
+ $(LIBSMACK_CFLAGS) \
$(NULL)
# if assertions are enabled, improve backtraces
services.h \
signals.c \
signals.h \
+ smack.c \
+ smack.h \
stats.c \
stats.h \
test.c \
#include "services.h"
#include "selinux.h"
#include "signals.h"
+#include "smack.h"
#include "stats.h"
#include "utils.h"
bus_driver_handle_get_id },
{ "GetConnectionCredentials", "s", "a{sv}",
bus_driver_handle_get_connection_credentials },
+ { "GetConnectionSmackContext",
+ DBUS_TYPE_STRING_AS_STRING,
+ DBUS_TYPE_STRING_AS_STRING,
+ bus_smack_handle_get_connection_context },
{ NULL, NULL, NULL, NULL }
};
--- /dev/null
+/* smack.c - Provide interface to query smack context
+ *
+ * Author: Brian McGillion <brian.mcgillion@intel.com>
+ * Copyright © 2011 Intel Corporation
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#include <config.h>
+#include "smack.h"
+
+#include <dbus/dbus-internals.h>
+
+#include "connection.h"
+#include "services.h"
+#include "utils.h"
+
+#ifdef DBUS_ENABLE_SMACK
+#include <sys/smack.h>
+#endif
+
+#ifdef DBUS_ENABLE_SMACK
+static char *
+bus_smack_get_label (DBusConnection *connection)
+{
+ char *label;
+ int sock_fd;
+
+ if (!dbus_connection_get_socket(connection, &sock_fd))
+ return NULL;
+
+ if (smack_new_label_from_socket(sock_fd, &label) < 0)
+ return NULL;
+ return label;
+}
+#endif
+
+dbus_bool_t
+bus_smack_handle_get_connection_context (DBusConnection *connection,
+ BusTransaction *transaction,
+ DBusMessage *message,
+ DBusError *error)
+{
+#ifdef DBUS_ENABLE_SMACK
+ const char *remote_end = NULL;
+ BusRegistry *registry;
+ DBusString remote_end_str;
+ BusService *service;
+ DBusConnection *remote_connection;
+ DBusMessage *reply = NULL;
+ char *label;
+
+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+ registry = bus_connection_get_registry (connection);
+
+ if (!dbus_message_get_args (message, error, DBUS_TYPE_STRING, &remote_end,
+ DBUS_TYPE_INVALID))
+ return FALSE;
+
+ _dbus_verbose ("asked for label of connection %s\n", remote_end);
+
+ _dbus_string_init_const (&remote_end_str, remote_end);
+
+ service = bus_registry_lookup (registry, &remote_end_str);
+ if (service == NULL)
+ {
+ dbus_set_error (error, DBUS_ERROR_NAME_HAS_NO_OWNER,
+ "Bus name '%s' has no owner", remote_end);
+ return FALSE;
+ }
+
+ remote_connection = bus_service_get_primary_owners_connection (service);
+ if (remote_connection == NULL)
+ goto oom;
+
+ reply = dbus_message_new_method_return (message);
+ if (reply == NULL)
+ goto oom;
+
+ label = bus_smack_get_label (remote_connection);
+ if (label == NULL)
+ {
+ dbus_set_error (error, DBUS_ERROR_FAILED,
+ "Failed to get the socket fd of the connection",
+ remote_end);
+ goto err;
+ }
+
+ if (!dbus_message_append_args (reply, DBUS_TYPE_STRING,
+ &label, DBUS_TYPE_INVALID))
+ goto oom;
+
+ if (!bus_transaction_send_from_driver (transaction, connection, reply))
+ goto oom;
+
+ dbus_message_unref (reply);
+ dbus_free(label);
+
+ return TRUE;
+
+oom:
+ BUS_SET_OOM (error);
+
+err:
+ if (reply != NULL)
+ dbus_message_unref (reply);
+
+ dbus_free(label);
+
+ return FALSE;
+#else
+ dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED,
+ "SMACK support is not enabled");
+ return FALSE;
+#endif
+}
--- /dev/null
+/* smack.h - Provide interface to query smack context
+ *
+ * Author: Brian McGillion <brian.mcgillion@intel.com>
+ * Copyright © 2011 Intel Corporation
+ *
+ * Based on example from Stats interface
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#ifndef SMACK_H
+#define SMACK_H
+
+#include "bus.h"
+
+dbus_bool_t bus_smack_handle_get_connection_context (DBusConnection *connection,
+ BusTransaction *transaction,
+ DBusMessage *message,
+ DBusError *error);
+
+#endif // SMACK_H
set(FD_SETSIZE "8192" CACHE STRING "The maximum number of connections that can be handled at once")
endif()
+option (DBUS_ENABLE_SMACK "enable smack checks in the daemon" OFF)
+
find_package(EXPAT)
find_package(X11)
find_package(GLib2)
message(" installing system libs: ${DBUS_INSTALL_SYSTEM_LIBS} ")
message(" Building inotify support: ${DBUS_BUS_ENABLE_INOTIFY} ")
message(" Building kqueue support: ${DBUS_BUS_ENABLE_KQUEUE} ")
+message(" Building Smack support: ${DBUS_ENABLE_SMACK} ")
message(" Building Doxygen docs: ${DBUS_ENABLE_DOXYGEN_DOCS} ")
message(" Building XML docs: ${DBUS_ENABLE_XML_DOCS} ")
message(" Daemon executable name: ${DBUS_DAEMON_NAME}")
${BUS_DIR}/test.c
${BUS_DIR}/test.h
${BUS_DIR}/utils.c
- ${BUS_DIR}/utils.h
+ ${BUS_DIR}/utils.h
+ ${BUS_DIR}/smack.c
+ ${BUS_DIR}/smack.h
${XML_SOURCES}
${DIR_WATCH_SOURCE}
)
[Define to build test code into the library and binaries])
fi
+# call early to ensure availability
+PKG_PROG_PKG_CONFIG
+
# DBUS_ENABLE_MODULAR_TESTS controls tests that work based on public API.
# These use GTest, from GLib, because life's too short. They're enabled by
# default (unless you don't have GLib), because they don't bloat the library
AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION],
[test "x$enable_user_session" = xyes])
+#enable smack label support
+AC_ARG_ENABLE([smack], [AS_HELP_STRING([--enable-smack], [enable SMACK security checks])], [], [enable_smack=no])
+if test "x$enable_smack" = xyes; then
+ PKG_CHECK_MODULES([LIBSMACK], [libsmack >= 1.0],
+ [AC_DEFINE([DBUS_ENABLE_SMACK], [1], [Define to enable SMACK security features])],
+ [AC_MSG_ERROR([libsmack is required to enable smack support])])
+fi
+
+AC_SUBST([LIBSMACK_CFLAGS])
+AC_SUBST([LIBSMACK_LIBS])
+
AC_CONFIG_FILES([
Doxyfile
dbus/Version
Building bus stats API: ${enable_stats}
Building SELinux support: ${have_selinux}
Building AppArmor support: ${have_apparmor}
+ Building SMACK support: ${enable_smack}
Building inotify support: ${have_inotify}
Building kqueue support: ${have_kqueue}
Building systemd support: ${have_systemd}
projects / platform / upstream / dbus.git / commitdiff