kdbus: fix for GetConnectionSELinuxSecurityContext method call

To keep compatibility with dbus1, GetConnectionSELinuxSecurityContext
method call should always return SELinuxSecurityContextUnknown error
on systems without SELinux (even if other LSM systems, like for example
SMACK, are available on platform).

Change-Id: Iaff5afad798b06179c298e65955f90038882b54f

diff --git a/gio/gkdbusfakedaemon.c b/gio/gkdbusfakedaemon.c
index 284b816..ace30e6 100644 (file)
--- a/gio/gkdbusfakedaemon.c
+++ b/gio/gkdbusfakedaemon.c
@@ -116,6 +116,16 @@ static gchar *introspect =
   " </interface>\n"
   "</node>\n";
 
+static gboolean
+_mac_smack_use (void)
+{
+  static int cached_use = -1;
+
+  if (cached_use < 0)
+    cached_use = access("/sys/fs/smackfs/", F_OK) >= 0;
+
+  return cached_use;
+}
 
 /**
  * _is_message_to_dbus_daemon()
@@ -287,17 +297,28 @@ _dbus_daemon_synthetic_reply (GKDBusWorker  *worker,
             g_set_error (&local_error, G_DBUS_ERROR, G_DBUS_ERROR_NOT_SUPPORTED, "Operation not supported");
           else if (local_error == NULL)
             {
-              GVariantBuilder builder;
-              gint counter;
+              /* 'label' (KDBUS_ITEM_SECLABEL item) contains valid LSM security label... */
+              if (_mac_smack_use())
+                {
+                  /* but if we are using SMACK - to keep compatibility with legacy dbus1 - return error */
+                  g_set_error (&local_error, G_DBUS_ERROR, G_DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN,
+                               "Could not determine security context for '%s'", name);
+                }
+              else
+                {
+                  /* if it is not SMACK - let's assume that it's SELinux label */
+                  GVariantBuilder builder;
+                  gint counter;
 
-              g_variant_builder_init (&builder, G_VARIANT_TYPE ("(ay)"));
-              g_variant_builder_open (&builder, G_VARIANT_TYPE ("ay"));
+                  g_variant_builder_init (&builder, G_VARIANT_TYPE ("(ay)"));
+                  g_variant_builder_open (&builder, G_VARIANT_TYPE ("ay"));
 
-              for (counter = 0 ; counter < strlen (label) ; counter++)
-                g_variant_builder_add (&builder, "y", label[counter]);
+                  for (counter = 0 ; counter < strlen (label) ; counter++)
+                    g_variant_builder_add (&builder, "y", label[counter]);
 
-              g_variant_builder_close (&builder);
-              reply_body = g_variant_builder_end (&builder);
+                  g_variant_builder_close (&builder);
+                  reply_body = g_variant_builder_end (&builder);
+                }
               g_free (label);
             }
         }