From: Lukasz Skalski <l.skalski@samsung.com>
Date: Mon, 5 Sep 2016 09:06:03 +0000 (+0200)
Subject: kdbus: fix for GetConnectionSELinuxSecurityContext method call
X-Git-Tag: accepted/tizen/common/20160908.134701~1^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F67%2F86867%2F1;p=platform%2Fupstream%2Fglib.git

kdbus: fix for GetConnectionSELinuxSecurityContext method call

To keep compatibility with dbus1, GetConnectionSELinuxSecurityContext
method call should always return SELinuxSecurityContextUnknown error
on systems without SELinux (even if other LSM systems, like for example
SMACK, are available on platform).

Change-Id: Iaff5afad798b06179c298e65955f90038882b54f
---

diff --git a/gio/gkdbusfakedaemon.c b/gio/gkdbusfakedaemon.c
index 284b816..ace30e6 100644
--- a/gio/gkdbusfakedaemon.c
+++ b/gio/gkdbusfakedaemon.c
@@ -116,6 +116,16 @@ static gchar *introspect =
   " </interface>\n"
   "</node>\n";
 
+static gboolean
+_mac_smack_use (void)
+{
+  static int cached_use = -1;
+
+  if (cached_use < 0)
+    cached_use = access("/sys/fs/smackfs/", F_OK) >= 0;
+
+  return cached_use;
+}
 
 /**
  * _is_message_to_dbus_daemon()
@@ -287,17 +297,28 @@ _dbus_daemon_synthetic_reply (GKDBusWorker  *worker,
             g_set_error (&local_error, G_DBUS_ERROR, G_DBUS_ERROR_NOT_SUPPORTED, "Operation not supported");
           else if (local_error == NULL)
             {
-              GVariantBuilder builder;
-              gint counter;
+              /* 'label' (KDBUS_ITEM_SECLABEL item) contains valid LSM security label... */
+              if (_mac_smack_use())
+                {
+                  /* but if we are using SMACK - to keep compatibility with legacy dbus1 - return error */
+                  g_set_error (&local_error, G_DBUS_ERROR, G_DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN,
+                               "Could not determine security context for '%s'", name);
+                }
+              else
+                {
+                  /* if it is not SMACK - let's assume that it's SELinux label */
+                  GVariantBuilder builder;
+                  gint counter;
 
-              g_variant_builder_init (&builder, G_VARIANT_TYPE ("(ay)"));
-              g_variant_builder_open (&builder, G_VARIANT_TYPE ("ay"));
+                  g_variant_builder_init (&builder, G_VARIANT_TYPE ("(ay)"));
+                  g_variant_builder_open (&builder, G_VARIANT_TYPE ("ay"));
 
-              for (counter = 0 ; counter < strlen (label) ; counter++)
-                g_variant_builder_add (&builder, "y", label[counter]);
+                  for (counter = 0 ; counter < strlen (label) ; counter++)
+                    g_variant_builder_add (&builder, "y", label[counter]);
 
-              g_variant_builder_close (&builder);
-              reply_body = g_variant_builder_end (&builder);
+                  g_variant_builder_close (&builder);
+                  reply_body = g_variant_builder_end (&builder);
+                }
               g_free (label);
             }
         }