From 1baefdfc868b98e1dc513ed9e32a51e0ca56f5f1 Mon Sep 17 00:00:00 2001 From: Lukasz Skalski Date: Mon, 5 Sep 2016 11:35:38 +0200 Subject: [PATCH] kdbus: fix for GetConnectionSELinuxSecurityContext method call To keep compatibility with dbus1, GetConnectionSELinuxSecurityContext method call should always return SELinuxSecurityContextUnknown error on systems without SELinux (even if other LSM systems, like for example SMACK, are available on platform). Change-Id: I347cdf665a03fc047d267752b23c4503bf5218e3 --- dbus/dbus-transport-kdbus.c | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/dbus/dbus-transport-kdbus.c b/dbus/dbus-transport-kdbus.c index d8cb5a9..e23ded2 100755 --- a/dbus/dbus-transport-kdbus.c +++ b/dbus/dbus-transport-kdbus.c @@ -1946,6 +1946,17 @@ oom: return NULL; } +static dbus_bool_t +_mac_smack_use (void) +{ + static int cached_use = -1; + + if (cached_use < 0) + cached_use = access("/sys/fs/smackfs/", F_OK) >= 0; + + return cached_use; +} + static DBusMessage * capture_org_freedesktop_DBus_GetConnectionSELinuxSecurityContext (DBusTransportKdbus *transport, DBusMessage *message, @@ -1958,14 +1969,23 @@ capture_org_freedesktop_DBus_GetConnectionSELinuxSecurityContext (DBusTransportK if (info.sec_label != NULL) { - DBusMessage *reply; + if (_mac_smack_use()) + { + dbus_set_error (error, DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN, + "Could not determine security context"); + dbus_free (info.sec_label); + } + else + { + DBusMessage *reply; - reply = reply_fixed_array (message, DBUS_TYPE_BYTE, - info.sec_label, - strlen (info.sec_label)+1); + reply = reply_fixed_array (message, DBUS_TYPE_BYTE, + info.sec_label, + strlen (info.sec_label)+1); - dbus_free (info.sec_label); - return reply; + dbus_free (info.sec_label); + return reply; + } } else { -- 2.7.4