From 6c191520c8b33cd7e550a6e3d9d853c25f552f54 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 14 Jul 2005 21:45:42 +0000 Subject: [PATCH] 2005-07-14 Colin Walters * bus/driver.c (bus_driver_handle_get_connection_unix_security_context): New function. (message_handlers): Add. * bus/selinux.c (bus_selinux_append_context): New function; appends security context to message. * bus/selinux.h: Prototype. * dbus/dbus-protocol.h (DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN): New. --- ChangeLog | 13 +++++++++ bus/driver.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++ bus/selinux.c | 13 +++++++++ bus/selinux.h | 2 ++ dbus/dbus-protocol.h | 1 + 5 files changed, 107 insertions(+) diff --git a/ChangeLog b/ChangeLog index 45640f7..39d38e2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2005-07-14 Colin Walters + + * bus/driver.c + (bus_driver_handle_get_connection_unix_security_context): New function. + (message_handlers): Add. + + * bus/selinux.c (bus_selinux_append_context): New function; appends + security context to message. + + * bus/selinux.h: Prototype. + + * dbus/dbus-protocol.h (DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN): New. + 2005-07-14 John (J5) Palmieri * bus/activation.c: clean up all tabs to be 8 spaces diff --git a/bus/driver.c b/bus/driver.c index 2a58d80..8e8a536 100644 --- a/bus/driver.c +++ b/bus/driver.c @@ -27,6 +27,7 @@ #include "driver.h" #include "dispatch.h" #include "services.h" +#include "selinux.h" #include "signals.h" #include "utils.h" #include @@ -1014,6 +1015,79 @@ bus_driver_handle_get_connection_unix_process_id (DBusConnection *connection, } static dbus_bool_t +bus_driver_handle_get_connection_unix_security_context (DBusConnection *connection, + BusTransaction *transaction, + DBusMessage *message, + DBusError *error) +{ + const char *service; + DBusString str; + BusRegistry *registry; + BusService *serv; + DBusConnection *conn; + DBusMessage *reply; + BusSELinuxID *context; + + _DBUS_ASSERT_ERROR_IS_CLEAR (error); + + registry = bus_connection_get_registry (connection); + + service = NULL; + reply = NULL; + + if (! dbus_message_get_args (message, error, + DBUS_TYPE_STRING, &service, + DBUS_TYPE_INVALID)) + goto failed; + + _dbus_verbose ("asked for security context of connection %s\n", service); + + _dbus_string_init_const (&str, service); + serv = bus_registry_lookup (registry, &str); + if (serv == NULL) + { + dbus_set_error (error, + DBUS_ERROR_NAME_HAS_NO_OWNER, + "Could not get security context of name '%s': no such name", service); + goto failed; + } + + conn = bus_service_get_primary_owner (serv); + + reply = dbus_message_new_method_return (message); + if (reply == NULL) + goto oom; + + context = bus_connection_get_selinux_id (conn); + if (!context) + { + dbus_set_error (error, + DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN, + "Could not determine security context for '%s'", service); + goto failed; + } + + if (! bus_selinux_append_context (reply, context)) + goto oom; + + if (! bus_transaction_send_from_driver (transaction, connection, reply)) + goto oom; + + dbus_message_unref (reply); + + return TRUE; + + oom: + BUS_SET_OOM (error); + + failed: + _DBUS_ASSERT_ERROR_IS_SET (error); + if (reply) + dbus_message_unref (reply); + return FALSE; +} + +static dbus_bool_t bus_driver_handle_reload_config (DBusConnection *connection, BusTransaction *transaction, DBusMessage *message, @@ -1093,6 +1167,10 @@ struct DBUS_TYPE_STRING_AS_STRING, DBUS_TYPE_UINT32_AS_STRING, bus_driver_handle_get_connection_unix_process_id }, + { "GetConnectionUnixSecurityContext", + DBUS_TYPE_STRING_AS_STRING, + DBUS_TYPE_STRING_AS_STRING, + bus_driver_handle_get_connection_unix_security_context }, { "ReloadConfig", "", "", diff --git a/bus/selinux.c b/bus/selinux.c index c647a77..9e73cc6 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -567,6 +567,19 @@ bus_selinux_allows_send (DBusConnection *sender, #endif /* HAVE_SELINUX */ } +dbus_bool_t +bus_selinux_append_context (DBusMessage *message, + BusSELinuxID *context) +{ + /* Note if you change how the context is marshalled (e.g. to ay), + * you also need to change driver.c for the appropriate return value. + */ + return dbus_message_append_args (message, + DBUS_TYPE_STRING, + SELINUX_SID_FROM_BUS (context), + DBUS_TYPE_INVALID); +} + /** * Gets the security context of a connection to the bus. It is up to * the caller to freecon() when they are done. diff --git a/bus/selinux.h b/bus/selinux.h index 4424fa8..22339bc 100644 --- a/bus/selinux.h +++ b/bus/selinux.h @@ -45,6 +45,8 @@ dbus_bool_t bus_selinux_id_table_insert (DBusHashTable *service_table, void bus_selinux_id_table_print (DBusHashTable *service_table); const char* bus_selinux_get_policy_root (void); +dbus_bool_t bus_selinux_append_context (DBusMessage *message, + BusSELinuxID *context); dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection, BusSELinuxID *service_sid, diff --git a/dbus/dbus-protocol.h b/dbus/dbus-protocol.h index 7f471b3..d9ac243 100644 --- a/dbus/dbus-protocol.h +++ b/dbus/dbus-protocol.h @@ -237,6 +237,7 @@ extern "C" { #define DBUS_ERROR_SPAWN_FAILED "org.freedesktop.DBus.Error.Spawn.Failed" #define DBUS_ERROR_UNIX_PROCESS_ID_UNKNOWN "org.freedesktop.DBus.Error.UnixProcessIdUnknown" #define DBUS_ERROR_INVALID_SIGNATURE "org.freedesktop.DBus.Error.InvalidSignature" +#define DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN "org.freedesktop.DBus.Error.UnixSecurityContextUnknown" #define DBUS_INTROSPECT_1_0_XML_NAMESPACE "http://www.freedesktop.org/standards/dbus" #define DBUS_INTROSPECT_1_0_XML_PUBLIC_IDENTIFIER "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN" -- 2.7.4