kdbus: fix for GetConnectionSELinuxSecurityContext method call

To keep compatibility with dbus1, GetConnectionSELinuxSecurityContext
method call should always return SELinuxSecurityContextUnknown error
on systems without SELinux (even if other LSM systems, like for example
SMACK, are available on platform).

Change-Id: I347cdf665a03fc047d267752b23c4503bf5218e3

diff --git a/dbus/dbus-transport-kdbus.c b/dbus/dbus-transport-kdbus.c
index d8cb5a9..e23ded2 100755 (executable)
--- a/dbus/dbus-transport-kdbus.c
+++ b/dbus/dbus-transport-kdbus.c
@@ -1946,6 +1946,17 @@ oom:
   return NULL;
 }
 
+static dbus_bool_t
+_mac_smack_use (void)
+{
+  static int cached_use = -1;
+
+  if (cached_use < 0)
+    cached_use = access("/sys/fs/smackfs/", F_OK) >= 0;
+
+  return cached_use;
+}
+
 static DBusMessage *
 capture_org_freedesktop_DBus_GetConnectionSELinuxSecurityContext (DBusTransportKdbus *transport,
                                                                   DBusMessage        *message,
@@ -1958,14 +1969,23 @@ capture_org_freedesktop_DBus_GetConnectionSELinuxSecurityContext (DBusTransportK
 
   if (info.sec_label != NULL)
     {
-      DBusMessage *reply;
+      if (_mac_smack_use())
+        {
+          dbus_set_error (error, DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN,
+                          "Could not determine security context");
+          dbus_free (info.sec_label);
+        }
+      else
+        {
+          DBusMessage *reply;
 
-      reply = reply_fixed_array (message, DBUS_TYPE_BYTE,
-                                 info.sec_label,
-                                 strlen (info.sec_label)+1);
+          reply = reply_fixed_array (message, DBUS_TYPE_BYTE,
+                                     info.sec_label,
+                                     strlen (info.sec_label)+1);
 
-      dbus_free (info.sec_label);
-      return reply;
+          dbus_free (info.sec_label);
+          return reply;
+        }
     }
   else
     {