FCL/sf/os/ossrv: ofdbus/dbus/bus/selinux.c@ce057bb09d0b (annotated)

31 ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	1	/*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	2	* Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies).
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	3	* All rights reserved.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	4	* This component and the accompanying materials are made available
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	5	* under the terms of "Eclipse Public License v1.0"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	6	* which accompanies this distribution, and is available
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	7	* at the URL "http://www.eclipse.org/legal/epl-v10.html".
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	8	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	9	* Initial Contributors:
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	10	* Nokia Corporation - initial contribution.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	11	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	12	* Contributors:
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	13	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	14	* Description:
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	15	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	16	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	17
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	18	#ifndef __SYMBIAN32__
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	19	#include <dbus/dbus-internals.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	20	#include <dbus/dbus-string.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	21	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	22	#include "dbus-internals.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	23	#include "dbus-string.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	24	#endif //__SYMBIAN32__
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	25	#include "selinux.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	26	#include "services.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	27	#include "policy.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	28	#include "utils.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	29	#include "config-parser.h"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	30
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	31	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	32	#include <errno.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	33	#include <pthread.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	34	#include <syslog.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	35	#include <selinux/selinux.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	36	#include <selinux/avc.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	37	#include <selinux/av_permissions.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	38	#include <selinux/flask.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	39	#include <signal.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	40	#include <stdarg.h>
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	41	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	42
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	43	#define BUS_SID_FROM_SELINUX(sid) ((BusSELinuxID*) (sid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	44	#define SELINUX_SID_FROM_BUS(sid) ((security_id_t) (sid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	45
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	46	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	47	/* Store the value telling us if SELinux is enabled in the kernel. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	48	static dbus_bool_t selinux_enabled = FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	49
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	50	/* Store an avc_entry_ref to speed AVC decisions. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	51	static struct avc_entry_ref aeref;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	52
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	53	/* Store the SID of the bus itself to use as the default. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	54	static security_id_t bus_sid = SECSID_WILD;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	55
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	56	/* Thread to listen for SELinux status changes via netlink. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	57	static pthread_t avc_notify_thread;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	58
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	59	/* Prototypes for AVC callback functions. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	60	static void log_callback (const char *fmt, ...);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	61	static void log_audit_callback (void data, security_class_t class, char buf, size_t bufleft);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	62	static void avc_create_thread (void (run) (void));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	63	static void avc_stop_thread (void *thread);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	64	static void *avc_alloc_lock (void);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	65	static void avc_get_lock (void *lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	66	static void avc_release_lock (void *lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	67	static void avc_free_lock (void *lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	68
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	69	/* AVC callback structures for use in avc_init. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	70	static const struct avc_memory_callback mem_cb =
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	71	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	72	.func_malloc = dbus_malloc,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	73	.func_free = dbus_free
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	74	};
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	75	static const struct avc_log_callback log_cb =
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	76	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	77	.func_log = log_callback,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	78	.func_audit = log_audit_callback
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	79	};
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	80	static const struct avc_thread_callback thread_cb =
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	81	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	82	.func_create_thread = avc_create_thread,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	83	.func_stop_thread = avc_stop_thread
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	84	};
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	85	static const struct avc_lock_callback lock_cb =
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	86	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	87	.func_alloc_lock = avc_alloc_lock,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	88	.func_get_lock = avc_get_lock,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	89	.func_release_lock = avc_release_lock,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	90	.func_free_lock = avc_free_lock
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	91	};
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	92	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	93
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	94	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	95	* Log callback to log denial messages from the AVC.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	96	* This is used in avc_init. Logs to both standard
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	97	* error and syslogd.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	98	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	99	* @param fmt the format string
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	100	* @param variable argument list
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	101	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	102	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	103	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	104	log_callback (const char *fmt, ...)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	105	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	106	va_list ap;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	107	va_start(ap, fmt);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	108	vsyslog (LOG_INFO, fmt, ap);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	109	va_end(ap);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	110	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	111
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	112	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	113	* On a policy reload we need to reparse the SELinux configuration file, since
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	114	* this could have changed. Send a SIGHUP to reload all configs.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	115	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	116	static int
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	117	policy_reload_callback (u_int32_t event, security_id_t ssid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	118	security_id_t tsid, security_class_t tclass,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	119	access_vector_t perms, access_vector_t *out_retained)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	120	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	121	if (event == AVC_CALLBACK_RESET)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	122	return raise (SIGHUP);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	123
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	124	return 0;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	125	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	126
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	127	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	128	* Log any auxiliary data
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	129	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	130	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	131	log_audit_callback (void data, security_class_t class, char buf, size_t bufleft)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	132	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	133	DBusString *audmsg = data;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	134	_dbus_string_copy_to_buffer (audmsg, buf, bufleft);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	135	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	136
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	137	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	138	* Create thread to notify the AVC of enforcing and policy reload
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	139	* changes via netlink.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	140	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	141	* @param run the thread run function
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	142	* @return pointer to the thread
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	143	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	144	static void *
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	145	avc_create_thread (void (*run) (void))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	146	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	147	int rc;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	148
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	149	rc = pthread_create (&avc_notify_thread, NULL, (void () (void *)) run, NULL);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	150	if (rc != 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	151	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	152	_dbus_warn ("Failed to start AVC thread: %s\n", _dbus_strerror (rc));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	153	exit (1);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	154	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	155	return &avc_notify_thread;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	156	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	157
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	158	/* Stop AVC netlink thread. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	159	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	160	avc_stop_thread (void *thread)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	161	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	162	pthread_cancel ((pthread_t ) thread);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	163	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	164
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	165	/* Allocate a new AVC lock. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	166	static void *
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	167	avc_alloc_lock (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	168	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	169	pthread_mutex_t *avc_mutex;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	170
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	171	avc_mutex = dbus_new (pthread_mutex_t, 1);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	172	if (avc_mutex == NULL)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	173	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	174	_dbus_warn ("Could not create mutex: %s\n", _dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	175	exit (1);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	176	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	177	pthread_mutex_init (avc_mutex, NULL);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	178
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	179	return avc_mutex;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	180	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	181
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	182	/* Acquire an AVC lock. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	183	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	184	avc_get_lock (void *lock)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	185	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	186	pthread_mutex_lock (lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	187	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	188
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	189	/* Release an AVC lock. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	190	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	191	avc_release_lock (void *lock)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	192	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	193	pthread_mutex_unlock (lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	194	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	195
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	196	/* Free an AVC lock. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	197	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	198	avc_free_lock (void *lock)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	199	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	200	pthread_mutex_destroy (lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	201	dbus_free (lock);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	202	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	203	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	204
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	205	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	206	* Return whether or not SELinux is enabled; must be
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	207	* called after bus_selinux_init.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	208	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	209	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	210	bus_selinux_enabled (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	211	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	212	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	213	return selinux_enabled;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	214	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	215	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	216	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	217	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	218
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	219	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	220	* Do early initialization; determine whether SELinux is enabled.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	221	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	222	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	223	bus_selinux_pre_init (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	224	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	225	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	226	int r;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	227	_dbus_assert (bus_sid == SECSID_WILD);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	228
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	229	/* Determine if we are running an SELinux kernel. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	230	r = is_selinux_enabled ();
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	231	if (r < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	232	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	233	_dbus_warn ("Could not tell if SELinux is enabled: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	234	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	235	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	236	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	237
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	238	selinux_enabled = r != 0;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	239	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	240	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	241	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	242	#endif
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	243	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	244
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	245	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	246	* Initialize the user space access vector cache (AVC) for D-Bus and set up
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	247	* logging callbacks.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	248	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	249	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	250	bus_selinux_full_init (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	251	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	252	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	253	char *bus_context;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	254
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	255	_dbus_assert (bus_sid == SECSID_WILD);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	256
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	257	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	258	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	259	_dbus_verbose ("SELinux not enabled in this kernel.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	260	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	261	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	262
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	263	_dbus_verbose ("SELinux is enabled in this kernel.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	264
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	265	avc_entry_ref_init (&aeref);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	266	if (avc_init ("avc", &mem_cb, &log_cb, &thread_cb, &lock_cb) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	267	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	268	_dbus_warn ("Failed to start Access Vector Cache (AVC).\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	269	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	270	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	271	else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	272	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	273	openlog ("dbus", LOG_PERROR, LOG_USER);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	274	_dbus_verbose ("Access Vector Cache (AVC) started.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	275	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	276
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	277	if (avc_add_callback (policy_reload_callback, AVC_CALLBACK_RESET,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	278	NULL, NULL, 0, 0) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	279	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	280	_dbus_warn ("Failed to add policy reload callback: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	281	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	282	avc_destroy ();
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	283	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	284	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	285
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	286	bus_context = NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	287	bus_sid = SECSID_WILD;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	288
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	289	if (getcon (&bus_context) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	290	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	291	_dbus_verbose ("Error getting context of bus: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	292	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	293	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	294	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	295
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	296	if (avc_context_to_sid (bus_context, &bus_sid) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	297	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	298	_dbus_verbose ("Error getting SID from bus context: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	299	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	300	freecon (bus_context);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	301	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	302	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	303
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	304	freecon (bus_context);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	305
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	306	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	307	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	308	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	309	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	310	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	311
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	312	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	313	* Decrement SID reference count.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	314	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	315	* @param sid the SID to decrement
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	316	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	317	void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	318	bus_selinux_id_unref (BusSELinuxID *sid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	319	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	320	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	321	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	322	return;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	323
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	324	_dbus_assert (sid != NULL);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	325
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	326	sidput (SELINUX_SID_FROM_BUS (sid));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	327	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	328	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	329
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	330	void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	331	bus_selinux_id_ref (BusSELinuxID *sid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	332	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	333	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	334	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	335	return;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	336
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	337	_dbus_assert (sid != NULL);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	338
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	339	sidget (SELINUX_SID_FROM_BUS (sid));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	340	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	341	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	342
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	343	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	344	* Determine if the SELinux security policy allows the given sender
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	345	* security context to go to the given recipient security context.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	346	* This function determines if the requested permissions are to be
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	347	* granted from the connection to the message bus or to another
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	348	* optionally supplied security identifier (e.g. for a service
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	349	* context). Currently these permissions are either send_msg or
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	350	* acquire_svc in the dbus class.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	351	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	352	* @param sender_sid source security context
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	353	* @param override_sid is the target security context. If SECSID_WILD this will
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	354	* use the context of the bus itself (e.g. the default).
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	355	* @param target_class is the target security class.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	356	* @param requested is the requested permissions.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	357	* @returns #TRUE if security policy allows the send.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	358	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	359	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	360	static dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	361	bus_selinux_check (BusSELinuxID *sender_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	362	BusSELinuxID *override_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	363	security_class_t target_class,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	364	access_vector_t requested,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	365	DBusString *auxdata)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	366	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	367	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	368	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	369
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	370	/* Make the security check. AVC checks enforcing mode here as well. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	371	if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid),
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	372	override_sid ?
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	373	SELINUX_SID_FROM_BUS (override_sid) :
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	374	SELINUX_SID_FROM_BUS (bus_sid),
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	375	target_class, requested, &aeref, auxdata) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	376	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	377	_dbus_verbose ("SELinux denying due to security policy.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	378	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	379	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	380	else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	381	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	382	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	383	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	384
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	385	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	386	* Returns true if the given connection can acquire a service,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	387	* assuming the given security ID is needed for that service.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	388	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	389	* @param connection connection that wants to own the service
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	390	* @param service_sid the SID of the service from the table
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	391	* @returns #TRUE if acquire is permitted.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	392	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	393	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	394	bus_selinux_allows_acquire_service (DBusConnection *connection,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	395	BusSELinuxID *service_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	396	const char *service_name,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	397	DBusError *error)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	398	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	399	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	400	BusSELinuxID *connection_sid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	401	unsigned long spid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	402	DBusString auxdata;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	403	dbus_bool_t ret;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	404
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	405	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	406	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	407
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	408	connection_sid = bus_connection_get_selinux_id (connection);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	409	if (!dbus_connection_get_unix_process_id (connection, &spid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	410	spid = 0;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	411
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	412	if (!_dbus_string_init (&auxdata))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	413	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	414
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	415	if (!_dbus_string_append (&auxdata, "service="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	416	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	417
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	418	if (!_dbus_string_append (&auxdata, service_name))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	419	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	420
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	421	if (spid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	422	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	423	if (!_dbus_string_append (&auxdata, " spid="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	424	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	425
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	426	if (!_dbus_string_append_uint (&auxdata, spid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	427	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	428	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	429
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	430	ret = bus_selinux_check (connection_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	431	service_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	432	SECCLASS_DBUS,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	433	DBUS__ACQUIRE_SVC,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	434	&auxdata);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	435
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	436	_dbus_string_free (&auxdata);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	437	return ret;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	438
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	439	oom:
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	440	_dbus_string_free (&auxdata);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	441	BUS_SET_OOM (error);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	442	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	443
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	444	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	445	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	446	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	447	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	448
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	449	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	450	* Check if SELinux security controls allow the message to be sent to a
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	451	* particular connection based on the security context of the sender and
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	452	* that of the receiver. The destination connection need not be the
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	453	* addressed recipient, it could be an "eavesdropper"
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	454	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	455	* @param sender the sender of the message.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	456	* @param proposed_recipient the connection the message is to be sent to.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	457	* @returns whether to allow the send
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	458	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	459	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	460	bus_selinux_allows_send (DBusConnection *sender,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	461	DBusConnection *proposed_recipient,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	462	const char *msgtype,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	463	const char *interface,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	464	const char *member,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	465	const char *error_name,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	466	const char *destination,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	467	DBusError *error)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	468	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	469	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	470	BusSELinuxID *recipient_sid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	471	BusSELinuxID *sender_sid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	472	unsigned long spid, tpid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	473	DBusString auxdata;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	474	dbus_bool_t ret;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	475	dbus_bool_t string_alloced;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	476
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	477	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	478	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	479
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	480	if (!sender \|\| !dbus_connection_get_unix_process_id (sender, &spid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	481	spid = 0;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	482	if (!proposed_recipient \|\| !dbus_connection_get_unix_process_id (proposed_recipient, &tpid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	483	tpid = 0;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	484
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	485	string_alloced = FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	486	if (!_dbus_string_init (&auxdata))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	487	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	488	string_alloced = TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	489
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	490	if (!_dbus_string_append (&auxdata, "msgtype="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	491	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	492
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	493	if (!_dbus_string_append (&auxdata, msgtype))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	494	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	495
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	496	if (interface)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	497	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	498	if (!_dbus_string_append (&auxdata, " interface="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	499	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	500	if (!_dbus_string_append (&auxdata, interface))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	501	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	502	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	503
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	504	if (member)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	505	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	506	if (!_dbus_string_append (&auxdata, " member="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	507	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	508	if (!_dbus_string_append (&auxdata, member))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	509	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	510	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	511
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	512	if (error_name)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	513	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	514	if (!_dbus_string_append (&auxdata, " error_name="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	515	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	516	if (!_dbus_string_append (&auxdata, error_name))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	517	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	518	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	519
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	520	if (destination)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	521	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	522	if (!_dbus_string_append (&auxdata, " dest="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	523	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	524	if (!_dbus_string_append (&auxdata, destination))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	525	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	526	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	527
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	528	if (spid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	529	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	530	if (!_dbus_string_append (&auxdata, " spid="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	531	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	532
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	533	if (!_dbus_string_append_uint (&auxdata, spid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	534	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	535	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	536
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	537	if (tpid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	538	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	539	if (!_dbus_string_append (&auxdata, " tpid="))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	540	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	541
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	542	if (!_dbus_string_append_uint (&auxdata, tpid))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	543	goto oom;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	544	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	545
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	546	sender_sid = bus_connection_get_selinux_id (sender);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	547	/* A NULL proposed_recipient means the bus itself. */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	548	if (proposed_recipient)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	549	recipient_sid = bus_connection_get_selinux_id (proposed_recipient);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	550	else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	551	recipient_sid = BUS_SID_FROM_SELINUX (bus_sid);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	552
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	553	ret = bus_selinux_check (sender_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	554	recipient_sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	555	SECCLASS_DBUS,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	556	DBUS__SEND_MSG,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	557	&auxdata);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	558
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	559	_dbus_string_free (&auxdata);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	560
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	561	return ret;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	562
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	563	oom:
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	564	if (string_alloced)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	565	_dbus_string_free (&auxdata);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	566	BUS_SET_OOM (error);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	567	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	568
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	569	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	570	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	571	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	572	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	573
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	574	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	575	bus_selinux_append_context (DBusMessage *message,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	576	BusSELinuxID *sid,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	577	DBusError *error)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	578	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	579	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	580	char *context;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	581
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	582	if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	583	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	584	if (errno == ENOMEM)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	585	BUS_SET_OOM (error);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	586	else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	587	dbus_set_error (error, DBUS_ERROR_FAILED,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	588	"Error getting context from SID: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	589	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	590	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	591	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	592	if (!dbus_message_append_args (message,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	593	DBUS_TYPE_ARRAY,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	594	DBUS_TYPE_BYTE,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	595	&context,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	596	strlen (context),
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	597	DBUS_TYPE_INVALID))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	598	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	599	_DBUS_SET_OOM (error);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	600	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	601	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	602	freecon (context);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	603	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	604	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	605	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	606	#endif
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	607	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	608
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	609	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	610	* Gets the security context of a connection to the bus. It is up to
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	611	* the caller to freecon() when they are done.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	612	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	613	* @param connection the connection to get the context of.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	614	* @param con the location to store the security context.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	615	* @returns #TRUE if context is successfully obtained.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	616	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	617	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	618	static dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	619	bus_connection_read_selinux_context (DBusConnection *connection,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	620	char **con)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	621	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	622	int fd;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	623
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	624	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	625	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	626
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	627	_dbus_assert (connection != NULL);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	628
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	629	if (!dbus_connection_get_unix_fd (connection, &fd))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	630	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	631	_dbus_verbose ("Failed to get file descriptor of socket.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	632	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	633	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	634
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	635	if (getpeercon (fd, con) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	636	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	637	_dbus_verbose ("Error getting context of socket peer: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	638	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	639	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	640	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	641
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	642	_dbus_verbose ("Successfully read connection context.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	643	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	644	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	645	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	646
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	647	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	648	* Read the SELinux ID from the connection.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	649	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	650	* @param connection the connection to read from
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	651	* @returns the SID if successfully determined, #NULL otherwise.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	652	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	653	BusSELinuxID*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	654	bus_selinux_init_connection_id (DBusConnection *connection,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	655	DBusError *error)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	656	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	657	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	658	char *con;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	659	security_id_t sid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	660
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	661	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	662	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	663
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	664	if (!bus_connection_read_selinux_context (connection, &con))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	665	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	666	dbus_set_error (error, DBUS_ERROR_FAILED,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	667	"Failed to read an SELinux context from connection");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	668	_dbus_verbose ("Error getting peer context.\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	669	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	670	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	671
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	672	_dbus_verbose ("Converting context to SID to store on connection\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	673
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	674	if (avc_context_to_sid (con, &sid) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	675	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	676	if (errno == ENOMEM)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	677	BUS_SET_OOM (error);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	678	else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	679	dbus_set_error (error, DBUS_ERROR_FAILED,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	680	"Error getting SID from context \"%s\": %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	681	con, _dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	682
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	683	_dbus_warn ("Error getting SID from context \"%s\": %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	684	con, _dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	685
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	686	freecon (con);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	687	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	688	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	689
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	690	freecon (con);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	691	return BUS_SID_FROM_SELINUX (sid);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	692	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	693	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	694	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	695	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	696
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	697
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	698	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	699	* Function for freeing hash table data. These SIDs
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	700	* should no longer be referenced.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	701	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	702	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	703	bus_selinux_id_table_free_value (BusSELinuxID *sid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	704	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	705	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	706	/* NULL sometimes due to how DBusHashTable works */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	707	if (sid)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	708	bus_selinux_id_unref (sid);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	709	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	710	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	711
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	712	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	713	* Creates a new table mapping service names to security ID.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	714	* A security ID is a "compiled" security context, a security
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	715	* context is just a string.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	716	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	717	* @returns the new table or #NULL if no memory
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	718	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	719	DBusHashTable*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	720	bus_selinux_id_table_new (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	721	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	722	return _dbus_hash_table_new (DBUS_HASH_STRING,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	723	(DBusFreeFunction) dbus_free,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	724	(DBusFreeFunction) bus_selinux_id_table_free_value);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	725	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	726
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	727	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	728	* Hashes a service name and service context into the service SID
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	729	* table as a string and a SID.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	730	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	731	* @param service_name is the name of the service.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	732	* @param service_context is the context of the service.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	733	* @param service_table is the table to hash them into.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	734	* @return #FALSE if not enough memory
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	735	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	736	dbus_bool_t
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	737	bus_selinux_id_table_insert (DBusHashTable *service_table,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	738	const char *service_name,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	739	const char *service_context)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	740	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	741	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	742	dbus_bool_t retval;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	743	security_id_t sid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	744	char *key;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	745
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	746	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	747	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	748
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	749	sid = SECSID_WILD;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	750	retval = FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	751
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	752	key = _dbus_strdup (service_name);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	753	if (key == NULL)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	754	return retval;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	755
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	756	if (avc_context_to_sid ((char *) service_context, &sid) < 0)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	757	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	758	if (errno == ENOMEM)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	759	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	760	dbus_free (key);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	761	return FALSE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	762	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	763
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	764	_dbus_warn ("Error getting SID from context \"%s\": %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	765	(char *) service_context,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	766	_dbus_strerror (errno));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	767	goto out;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	768	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	769
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	770	if (!_dbus_hash_table_insert_string (service_table,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	771	key,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	772	BUS_SID_FROM_SELINUX (sid)))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	773	goto out;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	774
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	775	_dbus_verbose ("Parsed \tservice: %s \n\t\tcontext: %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	776	key,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	777	sid->ctx);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	778
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	779	/* These are owned by the hash, so clear them to avoid unref */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	780	key = NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	781	sid = SECSID_WILD;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	782
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	783	retval = TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	784
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	785	out:
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	786	if (sid != SECSID_WILD)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	787	sidput (sid);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	788
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	789	if (key)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	790	dbus_free (key);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	791
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	792	return retval;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	793	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	794	return TRUE;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	795	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	796	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	797
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	798
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	799	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	800	* Find the security identifier associated with a particular service
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	801	* name. Return a pointer to this SID, or #NULL/SECSID_WILD if the
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	802	* service is not found in the hash table. This should be nearly a
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	803	* constant time operation. If SELinux support is not available,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	804	* always return NULL.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	805	*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	806	* @param service_table the hash table to check for service name.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	807	* @param service_name the name of the service to look for.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	808	* @returns the SELinux ID associated with the service
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	809	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	810	BusSELinuxID*
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	811	bus_selinux_id_table_lookup (DBusHashTable *service_table,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	812	const DBusString *service_name)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	813	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	814	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	815	security_id_t sid;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	816
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	817	sid = SECSID_WILD; /* default context */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	818
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	819	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	820	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	821
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	822	_dbus_verbose ("Looking up service SID for %s\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	823	_dbus_string_get_const_data (service_name));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	824
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	825	sid = _dbus_hash_table_lookup_string (service_table,
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	826	_dbus_string_get_const_data (service_name));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	827
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	828	if (sid == SECSID_WILD)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	829	_dbus_verbose ("Service %s not found\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	830	_dbus_string_get_const_data (service_name));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	831	else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	832	_dbus_verbose ("Service %s found\n",
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	833	_dbus_string_get_const_data (service_name));
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	834
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	835	return BUS_SID_FROM_SELINUX (sid);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	836	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	837	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	838	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	839
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	840	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	841	* Get the SELinux policy root. This is used to find the D-Bus
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	842	* specific config file within the policy.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	843	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	844	const char *
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	845	bus_selinux_get_policy_root (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	846	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	847	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	848	return selinux_policy_root ();
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	849	#else
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	850	return NULL;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	851	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	852	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	853
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	854	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	855	* For debugging: Print out the current hash table of service SIDs.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	856	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	857	void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	858	bus_selinux_id_table_print (DBusHashTable *service_table)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	859	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	860	#ifdef DBUS_ENABLE_VERBOSE_MODE
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	861	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	862	DBusHashIter iter;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	863
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	864	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	865	return;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	866
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	867	_dbus_verbose ("Service SID Table:\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	868	_dbus_hash_iter_init (service_table, &iter);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	869	while (_dbus_hash_iter_next (&iter))
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	870	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	871	const char *key = _dbus_hash_iter_get_string_key (&iter);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	872	security_id_t sid = _dbus_hash_iter_get_value (&iter);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	873	_dbus_verbose ("The key is %s\n", key);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	874	_dbus_verbose ("The context is %s\n", sid->ctx);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	875	_dbus_verbose ("The refcount is %d\n", sid->refcnt);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	876	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	877	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	878	#endif /* DBUS_ENABLE_VERBOSE_MODE */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	879	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	880
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	881
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	882	#ifdef DBUS_ENABLE_VERBOSE_MODE
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	883	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	884	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	885	* Print out some AVC statistics.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	886	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	887	static void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	888	bus_avc_print_stats (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	889	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	890	struct avc_cache_stats cstats;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	891
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	892	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	893	return;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	894
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	895	_dbus_verbose ("AVC Statistics:\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	896	avc_cache_stats (&cstats);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	897	avc_av_stats ();
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	898	_dbus_verbose ("AVC Cache Statistics:\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	899	_dbus_verbose ("Entry lookups: %d\n", cstats.entry_lookups);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	900	_dbus_verbose ("Entry hits: %d\n", cstats.entry_hits);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	901	_dbus_verbose ("Entry misses %d\n", cstats.entry_misses);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	902	_dbus_verbose ("Entry discards: %d\n", cstats.entry_discards);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	903	_dbus_verbose ("CAV lookups: %d\n", cstats.cav_lookups);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	904	_dbus_verbose ("CAV hits: %d\n", cstats.cav_hits);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	905	_dbus_verbose ("CAV probes: %d\n", cstats.cav_probes);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	906	_dbus_verbose ("CAV misses: %d\n", cstats.cav_misses);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	907	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	908	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	909	#endif /* DBUS_ENABLE_VERBOSE_MODE */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	910
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	911
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	912	/**
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	913	* Destroy the AVC before we terminate.
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	914	*/
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	915	void
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	916	bus_selinux_shutdown (void)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	917	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	918	#ifdef HAVE_SELINUX
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	919	if (!selinux_enabled)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	920	return;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	921
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	922	_dbus_verbose ("AVC shutdown\n");
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	923
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	924	if (bus_sid != SECSID_WILD)
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	925	{
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	926	sidput (bus_sid);
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	927	bus_sid = SECSID_WILD;
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	928
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	929	#ifdef DBUS_ENABLE_VERBOSE_MODE
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	930	bus_avc_print_stats ();
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	931	#endif /* DBUS_ENABLE_VERBOSE_MODE */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	932
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	933	avc_destroy ();
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	934	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	935	#endif /* HAVE_SELINUX */
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	936	}
ce057bb09d0b Revert last code drop. Pat Downey <patd@symbian.org> parents: diff changeset	937

author	Pat Downey <patd@symbian.org>
	Fri, 04 Jun 2010 16:20:51 +0100
changeset 31	ce057bb09d0b
child 34	5fae379060a7
permissions	-rw-r--r--