summaryrefslogtreecommitdiff
path: root/plugins/session_policy_local.c
AgeCommit message (Collapse)AuthorFilesLines
2014-07-17Imported Upstream version 1.24upstream/1.24Zhang zhengguang1-52/+66
2013-05-31session_policy_local: Set session identification methodDaniel Wagner1-1/+43
For SELinux we need to store the complete context for iptables to work.
2013-05-31session_policy_local: Retrieve UID/GID from session userDaniel Wagner1-25/+179
When the session core ask to create a configuration, then we first ask the D-Bus server which UID/GID the session belongs to. If possible we also ask for the SELinux context. Then we try to figure out which file containts the configuration for SElinux, UID or GID identification. The order of matching preference is SELinux, UID and finally GID.
2013-05-31session_policy_local: Remove struct create_dataDaniel Wagner1-29/+14
Use struct policy_data instead of struct create_data.
2013-05-31session_policy_local: Rework policy file handlingDaniel Wagner1-143/+257
The old assumption was that a config file is associtated with one session only. With introducing UID/GID support a policy might be used for several sessions. Furthermore, it was assumed that the file name is the key/ident to identify a session and a file containts exactly one policy. Here are the new rules for writing a policy file. - A valid file name contains letters or numbers and must have a '.policy' suffix. - The file name has not semantical meaning - A policy file may contain contain more than 1 policy - Each policy entry starts with 'policy_' - Each policy entry shall have one and exactly one valid key (e.g. selinux) The implementation has two main hash tables, file_hash and session_hash which owns 'the file' respectively the session config. Additionally there is a hash table which connects a policy with a session (selinux_hash).
2013-05-31session_policy_local: Add some more debug informationDaniel Wagner1-8/+19
2013-05-31session_policy_local: Update session before unref policyDaniel Wagner1-10/+4
The update flag can be removed as it is no longer needed.
2013-05-31session_policy_local: Refactor SELinux context parserDaniel Wagner1-13/+8
g_strplit() will eventually strdup the tokens so no need to strdup() 'context'. But we an ugly cast (from 'const unsigned char *' to 'const char *') is needed for g_strsplit() to make the compiler happy.
2013-05-31session_policy_local: Do not handle small allocationDaniel Wagner1-29/+4
Let's remove the small allocations error path because glib will abort on memory exhausting anyway. Basically we remove dead code.
2013-04-18session: Do not fail when creating default policy configurationDaniel Wagner1-12/+1
Do not handle the small alloc failures because glib will abort when memory is tight anyway.
2013-04-18session: Change to "func_t" postfix to callback typedefDaniel Wagner1-3/+3
Streamline the callback typedefs with the rest of the code.
2013-04-18session_policy_local: Use callback helpersDaniel Wagner1-7/+9
Use the generic callback helpers to encapsulate struct create_data. In a later patch we will add some more data elemets to struct create_data. That is the reason why it is not remove here.
2013-04-18session_policy_local: Load policy when a new file is addedDaniel Wagner1-0/+7
When a file is added (not modified) we need to parse it as well
2013-04-18session_policy_local: Do not free policy on load errorDaniel Wagner1-2/+5
We should not unref the policy on parsing errors becase the policy lifetime is attached to the lifetime of the file. When the file is removed we remove it from the hash table.
2013-04-18session_policy_local: Empty policy list indicated no match allDaniel Wagner1-8/+3
Match all is expressed via CONNMAN_SERVICE_TYPE_UNKNOWN. An empty list means no match.
2013-04-18session_policy_local: Set default policy using common codeDaniel Wagner1-4/+2
Use connman_sessoin_set_default_config() instead of open coded version. This prepars the next fix.
2012-12-21session-policy-local: Check policy being non-NULL before usingPatrik Flykt1-1/+3
When running unit/test-session the following happens if SELinux is disabled but --enable-session-policy-local is specified for ./configure: connmand[6468]: src/session.c:__connman_session_create() owner :1.269 connmand[6468]: src/dbus.c:selinux_get_context_reply() Failed to retrieve SELinux context connmand[6468]: src/session.c:session_create_cb() session 0x2388dc0 config (nil) connmand[6468]: Aborting (signal 11) [src/connmand] connmand[6468]: ++++++++ backtrace ++++++++ connmand[6468]: #0 0x7f5b2b8184f0 in /lib/x86_64-linux-gnu/libc.so.6 connmand[6468]: #1 0x4379b4 in policy_local_destroy() at plugins/session_policy_local.c:245 connmand[6468]: #2 0x46703f in free_session() at src/session.c:258 connmand[6468]: #3 0x468603 in session_create_cb() at src/session.c:1710 connmand[6468]: #4 0x4377e7 in selinux_context_reply() at plugins/session_policy_local.c:201 connmand[6468]: #5 0x461366 in selinux_get_context_reply() at src/dbus.c:475 connmand[6468]: #6 0x7f5b2c66b1ca in /lib/x86_64-linux-gnu/libdbus-1.so.3 connmand[6468]: #7 0x7f5b2c66e293 in /lib/x86_64-linux-gnu/libdbus-1.so.3 connmand[6468]: #8 0x410aa8 in message_dispatch() at gdbus/mainloop.c:76 connmand[6468]: #9 0x7f5b2c8eeeeb in /lib/x86_64-linux-gnu/libglib-2.0.so.0 connmand[6468]: #10 0x7f5b2c8ee355 in /lib/x86_64-linux-gnu/libglib-2.0.so.0 connmand[6468]: #11 0x7f5b2c8ee688 in /lib/x86_64-linux-gnu/libglib-2.0.so.0 connmand[6468]: #12 0x7f5b2c8eea82 in /lib/x86_64-linux-gnu/libglib-2.0.so.0 connmand[6468]: #13 0x410592 in main() at src/main.c:672 connmand[6468]: #14 0x7f5b2b804ead in /lib/x86_64-linux-gnu/libc.so.6 connmand[6468]: +++++++++++++++++++++++++++
2012-12-10session_policy_local: Create policy directory if necessaryDaniel Wagner1-0/+12
Create the policy directory as first thing. If we don't do this adding a watch on the non existing directory will fail and the whole plugin is not loaded. We need to figure out later how permissive the MODE of the directory should be. Currently, we play safe and have it tied down.
2012-12-05session_policy_local: Rename session_policy_iviDaniel Wagner1-0/+531
On popular request the plugin is renamed. The plugin is reading local files and has nothing to do with IVI.