From 861a04bab6b19cb275c137f1cdfe559879a79565 Mon Sep 17 00:00:00 2001 From: Daniel Wagner Date: Fri, 2 Nov 2012 17:26:13 +0100 Subject: dbus: Add SELinux support ConnMan needs to identify application in a secure way when they are using the Session API. The current D-Bus server implemention supports two types of LSM, POSIX and SELinux. In order to support SMACK or TOMOYO the D-Bus code base needs to be patch. This is the initial work to support at least POSIX and SELinux. Maybe in the future we are able to support also the other LSMs. The idea behind gsec is to keep the LSM related code together in one directory. The API introduces in this patch is not any way final. It will need some more time figuring out how are able to intregrate this in a nice way. The current API introduces g_sec_get_selinux_label() which will return the SELinux context. The function will issuing a GetConnectionSELinuxSecurityContext method call. Note, that this function is not documented in the D-Bus specification. See for more details the source code dbus/bus/drivers.c and dbus/bus/selinux.c in the D-Bus reference implementation. --- include/dbus.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'include') diff --git a/include/dbus.h b/include/dbus.h index bf5f8c14..c00488e2 100644 --- a/include/dbus.h +++ b/include/dbus.h @@ -171,6 +171,14 @@ static inline void connman_dbus_dict_append_fixed_array(DBusMessageIter *dict, dbus_bool_t connman_dbus_validate_ident(const char *ident); char *connman_dbus_encode_string(const char *value); +typedef void (* connman_dbus_get_context_cb_t) (const unsigned char *context, + void *user_data, int err); + +int connman_dbus_get_selinux_context(DBusConnection *connection, + const char *service, + connman_dbus_get_context_cb_t func, + void *user_data); + #ifdef __cplusplus } #endif -- cgit v1.2.3