diff options
author | Adrian Szyndela <adrian.s@samsung.com> | 2017-06-09 11:32:40 +0200 |
---|---|---|
committer | INSUN PYO <insun.pyo@samsung.com> | 2017-07-07 15:48:43 +0900 |
commit | 107753ee84fe9642e95d21edf13ca927326ab172 (patch) | |
tree | 2df61938e6e68925ce8787e0607f42d3b00254df | |
parent | b7cb82f0e7013ef63a567ecca345c41f1644c0c3 (diff) | |
download | dbus-107753ee84fe9642e95d21edf13ca927326ab172.tar.gz dbus-107753ee84fe9642e95d21edf13ca927326ab172.tar.bz2 dbus-107753ee84fe9642e95d21edf13ca927326ab172.zip |
Remove legacy smack support, keep upstream smack supportsubmit/tizen/20170710.061501submit/tizen/20170707.072404accepted/tizen/unified/20170712.164836
This commit reverts four commits.
There was a need for additional minor changes to make it work.
Revert "GetConnectionCredentials - add smack support"
This reverts commit 13d888ca95c75c14a4919b36cc0a15979fb1d42b.
Revert "packaging: enable Smack support"
This reverts commit 54f95c99cf4d53f5566511fc0cdc21b230909b29.
Revert "Enforce smack policy from conf file"
This reverts commit 1d028039f5d34de8a1224d2ad0d8bc75b3da3ca4.
Revert "Enable checking of smack context from DBus interface"
This reverts commit 7af23db240c54e9923c76234b7e9c7a243d2d428.
Change-Id: I4bf7ce8d43717e1deb5d980f87be39220922b422
-rw-r--r-- | bus/Makefile.am | 5 | ||||
-rw-r--r-- | bus/config-parser.c | 36 | ||||
-rw-r--r-- | bus/cynara.c | 34 | ||||
-rw-r--r-- | bus/driver.c | 15 | ||||
-rw-r--r-- | bus/policy.c | 138 | ||||
-rw-r--r-- | bus/policy.h | 3 | ||||
-rw-r--r-- | bus/smack.c | 223 | ||||
-rw-r--r-- | bus/smack.h | 40 | ||||
-rw-r--r-- | cmake/CMakeLists.txt | 3 | ||||
-rw-r--r-- | cmake/bus/CMakeLists.txt | 4 | ||||
-rw-r--r-- | configure.ac | 14 | ||||
-rw-r--r-- | dbus/Makefile.am | 5 | ||||
-rw-r--r-- | dbus/dbus-connection.c | 47 | ||||
-rw-r--r-- | dbus/dbus-connection.h | 5 | ||||
-rw-r--r-- | doc/dbus-specification.xml | 6 | ||||
-rw-r--r-- | packaging/dbus.changes | 5 | ||||
-rw-r--r-- | packaging/dbus.spec | 4 |
17 files changed, 40 insertions, 547 deletions
diff --git a/bus/Makefile.am b/bus/Makefile.am index 9eb74566..3f57cc48 100644 --- a/bus/Makefile.am +++ b/bus/Makefile.am @@ -9,7 +9,6 @@ DBUS_BUS_LIBS = \ $(THREAD_LIBS) \ $(ADT_LIBS) \ $(NETWORK_libs) \ - $(LIBSMACK_LIBS) \ $(CYNARA_LIBS) \ $(NULL) @@ -26,8 +25,6 @@ AM_CPPFLAGS = \ $(APPARMOR_CFLAGS) \ -DDBUS_SYSTEM_CONFIG_FILE=\""$(dbusdatadir)/system.conf"\" \ -DDBUS_COMPILATION \ - -DDBUS_STATIC_BUILD \ - $(LIBSMACK_CFLAGS) \ $(CYNARA_CFLAGS) \ $(NULL) @@ -115,8 +112,6 @@ BUS_SOURCES= \ services.h \ signals.c \ signals.h \ - smack.c \ - smack.h \ stats.c \ stats.h \ test.c \ diff --git a/bus/config-parser.c b/bus/config-parser.c index f3d85a20..cb37c7b5 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -45,7 +45,6 @@ typedef enum POLICY_MANDATORY, POLICY_USER, POLICY_GROUP, - POLICY_SMACK, POLICY_CONSOLE } PolicyType; @@ -67,11 +66,7 @@ typedef struct struct { PolicyType type; - union - { - unsigned long gid_uid_or_at_console; - char *smack_label; - }; + unsigned long gid_uid_or_at_console; } policy; struct @@ -157,8 +152,6 @@ element_free (Element *e) { if (e->type == ELEMENT_LIMIT) dbus_free (e->d.limit.name); - else if (e->type == ELEMENT_POLICY && e->d.policy.type == POLICY_SMACK) - dbus_free (e->d.policy.smack_label); dbus_free (e); } @@ -996,7 +989,6 @@ start_busconfig_child (BusConfigParser *parser, const char *user; const char *group; const char *at_console; - const char *smack; if ((e = push_element (parser, ELEMENT_POLICY)) == NULL) { @@ -1013,16 +1005,20 @@ start_busconfig_child (BusConfigParser *parser, "context", &context, "user", &user, "group", &group, - "smack", &smack, "at_console", &at_console, NULL)) return FALSE; - if (((context != NULL) + (user != NULL) + (group != NULL) + - (smack != NULL) + (at_console != NULL)) != 1) + if (((context && user) || + (context && group) || + (context && at_console)) || + ((user && group) || + (user && at_console)) || + (group && at_console) || + !(context || user || group || at_console)) { dbus_set_error (error, DBUS_ERROR_FAILED, - "<policy> element must have exactly one of (context|user|group|smack|at_console) attributes"); + "<policy> element must have exactly one of (context|user|group|at_console) attributes"); return FALSE; } @@ -1068,16 +1064,6 @@ start_busconfig_child (BusConfigParser *parser, _dbus_warn ("Unknown group \"%s\" in message bus configuration file\n", group); } - else if (smack != NULL) - { - e->d.policy.type = POLICY_SMACK; - e->d.policy.smack_label = _dbus_strdup (smack); - if (e->d.policy.smack_label == NULL) - { - BUS_SET_OOM (error); - return FALSE; - } - } else if (at_console != NULL) { dbus_bool_t t; @@ -1713,10 +1699,6 @@ append_rule_from_element (BusConfigParser *parser, rule)) goto nomem; break; - case POLICY_SMACK: - if (!bus_policy_append_smack_rule (parser->policy, pe->d.policy.smack_label, rule)) - goto nomem; - break; case POLICY_CONSOLE: if (!bus_policy_append_console_rule (parser->policy, pe->d.policy.gid_uid_or_at_console, rule)) diff --git a/bus/cynara.c b/bus/cynara.c index e61c3a2a..aa54bc0b 100644 --- a/bus/cynara.c +++ b/bus/cynara.c @@ -33,6 +33,7 @@ #include <bus/connection.h> #ifdef DBUS_ENABLE_CYNARA #include <cynara-client-async.h> +#include <dbus/dbus-connection-internal.h> #endif #define USE_CYNARA_CACHE 1 @@ -148,22 +149,22 @@ bus_cynara_check_privilege (BusCynara *cynara, cynara_check_id check_id; DBusConnection *connection = check_type == BUS_DEFERRED_MESSAGE_CHECK_RECEIVE ? proposed_recipient : sender; BusDeferredMessage *deferred_message; + BusResult return_result; _dbus_assert(connection != NULL); if (dbus_connection_get_unix_user(connection, &uid) == FALSE) return BUS_RESULT_FALSE; -#ifdef DBUS_ENABLE_SMACK - if (dbus_connection_get_smack_label (connection, &label) == FALSE) + if (_dbus_connection_get_linux_security_label (connection, &label) == FALSE) return BUS_RESULT_FALSE; -#else -#error Cannot get connection label with smack disabled -#endif session_id = bus_connection_get_cynara_session_id (connection); if (session_id == NULL) - return BUS_RESULT_FALSE; + { + dbus_free ((char*)label); + return BUS_RESULT_FALSE; + } snprintf(user, sizeof(user), "%lu", uid); @@ -178,12 +179,14 @@ bus_cynara_check_privilege (BusCynara *cynara, case CYNARA_API_ACCESS_ALLOWED: _dbus_verbose("Cynara: got ALLOWED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n", label, session_id, user, privilege); - return BUS_RESULT_TRUE; + return_result = BUS_RESULT_TRUE; + break; case CYNARA_API_ACCESS_DENIED: _dbus_verbose("Cynara: got DENIED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n", label, session_id, user, privilege); - return BUS_RESULT_FALSE; + return_result = BUS_RESULT_FALSE; + break; case CYNARA_API_CACHE_MISS: deferred_message = bus_deferred_message_new(message, sender, addressed_recipient, @@ -191,7 +194,8 @@ bus_cynara_check_privilege (BusCynara *cynara, if (deferred_message == NULL) { _dbus_verbose("Failed to allocate memory for deferred message\n"); - return BUS_RESULT_FALSE; + return_result = BUS_RESULT_FALSE; + break; } /* callback is supposed to unref deferred_message*/ @@ -203,20 +207,26 @@ bus_cynara_check_privilege (BusCynara *cynara, "deferred_message=%p\n", label, session_id, user, privilege, (unsigned int)check_id, deferred_message); if (deferred_message_param != NULL) *deferred_message_param = deferred_message; - return BUS_RESULT_LATER; + return_result = BUS_RESULT_LATER; + break; } else { _dbus_verbose("Error on cynara request create: %i\n", result); bus_deferred_message_unref(deferred_message); - return BUS_RESULT_FALSE; + return_result = BUS_RESULT_FALSE; + break; } break; default: _dbus_verbose("Error when accessing Cynara cache: %i\n", result); - return BUS_RESULT_FALSE; + return_result = BUS_RESULT_FALSE; + break; } + dbus_free ((char*)label); + return return_result; + #else return BUS_RESULT_FALSE; #endif diff --git a/bus/driver.c b/bus/driver.c index 16454316..c01c4b4c 100644 --- a/bus/driver.c +++ b/bus/driver.c @@ -31,7 +31,6 @@ #include "services.h" #include "selinux.h" #include "signals.h" -#include "smack.h" #include "stats.h" #include "utils.h" @@ -1985,16 +1984,6 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, dbus_free (s); } -#ifdef DBUS_ENABLE_SMACK - { - const char *smack_label; - if (dbus_connection_get_smack_label (conn, &smack_label)) { - if (!_dbus_asv_add_string (&array_iter, "SmackLabel", smack_label)) - goto oom; - } - } -#endif - if (!_dbus_asv_close (&reply_iter, &array_iter)) goto oom; @@ -2389,10 +2378,6 @@ static const MessageHandler dbus_message_handlers[] = { bus_driver_handle_get_id }, { "GetConnectionCredentials", "s", "a{sv}", bus_driver_handle_get_connection_credentials }, - { "GetConnectionSmackContext", - DBUS_TYPE_STRING_AS_STRING, - DBUS_TYPE_STRING_AS_STRING, - bus_smack_handle_get_connection_context }, { NULL, NULL, NULL, NULL } }; diff --git a/bus/policy.c b/bus/policy.c index ccca308b..932a9b46 100644 --- a/bus/policy.c +++ b/bus/policy.c @@ -27,7 +27,6 @@ #include "services.h" #include "test.h" #include "utils.h" -#include "smack.h" #include <dbus/dbus-list.h> #include <dbus/dbus-hash.h> #include <dbus/dbus-internals.h> @@ -130,13 +129,12 @@ struct BusPolicy { int refcount; - DBusList *default_rules; /**< Default policy rules */ - DBusList *mandatory_rules; /**< Mandatory policy rules */ - DBusHashTable *rules_by_uid; /**< per-UID policy rules */ - DBusHashTable *rules_by_gid; /**< per-GID policy rules */ - DBusHashTable *rules_by_smack_label; /**< per-SMACK label policy rules */ - DBusList *at_console_true_rules; /**< console user policy rules where at_console="true"*/ - DBusList *at_console_false_rules; /**< console user policy rules where at_console="false"*/ + DBusList *default_rules; /**< Default policy rules */ + DBusList *mandatory_rules; /**< Mandatory policy rules */ + DBusHashTable *rules_by_uid; /**< per-UID policy rules */ + DBusHashTable *rules_by_gid; /**< per-GID policy rules */ + DBusList *at_console_true_rules; /**< console user policy rules where at_console="true"*/ + DBusList *at_console_false_rules; /**< console user policy rules where at_console="false"*/ }; static void @@ -186,14 +184,6 @@ bus_policy_new (void) if (policy->rules_by_gid == NULL) goto failed; -#ifdef DBUS_ENABLE_SMACK - policy->rules_by_smack_label = _dbus_hash_table_new (DBUS_HASH_STRING, - (DBusFreeFunction) dbus_free, - free_rule_list_func); - if (policy->rules_by_smack_label == NULL) - goto failed; -#endif - return policy; failed: @@ -244,12 +234,6 @@ bus_policy_unref (BusPolicy *policy) policy->rules_by_gid = NULL; } - if (policy->rules_by_smack_label) - { - _dbus_hash_table_unref (policy->rules_by_smack_label); - policy->rules_by_smack_label = NULL; - } - dbus_free (policy); } } @@ -375,25 +359,6 @@ bus_policy_create_client_policy (BusPolicy *policy, } } - if (policy->rules_by_smack_label && - _dbus_hash_table_get_n_entries (policy->rules_by_smack_label) > 0) - { - DBusList **list; - dbus_bool_t nomem_err = FALSE; - - list = bus_smack_generate_allowed_list(connection, policy->rules_by_smack_label, &nomem_err); - - if (list != NULL) - { - nomem_err = !add_list_to_client (list, client); - _dbus_list_clear (list); - dbus_free(list); - } - - if (nomem_err) - goto nomem; - } - if (!add_list_to_client (&policy->mandatory_rules, client)) goto nomem; @@ -617,66 +582,6 @@ bus_policy_append_group_rule (BusPolicy *policy, return TRUE; } -#ifdef DBUS_ENABLE_SMACK -static DBusList ** -get_list_string (DBusHashTable *table, - const char *key) -{ - DBusList **list; - - if (key == NULL) - return NULL; - - list = _dbus_hash_table_lookup_string (table, key); - - if (list == NULL) - { - char *new_key; - - list = dbus_new0 (DBusList*, 1); - if (list == NULL) - return NULL; - - new_key = _dbus_strdup (key); - if (new_key == NULL) - { - dbus_free (list); - return NULL; - } - - if (!_dbus_hash_table_insert_string (table, new_key, list)) - { - dbus_free (list); - dbus_free (new_key); - return NULL; - } - } - - return list; -} -#endif - -dbus_bool_t -bus_policy_append_smack_rule (BusPolicy *policy, - const char *label, - BusPolicyRule *rule) -{ -#ifdef DBUS_ENABLE_SMACK - DBusList **list; - - list = get_list_string (policy->rules_by_smack_label, label); - if (list == NULL) - return FALSE; - - if (!_dbus_list_append (list, rule)) - return FALSE; - - bus_policy_rule_ref (rule); -#endif - - return TRUE; -} - dbus_bool_t bus_policy_append_console_rule (BusPolicy *policy, dbus_bool_t at_console, @@ -754,31 +659,6 @@ merge_id_hash (DBusHashTable *dest, return TRUE; } -#ifdef DBUS_ENABLE_SMACK -static dbus_bool_t -merge_string_hash (DBusHashTable *dest, - DBusHashTable *to_absorb) -{ - DBusHashIter iter; - - _dbus_hash_iter_init (to_absorb, &iter); - while (_dbus_hash_iter_next (&iter)) - { - const char *absorb_label = _dbus_hash_iter_get_string_key(&iter); - DBusList **list = _dbus_hash_iter_get_value (&iter); - DBusList **target = get_list_string (dest, absorb_label); - - if (target == NULL) - return FALSE; - - if (!append_copy_of_policy_list (target, list)) - return FALSE; - } - - return TRUE; -} -#endif - dbus_bool_t bus_policy_merge (BusPolicy *policy, BusPolicy *to_absorb) @@ -811,12 +691,6 @@ bus_policy_merge (BusPolicy *policy, to_absorb->rules_by_gid)) return FALSE; -#ifdef DBUS_ENABLE_SMACK - if (!merge_string_hash (policy->rules_by_smack_label, - to_absorb->rules_by_smack_label)) - return FALSE; -#endif - return TRUE; } diff --git a/bus/policy.h b/bus/policy.h index 0a3258eb..1f234310 100644 --- a/bus/policy.h +++ b/bus/policy.h @@ -139,9 +139,6 @@ dbus_bool_t bus_policy_append_user_rule (BusPolicy *policy, dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy, dbus_gid_t gid, BusPolicyRule *rule); -dbus_bool_t bus_policy_append_smack_rule (BusPolicy *policy, - const char *label, - BusPolicyRule *rule); dbus_bool_t bus_policy_append_console_rule (BusPolicy *policy, dbus_bool_t at_console, BusPolicyRule *rule); diff --git a/bus/smack.c b/bus/smack.c deleted file mode 100644 index 5e34d068..00000000 --- a/bus/smack.c +++ /dev/null @@ -1,223 +0,0 @@ -/* smack.c - Provide interface to query smack context - * - * Author: Brian McGillion <brian.mcgillion@intel.com> - * Copyright © 2011 Intel Corporation - * - * Licensed under the Academic Free License version 2.1 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#include <config.h> -#include "smack.h" - -#include <dbus/dbus-internals.h> - -#include "connection.h" -#include "services.h" -#include "utils.h" -#include "policy.h" - -#ifdef DBUS_ENABLE_SMACK -#include <sys/smack.h> -#endif - -#define SMACK_WRITE "W" -#define SMACK_READ "R" -#define SMACK_READ_WRITE "RW" - - -BusResult -bus_smack_handle_get_connection_context (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, - DBusError *error) -{ -#ifdef DBUS_ENABLE_SMACK - const char *remote_end = NULL; - BusRegistry *registry; - DBusString remote_end_str; - BusService *service; - DBusConnection *remote_connection; - DBusMessage *reply = NULL; - const char *label; - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - - registry = bus_connection_get_registry (connection); - - if (!dbus_message_get_args (message, error, DBUS_TYPE_STRING, &remote_end, - DBUS_TYPE_INVALID)) - return BUS_RESULT_FALSE; - - _dbus_verbose ("asked for label of connection %s\n", remote_end); - - _dbus_string_init_const (&remote_end_str, remote_end); - - service = bus_registry_lookup (registry, &remote_end_str); - if (service == NULL) - { - dbus_set_error (error, DBUS_ERROR_NAME_HAS_NO_OWNER, - "Bus name '%s' has no owner", remote_end); - return BUS_RESULT_FALSE; - } - - remote_connection = bus_service_get_primary_owners_connection (service); - if (remote_connection == NULL) - goto oom; - - reply = dbus_message_new_method_return (message); - if (reply == NULL) - goto oom; - - if (!dbus_connection_get_smack_label(remote_connection, &label)) - { - dbus_set_error (error, DBUS_ERROR_FAILED, - "Failed to get the socket fd of the connection", - remote_end); - goto err; - } - - if (!dbus_message_append_args (reply, DBUS_TYPE_STRING, - &label, DBUS_TYPE_INVALID)) - goto oom; - - if (!bus_transaction_send_from_driver (transaction, connection, reply)) - goto oom; - - dbus_message_unref (reply); - - return BUS_RESULT_TRUE; - -oom: - BUS_SET_OOM (error); - -err: - if (reply != NULL) - dbus_message_unref (reply); - - return BUS_RESULT_FALSE; -#else - dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED, - "SMACK support is not enabled"); - return BUS_RESULT_FALSE; -#endif -} - -#ifdef DBUS_ENABLE_SMACK -static dbus_bool_t -bus_smack_has_access (const char *subject, const char *object, - const char *access) -{ - return (smack_have_access (subject, object, access) == 1 ? TRUE : FALSE); -} -#endif - - -/** - * Calculate the list of rules that apply to a connection. - * - * @param connection The inbound conenction - * @param rules_by_smack_label The table of object labels -> rules mapping - * @param nomem_err (out) If a nomem situation is encountered this value is set to TRUE. - * @returns the list of permitted rules if it exists and no errors were encountered otherwise NULL. - */ -DBusList** -bus_smack_generate_allowed_list (DBusConnection *connection, - DBusHashTable *rules_by_smack_label, - dbus_bool_t *nomem_err) -{ -#ifdef DBUS_ENABLE_SMACK - const char *subject_label; - DBusHashIter iter; - dbus_bool_t is_allowed; - DBusList **allowed_list; - - /* the label of the subject, is the label on the new connection, - either the service itself or one of its clients */ - - if (!dbus_connection_get_smack_label(connection, &subject_label)) - return NULL; - - allowed_list = dbus_new0 (DBusList*, 1); - if (allowed_list == NULL) - goto nomem; - - /* Iterate over all the smack labels we have parsed from the .conf files */ - _dbus_hash_iter_init (rules_by_smack_label, &iter); - while (_dbus_hash_iter_next (&iter)) - { - DBusList *link; - const char *object_label = _dbus_hash_iter_get_string_key (&iter); - /* the list here is all the rules that are 'protected' - by the SMACK label named $object_label */ - DBusList **list = _dbus_hash_iter_get_value (&iter); - - link = _dbus_list_get_first_link (list); - while (link != NULL) - { - BusPolicyRule *rule = link->data; - link = _dbus_list_get_next_link (list, link); - is_allowed = FALSE; - - switch (rule->type) - { - case BUS_POLICY_RULE_OWN: - is_allowed = bus_smack_has_access (subject_label, - object_label, - SMACK_READ_WRITE); - break; - case BUS_POLICY_RULE_SEND: - is_allowed = bus_smack_has_access (subject_label, - object_label, - SMACK_WRITE); - break; - case BUS_POLICY_RULE_RECEIVE: - is_allowed = bus_smack_has_access (subject_label, - object_label, - SMACK_READ); - break; - default: - continue; - } - - if (is_allowed) - { - if (!_dbus_list_append (allowed_list, rule)) - goto nomem; - - bus_policy_rule_ref (rule); - } - - _dbus_verbose ("permission request subject (%s) -> object (%s) : %s", subject_label, object_label, (is_allowed ? "GRANTED" : "REJECTED")); - } - } - - return allowed_list; - -nomem: - if (allowed_list != NULL) { - _dbus_list_clear (allowed_list); - dbus_free (allowed_list); - } - - *nomem_err = TRUE; - return NULL; - -#else - return NULL; -#endif -} diff --git a/bus/smack.h b/bus/smack.h deleted file mode 100644 index 6b1dfad6..00000000 --- a/bus/smack.h +++ /dev/null @@ -1,40 +0,0 @@ -/* smack.h - Provide interface to query smack context - * - * Author: Brian McGillion <brian.mcgillion@intel.com> - * Copyright © 2011 Intel Corporation - * - * Based on example from Stats interface - * - * Licensed under the Academic Free License version 2.1 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#ifndef SMACK_H -#define SMACK_H - -#include "bus.h" -#include <dbus/dbus-hash.h> - -dbus_bool_t bus_smack_handle_get_connection_context (DBusConnection *connection, - BusTransaction *transaction, - DBusMessage *message, - DBusError *error); - -DBusList **bus_smack_generate_allowed_list (DBusConnection *connection, - DBusHashTable *label_rules, - dbus_bool_t *error); -#endif // SMACK_H diff --git a/cmake/CMakeLists.txt b/cmake/CMakeLists.txt index 08879d98..4db9c67a 100644 --- a/cmake/CMakeLists.txt +++ b/cmake/CMakeLists.txt @@ -145,8 +145,6 @@ if(WIN32) set(FD_SETSIZE "8192" CACHE STRING "The maximum number of connections that can be handled at once") endif() -option (DBUS_ENABLE_SMACK "enable smack checks in the daemon" OFF) - find_package(EXPAT) find_package(X11) find_package(GLib2) @@ -591,7 +589,6 @@ message(" Building bus stats API: ${DBUS_ENABLE_STATS} " message(" installing system libs: ${DBUS_INSTALL_SYSTEM_LIBS} ") message(" Building inotify support: ${DBUS_BUS_ENABLE_INOTIFY} ") message(" Building kqueue support: ${DBUS_BUS_ENABLE_KQUEUE} ") -message(" Building Smack support: ${DBUS_ENABLE_SMACK} ") message(" Building Doxygen docs: ${DBUS_ENABLE_DOXYGEN_DOCS} ") message(" Building XML docs: ${DBUS_ENABLE_XML_DOCS} ") message(" Daemon executable name: ${DBUS_DAEMON_NAME}") diff --git a/cmake/bus/CMakeLists.txt b/cmake/bus/CMakeLists.txt index 09b6b245..0dcae65a 100644 --- a/cmake/bus/CMakeLists.txt +++ b/cmake/bus/CMakeLists.txt @@ -72,9 +72,7 @@ set (BUS_SOURCES ${BUS_DIR}/test.c ${BUS_DIR}/test.h ${BUS_DIR}/utils.c - ${BUS_DIR}/utils.h - ${BUS_DIR}/smack.c - ${BUS_DIR}/smack.h + ${BUS_DIR}/utils.h ${XML_SOURCES} ${DIR_WATCH_SOURCE} ) diff --git a/configure.ac b/configure.ac index e0844acb..2cc116aa 100644 --- a/configure.ac +++ b/configure.ac @@ -235,9 +235,6 @@ if test "x$enable_embedded_tests" = xyes; then [Define to build test code into the library and binaries]) fi -# call early to ensure availability -PKG_PROG_PKG_CONFIG - # DBUS_ENABLE_MODULAR_TESTS controls tests that work based on public API. # These use GTest, from GLib, because life's too short. They're enabled by # default (unless you don't have GLib), because they don't bloat the library @@ -1894,16 +1891,6 @@ AC_ARG_ENABLE([user-session], AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION], [test "x$enable_user_session" = xyes]) -#enable smack label support -AC_ARG_ENABLE([smack], [AS_HELP_STRING([--enable-smack], [enable SMACK security checks])], [], [enable_smack=no]) -if test "x$enable_smack" = xyes; then - PKG_CHECK_MODULES([LIBSMACK], [libsmack >= 1.0], - [AC_DEFINE([DBUS_ENABLE_SMACK], [1], [Define to enable SMACK security features])], - [AC_MSG_ERROR([libsmack is required to enable smack support])]) -fi - -AC_SUBST([LIBSMACK_CFLAGS]) -AC_SUBST([LIBSMACK_LIBS]) #enable cynara integration AC_ARG_ENABLE([cynara], [AS_HELP_STRING([--enable-cynara], [enable Cynara integration])], [], [enable_cynara=no]) @@ -2015,7 +2002,6 @@ echo " Building bus stats API: ${enable_stats} Building SELinux support: ${have_selinux} Building AppArmor support: ${have_apparmor} - Building SMACK support: ${enable_smack} Building inotify support: ${have_inotify} Building kqueue support: ${have_kqueue} Building systemd support: ${have_systemd} diff --git a/dbus/Makefile.am b/dbus/Makefile.am index c8fe0354..885c63d8 100644 --- a/dbus/Makefile.am +++ b/dbus/Makefile.am @@ -6,7 +6,6 @@ AM_CPPFLAGS = \ -I$(top_srcdir) \ $(DBUS_STATIC_BUILD_CPPFLAGS) \ $(SYSTEMD_CFLAGS) \ - $(LIBSMACK_CFLAGS) \ $(VALGRIND_CFLAGS) \ -DDBUS_COMPILATION \ -DDBUS_MACHINE_UUID_FILE=\""$(localstatedir)/lib/dbus/machine-id"\" \ @@ -308,7 +307,7 @@ else SYMBOL_EXPORT_LDFLAGS= endif -libdbus_1_la_LIBADD= $(LIBDBUS_LIBS) $(LIBSMACK_LIBS) +libdbus_1_la_LIBADD= $(LIBDBUS_LIBS) libdbus_1_la_LDFLAGS = \ $(AM_LDFLAGS) \ -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) \ @@ -325,7 +324,7 @@ libdbus_internal_la_CPPFLAGS = \ $(AM_CPPFLAGS) \ -DDBUS_STATIC_BUILD \ $(NULL) -libdbus_internal_la_LIBADD=$(LIBDBUS_LIBS) libdbus-1.la $(SYSTEMD_LIBS) $(LIBSMACK_LIBS) +libdbus_internal_la_LIBADD=$(LIBDBUS_LIBS) libdbus-1.la $(SYSTEMD_LIBS) if LIBDBUSPOLICY libdbus_internal_la_CPPFLAGS += $(LIBDBUSPOLICY1_FLAGS) diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c index 4537edd2..10b8a9a6 100644 --- a/dbus/dbus-connection.c +++ b/dbus/dbus-connection.c @@ -45,11 +45,6 @@ #include "dbus-bus.h" #include "dbus-marshal-basic.h" -#ifdef DBUS_ENABLE_SMACK -#include <sys/smack.h> -#include <stdlib.h> -#endif - #ifdef DBUS_DISABLE_CHECKS #define TOOK_LOCK_CHECK(connection) #define RELEASING_LOCK_CHECK(connection) @@ -309,9 +304,6 @@ struct DBusConnection DBusObjectTree *objects; /**< Object path handlers registered with this connection */ char *server_guid; /**< GUID of server if we are in shared_connections, #NULL if server GUID is unknown or connection is private */ -#ifdef DBUS_ENABLE_SMACK - char *peer_smack_label; /** Smack label of the peer at the time when the connection was established. Allocated with malloc(), NULL if unknown. */ -#endif /* These two MUST be bools and not bitfields, because they are protected by a separate lock * from connection->mutex and all bitfields in a word have to be read/written together. @@ -1340,19 +1332,6 @@ _dbus_connection_new_for_transport (DBusTransport *transport) if (connection == NULL) goto error; -#ifdef DBUS_ENABLE_SMACK - /* If we cannot get the Smack label, proceed without. */ - { - DBusSocket sock_fd; - if (_dbus_transport_get_socket_fd(transport, &sock_fd)) { - char *label; - if (smack_new_label_from_socket(_dbus_socket_get_int (sock_fd), &label) >= 0) { - connection->peer_smack_label = label; - } - } - } -#endif - _dbus_rmutex_new_at_location (&connection->mutex); if (connection->mutex == NULL) goto error; @@ -2821,11 +2800,6 @@ _dbus_connection_last_unref (DBusConnection *connection) _dbus_rmutex_free_at_location (&connection->mutex); -#ifdef DBUS_ENABLE_SMACK - if (connection->peer_smack_label) - free (connection->peer_smack_label); -#endif - dbus_free (connection); } @@ -5420,27 +5394,6 @@ dbus_connection_get_unix_process_id (DBusConnection *connection, return result; } -#ifdef DBUS_ENABLE_SMACK -/** - * Gets the Smack label of the peer at the time when the connection - * was established. Returns #TRUE if the label is filled in. - * - * @param connection the connection - * @param label return location for the Smack label; returned value is valid as long as the connection exists - * @returns #TRUE if uid is filled in with a valid process ID - */ -dbus_bool_t -dbus_connection_get_smack_label (DBusConnection *connection, - const char **label) -{ - _dbus_return_val_if_fail (connection != NULL, FALSE); - _dbus_return_val_if_fail (label != NULL, FALSE); - - *label = connection->peer_smack_label; - return *label != NULL; -} -#endif - /** * Gets the ADT audit data of the connection if any. * Returns #TRUE if the structure pointer is returned. diff --git a/dbus/dbus-connection.h b/dbus/dbus-connection.h index aac57046..fe4d04ef 100644 --- a/dbus/dbus-connection.h +++ b/dbus/dbus-connection.h @@ -264,11 +264,6 @@ dbus_bool_t dbus_connection_get_unix_user (DBusConnection DBUS_EXPORT dbus_bool_t dbus_connection_get_unix_process_id (DBusConnection *connection, unsigned long *pid); -#ifdef DBUS_ENABLE_SMACK -DBUS_EXPORT -dbus_bool_t dbus_connection_get_smack_label (DBusConnection *connection, - const char **label); -#endif DBUS_EXPORT dbus_bool_t dbus_connection_get_adt_audit_session_data (DBusConnection *connection, void **data, diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml index c2d5c20e..cdef44db 100644 --- a/doc/dbus-specification.xml +++ b/doc/dbus-specification.xml @@ -6075,12 +6075,6 @@ </para> </entry> </row> - <row> - <entry>SmackLabel</entry> - <entry>STRING</entry> - <entry>The Smack label of the process at the time when it connected - to D-Bus, on platforms that have this concept.</entry> - </row> </tbody> </tgroup> </informaltable> diff --git a/packaging/dbus.changes b/packaging/dbus.changes index f6590d40..6e7e1415 100644 --- a/packaging/dbus.changes +++ b/packaging/dbus.changes @@ -1,9 +1,4 @@ -* Mon Oct 07 2013 Patrick McCarty <patrick.mccarty@linux.intel.com> 4d8ccdf -- packaging: enable Smack support - * Mon Jul 22 2013 Michael Leibowitz <michael.leibowitz@intel.com> accepted/tizen/20130710.220936@43a3a39 -- Enforce smack policy from conf file -- Enable checking of smack context from DBus interface - resetting manifest requested domain to floor * Thu Jun 20 2013 Anas Nashif <anas.nashif@intel.com> dbus-1.6.12@46d2277 diff --git a/packaging/dbus.spec b/packaging/dbus.spec index 4ed89815..1289c724 100644 --- a/packaging/dbus.spec +++ b/packaging/dbus.spec @@ -24,7 +24,6 @@ BuildRequires: libcap-ng-devel BuildRequires: pkgconfig(libsystemd) %endif BuildRequires: pkgconfig(glib-2.0) -BuildRequires: pkgconfig(libsmack) BuildRequires: pkgconfig(cynara-client) BuildRequires: pkgconfig(cynara-session) BuildRequires: pkgconfig(cynara-client-async) @@ -141,7 +140,6 @@ export V=1 --with-systemdsystemunitdir=%{_unitdir} \ --with-systemduserunitdir=%{_unitdir_user} \ --enable-user-session \ - --enable-smack \ --enable-cynara \ --enable-modular-tests \ --enable-installed-tests @@ -180,7 +178,6 @@ popd --with-systemdsystemunitdir=%{_unitdir} \ --with-systemduserunitdir=%{_unitdir_user} \ --enable-user-session \ - --enable-smack \ --enable-cynara \ --enable-modular-tests \ --enable-installed-tests \ @@ -212,7 +209,6 @@ find dbus -name '*.gcno' -exec cp '{}' coverage-objects ';' --with-systemdsystemunitdir=%{_unitdir} \ --with-systemduserunitdir=%{_unitdir_user} \ --enable-user-session \ - --enable-smack \ --enable-cynara \ --enable-modular-tests \ --enable-installed-tests |