diff options
| -rw-r--r-- | bus/Makefile.am | 4 | ||||
| -rw-r--r-- | bus/driver.c | 6 | ||||
| -rw-r--r-- | bus/smack.c | 132 | ||||
| -rw-r--r-- | bus/smack.h | 36 | ||||
| -rw-r--r-- | cmake/CMakeLists.txt | 3 | ||||
| -rw-r--r-- | cmake/bus/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | configure.ac | 17 |
7 files changed, 199 insertions, 3 deletions
diff --git a/bus/Makefile.am b/bus/Makefile.am index 6cbc09a6..7f63d867 100644 --- a/bus/Makefile.am +++ b/bus/Makefile.am @@ -7,6 +7,7 @@ DBUS_BUS_LIBS = \ $(THREAD_LIBS) \ $(ADT_LIBS) \ $(NETWORK_libs) \ + $(LIBSMACK_LIBS) \ $(NULL) DBUS_LAUNCHER_LIBS = \ @@ -21,6 +22,7 @@ AM_CPPFLAGS = \ -DDBUS_SYSTEM_CONFIG_FILE=\""$(configdir)/system.conf"\" \ -DDBUS_COMPILATION \ -DDBUS_STATIC_BUILD \ + $(LIBSMACK_CFLAGS) \ $(NULL) # if assertions are enabled, improve backtraces @@ -93,6 +95,8 @@ BUS_SOURCES= \ services.h \ signals.c \ signals.h \ + smack.c \ + smack.h \ stats.c \ stats.h \ test.c \ diff --git a/bus/driver.c b/bus/driver.c index 574e0f3d..c6298d70 100644 --- a/bus/driver.c +++ b/bus/driver.c @@ -30,6 +30,7 @@ #include "services.h" #include "selinux.h" #include "signals.h" +#include "smack.h" #include "stats.h" #include "utils.h" #include <dbus/dbus-string.h> @@ -38,6 +39,7 @@ #include <dbus/dbus-marshal-recursive.h> #include <string.h> + static dbus_bool_t bus_driver_send_welcome_message (DBusConnection *connection, DBusMessage *hello_message, BusTransaction *transaction, @@ -1736,6 +1738,10 @@ static const MessageHandler dbus_message_handlers[] = { "", DBUS_TYPE_STRING_AS_STRING, bus_driver_handle_get_id }, + { "GetConnectionSmackContext", + DBUS_TYPE_STRING_AS_STRING, + DBUS_TYPE_STRING_AS_STRING, + bus_smack_handle_get_connection_context }, { NULL, NULL, NULL, NULL } }; diff --git a/bus/smack.c b/bus/smack.c new file mode 100644 index 00000000..b8542c2f --- /dev/null +++ b/bus/smack.c @@ -0,0 +1,132 @@ +/* smack.c - Provide interface to query smack context + * + * Author: Brian McGillion <brian.mcgillion@intel.com> + * Copyright © 2011 Intel Corporation + * + * Licensed under the Academic Free License version 2.1 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#include <config.h> +#include "smack.h" + +#include <dbus/dbus-internals.h> + +#include "connection.h" +#include "services.h" +#include "utils.h" + +#ifdef DBUS_ENABLE_SMACK +#include <sys/smack.h> +#endif + +#ifdef DBUS_ENABLE_SMACK +static char * +bus_smack_get_label (DBusConnection *connection) +{ + char *label; + int sock_fd; + + if (!dbus_connection_get_socket(connection, &sock_fd)) + return NULL; + + if (smack_new_label_from_socket(sock_fd, &label) < 0) + return NULL; + return label; +} +#endif + +dbus_bool_t +bus_smack_handle_get_connection_context (DBusConnection *connection, + BusTransaction *transaction, + DBusMessage *message, + DBusError *error) +{ +#ifdef DBUS_ENABLE_SMACK + const char *remote_end = NULL; + BusRegistry *registry; + DBusString remote_end_str; + BusService *service; + DBusConnection *remote_connection; + DBusMessage *reply = NULL; + char *label; + + _DBUS_ASSERT_ERROR_IS_CLEAR (error); + + registry = bus_connection_get_registry (connection); + + if (!dbus_message_get_args (message, error, DBUS_TYPE_STRING, &remote_end, + DBUS_TYPE_INVALID)) + return FALSE; + + _dbus_verbose ("asked for label of connection %s\n", remote_end); + + _dbus_string_init_const (&remote_end_str, remote_end); + + service = bus_registry_lookup (registry, &remote_end_str); + if (service == NULL) + { + dbus_set_error (error, DBUS_ERROR_NAME_HAS_NO_OWNER, + "Bus name '%s' has no owner", remote_end); + return FALSE; + } + + remote_connection = bus_service_get_primary_owners_connection (service); + if (remote_connection == NULL) + goto oom; + + reply = dbus_message_new_method_return (message); + if (reply == NULL) + goto oom; + + label = bus_smack_get_label (remote_connection); + if (label == NULL) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "Failed to get the socket fd of the connection", + remote_end); + goto err; + } + + if (!dbus_message_append_args (reply, DBUS_TYPE_STRING, + &label, DBUS_TYPE_INVALID)) + goto oom; + + if (!bus_transaction_send_from_driver (transaction, connection, reply)) + goto oom; + + dbus_message_unref (reply); + dbus_free(label); + + return TRUE; + +oom: + BUS_SET_OOM (error); + +err: + if (reply != NULL) + dbus_message_unref (reply); + + dbus_free(label); + + return FALSE; +#else + dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED, + "SMACK support is not enabled"); + return FALSE; +#endif +} diff --git a/bus/smack.h b/bus/smack.h new file mode 100644 index 00000000..04a4a2a9 --- /dev/null +++ b/bus/smack.h @@ -0,0 +1,36 @@ +/* smack.h - Provide interface to query smack context + * + * Author: Brian McGillion <brian.mcgillion@intel.com> + * Copyright © 2011 Intel Corporation + * + * Based on example from Stats interface + * + * Licensed under the Academic Free License version 2.1 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#ifndef SMACK_H +#define SMACK_H + +#include "bus.h" + +dbus_bool_t bus_smack_handle_get_connection_context (DBusConnection *connection, + BusTransaction *transaction, + DBusMessage *message, + DBusError *error); + +#endif // SMACK_H diff --git a/cmake/CMakeLists.txt b/cmake/CMakeLists.txt index 000acda2..68b7a9e0 100644 --- a/cmake/CMakeLists.txt +++ b/cmake/CMakeLists.txt @@ -94,6 +94,8 @@ option (DBUS_ENABLE_STATS "enable bus daemon usage statistics" OFF) option (DBUS_ENABLE_STATS "enable bus daemon usage statistics" OFF) +option (DBUS_ENABLE_SMACK "enable smack checks in the daemon" OFF) + if (DBUS_USE_EXPAT) find_package(LibExpat) else () @@ -555,6 +557,7 @@ message(" Building bus stats API: ${DBUS_ENABLE_STATS} " message(" installing system libs: ${DBUS_INSTALL_SYSTEM_LIBS} ") #message(" Building SELinux support: ${have_selinux} ") #message(" Building dnotify support: ${have_dnotify} ") +message(" Building Smack support: ${DBUS_ENABLE_SMACK} ") message(" Building Doxygen docs: ${DBUS_ENABLE_DOXYGEN_DOCS} ") message(" Building XML docs: ${DBUS_ENABLE_XML_DOCS} ") #message(" Gettext libs (empty OK): ${INTLLIBS} ") diff --git a/cmake/bus/CMakeLists.txt b/cmake/bus/CMakeLists.txt index 2657605e..13fb34cd 100644 --- a/cmake/bus/CMakeLists.txt +++ b/cmake/bus/CMakeLists.txt @@ -72,7 +72,9 @@ set (BUS_SOURCES ${BUS_DIR}/test.c ${BUS_DIR}/test.h ${BUS_DIR}/utils.c - ${BUS_DIR}/utils.h + ${BUS_DIR}/utils.h + ${BUS_DIR}/smack.c + ${BUS_DIR}/smack.h ${XML_SOURCES} ${DIR_WATCH_SOURCE} ) diff --git a/configure.ac b/configure.ac index a963d4d5..95216c57 100644 --- a/configure.ac +++ b/configure.ac @@ -207,6 +207,9 @@ if test "x$enable_embedded_tests" = xyes; then [Define to build test code into the library and binaries]) fi +# call early to ensure availability +PKG_PROG_PKG_CONFIG + # DBUS_ENABLE_MODULAR_TESTS controls tests that work based on public API. # These use GTest, from GLib, because life's too short. They're enabled by # default (unless you don't have GLib), because they don't bloat the library @@ -907,8 +910,6 @@ fi # unix:path=/foo or unix:abstract=/foo AC_SUBST(DBUS_PATH_OR_ABSTRACT) -PKG_PROG_PKG_CONFIG - #### Sort out XML library # see what we have @@ -1703,6 +1704,17 @@ if test "x$enable_stats" = xyes; then [Define to enable bus daemon usage statistics]) fi +#enable smack label support +AC_ARG_ENABLE([smack], [AS_HELP_STRING([--enable-smack], [enable SMACK security checks])], [], [enable_smack=no]) +if test "x$enable_smack" = xyes; then + PKG_CHECK_MODULES([LIBSMACK], [libsmack >= 1.0], + [AC_DEFINE([DBUS_ENABLE_SMACK], [1], [Define to enable SMACK security features])], + [AC_MSG_ERROR([libsmack is required to enable smack support])]) +fi + +AC_SUBST([LIBSMACK_CFLAGS]) +AC_SUBST([LIBSMACK_LIBS]) + AC_CONFIG_FILES([ Doxyfile dbus/versioninfo.rc @@ -1781,6 +1793,7 @@ echo " Building checks: ${enable_checks} Building bus stats API: ${enable_stats} Building SELinux support: ${have_selinux} + Building SMACK support: ${enable_smack} Building inotify support: ${have_inotify} Building dnotify support: ${have_dnotify} Building kqueue support: ${have_kqueue} |