diff options
author | Lennart Poettering <lennart@poettering.net> | 2012-10-02 17:07:00 -0400 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-10-02 17:07:00 -0400 |
commit | cad45ba11ec3572296361f53f5852ffb97a97fa3 (patch) | |
tree | 42c8e2f855d26efb8819b535dc6e86846de811a9 /src/core/dbus-job.c | |
parent | 71ef24d09573874c0f7bc323c07c3aec2a458707 (diff) | |
download | systemd-cad45ba11ec3572296361f53f5852ffb97a97fa3.tar.gz systemd-cad45ba11ec3572296361f53f5852ffb97a97fa3.tar.bz2 systemd-cad45ba11ec3572296361f53f5852ffb97a97fa3.zip |
selinux: rework selinux access check logic
a) Instead of parsing the bus messages inside of selinux-access.c
simply pass everything pre-parsed in the functions
b) implement the access checking with a macro that resolves to nothing
on non-selinux builds
c) split out the selinux checks into their own sources
selinux-util.[ch]
d) this unifies the job creation code behind the D-Bus calls
Manager.StartUnit() and Unit.Start().
Diffstat (limited to 'src/core/dbus-job.c')
-rw-r--r-- | src/core/dbus-job.c | 70 |
1 files changed, 32 insertions, 38 deletions
diff --git a/src/core/dbus-job.c b/src/core/dbus-job.c index 1b01ead2da..5a746840c8 100644 --- a/src/core/dbus-job.c +++ b/src/core/dbus-job.c @@ -25,6 +25,7 @@ #include "log.h" #include "dbus-job.h" #include "dbus-common.h" +#include "selinux-access.h" #define BUS_JOB_INTERFACE \ " <interface name=\"org.freedesktop.systemd1.Job\">\n" \ @@ -68,7 +69,8 @@ static int bus_job_append_unit(DBusMessageIter *i, const char *property, void *d if (!dbus_message_iter_open_container(i, DBUS_TYPE_STRUCT, NULL, &sub)) return -ENOMEM; - if (!(p = unit_dbus_path(j->unit))) + p = unit_dbus_path(j->unit); + if (!p) return -ENOMEM; if (!dbus_message_iter_append_basic(&sub, DBUS_TYPE_STRING, &j->unit->id) || @@ -94,43 +96,39 @@ static const BusProperty bus_job_properties[] = { }; static DBusHandlerResult bus_job_message_dispatch(Job *j, DBusConnection *connection, DBusMessage *message) { - DBusMessage *reply = NULL; + _cleanup_dbus_message_unref_ DBusMessage *reply = NULL; if (dbus_message_is_method_call(message, "org.freedesktop.systemd1.Job", "Cancel")) { - if (!(reply = dbus_message_new_method_return(message))) - goto oom; - job_finish_and_invalidate(j, JOB_CANCELED, true); + SELINUX_UNIT_ACCESS_CHECK(j->unit, connection, message, "stop"); + reply = dbus_message_new_method_return(message); + if (!reply) + return DBUS_HANDLER_RESULT_NEED_MEMORY; + + job_finish_and_invalidate(j, JOB_CANCELED, true); } else { const BusBoundProperties bps[] = { { "org.freedesktop.systemd1.Job", bus_job_properties, j }, { NULL, } }; - return bus_default_message_handler(connection, message, INTROSPECTION, INTERFACES_LIST, bps); - } - if (reply) { - if (!dbus_connection_send(connection, reply, NULL)) - goto oom; + SELINUX_UNIT_ACCESS_CHECK(j->unit, connection, message, "status"); - dbus_message_unref(reply); + return bus_default_message_handler(connection, message, INTROSPECTION, INTERFACES_LIST, bps); } - return DBUS_HANDLER_RESULT_HANDLED; - -oom: - if (reply) - dbus_message_unref(reply); + if (!dbus_connection_send(connection, reply, NULL)) + return DBUS_HANDLER_RESULT_NEED_MEMORY; - return DBUS_HANDLER_RESULT_NEED_MEMORY; + return DBUS_HANDLER_RESULT_HANDLED; } static DBusHandlerResult bus_job_message_handler(DBusConnection *connection, DBusMessage *message, void *data) { Manager *m = data; Job *j; int r; - DBusMessage *reply; + _cleanup_dbus_message_unref_ DBusMessage *reply = NULL; assert(connection); assert(message); @@ -145,7 +143,10 @@ static DBusHandlerResult bus_job_message_handler(DBusConnection *connection, DBu Iterator i; size_t size; - if (!(reply = dbus_message_new_method_return(message))) + SELINUX_MANAGER_ACCESS_CHECK(m, connection, message, "status"); + + reply = dbus_message_new_method_return(message); + if (!reply) goto oom; /* We roll our own introspection code here, instead of @@ -153,7 +154,8 @@ static DBusHandlerResult bus_job_message_handler(DBusConnection *connection, DBu * need to generate our introspection string * dynamically. */ - if (!(f = open_memstream(&introspection, &size))) + f = open_memstream(&introspection, &size); + if (!f) goto oom; fputs(DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE @@ -188,36 +190,28 @@ static DBusHandlerResult bus_job_message_handler(DBusConnection *connection, DBu if (!dbus_connection_send(connection, reply, NULL)) goto oom; - dbus_message_unref(reply); - return DBUS_HANDLER_RESULT_HANDLED; } return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } - if ((r = manager_get_job_from_dbus_path(m, dbus_message_get_path(message), &j)) < 0) { - - if (r == -ENOMEM) - return DBUS_HANDLER_RESULT_NEED_MEMORY; - - if (r == -ENOENT) { - DBusError e; - - dbus_error_init(&e); - dbus_set_error_const(&e, DBUS_ERROR_UNKNOWN_OBJECT, "Unknown job"); - return bus_send_error_reply(connection, message, &e, r); - } + r = manager_get_job_from_dbus_path(m, dbus_message_get_path(message), &j); + if (r == -ENOMEM) + goto oom; + if (r == -ENOENT) { + DBusError e; - return bus_send_error_reply(connection, message, NULL, r); + dbus_error_init(&e); + dbus_set_error_const(&e, DBUS_ERROR_UNKNOWN_OBJECT, "Unknown job"); + return bus_send_error_reply(connection, message, &e, r); } + if (r < 0) + return bus_send_error_reply(connection, message, NULL, r); return bus_job_message_dispatch(j, connection, message); oom: - if (reply) - dbus_message_unref(reply); - return DBUS_HANDLER_RESULT_NEED_MEMORY; } |