summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2012-10-11 17:06:46 -0400
committerLennart Poettering <lennart@poettering.net>2012-10-16 01:57:16 +0200
commita33c48d83c7b3760519081c6d65231743b3bc60e (patch)
tree59fc885c1e1a49ac9757d9c58b2504387ef4ae60
parent2abba39d759bacebd7461f7370bb108f48dcce92 (diff)
SELinux patch still broken, in that we are not checking the correct source context.
This patch does the dbus calls correctly.
-rw-r--r--src/core/selinux-access.c30
1 files changed, 24 insertions, 6 deletions
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index d9c3f9bcda..852a328b7c 100644
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -59,6 +59,10 @@ static int bus_get_selinux_security_context(
DBusError *error) {
_cleanup_dbus_message_unref_ DBusMessage *m = NULL, *reply = NULL;
+ DBusMessageIter iter, sub;
+ const char *bytes;
+ char *b;
+ int nbytes;
m = dbus_message_new_method_call(
DBUS_SERVICE_DBUS,
@@ -85,12 +89,23 @@ static int bus_get_selinux_security_context(
if (dbus_set_error_from_message(error, reply))
return -EIO;
- if (!dbus_message_get_args(
- reply, error,
- DBUS_TYPE_STRING, scon,
- DBUS_TYPE_INVALID))
+ if (!dbus_message_iter_init(reply, &iter))
return -EIO;
+ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY)
+ return -EIO;
+
+ dbus_message_iter_recurse(&iter, &sub);
+ dbus_message_iter_get_fixed_array(&sub, &bytes, &nbytes);
+
+ b = strndup(bytes, nbytes);
+ if (!b)
+ return -ENOMEM;
+
+ *scon = b;
+
+ log_debug("GetConnectionSELinuxSecurityContext %s (pid %ld)", *scon, (long) bus_get_unix_process_id(connection, name, error));
+
return 0;
}
@@ -293,14 +308,17 @@ static int get_calling_context(
*/
sender = dbus_message_get_sender(message);
if (sender) {
+ log_error("SELinux Got Sender %s", sender);
+
r = bus_get_selinux_security_context(connection, sender, scon, error);
if (r >= 0)
return r;
- log_debug("bus_get_selinux_security_context failed %m");
- dbus_error_free(error);
+ log_error("bus_get_selinux_security_context failed %m");
+ return r;
}
+ log_debug("SELinux No Sender");
if (!dbus_connection_get_unix_fd(connection, &fd)) {
log_error("bus_connection_get_unix_fd failed %m");
return -EINVAL;