diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2012-10-11 17:06:46 -0400 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-10-16 01:57:16 +0200 |
commit | a33c48d83c7b3760519081c6d65231743b3bc60e (patch) | |
tree | 59fc885c1e1a49ac9757d9c58b2504387ef4ae60 | |
parent | 2abba39d759bacebd7461f7370bb108f48dcce92 (diff) |
SELinux patch still broken, in that we are not checking the correct source context.
This patch does the dbus calls correctly.
-rw-r--r-- | src/core/selinux-access.c | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c index d9c3f9bcda..852a328b7c 100644 --- a/src/core/selinux-access.c +++ b/src/core/selinux-access.c @@ -59,6 +59,10 @@ static int bus_get_selinux_security_context( DBusError *error) { _cleanup_dbus_message_unref_ DBusMessage *m = NULL, *reply = NULL; + DBusMessageIter iter, sub; + const char *bytes; + char *b; + int nbytes; m = dbus_message_new_method_call( DBUS_SERVICE_DBUS, @@ -85,12 +89,23 @@ static int bus_get_selinux_security_context( if (dbus_set_error_from_message(error, reply)) return -EIO; - if (!dbus_message_get_args( - reply, error, - DBUS_TYPE_STRING, scon, - DBUS_TYPE_INVALID)) + if (!dbus_message_iter_init(reply, &iter)) return -EIO; + if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY) + return -EIO; + + dbus_message_iter_recurse(&iter, &sub); + dbus_message_iter_get_fixed_array(&sub, &bytes, &nbytes); + + b = strndup(bytes, nbytes); + if (!b) + return -ENOMEM; + + *scon = b; + + log_debug("GetConnectionSELinuxSecurityContext %s (pid %ld)", *scon, (long) bus_get_unix_process_id(connection, name, error)); + return 0; } @@ -293,14 +308,17 @@ static int get_calling_context( */ sender = dbus_message_get_sender(message); if (sender) { + log_error("SELinux Got Sender %s", sender); + r = bus_get_selinux_security_context(connection, sender, scon, error); if (r >= 0) return r; - log_debug("bus_get_selinux_security_context failed %m"); - dbus_error_free(error); + log_error("bus_get_selinux_security_context failed %m"); + return r; } + log_debug("SELinux No Sender"); if (!dbus_connection_get_unix_fd(connection, &fd)) { log_error("bus_connection_get_unix_fd failed %m"); return -EINVAL; |