selinux: rework selinux access check logic

a) Instead of parsing the bus messages inside of selinux-access.c simply pass everything pre-parsed in the functions b) implement the access checking with a macro that resolves to nothing on non-selinux builds c) split out the selinux checks into their own sources selinux-util.[ch] d) this unifies the job creation code behind the D-Bus calls Manager.StartUnit() and Unit.Start().
author: Lennart Poettering <lennart@poettering.net> 2012-10-02 17:07:00 -0400
committer: Lennart Poettering <lennart@poettering.net> 2012-10-02 17:07:00 -0400
commit: cad45ba11ec3572296361f53f5852ffb97a97fa3 (patch)
tree: 42c8e2f855d26efb8819b535dc6e86846de811a9 /src/core/dbus-service.c
parent: 71ef24d09573874c0f7bc323c07c3aec2a458707 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/core/dbus-service.c b/src/core/dbus-service.c
index 129e131a65..d99058dd46 100644
--- a/src/core/dbus-service.c
+++ b/src/core/dbus-service.c
@@ -26,6 +26,7 @@
 #include "dbus-kill.h"
 #include "dbus-service.h"
 #include "dbus-common.h"
+#include "selinux-access.h"
 
 #define BUS_SERVICE_INTERFACE                                           \
         " <interface name=\"org.freedesktop.systemd1.Service\">\n"      \
@@ -154,5 +155,7 @@ DBusHandlerResult bus_service_message_handler(Unit *u, DBusConnection *connectio
                 { NULL, }
         };
 
+        SELINUX_UNIT_ACCESS_CHECK(u, connection, message, "status");
+
         return bus_default_message_handler(connection, message, INTROSPECTION, INTERFACES_LIST, bps);
 }
author	Lennart Poettering <lennart@poettering.net>	2012-10-02 17:07:00 -0400
committer	Lennart Poettering <lennart@poettering.net>	2012-10-02 17:07:00 -0400
commit	cad45ba11ec3572296361f53f5852ffb97a97fa3 (patch)
tree	42c8e2f855d26efb8819b535dc6e86846de811a9 /src/core/dbus-service.c
parent	71ef24d09573874c0f7bc323c07c3aec2a458707 (diff)