diff options
| author | Lennart Poettering <lennart@poettering.net> | 2012-10-02 17:07:00 -0400 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2012-10-02 17:07:00 -0400 |
| commit | cad45ba11ec3572296361f53f5852ffb97a97fa3 (patch) | |
| tree | 42c8e2f855d26efb8819b535dc6e86846de811a9 /src/core/dbus-snapshot.c | |
| parent | 71ef24d09573874c0f7bc323c07c3aec2a458707 (diff) | |
selinux: rework selinux access check logic
a) Instead of parsing the bus messages inside of selinux-access.c
simply pass everything pre-parsed in the functions
b) implement the access checking with a macro that resolves to nothing
on non-selinux builds
c) split out the selinux checks into their own sources
selinux-util.[ch]
d) this unifies the job creation code behind the D-Bus calls
Manager.StartUnit() and Unit.Start().
Diffstat (limited to 'src/core/dbus-snapshot.c')
| -rw-r--r-- | src/core/dbus-snapshot.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/src/core/dbus-snapshot.c b/src/core/dbus-snapshot.c index 7ff0bca2c8..435c6df39c 100644 --- a/src/core/dbus-snapshot.c +++ b/src/core/dbus-snapshot.c @@ -22,6 +22,7 @@ #include "dbus-unit.h" #include "dbus-snapshot.h" #include "dbus-common.h" +#include "selinux-access.h" #define BUS_SNAPSHOT_INTERFACE \ " <interface name=\"org.freedesktop.systemd1.Snapshot\">\n" \ @@ -52,17 +53,19 @@ static const BusProperty bus_snapshot_properties[] = { DBusHandlerResult bus_snapshot_message_handler(Unit *u, DBusConnection *c, DBusMessage *message) { Snapshot *s = SNAPSHOT(u); - - DBusMessage *reply = NULL; + _cleanup_dbus_message_unref_ DBusMessage *reply = NULL; DBusError error; dbus_error_init(&error); if (dbus_message_is_method_call(message, "org.freedesktop.systemd1.Snapshot", "Remove")) { + SELINUX_UNIT_ACCESS_CHECK(u, c, message, "stop"); + snapshot_remove(SNAPSHOT(u)); - if (!(reply = dbus_message_new_method_return(message))) + reply = dbus_message_new_method_return(message); + if (!reply) goto oom; } else { @@ -71,22 +74,20 @@ DBusHandlerResult bus_snapshot_message_handler(Unit *u, DBusConnection *c, DBusM { "org.freedesktop.systemd1.Snapshot", bus_snapshot_properties, s }, { NULL, } }; + + SELINUX_UNIT_ACCESS_CHECK(u, c, message, "status"); + return bus_default_message_handler(c, message, INTROSPECTION, INTERFACES_LIST, bps); } if (reply) { if (!dbus_connection_send(c, reply, NULL)) goto oom; - - dbus_message_unref(reply); } return DBUS_HANDLER_RESULT_HANDLED; oom: - if (reply) - dbus_message_unref(reply); - dbus_error_free(&error); return DBUS_HANDLER_RESULT_NEED_MEMORY; |