diff options
| author | Lennart Poettering <lennart@poettering.net> | 2013-11-21 19:34:37 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2013-11-21 21:12:36 +0100 |
| commit | ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602 (patch) | |
| tree | def5185990acebac842ed8fca253531d88897a4a /src/core/selinux-access.h | |
| parent | 0ccad099d4c08dc5a16c87cdd6eefc05e9d4b670 (diff) | |
bus: rework message handlers to always take an error argument
Message handler callbacks can be simplified drastically if the
dispatcher automatically replies to method calls if errors are returned.
Thus: add an sd_bus_error argument to all message handlers. When we
dispatch a message handler and it returns negative or a set sd_bus_error
we send this as message error back to the client. This means errors
returned by handlers by default are given back to clients instead of
rippling all the way up to the event loop, which is desirable to make
things robust.
As a side-effect we can now easily turn the SELinux checks into normal
function calls, since the method call dispatcher will generate the right
error replies automatically now.
Also, make sure we always pass the error structure to all property and
method handlers as last argument to follow the usual style of passing
variables for return values as last argument.
Diffstat (limited to 'src/core/selinux-access.h')
| -rw-r--r-- | src/core/selinux-access.h | 32 |
1 files changed, 7 insertions, 25 deletions
diff --git a/src/core/selinux-access.h b/src/core/selinux-access.h index 3404f62166..9e89064819 100644 --- a/src/core/selinux-access.h +++ b/src/core/selinux-access.h @@ -27,36 +27,18 @@ void selinux_access_free(void); -int selinux_access_check(sd_bus *bus, sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error); +int selinux_generic_access_check(sd_bus *bus, sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error); #ifdef HAVE_SELINUX -#define SELINUX_ACCESS_CHECK(bus, message, permission) \ - do { \ - _cleanup_bus_error_free_ sd_bus_error _error = SD_BUS_ERROR_NULL; \ - sd_bus_message *_m = (message); \ - sd_bus *_b = (bus); \ - int _r; \ - _r = selinux_access_check(_b, _m, NULL, (permission), &_error); \ - if (_r < 0) \ - return sd_bus_reply_method_errno(_m, _r, &_error); \ - } while (false) - -#define SELINUX_UNIT_ACCESS_CHECK(unit, bus, message, permission) \ - do { \ - _cleanup_bus_error_free_ sd_bus_error _error = SD_BUS_ERROR_NULL; \ - sd_bus_message *_m = (message); \ - sd_bus *_b = (bus); \ - Unit *_u = (unit); \ - int _r; \ - _r = selinux_access_check(_b, _m, _u->source_path ?: _u->fragment_path, (permission), &_error); \ - if (_r < 0) \ - return sd_bus_reply_method_errno(_m, _r, &_error); \ - } while (false) +#define selinux_access_check(bus, message, permission, error) \ + selinux_generic_access_check(bus, message, NULL, permission, error) +#define selinux_unit_access_check(unit, bus, message, permission, error) \ + ({ Unit *_unit = (unit); selinux_generic_access_check(bus, message, _unit->fragment_path ?: _unit->fragment_path, permission, error); }) #else -#define SELINUX_ACCESS_CHECK(bus, message, permission) do { } while (false) -#define SELINUX_UNIT_ACCESS_CHECK(unit, bus, message, permission) do { } while (false) +#define selinux_access_check(bus, message, permission, error) 0 +#define selinux_unit_access_check(unit, bus, message, permission, error) 0 #endif |