From cad45ba11ec3572296361f53f5852ffb97a97fa3 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 2 Oct 2012 17:07:00 -0400
Subject: selinux: rework selinux access check logic

a) Instead of parsing the bus messages inside of selinux-access.c
simply pass everything pre-parsed in the functions

b) implement the access checking with a macro that resolves to nothing
on non-selinux builds

c) split out the selinux checks into their own sources
selinux-util.[ch]

d) this unifies the job creation code behind the D-Bus calls
Manager.StartUnit() and Unit.Start().
---
 src/core/dbus-path.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/core/dbus-path.c')

diff --git a/src/core/dbus-path.c b/src/core/dbus-path.c
index b77b5191c9..f7fed1754d 100644
--- a/src/core/dbus-path.c
+++ b/src/core/dbus-path.c
@@ -25,6 +25,7 @@
 #include "dbus-path.h"
 #include "dbus-execute.h"
 #include "dbus-common.h"
+#include "selinux-access.h"
 
 #define BUS_PATH_INTERFACE                                              \
         " <interface name=\"org.freedesktop.systemd1.Path\">\n"         \
@@ -115,5 +116,7 @@ DBusHandlerResult bus_path_message_handler(Unit *u, DBusConnection *c, DBusMessa
                 { NULL, }
         };
 
+        SELINUX_UNIT_ACCESS_CHECK(u, c, message, "status");
+
         return bus_default_message_handler(c, message, INTROSPECTION, INTERFACES_LIST, bps);
 }
-- 
cgit v1.2.3-54-g00ecf