picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

core: no need to pass bus object to selinux access check calls anymore

Browse source
This commit is contained in:
Lennart Poettering 2014-05-14 22:44:45 +02:00
parent 04552566fa
commit 4f4f70361a
7 changed files with 51 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/core/dbus-job.c
View file

@ -60,7 +60,7 @@ static int method_cancel(sd_bus *bus, sd_bus_message *message, void *userdata, s
assert(message);
assert(j);
r = selinux_unit_access_check(j->unit, bus, message, "stop", error);
r = selinux_unit_access_check(j->unit, message, "stop", error);
if (r < 0)
return r;

64
src/core/dbus-manager.c
View file

@ -360,7 +360,7 @@ static int method_get_unit(sd_bus *bus, sd_bus_message *message, void *userdata,
if (!u)
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT, "Unit %s not loaded.", name);
r = selinux_unit_access_check(u, bus, message, "status", error);
r = selinux_unit_access_check(u, message, "status", error);
if (r < 0)
return r;
@ -404,7 +404,7 @@ static int method_get_unit_by_pid(sd_bus *bus, sd_bus_message *message, void *us
if (!u)
return sd_bus_error_setf(error, BUS_ERROR_NO_UNIT_FOR_PID, "PID %u does not belong to any loaded unit.", pid);
r = selinux_unit_access_check(u, bus, message, "status", error);
r = selinux_unit_access_check(u, message, "status", error);
if (r < 0)
return r;
@ -434,7 +434,7 @@ static int method_load_unit(sd_bus *bus, sd_bus_message *message, void *userdata
if (r < 0)
return r;
r = selinux_unit_access_check(u, bus, message, "status", error);
r = selinux_unit_access_check(u, message, "status", error);
if (r < 0)
return r;
@ -604,7 +604,7 @@ static int method_start_transient_unit(sd_bus *bus, sd_bus_message *message, voi
if (mode < 0)
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Job mode %s is invalid.", smode);
r = selinux_access_check(bus, message, "start", error);
r = selinux_access_check(message, "start", error);
if (r < 0)
return r;
@ -656,7 +656,7 @@ static int method_get_job(sd_bus *bus, sd_bus_message *message, void *userdata,
if (!j)
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_JOB, "Job %u does not exist.", (unsigned) id);
r = selinux_unit_access_check(j->unit, bus, message, "status", error);
r = selinux_unit_access_check(j->unit, message, "status", error);
if (r < 0)
return r;
@ -685,7 +685,7 @@ static int method_cancel_job(sd_bus *bus, sd_bus_message *message, void *userdat
if (!j)
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_JOB, "Job %u does not exist.", (unsigned) id);
r = selinux_unit_access_check(j->unit, bus, message, "stop", error);
r = selinux_unit_access_check(j->unit, message, "stop", error);
if (r < 0)
return r;
@ -702,7 +702,7 @@ static int method_clear_jobs(sd_bus *bus, sd_bus_message *message, void *userdat
assert(message);
assert(m);
r = selinux_access_check(bus, message, "reboot", error);
r = selinux_access_check(message, "reboot", error);
if (r < 0)
return r;
@ -719,7 +719,7 @@ static int method_reset_failed(sd_bus *bus, sd_bus_message *message, void *userd
assert(message);
assert(m);
r = selinux_access_check(bus, message, "reload", error);
r = selinux_access_check(message, "reload", error);
if (r < 0)
return r;
@ -740,7 +740,7 @@ static int method_list_units(sd_bus *bus, sd_bus_message *message, void *userdat
assert(message);
assert(m);
r = selinux_access_check(bus, message, "status", error);
r = selinux_access_check(message, "status", error);
if (r < 0)
return r;
@ -805,7 +805,7 @@ static int method_list_jobs(sd_bus *bus, sd_bus_message *message, void *userdata
assert(message);
assert(m);
r = selinux_access_check(bus, message, "status", error);
r = selinux_access_check(message, "status", error);
if (r < 0)
return r;
@ -855,7 +855,7 @@ static int method_subscribe(sd_bus *bus, sd_bus_message *message, void *userdata
assert(message);
assert(m);
r = selinux_access_check(bus, message, "status", error);
r = selinux_access_check(message, "status", error);
if (r < 0)
return r;
@ -888,7 +888,7 @@ static int method_unsubscribe(sd_bus *bus, sd_bus_message *message, void *userda
assert(message);
assert(m);
r = selinux_access_check(bus, message, "status", error);
r = selinux_access_check(message, "status", error);
if (r < 0)
return r;
@ -914,7 +914,7 @@ static int method_dump(sd_bus *bus, sd_bus_message *message, void *userdata, sd_
assert(message);
assert(m);
r = selinux_access_check(bus, message, "status", error);
r = selinux_access_check(message, "status", error);
if (r < 0)
return r;
@ -945,7 +945,7 @@ static int method_create_snapshot(sd_bus *bus, sd_bus_message *message, void *us
assert(message);
assert(m);
r = selinux_access_check(bus, message, "start", error);
r = selinux_access_check(message, "start", error);
if (r < 0)
return r;
@ -977,7 +977,7 @@ static int method_remove_snapshot(sd_bus *bus, sd_bus_message *message, void *us
assert(message);
assert(m);
r = selinux_access_check(bus, message, "stop", error);
r = selinux_access_check(message, "stop", error);
if (r < 0)
return r;
@ -1003,7 +1003,7 @@ static int method_reload(sd_bus *bus, sd_bus_message *message, void *userdata, s
assert(message);
assert(m);
r = selinux_access_check(bus, message, "reload", error);
r = selinux_access_check(message, "reload", error);
if (r < 0)
return r;
@ -1031,7 +1031,7 @@ static int method_reexecute(sd_bus *bus, sd_bus_message *message, void *userdata
assert(message);
assert(m);
r = selinux_access_check(bus, message, "reload", error);
r = selinux_access_check(message, "reload", error);
if (r < 0)
return r;
@ -1050,7 +1050,7 @@ static int method_exit(sd_bus *bus, sd_bus_message *message, void *userdata, sd_
assert(message);
assert(m);
r = selinux_access_check(bus, message, "halt", error);
r = selinux_access_check(message, "halt", error);
if (r < 0)
return r;
@ -1070,7 +1070,7 @@ static int method_reboot(sd_bus *bus, sd_bus_message *message, void *userdata, s
assert(message);
assert(m);
r = selinux_access_check(bus, message, "reboot", error);
r = selinux_access_check(message, "reboot", error);
if (r < 0)
return r;
@ -1091,7 +1091,7 @@ static int method_poweroff(sd_bus *bus, sd_bus_message *message, void *userdata,
assert(message);
assert(m);
r = selinux_access_check(bus, message, "halt", error);
r = selinux_access_check(message, "halt", error);
if (r < 0)
return r;
@ -1111,7 +1111,7 @@ static int method_halt(sd_bus *bus, sd_bus_message *message, void *userdata, sd_
assert(message);
assert(m);
r = selinux_access_check(bus, message, "halt", error);
r = selinux_access_check(message, "halt", error);
if (r < 0)
return r;
@ -1131,7 +1131,7 @@ static int method_kexec(sd_bus *bus, sd_bus_message *message, void *userdata, sd
assert(message);
assert(m);
r = selinux_access_check(bus, message, "reboot", error);
r = selinux_access_check(message, "reboot", error);
if (r < 0)
return r;
@ -1153,7 +1153,7 @@ static int method_switch_root(sd_bus *bus, sd_bus_message *message, void *userda
assert(message);
assert(m);
r = selinux_access_check(bus, message, "reboot", error);
r = selinux_access_check(message, "reboot", error);
if (r < 0)
return r;
@ -1217,7 +1217,7 @@ static int method_set_environment(sd_bus *bus, sd_bus_message *message, void *us
assert(message);
assert(m);
r = selinux_access_check(bus, message, "reload", error);
r = selinux_access_check(message, "reload", error);
if (r < 0)
return r;
@ -1243,7 +1243,7 @@ static int method_unset_environment(sd_bus *bus, sd_bus_message *message, void *
assert(message);
assert(m);
r = selinux_access_check(bus, message, "reload", error);
r = selinux_access_check(message, "reload", error);
if (r < 0)
return r;
@ -1270,7 +1270,7 @@ static int method_unset_and_set_environment(sd_bus *bus, sd_bus_message *message
assert(message);
assert(m);
r = selinux_access_check(bus, message, "reload", error);
r = selinux_access_check(message, "reload", error);
if (r < 0)
return r;
@ -1306,7 +1306,7 @@ static int method_list_unit_files(sd_bus *bus, sd_bus_message *message, void *us
assert(message);
assert(m);
r = selinux_access_check(bus, message, "status", error);
r = selinux_access_check(message, "status", error);
if (r < 0)
return r;
@ -1357,7 +1357,7 @@ static int method_get_unit_file_state(sd_bus *bus, sd_bus_message *message, void
assert(message);
assert(m);
r = selinux_access_check(bus, message, "status", error);
r = selinux_access_check(message, "status", error);
if (r < 0)
return r;
@ -1384,7 +1384,7 @@ static int method_get_default_target(sd_bus *bus, sd_bus_message *message, void
assert(message);
assert(m);
r = selinux_access_check(bus, message, "status", error);
r = selinux_access_check(message, "status", error);
if (r < 0)
return r;
@ -1495,7 +1495,7 @@ static int method_enable_unit_files_generic(
u = manager_get_unit(m, *i);
if (u) {
r = selinux_unit_access_check(u, bus, message, verb, error);
r = selinux_unit_access_check(u, message, verb, error);
if (r < 0)
return r;
}
@ -1553,7 +1553,7 @@ static int method_disable_unit_files_generic(
assert(message);
assert(m);
r = selinux_access_check(bus, message, verb, error);
r = selinux_access_check(message, verb, error);
if (r < 0)
return r;
@ -1594,7 +1594,7 @@ static int method_set_default_target(sd_bus *bus, sd_bus_message *message, void
assert(message);
assert(m);
r = selinux_access_check(bus, message, "enable", error);
r = selinux_access_check(message, "enable", error);
if (r < 0)
return r;

2
src/core/dbus-snapshot.c
View file

@ -33,7 +33,7 @@ int bus_snapshot_method_remove(sd_bus *bus, sd_bus_message *message, void *userd
assert(message);
assert(s);
r = selinux_unit_access_check(UNIT(s), bus, message, "stop", error);
r = selinux_unit_access_check(UNIT(s), message, "stop", error);
if (r < 0)
return r;

8
src/core/dbus-unit.c
View file

@ -436,7 +436,7 @@ int bus_unit_method_kill(sd_bus *bus, sd_bus_message *message, void *userdata, s
if (signo <= 0 || signo >= _NSIG)
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Signal number out of range.");
r = selinux_unit_access_check(u, bus, message, "stop", error);
r = selinux_unit_access_check(u, message, "stop", error);
if (r < 0)
return r;
@ -455,7 +455,7 @@ int bus_unit_method_reset_failed(sd_bus *bus, sd_bus_message *message, void *use
assert(message);
assert(u);
r = selinux_unit_access_check(u, bus, message, "reload", error);
r = selinux_unit_access_check(u, message, "reload", error);
if (r < 0)
return r;
@ -476,7 +476,7 @@ int bus_unit_method_set_properties(sd_bus *bus, sd_bus_message *message, void *u
if (r < 0)
return r;
r = selinux_unit_access_check(u, bus, message, "start", error);
r = selinux_unit_access_check(u, message, "start", error);
if (r < 0)
return r;
@ -737,7 +737,7 @@ int bus_unit_queue_job(
}
r = selinux_unit_access_check(
u, bus, message,
u, message,
(type == JOB_START || type == JOB_RESTART || type == JOB_TRY_RESTART) ? "start" :
type == JOB_STOP ? "stop" : "reload", error);
if (r < 0)

4
src/core/dbus.c
View file

@ -239,7 +239,7 @@ static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata,
if (object_path_startswith("/org/freedesktop/systemd1", path)) {
r = selinux_access_check(bus, message, verb, error);
r = selinux_access_check(message, verb, error);
if (r < 0)
return r;
@ -270,7 +270,7 @@ static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata,
if (!u)
return 0;
r = selinux_unit_access_check(u, bus, message, verb, error);
r = selinux_unit_access_check(u, message, verb, error);
if (r < 0)
return r;

2
src/core/selinux-access.c
View file

@ -169,7 +169,6 @@ void selinux_access_free(void) {
still be generated if the access would be denied in enforcing mode.
*/
int selinux_generic_access_check(
sd_bus *bus,
sd_bus_message *message,
const char *path,
const char *permission,
@ -183,7 +182,6 @@ int selinux_generic_access_check(
char **cmdline = NULL;
int r = 0;
assert(bus);
assert(message);
assert(permission);
assert(error);

18
src/core/selinux-access.h
View file

@ -27,18 +27,22 @@
void selinux_access_free(void);
int selinux_generic_access_check(sd_bus *bus, sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
int selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
#ifdef HAVE_SELINUX
#define selinux_access_check(bus, message, permission, error) \
selinux_generic_access_check(bus, message, NULL, permission, error)
#define selinux_unit_access_check(unit, bus, message, permission, error) \
({ Unit *_unit = (unit); selinux_generic_access_check(bus, message, _unit->fragment_path ?: _unit->fragment_path, permission, error); })
#define selinux_access_check(message, permission, error) \
selinux_generic_access_check((message), NULL, (permission), (error))
#define selinux_unit_access_check(unit, message, permission, error) \
({ \
Unit *_unit = (unit); \
selinux_generic_access_check((message), _unit->fragment_path ?: _unit->fragment_path, (permission), (error)); \
})
#else
#define selinux_access_check(bus, message, permission, error) 0
#define selinux_unit_access_check(unit, bus, message, permission, error) 0
#define selinux_access_check(message, permission, error) 0
#define selinux_unit_access_check(unit, message, permission, error) 0
#endif