core: no need to pass bus object to selinux access check calls anymore
This commit is contained in:
parent
04552566fa
commit
4f4f70361a
|
@ -60,7 +60,7 @@ static int method_cancel(sd_bus *bus, sd_bus_message *message, void *userdata, s
|
|||
assert(message);
|
||||
assert(j);
|
||||
|
||||
r = selinux_unit_access_check(j->unit, bus, message, "stop", error);
|
||||
r = selinux_unit_access_check(j->unit, message, "stop", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
|
@ -360,7 +360,7 @@ static int method_get_unit(sd_bus *bus, sd_bus_message *message, void *userdata,
|
|||
if (!u)
|
||||
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT, "Unit %s not loaded.", name);
|
||||
|
||||
r = selinux_unit_access_check(u, bus, message, "status", error);
|
||||
r = selinux_unit_access_check(u, message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -404,7 +404,7 @@ static int method_get_unit_by_pid(sd_bus *bus, sd_bus_message *message, void *us
|
|||
if (!u)
|
||||
return sd_bus_error_setf(error, BUS_ERROR_NO_UNIT_FOR_PID, "PID %u does not belong to any loaded unit.", pid);
|
||||
|
||||
r = selinux_unit_access_check(u, bus, message, "status", error);
|
||||
r = selinux_unit_access_check(u, message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -434,7 +434,7 @@ static int method_load_unit(sd_bus *bus, sd_bus_message *message, void *userdata
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = selinux_unit_access_check(u, bus, message, "status", error);
|
||||
r = selinux_unit_access_check(u, message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -604,7 +604,7 @@ static int method_start_transient_unit(sd_bus *bus, sd_bus_message *message, voi
|
|||
if (mode < 0)
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Job mode %s is invalid.", smode);
|
||||
|
||||
r = selinux_access_check(bus, message, "start", error);
|
||||
r = selinux_access_check(message, "start", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -656,7 +656,7 @@ static int method_get_job(sd_bus *bus, sd_bus_message *message, void *userdata,
|
|||
if (!j)
|
||||
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_JOB, "Job %u does not exist.", (unsigned) id);
|
||||
|
||||
r = selinux_unit_access_check(j->unit, bus, message, "status", error);
|
||||
r = selinux_unit_access_check(j->unit, message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -685,7 +685,7 @@ static int method_cancel_job(sd_bus *bus, sd_bus_message *message, void *userdat
|
|||
if (!j)
|
||||
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_JOB, "Job %u does not exist.", (unsigned) id);
|
||||
|
||||
r = selinux_unit_access_check(j->unit, bus, message, "stop", error);
|
||||
r = selinux_unit_access_check(j->unit, message, "stop", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -702,7 +702,7 @@ static int method_clear_jobs(sd_bus *bus, sd_bus_message *message, void *userdat
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "reboot", error);
|
||||
r = selinux_access_check(message, "reboot", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -719,7 +719,7 @@ static int method_reset_failed(sd_bus *bus, sd_bus_message *message, void *userd
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "reload", error);
|
||||
r = selinux_access_check(message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -740,7 +740,7 @@ static int method_list_units(sd_bus *bus, sd_bus_message *message, void *userdat
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "status", error);
|
||||
r = selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -805,7 +805,7 @@ static int method_list_jobs(sd_bus *bus, sd_bus_message *message, void *userdata
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "status", error);
|
||||
r = selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -855,7 +855,7 @@ static int method_subscribe(sd_bus *bus, sd_bus_message *message, void *userdata
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "status", error);
|
||||
r = selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -888,7 +888,7 @@ static int method_unsubscribe(sd_bus *bus, sd_bus_message *message, void *userda
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "status", error);
|
||||
r = selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -914,7 +914,7 @@ static int method_dump(sd_bus *bus, sd_bus_message *message, void *userdata, sd_
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "status", error);
|
||||
r = selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -945,7 +945,7 @@ static int method_create_snapshot(sd_bus *bus, sd_bus_message *message, void *us
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "start", error);
|
||||
r = selinux_access_check(message, "start", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -977,7 +977,7 @@ static int method_remove_snapshot(sd_bus *bus, sd_bus_message *message, void *us
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "stop", error);
|
||||
r = selinux_access_check(message, "stop", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1003,7 +1003,7 @@ static int method_reload(sd_bus *bus, sd_bus_message *message, void *userdata, s
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "reload", error);
|
||||
r = selinux_access_check(message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1031,7 +1031,7 @@ static int method_reexecute(sd_bus *bus, sd_bus_message *message, void *userdata
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "reload", error);
|
||||
r = selinux_access_check(message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1050,7 +1050,7 @@ static int method_exit(sd_bus *bus, sd_bus_message *message, void *userdata, sd_
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "halt", error);
|
||||
r = selinux_access_check(message, "halt", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1070,7 +1070,7 @@ static int method_reboot(sd_bus *bus, sd_bus_message *message, void *userdata, s
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "reboot", error);
|
||||
r = selinux_access_check(message, "reboot", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1091,7 +1091,7 @@ static int method_poweroff(sd_bus *bus, sd_bus_message *message, void *userdata,
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "halt", error);
|
||||
r = selinux_access_check(message, "halt", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1111,7 +1111,7 @@ static int method_halt(sd_bus *bus, sd_bus_message *message, void *userdata, sd_
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "halt", error);
|
||||
r = selinux_access_check(message, "halt", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1131,7 +1131,7 @@ static int method_kexec(sd_bus *bus, sd_bus_message *message, void *userdata, sd
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "reboot", error);
|
||||
r = selinux_access_check(message, "reboot", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1153,7 +1153,7 @@ static int method_switch_root(sd_bus *bus, sd_bus_message *message, void *userda
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "reboot", error);
|
||||
r = selinux_access_check(message, "reboot", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1217,7 +1217,7 @@ static int method_set_environment(sd_bus *bus, sd_bus_message *message, void *us
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "reload", error);
|
||||
r = selinux_access_check(message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1243,7 +1243,7 @@ static int method_unset_environment(sd_bus *bus, sd_bus_message *message, void *
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "reload", error);
|
||||
r = selinux_access_check(message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1270,7 +1270,7 @@ static int method_unset_and_set_environment(sd_bus *bus, sd_bus_message *message
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "reload", error);
|
||||
r = selinux_access_check(message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1306,7 +1306,7 @@ static int method_list_unit_files(sd_bus *bus, sd_bus_message *message, void *us
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "status", error);
|
||||
r = selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1357,7 +1357,7 @@ static int method_get_unit_file_state(sd_bus *bus, sd_bus_message *message, void
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "status", error);
|
||||
r = selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1384,7 +1384,7 @@ static int method_get_default_target(sd_bus *bus, sd_bus_message *message, void
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "status", error);
|
||||
r = selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1495,7 +1495,7 @@ static int method_enable_unit_files_generic(
|
|||
|
||||
u = manager_get_unit(m, *i);
|
||||
if (u) {
|
||||
r = selinux_unit_access_check(u, bus, message, verb, error);
|
||||
r = selinux_unit_access_check(u, message, verb, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
@ -1553,7 +1553,7 @@ static int method_disable_unit_files_generic(
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, verb, error);
|
||||
r = selinux_access_check(message, verb, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1594,7 +1594,7 @@ static int method_set_default_target(sd_bus *bus, sd_bus_message *message, void
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(bus, message, "enable", error);
|
||||
r = selinux_access_check(message, "enable", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ int bus_snapshot_method_remove(sd_bus *bus, sd_bus_message *message, void *userd
|
|||
assert(message);
|
||||
assert(s);
|
||||
|
||||
r = selinux_unit_access_check(UNIT(s), bus, message, "stop", error);
|
||||
r = selinux_unit_access_check(UNIT(s), message, "stop", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
|
@ -436,7 +436,7 @@ int bus_unit_method_kill(sd_bus *bus, sd_bus_message *message, void *userdata, s
|
|||
if (signo <= 0 || signo >= _NSIG)
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Signal number out of range.");
|
||||
|
||||
r = selinux_unit_access_check(u, bus, message, "stop", error);
|
||||
r = selinux_unit_access_check(u, message, "stop", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -455,7 +455,7 @@ int bus_unit_method_reset_failed(sd_bus *bus, sd_bus_message *message, void *use
|
|||
assert(message);
|
||||
assert(u);
|
||||
|
||||
r = selinux_unit_access_check(u, bus, message, "reload", error);
|
||||
r = selinux_unit_access_check(u, message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -476,7 +476,7 @@ int bus_unit_method_set_properties(sd_bus *bus, sd_bus_message *message, void *u
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = selinux_unit_access_check(u, bus, message, "start", error);
|
||||
r = selinux_unit_access_check(u, message, "start", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -737,7 +737,7 @@ int bus_unit_queue_job(
|
|||
}
|
||||
|
||||
r = selinux_unit_access_check(
|
||||
u, bus, message,
|
||||
u, message,
|
||||
(type == JOB_START || type == JOB_RESTART || type == JOB_TRY_RESTART) ? "start" :
|
||||
type == JOB_STOP ? "stop" : "reload", error);
|
||||
if (r < 0)
|
||||
|
|
|
@ -239,7 +239,7 @@ static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata,
|
|||
|
||||
if (object_path_startswith("/org/freedesktop/systemd1", path)) {
|
||||
|
||||
r = selinux_access_check(bus, message, verb, error);
|
||||
r = selinux_access_check(message, verb, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -270,7 +270,7 @@ static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata,
|
|||
if (!u)
|
||||
return 0;
|
||||
|
||||
r = selinux_unit_access_check(u, bus, message, verb, error);
|
||||
r = selinux_unit_access_check(u, message, verb, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
|
@ -169,7 +169,6 @@ void selinux_access_free(void) {
|
|||
still be generated if the access would be denied in enforcing mode.
|
||||
*/
|
||||
int selinux_generic_access_check(
|
||||
sd_bus *bus,
|
||||
sd_bus_message *message,
|
||||
const char *path,
|
||||
const char *permission,
|
||||
|
@ -183,7 +182,6 @@ int selinux_generic_access_check(
|
|||
char **cmdline = NULL;
|
||||
int r = 0;
|
||||
|
||||
assert(bus);
|
||||
assert(message);
|
||||
assert(permission);
|
||||
assert(error);
|
||||
|
|
|
@ -27,18 +27,22 @@
|
|||
|
||||
void selinux_access_free(void);
|
||||
|
||||
int selinux_generic_access_check(sd_bus *bus, sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
|
||||
int selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
|
||||
|
||||
#ifdef HAVE_SELINUX
|
||||
|
||||
#define selinux_access_check(bus, message, permission, error) \
|
||||
selinux_generic_access_check(bus, message, NULL, permission, error)
|
||||
#define selinux_unit_access_check(unit, bus, message, permission, error) \
|
||||
({ Unit *_unit = (unit); selinux_generic_access_check(bus, message, _unit->fragment_path ?: _unit->fragment_path, permission, error); })
|
||||
#define selinux_access_check(message, permission, error) \
|
||||
selinux_generic_access_check((message), NULL, (permission), (error))
|
||||
|
||||
#define selinux_unit_access_check(unit, message, permission, error) \
|
||||
({ \
|
||||
Unit *_unit = (unit); \
|
||||
selinux_generic_access_check((message), _unit->fragment_path ?: _unit->fragment_path, (permission), (error)); \
|
||||
})
|
||||
|
||||
#else
|
||||
|
||||
#define selinux_access_check(bus, message, permission, error) 0
|
||||
#define selinux_unit_access_check(unit, bus, message, permission, error) 0
|
||||
#define selinux_access_check(message, permission, error) 0
|
||||
#define selinux_unit_access_check(unit, message, permission, error) 0
|
||||
|
||||
#endif
|
||||
|
|
Loading…
Reference in a new issue