From 4f4f70361a64957c45a2d8f40bfb04c77b454697 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 14 May 2014 22:44:45 +0200 Subject: [PATCH] core: no need to pass bus object to selinux access check calls anymore --- src/core/dbus-job.c | 2 +- src/core/dbus-manager.c | 64 +++++++++++++++++++-------------------- src/core/dbus-snapshot.c | 2 +- src/core/dbus-unit.c | 8 ++--- src/core/dbus.c | 4 +-- src/core/selinux-access.c | 2 -- src/core/selinux-access.h | 18 ++++++----- 7 files changed, 51 insertions(+), 49 deletions(-) diff --git a/src/core/dbus-job.c b/src/core/dbus-job.c index 5c364a4264..8e4ffc977d 100644 --- a/src/core/dbus-job.c +++ b/src/core/dbus-job.c @@ -60,7 +60,7 @@ static int method_cancel(sd_bus *bus, sd_bus_message *message, void *userdata, s assert(message); assert(j); - r = selinux_unit_access_check(j->unit, bus, message, "stop", error); + r = selinux_unit_access_check(j->unit, message, "stop", error); if (r < 0) return r; diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index 135d31465d..58e484df80 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -360,7 +360,7 @@ static int method_get_unit(sd_bus *bus, sd_bus_message *message, void *userdata, if (!u) return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT, "Unit %s not loaded.", name); - r = selinux_unit_access_check(u, bus, message, "status", error); + r = selinux_unit_access_check(u, message, "status", error); if (r < 0) return r; @@ -404,7 +404,7 @@ static int method_get_unit_by_pid(sd_bus *bus, sd_bus_message *message, void *us if (!u) return sd_bus_error_setf(error, BUS_ERROR_NO_UNIT_FOR_PID, "PID %u does not belong to any loaded unit.", pid); - r = selinux_unit_access_check(u, bus, message, "status", error); + r = selinux_unit_access_check(u, message, "status", error); if (r < 0) return r; @@ -434,7 +434,7 @@ static int method_load_unit(sd_bus *bus, sd_bus_message *message, void *userdata if (r < 0) return r; - r = selinux_unit_access_check(u, bus, message, "status", error); + r = selinux_unit_access_check(u, message, "status", error); if (r < 0) return r; @@ -604,7 +604,7 @@ static int method_start_transient_unit(sd_bus *bus, sd_bus_message *message, voi if (mode < 0) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Job mode %s is invalid.", smode); - r = selinux_access_check(bus, message, "start", error); + r = selinux_access_check(message, "start", error); if (r < 0) return r; @@ -656,7 +656,7 @@ static int method_get_job(sd_bus *bus, sd_bus_message *message, void *userdata, if (!j) return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_JOB, "Job %u does not exist.", (unsigned) id); - r = selinux_unit_access_check(j->unit, bus, message, "status", error); + r = selinux_unit_access_check(j->unit, message, "status", error); if (r < 0) return r; @@ -685,7 +685,7 @@ static int method_cancel_job(sd_bus *bus, sd_bus_message *message, void *userdat if (!j) return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_JOB, "Job %u does not exist.", (unsigned) id); - r = selinux_unit_access_check(j->unit, bus, message, "stop", error); + r = selinux_unit_access_check(j->unit, message, "stop", error); if (r < 0) return r; @@ -702,7 +702,7 @@ static int method_clear_jobs(sd_bus *bus, sd_bus_message *message, void *userdat assert(message); assert(m); - r = selinux_access_check(bus, message, "reboot", error); + r = selinux_access_check(message, "reboot", error); if (r < 0) return r; @@ -719,7 +719,7 @@ static int method_reset_failed(sd_bus *bus, sd_bus_message *message, void *userd assert(message); assert(m); - r = selinux_access_check(bus, message, "reload", error); + r = selinux_access_check(message, "reload", error); if (r < 0) return r; @@ -740,7 +740,7 @@ static int method_list_units(sd_bus *bus, sd_bus_message *message, void *userdat assert(message); assert(m); - r = selinux_access_check(bus, message, "status", error); + r = selinux_access_check(message, "status", error); if (r < 0) return r; @@ -805,7 +805,7 @@ static int method_list_jobs(sd_bus *bus, sd_bus_message *message, void *userdata assert(message); assert(m); - r = selinux_access_check(bus, message, "status", error); + r = selinux_access_check(message, "status", error); if (r < 0) return r; @@ -855,7 +855,7 @@ static int method_subscribe(sd_bus *bus, sd_bus_message *message, void *userdata assert(message); assert(m); - r = selinux_access_check(bus, message, "status", error); + r = selinux_access_check(message, "status", error); if (r < 0) return r; @@ -888,7 +888,7 @@ static int method_unsubscribe(sd_bus *bus, sd_bus_message *message, void *userda assert(message); assert(m); - r = selinux_access_check(bus, message, "status", error); + r = selinux_access_check(message, "status", error); if (r < 0) return r; @@ -914,7 +914,7 @@ static int method_dump(sd_bus *bus, sd_bus_message *message, void *userdata, sd_ assert(message); assert(m); - r = selinux_access_check(bus, message, "status", error); + r = selinux_access_check(message, "status", error); if (r < 0) return r; @@ -945,7 +945,7 @@ static int method_create_snapshot(sd_bus *bus, sd_bus_message *message, void *us assert(message); assert(m); - r = selinux_access_check(bus, message, "start", error); + r = selinux_access_check(message, "start", error); if (r < 0) return r; @@ -977,7 +977,7 @@ static int method_remove_snapshot(sd_bus *bus, sd_bus_message *message, void *us assert(message); assert(m); - r = selinux_access_check(bus, message, "stop", error); + r = selinux_access_check(message, "stop", error); if (r < 0) return r; @@ -1003,7 +1003,7 @@ static int method_reload(sd_bus *bus, sd_bus_message *message, void *userdata, s assert(message); assert(m); - r = selinux_access_check(bus, message, "reload", error); + r = selinux_access_check(message, "reload", error); if (r < 0) return r; @@ -1031,7 +1031,7 @@ static int method_reexecute(sd_bus *bus, sd_bus_message *message, void *userdata assert(message); assert(m); - r = selinux_access_check(bus, message, "reload", error); + r = selinux_access_check(message, "reload", error); if (r < 0) return r; @@ -1050,7 +1050,7 @@ static int method_exit(sd_bus *bus, sd_bus_message *message, void *userdata, sd_ assert(message); assert(m); - r = selinux_access_check(bus, message, "halt", error); + r = selinux_access_check(message, "halt", error); if (r < 0) return r; @@ -1070,7 +1070,7 @@ static int method_reboot(sd_bus *bus, sd_bus_message *message, void *userdata, s assert(message); assert(m); - r = selinux_access_check(bus, message, "reboot", error); + r = selinux_access_check(message, "reboot", error); if (r < 0) return r; @@ -1091,7 +1091,7 @@ static int method_poweroff(sd_bus *bus, sd_bus_message *message, void *userdata, assert(message); assert(m); - r = selinux_access_check(bus, message, "halt", error); + r = selinux_access_check(message, "halt", error); if (r < 0) return r; @@ -1111,7 +1111,7 @@ static int method_halt(sd_bus *bus, sd_bus_message *message, void *userdata, sd_ assert(message); assert(m); - r = selinux_access_check(bus, message, "halt", error); + r = selinux_access_check(message, "halt", error); if (r < 0) return r; @@ -1131,7 +1131,7 @@ static int method_kexec(sd_bus *bus, sd_bus_message *message, void *userdata, sd assert(message); assert(m); - r = selinux_access_check(bus, message, "reboot", error); + r = selinux_access_check(message, "reboot", error); if (r < 0) return r; @@ -1153,7 +1153,7 @@ static int method_switch_root(sd_bus *bus, sd_bus_message *message, void *userda assert(message); assert(m); - r = selinux_access_check(bus, message, "reboot", error); + r = selinux_access_check(message, "reboot", error); if (r < 0) return r; @@ -1217,7 +1217,7 @@ static int method_set_environment(sd_bus *bus, sd_bus_message *message, void *us assert(message); assert(m); - r = selinux_access_check(bus, message, "reload", error); + r = selinux_access_check(message, "reload", error); if (r < 0) return r; @@ -1243,7 +1243,7 @@ static int method_unset_environment(sd_bus *bus, sd_bus_message *message, void * assert(message); assert(m); - r = selinux_access_check(bus, message, "reload", error); + r = selinux_access_check(message, "reload", error); if (r < 0) return r; @@ -1270,7 +1270,7 @@ static int method_unset_and_set_environment(sd_bus *bus, sd_bus_message *message assert(message); assert(m); - r = selinux_access_check(bus, message, "reload", error); + r = selinux_access_check(message, "reload", error); if (r < 0) return r; @@ -1306,7 +1306,7 @@ static int method_list_unit_files(sd_bus *bus, sd_bus_message *message, void *us assert(message); assert(m); - r = selinux_access_check(bus, message, "status", error); + r = selinux_access_check(message, "status", error); if (r < 0) return r; @@ -1357,7 +1357,7 @@ static int method_get_unit_file_state(sd_bus *bus, sd_bus_message *message, void assert(message); assert(m); - r = selinux_access_check(bus, message, "status", error); + r = selinux_access_check(message, "status", error); if (r < 0) return r; @@ -1384,7 +1384,7 @@ static int method_get_default_target(sd_bus *bus, sd_bus_message *message, void assert(message); assert(m); - r = selinux_access_check(bus, message, "status", error); + r = selinux_access_check(message, "status", error); if (r < 0) return r; @@ -1495,7 +1495,7 @@ static int method_enable_unit_files_generic( u = manager_get_unit(m, *i); if (u) { - r = selinux_unit_access_check(u, bus, message, verb, error); + r = selinux_unit_access_check(u, message, verb, error); if (r < 0) return r; } @@ -1553,7 +1553,7 @@ static int method_disable_unit_files_generic( assert(message); assert(m); - r = selinux_access_check(bus, message, verb, error); + r = selinux_access_check(message, verb, error); if (r < 0) return r; @@ -1594,7 +1594,7 @@ static int method_set_default_target(sd_bus *bus, sd_bus_message *message, void assert(message); assert(m); - r = selinux_access_check(bus, message, "enable", error); + r = selinux_access_check(message, "enable", error); if (r < 0) return r; diff --git a/src/core/dbus-snapshot.c b/src/core/dbus-snapshot.c index 053e35cc06..2a5ef448ce 100644 --- a/src/core/dbus-snapshot.c +++ b/src/core/dbus-snapshot.c @@ -33,7 +33,7 @@ int bus_snapshot_method_remove(sd_bus *bus, sd_bus_message *message, void *userd assert(message); assert(s); - r = selinux_unit_access_check(UNIT(s), bus, message, "stop", error); + r = selinux_unit_access_check(UNIT(s), message, "stop", error); if (r < 0) return r; diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c index 07e7f20e6b..8f23fe76ce 100644 --- a/src/core/dbus-unit.c +++ b/src/core/dbus-unit.c @@ -436,7 +436,7 @@ int bus_unit_method_kill(sd_bus *bus, sd_bus_message *message, void *userdata, s if (signo <= 0 || signo >= _NSIG) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Signal number out of range."); - r = selinux_unit_access_check(u, bus, message, "stop", error); + r = selinux_unit_access_check(u, message, "stop", error); if (r < 0) return r; @@ -455,7 +455,7 @@ int bus_unit_method_reset_failed(sd_bus *bus, sd_bus_message *message, void *use assert(message); assert(u); - r = selinux_unit_access_check(u, bus, message, "reload", error); + r = selinux_unit_access_check(u, message, "reload", error); if (r < 0) return r; @@ -476,7 +476,7 @@ int bus_unit_method_set_properties(sd_bus *bus, sd_bus_message *message, void *u if (r < 0) return r; - r = selinux_unit_access_check(u, bus, message, "start", error); + r = selinux_unit_access_check(u, message, "start", error); if (r < 0) return r; @@ -737,7 +737,7 @@ int bus_unit_queue_job( } r = selinux_unit_access_check( - u, bus, message, + u, message, (type == JOB_START || type == JOB_RESTART || type == JOB_TRY_RESTART) ? "start" : type == JOB_STOP ? "stop" : "reload", error); if (r < 0) diff --git a/src/core/dbus.c b/src/core/dbus.c index e9bf34c498..189d925c9e 100644 --- a/src/core/dbus.c +++ b/src/core/dbus.c @@ -239,7 +239,7 @@ static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata, if (object_path_startswith("/org/freedesktop/systemd1", path)) { - r = selinux_access_check(bus, message, verb, error); + r = selinux_access_check(message, verb, error); if (r < 0) return r; @@ -270,7 +270,7 @@ static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata, if (!u) return 0; - r = selinux_unit_access_check(u, bus, message, verb, error); + r = selinux_unit_access_check(u, message, verb, error); if (r < 0) return r; diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c index 21c7a8c5bc..53e08af395 100644 --- a/src/core/selinux-access.c +++ b/src/core/selinux-access.c @@ -169,7 +169,6 @@ void selinux_access_free(void) { still be generated if the access would be denied in enforcing mode. */ int selinux_generic_access_check( - sd_bus *bus, sd_bus_message *message, const char *path, const char *permission, @@ -183,7 +182,6 @@ int selinux_generic_access_check( char **cmdline = NULL; int r = 0; - assert(bus); assert(message); assert(permission); assert(error); diff --git a/src/core/selinux-access.h b/src/core/selinux-access.h index 9e89064819..27d9e14591 100644 --- a/src/core/selinux-access.h +++ b/src/core/selinux-access.h @@ -27,18 +27,22 @@ void selinux_access_free(void); -int selinux_generic_access_check(sd_bus *bus, sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error); +int selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error); #ifdef HAVE_SELINUX -#define selinux_access_check(bus, message, permission, error) \ - selinux_generic_access_check(bus, message, NULL, permission, error) -#define selinux_unit_access_check(unit, bus, message, permission, error) \ - ({ Unit *_unit = (unit); selinux_generic_access_check(bus, message, _unit->fragment_path ?: _unit->fragment_path, permission, error); }) +#define selinux_access_check(message, permission, error) \ + selinux_generic_access_check((message), NULL, (permission), (error)) + +#define selinux_unit_access_check(unit, message, permission, error) \ + ({ \ + Unit *_unit = (unit); \ + selinux_generic_access_check((message), _unit->fragment_path ?: _unit->fragment_path, (permission), (error)); \ + }) #else -#define selinux_access_check(bus, message, permission, error) 0 -#define selinux_unit_access_check(unit, bus, message, permission, error) 0 +#define selinux_access_check(message, permission, error) 0 +#define selinux_unit_access_check(unit, message, permission, error) 0 #endif