[systemd-devel] SELinux patch still broken, in that we are not checking the correct source context.

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This patch does the dbus calls correctly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlB3NOUACgkQrlYvE4MpobOFCACgvMzYDOUYb+THKlSZF2+RcSfD
8R8AnRgG1DMDW0XkH/raf+W4ctXLdL6L
=zUUU
-----END PGP SIGNATURE-----

diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index d9c3f9b..974e9fe 100644
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -59,7 +59,11 @@ static int bus_get_selinux_security_context(
                 DBusError *error) {
 
         _cleanup_dbus_message_unref_ DBusMessage *m = NULL, *reply = NULL;
+	DBusMessageIter iter, sub;
+	char *bytes;
+	int nbytes;
 
+        log_debug("GetConnectionSELinuxSecurityContext");
         m = dbus_message_new_method_call(
                         DBUS_SERVICE_DBUS,
                         DBUS_PATH_DBUS,
@@ -85,11 +89,21 @@ static int bus_get_selinux_security_context(
         if (dbus_set_error_from_message(error, reply))
                 return -EIO;
 
-        if (!dbus_message_get_args(
-                            reply, error,
-                            DBUS_TYPE_STRING, scon,
-                            DBUS_TYPE_INVALID))
-                return -EIO;
+        if (!dbus_message_iter_init (reply, &iter))
+		return -EIO;
+
+        if (dbus_message_iter_get_arg_type (&iter) != DBUS_TYPE_ARRAY)
+		return -EIO;
+
+	dbus_message_iter_recurse (&iter, &sub);
+	dbus_message_iter_get_fixed_array (&sub, &bytes, &nbytes);
+
+	*scon = calloc(1, nbytes + 1);
+	if (!*scon)
+                return -ENOMEM;
+	strncpy(*scon, bytes, nbytes);
+
+        log_debug("GetConnectionSELinuxSecurityContext %s (pid %ld)", *scon, (long) bus_get_unix_process_id(connection, name, error));
 
         return 0;
 }
@@ -293,14 +307,17 @@ static int get_calling_context(
         */
         sender = dbus_message_get_sender(message);
         if (sender) {
+                log_error("SELinux Got Sender %s", sender);
+
                 r = bus_get_selinux_security_context(connection, sender, scon, error);
                 if (r >= 0)
                         return r;
 
-                log_debug("bus_get_selinux_security_context failed %m");
-                dbus_error_free(error);
+                log_error("bus_get_selinux_security_context failed %m");
+                return r;
         }
 
+        log_debug("SELinux No Sender");
         if (!dbus_connection_get_unix_fd(connection, &fd)) {
                 log_error("bus_connection_get_unix_fd failed %m");
                 return -EINVAL;

_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel