History log of /external/dbus/bus/selinux.c
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
4299eb3c0907100fe95d2986984b48d40cc52841 08-Jul-2015 Daniel Erat <derat@google.com> Incorporate upstream changes to v1.6.8.

Squash upstream commits up to and including the v1.6.8
release (upstream commit 1cad15cc).

This repository's changes from upstream are now limited to:

- addition of Android.mk, CleanSpec.mk, config.h, and NOTICE
files
- addition of dbus/dbus-arch-deps.h and removal from
dbus/.gitignore (ebae2d21, f022f55d)
- WANT_PIDFILE #ifdefs added to bus/bus.c to disable writing
dbus-daemon's PID to a file (3100d06a)
- TRACE_LOCKS set to 0 in dbus/dbus-connection.c (88a0ffe5)
- DBUS_ANDROID_LOG added to dbus/dbus-internals.c to use
logcat (7de15def)
- ANDROID_MANAGED_SOCKET added to dbus/dbus-sysdeps-unix.c
to use an SELinux-managed socket rather than a
dbus-daemon-created Unix domain socket (3100d06a)

Bug: 22328216
Change-Id: I793ebdf963d9b0740f0da28f1de593d088f08406
/external/dbus/bus/selinux.c
dbecdeabb20e0ce11121819c63373f0afba57c58 19-Mar-2010 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> Consistently include <config.h> in all C source files and never in header files.
/external/dbus/bus/selinux.c
ebfa7c02fd67777684d39389e25346819836dcca 16-Mar-2010 Colin Walters <walters@verbum.org> Merge branch 'dbus-1.2'

Conflicts:
bus/bus.c
configure.in
008cd59ef713a1efc3c9588cf1079c6a80ddf0c7 03-Mar-2010 Frederic Crozat <fcrozat@mandriva.com> Fix build when selinux is disabled but libaudit enabled

https://bugs.freedesktop.org/show_bug.cgi?id=26859
/external/dbus/bus/selinux.c
15109202a98b0a117f54308d58de4f2034334f92 03-Feb-2010 Colin Walters <walters@verbum.org> Fix compilation in --disable-selinux case

_dbus_change_to_daemon_user moved into selinux.c for the --with-selinux
(and audit) case because that's where all of the relevant libcap headers
were being used. However in the --disable-selinux case this didn't
compile and wasn't very clean.

If we don't have libaudit, use the legacy direct setgid/setuid bits
we had before in dbus-sysdeps-util-unix.c.
/external/dbus/bus/selinux.c
3dac125d61ebc4f614a1723580043e2f1c811f59 02-Feb-2010 Colin Walters <walters@verbum.org> Fix compilation in --disable-selinux case

_dbus_change_to_daemon_user moved into selinux.c for the --with-selinux
(and audit) case because that's where all of the relevant libcap headers
were being used. However in the --disable-selinux case this didn't
compile and wasn't very clean.

If we don't have libaudit, use the legacy direct setgid/setuid bits
we had before in dbus-sysdeps-util-unix.c.
/external/dbus/bus/selinux.c
2016b83dece7f220269033e7957fb02140334294 29-Jan-2010 Ralf Habacker <ralf.habacker@freenet.de> _dbus_change_to_daemon_user() is platform related and commit 0a3905d7f3b2ff43b09479863775939f9c8acad4 broke windows builds
/external/dbus/bus/selinux.c
0a3905d7f3b2ff43b09479863775939f9c8acad4 28-Jan-2010 Colin Walters <walters@verbum.org> Switch to libcap-ng, avoid linking libdbus against libcap[-ng]

(Commit message written by Colin Walters <walters@verbum.org>)

A current Fedora goal is to convert projects to libcap-ng which
more easily allows dropping Linux capabilities. For software
which also links to libdbus, it's problematic to link against
libcap as well.

Though really, libdbus should have never linked against libcap
in the first place, which is another thing this patch changes
by moving the libcap-using bits out of dbus/ and into bus/.

https://bugzilla.redhat.com/show_bug.cgi?id=518541
/external/dbus/bus/selinux.c
dc33f4f7749ed303374ebdf00e48ea8a471afd25 11-Jul-2009 Tobias Mueller <fdo-bugs@cryptobitch.de> Bug 21161 - Update the FSF address

No comment.

Signed-off-by: Colin Walters <walters@verbum.org>
(cherry picked from commit 5baf2f856a9c6625993234855b07680da1c8916f)
/external/dbus/bus/selinux.c
b38c433bf713324b5d17eae626e8c7404bcb6554 22-Apr-2009 Eamon Walsh <ewalsh@tycho.nsa.gov> libselinux behavior in permissive mode wrt invalid domains

Stephen Smalley wrote:
> On Tue, 2009-04-21 at 16:32 -0400, Joshua Brindle wrote:
>
>> Stephen Smalley wrote:
>>
>>> On Thu, 2009-04-16 at 20:47 -0400, Eamon Walsh wrote:
>>>
>>>> Stephen Smalley wrote:
>>>>
>> <snip>
>>
>>
>>> No, I don't want to change the behavior upon context_to_sid calls in
>>> general, as we otherwise lose all context validity checking in
>>> permissive mode.
>>>
>>> I think I'd rather change compute_sid behavior to preclude the situation
>>> from arising in the first place, possibly altering the behavior in
>>> permissive mode upon an invalid context to fall back on the ssid
>>> (process) or the tsid (object). But I'm not entirely convinced any
>>> change is required here.
>>>
>>>
>> I just want to follow up to make sure we are all on the same page here. Was the
>> suggestion to change avc_has_perm in libselinux or context_to_sid in the kernel
>> or leave the code as is and fix the callers of avc_has_perm to correctly handle
>> error codes?
>>
>> I prefer the last approach because of Eamon's explanation, EINVAL is already
>> passed in errno to specify the context was invalid (and if object managers
>> aren't handling that correctly now there is a good chance they aren't handling
>> the ENOMEM case either).
>>
>
> I'd be inclined to change compute_sid (not context_to_sid) in the kernel
> to prevent invalid contexts from being formed even in permissive mode
> (scenario is a type transition where role is not authorized for the new
> type). That was originally to allow the system to boot in permissive
> mode. But an alternative would be to just stay in the caller's context
> (ssid) in that situation.
>
> Changing the callers of avc_has_perm() to handle EINVAL and/or ENOMEM
> may make sense, but that logic should not depend on enforcing vs.
> permissive mode.
>
>

FWIW, the following patch to D-Bus should help:

bfo21072 - Log SELinux denials better by checking errno for the cause

Note that this does not fully address the bug report since
EINVAL can still be returned in permissive mode. However the log
messages will now reflect the proper cause of the denial.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Colin Walters <walters@verbum.org>
/external/dbus/bus/selinux.c
be8750940bac3e2c876ea45988c916c3ac182de7 21-Feb-2008 John (J5) Palmieri <johnp@redhat.com> fix build against the latest gcc/glibc

* dbus/dbus-sysdeps-unix.c: define _GNU_SOURCE
* bus/selinux.c: include limits.h
* Patch by Matthias Clasen <mclasen at redhat.com>
/external/dbus/bus/selinux.c
bef4260ad58bc9eb75e2e1a52ad9b49bc3c70fa5 31-Oct-2007 Havoc Pennington <hp@localhost.localdomain> Fix a problem where a nul byte was wrongly introduced into UUIDs, due to _dbus_string_copy_to_buffer weird behavior.

2007-10-31 Havoc Pennington <hp@redhat.com>

* bus/selinux.c (log_audit_callback): rewrite to use
_dbus_string_copy_to_buffer_with_nul()

* dbus/dbus-string.c (_dbus_string_copy_to_buffer): change to NOT
nul-terminate the buffer; fail an assertion if there is not enough
space in the target buffer. This fixes two bugs where
copy_to_buffer was used to copy the binary bytes in a UUID, where
nul termination did not make sense. Bug reported by David Castelow.
(_dbus_string_copy_to_buffer_with_nul): new function that always
nul-terminates the buffer, and fails an assertion if there is not
enough space in the buffer.
/external/dbus/bus/selinux.c
5340b8de0b537380e0c445495300739d75abeb2f 23-Oct-2007 Havoc Pennington <hp@localhost.localdomain> audit_init() was not declared in header, causing warnings; fix this and namespace it

2007-10-23 Havoc Pennington <hp@redhat.com>

* bus/bus.c (bus_context_new): use the new name here

* bus/selinux.c (bus_selinux_audit_init): rename from audit_init()
to avoid possible libc conflict, and declare it in .h file to
avoid a warning
/external/dbus/bus/selinux.c
09aa69e0153e66326c6746ec7e4841567d44ccdb 03-Oct-2007 John (J5) Palmieri <johnp@redhat.com> fd.o bug #12429 Reverse check to setpcap and only init audit if we were root

* patch by Dan Walsh <dwalsh@redhat.com>
* https://bugs.freedesktop.org/show_bug.cgi?id=12429
* Reverse we_were_root check to setpcap if we were root. Also only init
audit if we were root. So error dbus message will not show up when policy
reload happens. dbus -session will no longer try to send audit message,
only system will.
/external/dbus/bus/selinux.c
d012387afef0ba02185ebe27bc6bb15551912e92 14-Jul-2007 Havoc Pennington <hp@redhat.com> 2007-07-13 Havoc Pennington <hp@redhat.com>

* Add indent-tabs-mode: nil to all file headers.
/external/dbus/bus/selinux.c
43b944a0a6ea48e8a8b06ae3e638299f591cde8d 15-Jun-2007 Havoc Pennington <hp@redhat.com> 2007-06-15 Havoc Pennington <hp@redhat.com>

* dbus/dbus-sysdeps.c (_dbus_set_errno_to_zero)
(_dbus_get_is_errno_nonzero, _dbus_get_is_errno_eintr)
(_dbus_strerror_from_errno): family of functions to abstract
errno, though these are somewhat bogus (really we should make our
socket wrappers not use errno probably - the issue is that any
usage of errno that isn't socket-related probably is not
cross-platform, so should either be in a unix-only file that can
use errno directly, or is a bug - these general errno wrappers
hide issues of this nature in non-socket code, while
socket-specific API changes would not since sockets are allowed
cross-platform)
/external/dbus/bus/selinux.c
72697649524238bd8389670e71c9faa55b7b4a1a 13-Jun-2007 Havoc Pennington <hp@redhat.com> 2007-06-13 Havoc Pennington <hp@redhat.com>

* dbus/dbus-server-socket.c (_dbus_server_listen_socket): support
all_interfaces=true|false for tcp servers

* dbus/dbus-sysdeps-unix.c (_dbus_listen_tcp_socket): support
inaddr_any flag

* bus/selinux.c: fix some missing includes

* dbus/dbus-server-socket.c (_dbus_server_listen_socket): allow
port to simply be omitted in addition to specifying 0
/external/dbus/bus/selinux.c
e3d30a03225dd1d26012ecd39b09e4ccf91befb5 13-Jun-2007 Havoc Pennington <hp@redhat.com> 2007-06-13 Havoc Pennington <hp@redhat.com>

* configure.ac, bus/selinux.c, dbus/dbus-sysdeps-unix-util.c: add
libaudit support, no clue what this means really but now we have
it. Patches from Fedora package.

* bus/bus.c (bus_context_new): move selinux initialization after
changing to daemon user, patch from Fedora package

* dbus/dbus-transport.c (auth_via_unix_user_function): fix a typo
/external/dbus/bus/selinux.c
9a3145b9f3cb0d7d570230aaa6193f87e3bea604 09-Aug-2006 John (J5) Palmieri <johnp@redhat.com> These are all patches from Kjartan Maraas <kmaraas at gnome dot org>
with cleanups of bugs found from Coverity reports:

* dbus/dbus-sysdeps-util.c (_dbus_write_pid_file):
close the file on error to avoid a leak

* bus/expirelist.c (bus_expire_list_test):
Check for NULL on dbus_new0

* bus/activation.c (update_directory):
remove dead code

* bus/config-parser.c (merge_service_context_hash, start_selinux_child):
Fix some leaks

* bus/bus.c (process_config_every_time):
Fixed a leak

* bus/desktop-file.c (parse_key_value):
Fixed leak

* bus/selinux.c (bus_selinux_id_table_insert):
Fixed leak
/external/dbus/bus/selinux.c
7652304bff969afb3969603149bb385efe861fe8 03-Aug-2006 John (J5) Palmieri <johnp@redhat.com> * s/D-BUS/D-Bus/g
/external/dbus/bus/selinux.c
9a94a1350bb93ea395812dd3c983e13e17c1bcb1 16-Jul-2005 Colin Walters <walters@verbum.org> 2005-07-16 Colin Walters <walters@verbum.org>

* bus/driver.c (bus_driver_handle_get_connection_selinux_security_context): Renamed
from bus_driver_handle_get_connection_unix_security_context. Update for
error usage.
(message_handlers): Update for renames.

* bus/selinux.c (bus_selinux_allows_send): Handle OOM on
_dbus_string_init failure correctly.
(bus_selinux_append_context): Convert SID to context. Append it
as a byte array.
(bus_selinux_shutdown): Handle the case where bus_selinux_full_init
hasn't been called.

* bus/selinux.h: Update prototype.

* dbus/dbus-protocol.h (DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN): Renamed
from DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN.
/external/dbus/bus/selinux.c
6be5b25a71ec6b4e7efb35f20fc1f5357be5cffb 15-Jul-2005 Colin Walters <walters@verbum.org> 2005-07-15 Colin Walters <walters@verbum.org>

* bus/selinux.c (bus_selinux_append_context): Wrap in
HAVE_SELINUX.
/external/dbus/bus/selinux.c
6c191520c8b33cd7e550a6e3d9d853c25f552f54 14-Jul-2005 Colin Walters <walters@verbum.org> 2005-07-14 Colin Walters <walters@verbum.org>

* bus/driver.c
(bus_driver_handle_get_connection_unix_security_context): New function.
(message_handlers): Add.

* bus/selinux.c (bus_selinux_append_context): New function; appends
security context to message.

* bus/selinux.h: Prototype.

* dbus/dbus-protocol.h (DBUS_ERROR_UNIX_SECURITY_CONTEXT_UNKNOWN): New.
/external/dbus/bus/selinux.c
44656f538f69e8f8709ddb6ab285db29f65f62dd 13-Apr-2005 David Zeuthen <davidz@redhat.com> 2005-04-13 David Zeuthen <davidz@redhat.com>

* bus/selinux.c: Add c-file-style to top of file
(log_audit_callback): Don't free the data here anymore
(bus_selinux_check): Don't take spid and tpid since appending
that to auxdata may OOM.
(bus_selinux_allows_acquire_service): Handle OOM and signal back
to the caller if we are OOM by taking an error object.
(bus_selinux_allows_send): -do-

* bus/selinux.h: Fix prototypes for bus_selinux_allows_acquire_service
and bus_selinux_allows_send

* bus/bus.c (bus_context_check_security_policy): Pass error and
pass on OOM thrown by bus_selinux_allows_send()

* bus/services.c (bus_registry_acquire_service): Pass error and
pass on OOM thrown by bus_selinux_allows_acquire_service()
/external/dbus/bus/selinux.c
b4fbcb98f17db36d40257969e5d5b35e231a088a 07-Feb-2005 Colin Walters <walters@verbum.org> 2005-02-07 Colin Walters <walters@verbum.org>

* bus/selinux.c (bus_selinux_allows_send): Handle NULL for
sender or proposed_recipient.
/external/dbus/bus/selinux.c
935a41a04c3f638134fa905503fc41ddbd18902f 09-Nov-2004 Colin Walters <walters@verbum.org> 2004-11-09 Colin Walters <walters@verbum.org>

* dbus/dbus-string.c (_dbus_string_get_length): New
function, writes DBusString to C buffer.

* dbus/dbus-string.h: Prototype it.

* dbus/dbus-message.c (dbus_message_type_to_string): New
function, converts message type into C string.

* dbus/dbus-message.h: Prototype it.

* bus/selinux.c (bus_selinux_check): Take source pid,
target pid, and audit data. Pass audit data to
avc_has_perm.
(log_audit_callback): New function, appends extra
audit information.
(bus_selinux_allows_acquire_service): Also take
service name, add it to audit data.
(bus_selinux_allows_send): Also take message
type, interface, method member, error name,
and destination, and add them to audit data.
(log_cb): Initialize func_audit.

* bus/selinux.h (bus_selinux_allows_acquire_service)
(bus_selinux_allows_send): Update prototypes

* bus/services.c (bus_registry_acquire_service): Pass
service name to bus_selinux_allows_acquire_service.

* bus/bus.c (bus_context_check_security_policy): Pass
additional audit data. Move assignment of dest
to its own line.
/external/dbus/bus/selinux.c
cdac3e058b922431f387351fd8ebf60a764485d1 07-Nov-2004 Colin Walters <walters@verbum.org> 2004-11-07 Colin Walters <walters@verbum.org>

* bus/bus.c (load_config): Break into three
separate functions: process_config_first_time_only,
process_config_every_time, and process_config_postinit.
(process_config_every_time): Move call of
bus_registry_set_service_context_table into
process_config_postinit.
(process_config_postinit): New function, does
any processing that needs to happen late
in initialization (and also on reload).
(bus_context_new): Instead of calling load_config,
open config parser here and call process_config_first_time_only
and process_config_every_time directly. Later, after
we have forked but before changing UID,
invoke bus_selinux_full_init, and then call
process_config_postinit.
(bus_context_reload_config): As in bus_context_new,
load parse file inside here, and call process_config_every_time
and process_config_postinit.

* bus/services.h, bus/services.c
(bus_registry_set_service_context_table): Rename
from bus_registry_set_sid_table. Take string hash from config
parser, and convert them here into SIDs.

* bus/config-parser.c (struct BusConfigParser): Have
config parser only store a mapping of service->context
string.
(merge_service_context_hash): New function.
(merge_included): Merge context string hashes instead
of using bus_selinux_id_table_union.
(bus_config_parser_new): Don't use bus_selinux_id_table_new;
simply create a new string hash.
(bus_config_parser_unref): Unref it.
(start_selinux_child): Simply insert strings into hash,
don't call bus_selinux_id_table_copy_over.

* bus/selinux.h, bus/selinux.c (bus_selinux_id_table_union)
(bus_selinux_id_table_copy_over): Delete.
/external/dbus/bus/selinux.c
a14c43cf3ab7a2636146410e52be5e421fc0aaf9 04-Nov-2004 Colin Walters <walters@verbum.org> *** empty log message ***
/external/dbus/bus/selinux.c
1a02f93b50c2cd2290d9f2eca3073bdd45b88cba 04-Nov-2004 Colin Walters <walters@verbum.org> 2004-11-03 Colin Walters <walters@verbum.org>

* bus/selinux.c (bus_selinux_pre_init): Kill some unused
variables.
/external/dbus/bus/selinux.c
73ffe59d87864d61b9d22f199fc6375840bf39bb 02-Nov-2004 Colin Walters <walters@verbum.org> 2004-11-02 Colin Walters <walters@verbum.org>

* bus/selinux.c (bus_selinux_init): Split into two functions,
bus_selinux_pre_init and bus_selinux_post_init.
(bus_selinux_pre_init): Just determine whether SELinux is
enabled.
(bus_selinux_post_init): Do everything else.

* bus/main.c (main): Call bus_selinux_pre_init before parsing
config file, and bus_selinux_post_init after. This ensures that
we don't lose the policyreload notification thread that
bus_selinux_init created before forking previously.

* bus/test-main.c (test_pre_hook): Update for split.
/external/dbus/bus/selinux.c
f79e96fc08734e92804f649b8cfb4bcead1f81a7 18-Oct-2004 Colin Walters <walters@verbum.org> 2004-10-18 Colin Walters <walters@verbum.org>

* bus/selinux.c (bus_selinux_enabled): Handle
--disable-selinux case.
/external/dbus/bus/selinux.c
736fa825e15c8d72eac85080e6cdf028c2f8df43 18-Oct-2004 Colin Walters <walters@verbum.org> 2004-10-18 Colin Walters <walters@verbum.org>

* bus/selinux.h: Add bus_selinux_enabled.

* bus/selinux.c (bus_selinux_enabled): Implement it.

* bus/config-parser.c (struct include): Add
if_selinux_enabled member.
(start_busconfig_child): Parse if_selinux_enabled
attribute for include.
(bus_config_parser_content): Handle it.

* bus/session.conf.in, bus/system.conf.in: Add
inclusion of context mapping to default config files;
conditional on SELinux being enabled.

* doc/busconfig.dtd: Add to if_selinux_enabled to default DTD.

* test/data/invalid-config-files/badselinux-1.conf,
test/data/invalid-config-files/badselinux-2.conf:
Test files for bad syntax.
/external/dbus/bus/selinux.c
ee78f2800f2642b4fff962b736296d87a7f12a17 23-Aug-2004 Colin Walters <walters@verbum.org> 2004-08-23 Colin Walters <walters@redhat.com>

* bus/selinux.h: Prototype bus_selinux_get_policy_root.

* bus/selinux.c: Create a thread for policy reload notification.
(bus_selinux_get_policy_root): Implement.

Updated SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>

* bus/config-parser.c (start_busconfig_child)
(bus_config_parser_content): Support SELinux-root relative
inclusion.

* configure.in <HAVE_SELINUX>: Add -lpthread.

* bus/test-main.c (test_pre_hook, test_post_hook): New.
(test_post_hook): Move memory checking into here.
(test_pre_hook, test_post_hook): Move SELinux checks in
here, but conditional on a DBUS_TEST_SELINUX environment
variable. Unfortunately we can't run the SELinux checks
as a normal user, since they won't have any permissions
for /selinux. So this will have to be tested manually
for now, until we have virtualization for most of
libselinux.
/external/dbus/bus/selinux.c
c7c4d95d0e1284e58a3dfd15c5dc7f0d7c6a5229 20-Aug-2004 Colin Walters <walters@verbum.org> 2004-08-20 Colin Walters <walters@redhat.com>

* bus/config-parser.c (start_busconfig_child): Remove some unused
variables.

* bus/selinux.c (bus_selinux_id_table_insert): Avoid compiler
warning.
/external/dbus/bus/selinux.c
43605a6f4e78a8c28afb4b1e924dff0301e0e95c 10-Aug-2004 Havoc Pennington <hp@redhat.com> 2004-08-09 Havoc Pennington <hp@redhat.com>

* COPYING: switch to Academic Free License version 2.1 instead of
2.0, to resolve complaints about patent termination clause.
/external/dbus/bus/selinux.c
0f2cd8ba8e600a55cab538b195f9e6461172ee75 31-Jul-2004 Colin Walters <walters@verbum.org> 2004-07-31 Colin Walters <walters@redhat.com>

* bus/selinux.c <HAVE_SELINUX>: Include utils.h to get
BUS_SET_OOM.
/external/dbus/bus/selinux.c
1e9b185b0c274ef0d684b1e43418388225321e72 30-Jul-2004 Havoc Pennington <hp@redhat.com> 2004-07-24 Havoc Pennington <hp@redhat.com>

SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>

* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
functionality

* configure.in: add --enable-selinux

* bus/policy.c (bus_policy_merge): add FIXME to a comment

* bus/main.c (main): initialize and shut down selinux

* bus/connection.c: store SELinux ID on each connection, to avoid
repeated getting of the string context and converting it into
an ID

* bus/bus.c (bus_context_get_policy): new accessor, though it
isn't used
(bus_context_check_security_policy): check whether the security
context of sender connection can send to the security context of
recipient connection

* bus/config-parser.c: add parsing for <selinux> and <associate>

* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
implement dbus_connection_get_unix_fd()

* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
function, used by the selinux stuff
/external/dbus/bus/selinux.c