From fd1bb6fcd517ab83d57256dfb22cd1a59d8a62a8 Mon Sep 17 00:00:00 2001 From: Ralf Habacker Date: Mon, 15 Aug 2011 21:59:55 +0200 Subject: [PATCH 4/5] Include selinux code only when enabled --- bus/bus.c | 9 +++++++-- bus/bus.h | 2 ++ bus/config-parser-common.c | 2 ++ bus/config-parser.c | 9 ++++++--- bus/connection.c | 17 ++++++++++++----- bus/connection.h | 2 ++ bus/driver.c | 8 ++++++-- bus/main.c | 7 ++++++- bus/services.c | 9 ++++++++- bus/test-main.c | 7 ++++++- 10 files changed, 57 insertions(+), 15 deletions(-) diff --git a/bus/bus.c b/bus/bus.c index 6b0dc08..c289a35 100644 --- a/bus/bus.c +++ b/bus/bus.c @@ -33,7 +33,9 @@ #include "policy.h" #include "config-parser.h" #include "signals.h" +#ifdef HAVE_SELINUX #include "selinux.h" +#endif #include "dir-watch.h" #include #include @@ -898,11 +900,12 @@ bus_context_new (const DBusString *config_file, !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe)) _dbus_pipe_close (print_pid_pipe, NULL); - if (!bus_selinux_full_init ()) +#ifdef HAVE_SELINUX + if (!bus_selinux_full_init ()) { bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but AVC initialization failed; check system log\n"); } - +#endif if (!process_config_postinit (context, parser, error)) { _DBUS_ASSERT_ERROR_IS_SET (error); @@ -1460,6 +1463,7 @@ bus_context_check_security_policy (BusContext *context, /* First verify the SELinux access controls. If allowed then * go on with the standard checks. */ +#ifdef HAVE_SELINUX if (!bus_selinux_allows_send (sender, proposed_recipient, dbus_message_type_to_string (dbus_message_get_type (message)), dbus_message_get_interface (message), @@ -1480,6 +1484,7 @@ bus_context_check_security_policy (BusContext *context, return FALSE; } +#endif if (bus_connection_is_active (sender)) { diff --git a/bus/bus.h b/bus/bus.h index ebef17c..1416fb3 100644 --- a/bus/bus.h +++ b/bus/bus.h @@ -37,7 +37,9 @@ typedef struct BusPolicy BusPolicy; typedef struct BusClientPolicy BusClientPolicy; typedef struct BusPolicyRule BusPolicyRule; typedef struct BusRegistry BusRegistry; +#ifdef HAVE_SELINUX typedef struct BusSELinuxID BusSELinuxID; +#endif typedef struct BusService BusService; typedef struct BusOwner BusOwner; typedef struct BusTransaction BusTransaction; diff --git a/bus/config-parser-common.c b/bus/config-parser-common.c index c522ff4..f82aaed 100644 --- a/bus/config-parser-common.c +++ b/bus/config-parser-common.c @@ -107,10 +107,12 @@ bus_config_parser_element_name_to_type (const char *name) { return ELEMENT_LIMIT; } +#ifdef HAVE_SELINUX else if (strcmp (name, "selinux") == 0) { return ELEMENT_SELINUX; } +#endif else if (strcmp (name, "associate") == 0) { return ELEMENT_ASSOCIATE; diff --git a/bus/config-parser.c b/bus/config-parser.c index f943255..bf2ac10 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -27,7 +27,9 @@ #include "test.h" #include "utils.h" #include "policy.h" +#ifdef HAVE_SELINUX #include "selinux.h" +#endif #include #include #include @@ -2365,14 +2367,14 @@ bus_config_parser_content (BusConfigParser *parser, DBusString full_path, selinux_policy_root; e->had_content = TRUE; - +#ifdef HAVE_SELINUX if (e->d.include.if_selinux_enabled && !bus_selinux_enabled ()) break; - +#endif if (!_dbus_string_init (&full_path)) goto nomem; - +#ifdef HAVE_SELINUX if (e->d.include.selinux_root_relative) { if (!bus_selinux_get_policy_root ()) @@ -2390,6 +2392,7 @@ bus_config_parser_content (BusConfigParser *parser, goto nomem; } } +#endif else if (!make_full_path (&parser->basedir, content, &full_path)) { _dbus_string_free (&full_path); diff --git a/bus/connection.c b/bus/connection.c index 8e7d222..3f2fd05 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -29,7 +29,9 @@ #include "utils.h" #include "signals.h" #include "expirelist.h" +#ifdef HAVE_SELINUX #include "selinux.h" +#endif #include #include #include @@ -82,8 +84,9 @@ typedef struct BusClientPolicy *policy; char *cached_loginfo_string; +#ifdef HAVE_SELINUX BusSELinuxID *selinux_id; - +#endif long connection_tv_sec; /**< Time when we connected (seconds component) */ long connection_tv_usec; /**< Time when we connected (microsec component) */ int stamp; /**< connections->stamp last time we were traversed */ @@ -409,9 +412,10 @@ free_connection_data (void *data) if (d->policy) bus_client_policy_unref (d->policy); +#ifdef HAVE_SELINUXX if (d->selinux_id) bus_selinux_id_unref (d->selinux_id); - +#endif dbus_free (d->cached_loginfo_string); dbus_free (d->name); @@ -641,6 +645,7 @@ bus_connections_setup_connection (BusConnections *connections, retval = FALSE; dbus_error_init (&error); +#ifdef HAVE_SELINUX d->selinux_id = bus_selinux_init_connection_id (connection, &error); if (dbus_error_is_set (&error)) @@ -653,7 +658,7 @@ bus_connections_setup_connection (BusConnections *connections, dbus_error_free (&error); goto out; } - +#endif if (!dbus_connection_set_watch_functions (connection, add_connection_watch, remove_connection_watch, @@ -736,10 +741,11 @@ bus_connections_setup_connection (BusConnections *connections, out: if (!retval) { +#ifdef HAVE_SELINUX if (d->selinux_id) bus_selinux_id_unref (d->selinux_id); d->selinux_id = NULL; - +#endif if (!dbus_connection_set_watch_functions (connection, NULL, NULL, NULL, connection, @@ -1117,6 +1123,7 @@ bus_connection_get_matchmaker (DBusConnection *connection) return bus_context_get_matchmaker (d->connections->context); } +#ifdef HAVE_SELINUX BusSELinuxID* bus_connection_get_selinux_id (DBusConnection *connection) { @@ -1128,7 +1135,7 @@ bus_connection_get_selinux_id (DBusConnection *connection) return d->selinux_id; } - +#endif /** * Checks whether the connection is registered with the message bus. * diff --git a/bus/connection.h b/bus/connection.h index 4b9a754..0e8bb3f 100644 --- a/bus/connection.h +++ b/bus/connection.h @@ -51,7 +51,9 @@ BusRegistry* bus_connection_get_registry (DBusConnection BusActivation* bus_connection_get_activation (DBusConnection *connection); BusMatchmaker* bus_connection_get_matchmaker (DBusConnection *connection); const char * bus_connection_get_loginfo (DBusConnection *connection); +#ifdef HAVE_SELINUX BusSELinuxID* bus_connection_get_selinux_id (DBusConnection *connection); +#endif dbus_bool_t bus_connections_check_limits (BusConnections *connections, DBusConnection *requesting_completion, DBusError *error); diff --git a/bus/driver.c b/bus/driver.c index cc8d1f2..3d9a55c 100644 --- a/bus/driver.c +++ b/bus/driver.c @@ -28,7 +28,9 @@ #include "driver.h" #include "dispatch.h" #include "services.h" +#ifdef HAVE_SELINUX #include "selinux.h" +#endif #include "signals.h" #include "utils.h" #include @@ -1491,8 +1493,9 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne BusService *serv; DBusConnection *conn; DBusMessage *reply; +#ifdef HAVE_SELINUX BusSELinuxID *context; - +#endif _DBUS_ASSERT_ERROR_IS_CLEAR (error); registry = bus_connection_get_registry (connection); @@ -1523,6 +1526,7 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne if (reply == NULL) goto oom; +#ifdef HAVE_SELINUX context = bus_connection_get_selinux_id (conn); if (!context) { @@ -1534,7 +1538,7 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne if (! bus_selinux_append_context (reply, context, error)) goto failed; - +#endif if (! bus_transaction_send_from_driver (transaction, connection, reply)) goto oom; diff --git a/bus/main.c b/bus/main.c index 47f38c8..5e944dd 100644 --- a/bus/main.c +++ b/bus/main.c @@ -38,7 +38,9 @@ #ifdef HAVE_ERRNO_H #include #endif +#ifdef HAVE_SELINUX #include "selinux.h" +#endif static BusContext *context; @@ -566,12 +568,13 @@ main (int argc, char **argv) } _dbus_string_free (&pid_fd); +#ifdef HAVE_SELINUX if (!bus_selinux_pre_init ()) { _dbus_warn ("SELinux pre-initialization failed\n"); exit (1); } - +#endif dbus_error_init (&error); context = bus_context_new (&config_file, force_fork, &print_addr_pipe, &print_pid_pipe, @@ -612,7 +615,9 @@ main (int argc, char **argv) bus_context_shutdown (context); bus_context_unref (context); +#ifdef HAVE_SELINUX bus_selinux_shutdown (); +#endif return 0; } diff --git a/bus/services.c b/bus/services.c index 0a04925..b049a48 100644 --- a/bus/services.c +++ b/bus/services.c @@ -35,7 +35,9 @@ #include "activation.h" #include "policy.h" #include "bus.h" +#ifdef HAVE_SELINUX #include "selinux.h" +#endif struct BusService { @@ -389,7 +391,9 @@ bus_registry_acquire_service (BusRegistry *registry, BusClientPolicy *policy; BusService *service; BusActivation *activation; +#ifdef HAVE_SELINUX BusSELinuxID *sid; +#endif BusOwner *primary_owner; retval = FALSE; @@ -434,6 +438,7 @@ bus_registry_acquire_service (BusRegistry *registry, policy = bus_connection_get_policy (connection); _dbus_assert (policy != NULL); +#ifdef HAVE_SELINUX /* Note that if sid is #NULL then the bus's own context gets used * in bus_connection_selinux_allows_acquire_service() */ @@ -459,7 +464,7 @@ bus_registry_acquire_service (BusRegistry *registry, _dbus_string_get_const_data (service_name)); goto out; } - +#endif if (!bus_client_policy_check_can_own (policy, connection, service_name)) { @@ -683,6 +688,7 @@ bus_registry_set_service_context_table (BusRegistry *registry, DBusHashTable *new_table; DBusHashIter iter; +#ifdef HAVE_SELINUX new_table = bus_selinux_id_table_new (); if (!new_table) return FALSE; @@ -702,6 +708,7 @@ bus_registry_set_service_context_table (BusRegistry *registry, if (registry->service_sid_table) _dbus_hash_table_unref (registry->service_sid_table); registry->service_sid_table = new_table; +#endif return TRUE; } diff --git a/bus/test-main.c b/bus/test-main.c index a8039d5..5604889 100644 --- a/bus/test-main.c +++ b/bus/test-main.c @@ -29,7 +29,9 @@ #include #include #include +#ifdef HAVE_SELINUX #include "selinux.h" +#endif #ifdef DBUS_BUILD_TESTS static void @@ -60,11 +62,12 @@ static void test_pre_hook (void) { +#ifdef HAVE_SELINUX if (_dbus_getenv ("DBUS_TEST_SELINUX") && (!bus_selinux_pre_init () || !bus_selinux_full_init ())) die ("could not init selinux support"); - +#endif initial_fds = _dbus_check_fdleaks_enter (); } @@ -73,8 +76,10 @@ static char *progname = ""; static void test_post_hook (void) { +#ifdef HAVE_SELINUX if (_dbus_getenv ("DBUS_TEST_SELINUX")) bus_selinux_shutdown (); +#endif check_memleaks (progname); _dbus_check_fdleaks_leave (initial_fds); -- 1.7.4.msysgit.0