diff options
Diffstat (limited to 'src/3rd_party/dbus-1.7.8/bus/selinux.c')
-rw-r--r-- | src/3rd_party/dbus-1.7.8/bus/selinux.c | 1092 |
1 files changed, 0 insertions, 1092 deletions
diff --git a/src/3rd_party/dbus-1.7.8/bus/selinux.c b/src/3rd_party/dbus-1.7.8/bus/selinux.c deleted file mode 100644 index 768e55ef28..0000000000 --- a/src/3rd_party/dbus-1.7.8/bus/selinux.c +++ /dev/null @@ -1,1092 +0,0 @@ -/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- - * selinux.c SELinux security checks for D-Bus - * - * Author: Matthew Rickard <mjricka@epoch.ncsc.mil> - * - * Licensed under the Academic Free License version 2.1 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#include <config.h> -#include <dbus/dbus-internals.h> -#include <dbus/dbus-string.h> -#ifndef DBUS_WIN -#include <dbus/dbus-userdb.h> -#endif -#include "selinux.h" -#include "services.h" -#include "policy.h" -#include "utils.h" -#include "config-parser.h" - -#ifdef HAVE_ERRNO_H -#include <errno.h> -#endif -#ifdef HAVE_SELINUX -#include <sys/types.h> -#include <unistd.h> -#include <limits.h> -#include <pthread.h> -#include <syslog.h> -#include <selinux/selinux.h> -#include <selinux/avc.h> -#include <selinux/av_permissions.h> -#include <selinux/flask.h> -#include <signal.h> -#include <stdarg.h> -#include <stdio.h> -#include <grp.h> -#endif /* HAVE_SELINUX */ -#ifdef HAVE_LIBAUDIT -#include <cap-ng.h> -#include <libaudit.h> -#endif /* HAVE_LIBAUDIT */ - -#define BUS_SID_FROM_SELINUX(sid) ((BusSELinuxID*) (sid)) -#define SELINUX_SID_FROM_BUS(sid) ((security_id_t) (sid)) - -#ifdef HAVE_SELINUX -/* Store the value telling us if SELinux is enabled in the kernel. */ -static dbus_bool_t selinux_enabled = FALSE; - -/* Store an avc_entry_ref to speed AVC decisions. */ -static struct avc_entry_ref aeref; - -/* Store the SID of the bus itself to use as the default. */ -static security_id_t bus_sid = SECSID_WILD; - -/* Thread to listen for SELinux status changes via netlink. */ -static pthread_t avc_notify_thread; - -/* Prototypes for AVC callback functions. */ -static void log_callback (const char *fmt, ...); -static void log_audit_callback (void *data, security_class_t class, char *buf, size_t bufleft); -static void *avc_create_thread (void (*run) (void)); -static void avc_stop_thread (void *thread); -static void *avc_alloc_lock (void); -static void avc_get_lock (void *lock); -static void avc_release_lock (void *lock); -static void avc_free_lock (void *lock); - -/* AVC callback structures for use in avc_init. */ -static const struct avc_memory_callback mem_cb = -{ - .func_malloc = dbus_malloc, - .func_free = dbus_free -}; -static const struct avc_log_callback log_cb = -{ - .func_log = log_callback, - .func_audit = log_audit_callback -}; -static const struct avc_thread_callback thread_cb = -{ - .func_create_thread = avc_create_thread, - .func_stop_thread = avc_stop_thread -}; -static const struct avc_lock_callback lock_cb = -{ - .func_alloc_lock = avc_alloc_lock, - .func_get_lock = avc_get_lock, - .func_release_lock = avc_release_lock, - .func_free_lock = avc_free_lock -}; -#endif /* HAVE_SELINUX */ - -/** - * Log callback to log denial messages from the AVC. - * This is used in avc_init. Logs to both standard - * error and syslogd. - * - * @param fmt the format string - * @param variable argument list - */ -#ifdef HAVE_SELINUX - -#ifdef HAVE_LIBAUDIT -static int audit_fd = -1; -#endif - -void -bus_selinux_audit_init(void) -{ -#ifdef HAVE_LIBAUDIT - audit_fd = audit_open (); - - if (audit_fd < 0) - { - /* If kernel doesn't support audit, bail out */ - if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) - return; - /* If user bus, bail out */ - if (errno == EPERM && getuid() != 0) - return; - _dbus_warn ("Failed opening connection to the audit subsystem"); - } -#endif /* HAVE_LIBAUDIT */ -} - -static void -log_callback (const char *fmt, ...) -{ - va_list ap; - - va_start(ap, fmt); - -#ifdef HAVE_LIBAUDIT - if (audit_fd >= 0) - { - capng_get_caps_process(); - if (capng_have_capability(CAPNG_EFFECTIVE, CAP_AUDIT_WRITE)) - { - char buf[PATH_MAX*2]; - - /* FIXME: need to change this to show real user */ - vsnprintf(buf, sizeof(buf), fmt, ap); - audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, - NULL, getuid()); - return; - } - } -#endif /* HAVE_LIBAUDIT */ - - vsyslog (LOG_USER | LOG_INFO, fmt, ap); - va_end(ap); -} - -/** - * On a policy reload we need to reparse the SELinux configuration file, since - * this could have changed. Send a SIGHUP to reload all configs. - */ -static int -policy_reload_callback (u_int32_t event, security_id_t ssid, - security_id_t tsid, security_class_t tclass, - access_vector_t perms, access_vector_t *out_retained) -{ - if (event == AVC_CALLBACK_RESET) - return raise (SIGHUP); - - return 0; -} - -/** - * Log any auxiliary data - */ -static void -log_audit_callback (void *data, security_class_t class, char *buf, size_t bufleft) -{ - DBusString *audmsg = data; - - if (bufleft > (size_t) _dbus_string_get_length(audmsg)) - { - _dbus_string_copy_to_buffer_with_nul (audmsg, buf, bufleft); - } - else - { - DBusString s; - - _dbus_string_init_const(&s, "Buffer too small for audit message"); - - if (bufleft > (size_t) _dbus_string_get_length(&s)) - _dbus_string_copy_to_buffer_with_nul (&s, buf, bufleft); - } -} - -/** - * Create thread to notify the AVC of enforcing and policy reload - * changes via netlink. - * - * @param run the thread run function - * @return pointer to the thread - */ -static void * -avc_create_thread (void (*run) (void)) -{ - int rc; - - rc = pthread_create (&avc_notify_thread, NULL, (void *(*) (void *)) run, NULL); - if (rc != 0) - { - _dbus_warn ("Failed to start AVC thread: %s\n", _dbus_strerror (rc)); - exit (1); - } - return &avc_notify_thread; -} - -/* Stop AVC netlink thread. */ -static void -avc_stop_thread (void *thread) -{ - pthread_cancel (*(pthread_t *) thread); -} - -/* Allocate a new AVC lock. */ -static void * -avc_alloc_lock (void) -{ - pthread_mutex_t *avc_mutex; - - avc_mutex = dbus_new (pthread_mutex_t, 1); - if (avc_mutex == NULL) - { - _dbus_warn ("Could not create mutex: %s\n", _dbus_strerror (errno)); - exit (1); - } - pthread_mutex_init (avc_mutex, NULL); - - return avc_mutex; -} - -/* Acquire an AVC lock. */ -static void -avc_get_lock (void *lock) -{ - pthread_mutex_lock (lock); -} - -/* Release an AVC lock. */ -static void -avc_release_lock (void *lock) -{ - pthread_mutex_unlock (lock); -} - -/* Free an AVC lock. */ -static void -avc_free_lock (void *lock) -{ - pthread_mutex_destroy (lock); - dbus_free (lock); -} -#endif /* HAVE_SELINUX */ - -/** - * Return whether or not SELinux is enabled; must be - * called after bus_selinux_init. - */ -dbus_bool_t -bus_selinux_enabled (void) -{ -#ifdef HAVE_SELINUX - return selinux_enabled; -#else - return FALSE; -#endif /* HAVE_SELINUX */ -} - -/** - * Do early initialization; determine whether SELinux is enabled. - */ -dbus_bool_t -bus_selinux_pre_init (void) -{ -#ifdef HAVE_SELINUX - int r; - _dbus_assert (bus_sid == SECSID_WILD); - - /* Determine if we are running an SELinux kernel. */ - r = is_selinux_enabled (); - if (r < 0) - { - _dbus_warn ("Could not tell if SELinux is enabled: %s\n", - _dbus_strerror (errno)); - return FALSE; - } - - selinux_enabled = r != 0; - return TRUE; -#else - return TRUE; -#endif -} - -/** - * Initialize the user space access vector cache (AVC) for D-Bus and set up - * logging callbacks. - */ -dbus_bool_t -bus_selinux_full_init (void) -{ -#ifdef HAVE_SELINUX - char *bus_context; - - _dbus_assert (bus_sid == SECSID_WILD); - - if (!selinux_enabled) - { - _dbus_verbose ("SELinux not enabled in this kernel.\n"); - return TRUE; - } - - _dbus_verbose ("SELinux is enabled in this kernel.\n"); - - avc_entry_ref_init (&aeref); - if (avc_init ("avc", &mem_cb, &log_cb, &thread_cb, &lock_cb) < 0) - { - _dbus_warn ("Failed to start Access Vector Cache (AVC).\n"); - return FALSE; - } - else - { - _dbus_verbose ("Access Vector Cache (AVC) started.\n"); - } - - if (avc_add_callback (policy_reload_callback, AVC_CALLBACK_RESET, - NULL, NULL, 0, 0) < 0) - { - _dbus_warn ("Failed to add policy reload callback: %s\n", - _dbus_strerror (errno)); - avc_destroy (); - return FALSE; - } - - bus_context = NULL; - bus_sid = SECSID_WILD; - - if (getcon (&bus_context) < 0) - { - _dbus_verbose ("Error getting context of bus: %s\n", - _dbus_strerror (errno)); - return FALSE; - } - - if (avc_context_to_sid (bus_context, &bus_sid) < 0) - { - _dbus_verbose ("Error getting SID from bus context: %s\n", - _dbus_strerror (errno)); - freecon (bus_context); - return FALSE; - } - - freecon (bus_context); - -#endif /* HAVE_SELINUX */ - return TRUE; -} - -/** - * Decrement SID reference count. - * - * @param sid the SID to decrement - */ -void -bus_selinux_id_unref (BusSELinuxID *sid) -{ -#ifdef HAVE_SELINUX - if (!selinux_enabled) - return; - - _dbus_assert (sid != NULL); - - sidput (SELINUX_SID_FROM_BUS (sid)); -#endif /* HAVE_SELINUX */ -} - -void -bus_selinux_id_ref (BusSELinuxID *sid) -{ -#ifdef HAVE_SELINUX - if (!selinux_enabled) - return; - - _dbus_assert (sid != NULL); - - sidget (SELINUX_SID_FROM_BUS (sid)); -#endif /* HAVE_SELINUX */ -} - -/** - * Determine if the SELinux security policy allows the given sender - * security context to go to the given recipient security context. - * This function determines if the requested permissions are to be - * granted from the connection to the message bus or to another - * optionally supplied security identifier (e.g. for a service - * context). Currently these permissions are either send_msg or - * acquire_svc in the dbus class. - * - * @param sender_sid source security context - * @param override_sid is the target security context. If SECSID_WILD this will - * use the context of the bus itself (e.g. the default). - * @param target_class is the target security class. - * @param requested is the requested permissions. - * @returns #TRUE if security policy allows the send. - */ -#ifdef HAVE_SELINUX -static dbus_bool_t -bus_selinux_check (BusSELinuxID *sender_sid, - BusSELinuxID *override_sid, - security_class_t target_class, - access_vector_t requested, - DBusString *auxdata) -{ - if (!selinux_enabled) - return TRUE; - - /* Make the security check. AVC checks enforcing mode here as well. */ - if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid), - override_sid ? - SELINUX_SID_FROM_BUS (override_sid) : - SELINUX_SID_FROM_BUS (bus_sid), - target_class, requested, &aeref, auxdata) < 0) - { - switch (errno) - { - case EACCES: - _dbus_verbose ("SELinux denying due to security policy.\n"); - return FALSE; - case EINVAL: - _dbus_verbose ("SELinux denying due to invalid security context.\n"); - return FALSE; - default: - _dbus_verbose ("SELinux denying due to: %s\n", _dbus_strerror (errno)); - return FALSE; - } - } - else - return TRUE; -} -#endif /* HAVE_SELINUX */ - -/** - * Returns true if the given connection can acquire a service, - * assuming the given security ID is needed for that service. - * - * @param connection connection that wants to own the service - * @param service_sid the SID of the service from the table - * @returns #TRUE if acquire is permitted. - */ -dbus_bool_t -bus_selinux_allows_acquire_service (DBusConnection *connection, - BusSELinuxID *service_sid, - const char *service_name, - DBusError *error) -{ -#ifdef HAVE_SELINUX - BusSELinuxID *connection_sid; - unsigned long spid; - DBusString auxdata; - dbus_bool_t ret; - - if (!selinux_enabled) - return TRUE; - - connection_sid = bus_connection_get_selinux_id (connection); - if (!dbus_connection_get_unix_process_id (connection, &spid)) - spid = 0; - - if (!_dbus_string_init (&auxdata)) - goto oom; - - if (!_dbus_string_append (&auxdata, "service=")) - goto oom; - - if (!_dbus_string_append (&auxdata, service_name)) - goto oom; - - if (spid) - { - if (!_dbus_string_append (&auxdata, " spid=")) - goto oom; - - if (!_dbus_string_append_uint (&auxdata, spid)) - goto oom; - } - - ret = bus_selinux_check (connection_sid, - service_sid, - SECCLASS_DBUS, - DBUS__ACQUIRE_SVC, - &auxdata); - - _dbus_string_free (&auxdata); - return ret; - - oom: - _dbus_string_free (&auxdata); - BUS_SET_OOM (error); - return FALSE; - -#else - return TRUE; -#endif /* HAVE_SELINUX */ -} - -/** - * Check if SELinux security controls allow the message to be sent to a - * particular connection based on the security context of the sender and - * that of the receiver. The destination connection need not be the - * addressed recipient, it could be an "eavesdropper" - * - * @param sender the sender of the message. - * @param proposed_recipient the connection the message is to be sent to. - * @returns whether to allow the send - */ -dbus_bool_t -bus_selinux_allows_send (DBusConnection *sender, - DBusConnection *proposed_recipient, - const char *msgtype, - const char *interface, - const char *member, - const char *error_name, - const char *destination, - DBusError *error) -{ -#ifdef HAVE_SELINUX - BusSELinuxID *recipient_sid; - BusSELinuxID *sender_sid; - unsigned long spid, tpid; - DBusString auxdata; - dbus_bool_t ret; - dbus_bool_t string_alloced; - - if (!selinux_enabled) - return TRUE; - - if (!sender || !dbus_connection_get_unix_process_id (sender, &spid)) - spid = 0; - if (!proposed_recipient || !dbus_connection_get_unix_process_id (proposed_recipient, &tpid)) - tpid = 0; - - string_alloced = FALSE; - if (!_dbus_string_init (&auxdata)) - goto oom; - string_alloced = TRUE; - - if (!_dbus_string_append (&auxdata, "msgtype=")) - goto oom; - - if (!_dbus_string_append (&auxdata, msgtype)) - goto oom; - - if (interface) - { - if (!_dbus_string_append (&auxdata, " interface=")) - goto oom; - if (!_dbus_string_append (&auxdata, interface)) - goto oom; - } - - if (member) - { - if (!_dbus_string_append (&auxdata, " member=")) - goto oom; - if (!_dbus_string_append (&auxdata, member)) - goto oom; - } - - if (error_name) - { - if (!_dbus_string_append (&auxdata, " error_name=")) - goto oom; - if (!_dbus_string_append (&auxdata, error_name)) - goto oom; - } - - if (destination) - { - if (!_dbus_string_append (&auxdata, " dest=")) - goto oom; - if (!_dbus_string_append (&auxdata, destination)) - goto oom; - } - - if (spid) - { - if (!_dbus_string_append (&auxdata, " spid=")) - goto oom; - - if (!_dbus_string_append_uint (&auxdata, spid)) - goto oom; - } - - if (tpid) - { - if (!_dbus_string_append (&auxdata, " tpid=")) - goto oom; - - if (!_dbus_string_append_uint (&auxdata, tpid)) - goto oom; - } - - sender_sid = bus_connection_get_selinux_id (sender); - /* A NULL proposed_recipient means the bus itself. */ - if (proposed_recipient) - recipient_sid = bus_connection_get_selinux_id (proposed_recipient); - else - recipient_sid = BUS_SID_FROM_SELINUX (bus_sid); - - ret = bus_selinux_check (sender_sid, - recipient_sid, - SECCLASS_DBUS, - DBUS__SEND_MSG, - &auxdata); - - _dbus_string_free (&auxdata); - - return ret; - - oom: - if (string_alloced) - _dbus_string_free (&auxdata); - BUS_SET_OOM (error); - return FALSE; - -#else - return TRUE; -#endif /* HAVE_SELINUX */ -} - -dbus_bool_t -bus_selinux_append_context (DBusMessage *message, - BusSELinuxID *sid, - DBusError *error) -{ -#ifdef HAVE_SELINUX - char *context; - - if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0) - { - if (errno == ENOMEM) - BUS_SET_OOM (error); - else - dbus_set_error (error, DBUS_ERROR_FAILED, - "Error getting context from SID: %s\n", - _dbus_strerror (errno)); - return FALSE; - } - if (!dbus_message_append_args (message, - DBUS_TYPE_ARRAY, - DBUS_TYPE_BYTE, - &context, - strlen (context), - DBUS_TYPE_INVALID)) - { - _DBUS_SET_OOM (error); - return FALSE; - } - freecon (context); - return TRUE; -#else - return TRUE; -#endif -} - -/** - * Gets the security context of a connection to the bus. It is up to - * the caller to freecon() when they are done. - * - * @param connection the connection to get the context of. - * @param con the location to store the security context. - * @returns #TRUE if context is successfully obtained. - */ -#ifdef HAVE_SELINUX -static dbus_bool_t -bus_connection_read_selinux_context (DBusConnection *connection, - char **con) -{ - int fd; - - if (!selinux_enabled) - return FALSE; - - _dbus_assert (connection != NULL); - - if (!dbus_connection_get_unix_fd (connection, &fd)) - { - _dbus_verbose ("Failed to get file descriptor of socket.\n"); - return FALSE; - } - - if (getpeercon (fd, con) < 0) - { - _dbus_verbose ("Error getting context of socket peer: %s\n", - _dbus_strerror (errno)); - return FALSE; - } - - _dbus_verbose ("Successfully read connection context.\n"); - return TRUE; -} -#endif /* HAVE_SELINUX */ - -/** - * Read the SELinux ID from the connection. - * - * @param connection the connection to read from - * @returns the SID if successfully determined, #NULL otherwise. - */ -BusSELinuxID* -bus_selinux_init_connection_id (DBusConnection *connection, - DBusError *error) -{ -#ifdef HAVE_SELINUX - char *con; - security_id_t sid; - - if (!selinux_enabled) - return NULL; - - if (!bus_connection_read_selinux_context (connection, &con)) - { - dbus_set_error (error, DBUS_ERROR_FAILED, - "Failed to read an SELinux context from connection"); - _dbus_verbose ("Error getting peer context.\n"); - return NULL; - } - - _dbus_verbose ("Converting context to SID to store on connection\n"); - - if (avc_context_to_sid (con, &sid) < 0) - { - if (errno == ENOMEM) - BUS_SET_OOM (error); - else - dbus_set_error (error, DBUS_ERROR_FAILED, - "Error getting SID from context \"%s\": %s\n", - con, _dbus_strerror (errno)); - - _dbus_warn ("Error getting SID from context \"%s\": %s\n", - con, _dbus_strerror (errno)); - - freecon (con); - return NULL; - } - - freecon (con); - return BUS_SID_FROM_SELINUX (sid); -#else - return NULL; -#endif /* HAVE_SELINUX */ -} - - -/** - * Function for freeing hash table data. These SIDs - * should no longer be referenced. - */ -static void -bus_selinux_id_table_free_value (BusSELinuxID *sid) -{ -#ifdef HAVE_SELINUX - /* NULL sometimes due to how DBusHashTable works */ - if (sid) - bus_selinux_id_unref (sid); -#endif /* HAVE_SELINUX */ -} - -/** - * Creates a new table mapping service names to security ID. - * A security ID is a "compiled" security context, a security - * context is just a string. - * - * @returns the new table or #NULL if no memory - */ -DBusHashTable* -bus_selinux_id_table_new (void) -{ - return _dbus_hash_table_new (DBUS_HASH_STRING, - (DBusFreeFunction) dbus_free, - (DBusFreeFunction) bus_selinux_id_table_free_value); -} - -/** - * Hashes a service name and service context into the service SID - * table as a string and a SID. - * - * @param service_name is the name of the service. - * @param service_context is the context of the service. - * @param service_table is the table to hash them into. - * @return #FALSE if not enough memory - */ -dbus_bool_t -bus_selinux_id_table_insert (DBusHashTable *service_table, - const char *service_name, - const char *service_context) -{ -#ifdef HAVE_SELINUX - dbus_bool_t retval; - security_id_t sid; - char *key; - - if (!selinux_enabled) - return TRUE; - - sid = SECSID_WILD; - retval = FALSE; - - key = _dbus_strdup (service_name); - if (key == NULL) - return retval; - - if (avc_context_to_sid ((char *) service_context, &sid) < 0) - { - if (errno == ENOMEM) - { - dbus_free (key); - return FALSE; - } - - _dbus_warn ("Error getting SID from context \"%s\": %s\n", - (char *) service_context, - _dbus_strerror (errno)); - goto out; - } - - if (!_dbus_hash_table_insert_string (service_table, - key, - BUS_SID_FROM_SELINUX (sid))) - goto out; - - _dbus_verbose ("Parsed \tservice: %s \n\t\tcontext: %s\n", - key, - sid->ctx); - - /* These are owned by the hash, so clear them to avoid unref */ - key = NULL; - sid = SECSID_WILD; - - retval = TRUE; - - out: - if (sid != SECSID_WILD) - sidput (sid); - - if (key) - dbus_free (key); - - return retval; -#else - return TRUE; -#endif /* HAVE_SELINUX */ -} - - -/** - * Find the security identifier associated with a particular service - * name. Return a pointer to this SID, or #NULL/SECSID_WILD if the - * service is not found in the hash table. This should be nearly a - * constant time operation. If SELinux support is not available, - * always return NULL. - * - * @param service_table the hash table to check for service name. - * @param service_name the name of the service to look for. - * @returns the SELinux ID associated with the service - */ -BusSELinuxID* -bus_selinux_id_table_lookup (DBusHashTable *service_table, - const DBusString *service_name) -{ -#ifdef HAVE_SELINUX - security_id_t sid; - - sid = SECSID_WILD; /* default context */ - - if (!selinux_enabled) - return NULL; - - _dbus_verbose ("Looking up service SID for %s\n", - _dbus_string_get_const_data (service_name)); - - sid = _dbus_hash_table_lookup_string (service_table, - _dbus_string_get_const_data (service_name)); - - if (sid == SECSID_WILD) - _dbus_verbose ("Service %s not found\n", - _dbus_string_get_const_data (service_name)); - else - _dbus_verbose ("Service %s found\n", - _dbus_string_get_const_data (service_name)); - - return BUS_SID_FROM_SELINUX (sid); -#endif /* HAVE_SELINUX */ - return NULL; -} - -/** - * Get the SELinux policy root. This is used to find the D-Bus - * specific config file within the policy. - */ -const char * -bus_selinux_get_policy_root (void) -{ -#ifdef HAVE_SELINUX - return selinux_policy_root (); -#else - return NULL; -#endif /* HAVE_SELINUX */ -} - -/** - * For debugging: Print out the current hash table of service SIDs. - */ -void -bus_selinux_id_table_print (DBusHashTable *service_table) -{ -#if defined (DBUS_ENABLE_VERBOSE_MODE) && defined (HAVE_SELINUX) - DBusHashIter iter; - - if (!selinux_enabled) - return; - - _dbus_verbose ("Service SID Table:\n"); - _dbus_hash_iter_init (service_table, &iter); - while (_dbus_hash_iter_next (&iter)) - { - const char *key = _dbus_hash_iter_get_string_key (&iter); - security_id_t sid = _dbus_hash_iter_get_value (&iter); - _dbus_verbose ("The key is %s\n", key); - _dbus_verbose ("The context is %s\n", sid->ctx); - _dbus_verbose ("The refcount is %d\n", sid->refcnt); - } -#endif /* DBUS_ENABLE_VERBOSE_MODE && HAVE_SELINUX */ -} - - -/** - * Print out some AVC statistics. - */ -#ifdef HAVE_SELINUX -static void -bus_avc_print_stats (void) -{ -#ifdef DBUS_ENABLE_VERBOSE_MODE - struct avc_cache_stats cstats; - - if (!selinux_enabled) - return; - - _dbus_verbose ("AVC Statistics:\n"); - avc_cache_stats (&cstats); - avc_av_stats (); - _dbus_verbose ("AVC Cache Statistics:\n"); - _dbus_verbose ("Entry lookups: %d\n", cstats.entry_lookups); - _dbus_verbose ("Entry hits: %d\n", cstats.entry_hits); - _dbus_verbose ("Entry misses %d\n", cstats.entry_misses); - _dbus_verbose ("Entry discards: %d\n", cstats.entry_discards); - _dbus_verbose ("CAV lookups: %d\n", cstats.cav_lookups); - _dbus_verbose ("CAV hits: %d\n", cstats.cav_hits); - _dbus_verbose ("CAV probes: %d\n", cstats.cav_probes); - _dbus_verbose ("CAV misses: %d\n", cstats.cav_misses); -#endif /* DBUS_ENABLE_VERBOSE_MODE */ -} -#endif /* HAVE_SELINUX */ - -/** - * Destroy the AVC before we terminate. - */ -void -bus_selinux_shutdown (void) -{ -#ifdef HAVE_SELINUX - if (!selinux_enabled) - return; - - _dbus_verbose ("AVC shutdown\n"); - - if (bus_sid != SECSID_WILD) - { - sidput (bus_sid); - bus_sid = SECSID_WILD; - - bus_avc_print_stats (); - - avc_destroy (); -#ifdef HAVE_LIBAUDIT - audit_close (audit_fd); -#endif /* HAVE_LIBAUDIT */ - } -#endif /* HAVE_SELINUX */ -} - -/* The !HAVE_LIBAUDIT case lives in dbus-sysdeps-util-unix.c */ -#ifdef HAVE_LIBAUDIT -/** - * Changes the user and group the bus is running as. - * - * @param user the user to become - * @param error return location for errors - * @returns #FALSE on failure - */ -dbus_bool_t -_dbus_change_to_daemon_user (const char *user, - DBusError *error) -{ - dbus_uid_t uid; - dbus_gid_t gid; - DBusString u; - - _dbus_string_init_const (&u, user); - - if (!_dbus_get_user_id_and_primary_group (&u, &uid, &gid)) - { - dbus_set_error (error, DBUS_ERROR_FAILED, - "User '%s' does not appear to exist?", - user); - return FALSE; - } - - /* If we were root */ - if (_dbus_geteuid () == 0) - { - int rc; - int have_audit_write; - - have_audit_write = capng_have_capability (CAPNG_PERMITTED, CAP_AUDIT_WRITE); - capng_clear (CAPNG_SELECT_BOTH); - /* Only attempt to retain CAP_AUDIT_WRITE if we had it when - * starting. See: - * https://bugs.freedesktop.org/show_bug.cgi?id=49062#c9 - */ - if (have_audit_write) - capng_update (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, - CAP_AUDIT_WRITE); - rc = capng_change_id (uid, gid, CAPNG_DROP_SUPP_GRP); - if (rc) - { - switch (rc) { - default: - dbus_set_error (error, DBUS_ERROR_FAILED, - "Failed to drop capabilities: %s\n", - _dbus_strerror (errno)); - break; - case -4: - dbus_set_error (error, _dbus_error_from_errno (errno), - "Failed to set GID to %lu: %s", gid, - _dbus_strerror (errno)); - break; - case -5: - _dbus_warn ("Failed to drop supplementary groups: %s\n", - _dbus_strerror (errno)); - break; - case -6: - dbus_set_error (error, _dbus_error_from_errno (errno), - "Failed to set UID to %lu: %s", uid, - _dbus_strerror (errno)); - break; - case -7: - dbus_set_error (error, _dbus_error_from_errno (errno), - "Failed to unset keep-capabilities: %s\n", - _dbus_strerror (errno)); - break; - } - return FALSE; - } - } - - return TRUE; -} -#endif |