src/core/selinux-access.h

	selinux-access.h revision e94937df954451eb4aa63573f0d7404ed2db987e
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer#pragma once
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer/***
fff87a35d9e26c0d4ea41273a963c0eb20e18da4Zbigniew Jędrzejewski-Szmek  This file is part of systemd.
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer
889a90422dd47284dffa32b9234a6e58991b000cRonny Chevalier  Copyright 2012 Dan Walsh
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer  systemd is free software; you can redistribute it and/or modify it
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer  under the terms of the GNU Lesser General Public License as published by
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer  the Free Software Foundation; either version 2.1 of the License, or
889a90422dd47284dffa32b9234a6e58991b000cRonny Chevalier  (at your option) any later version.
278d5115470919319c514ea37d7b14e3f7d0580bEvgeny Vereshchagin
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer  systemd is distributed in the hope that it will be useful, but
889a90422dd47284dffa32b9234a6e58991b000cRonny Chevalier  WITHOUT ANY WARRANTY; without even the implied warranty of
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
32d965851d8cbb39f8ee0eeaf76a89e8f5fc174fLennart Poettering  Lesser General Public License for more details.
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer  You should have received a copy of the GNU Lesser General Public License
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer  along with systemd; If not, see <http://www.gnu.org/licenses/>.
d9890f4ed47c0d565915360d8bae3b7a1428f285Harald Hoyer***/
c6a77179a4097df355f0f04b8f3260c76b5e515cRonny Chevalier
889a90422dd47284dffa32b9234a6e58991b000cRonny Chevalier#include "sd-bus.h"
0d6e798a784ef0ba6b95512e4453067b2f84a91aHarald Hoyer#include "bus-error.h"
c6a77179a4097df355f0f04b8f3260c76b5e515cRonny Chevalier#include "bus-util.h"
0d6e798a784ef0ba6b95512e4453067b2f84a91aHarald Hoyer#include "manager.h"
0d6e798a784ef0ba6b95512e4453067b2f84a91aHarald Hoyer
889a90422dd47284dffa32b9234a6e58991b000cRonny Chevaliervoid selinux_access_free(void);
889a90422dd47284dffa32b9234a6e58991b000cRonny Chevalier
0d6e798a784ef0ba6b95512e4453067b2f84a91aHarald Hoyerint selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
0d6e798a784ef0ba6b95512e4453067b2f84a91aHarald Hoyer
7b17d413b11bfbdb4442c87b1db25b37ed5162acHarald Hoyerint selinux_unit_access_check_strv(char **units, sd_bus_message *message, Manager *m, const char *permission, sd_bus_error *error);
d9890f4ed47c0d565915360d8bae3b7a1428f285Harald Hoyer
d9890f4ed47c0d565915360d8bae3b7a1428f285Harald Hoyer#ifdef HAVE_SELINUX
d9890f4ed47c0d565915360d8bae3b7a1428f285Harald Hoyer
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer#define selinux_access_check(message, permission, error) \
889a90422dd47284dffa32b9234a6e58991b000cRonny Chevalier        selinux_generic_access_check((message), NULL, (permission), (error))
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer#define selinux_unit_access_check(unit, message, permission, error) \
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer        ({                                                              \
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer                Unit *_unit = (unit);                                   \
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer                selinux_generic_access_check((message), _unit->fragment_path ?: _unit->fragment_path, (permission), (error)); \
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer        })
0d6e798a784ef0ba6b95512e4453067b2f84a91aHarald Hoyer
0d6e798a784ef0ba6b95512e4453067b2f84a91aHarald Hoyer#else
889a90422dd47284dffa32b9234a6e58991b000cRonny Chevalier
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer#define selinux_access_check(message, permission, error) 0
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer#define selinux_unit_access_check(unit, message, permission, error) 0
6b197f2a03fa03a2a853cf726d47be2ea4c623b6Harald Hoyer
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer#endif
898720b7e9cf3bdf7a93e435cbed5dd6942ecf9bHarald Hoyer