selinux-access.h revision 03e22642617f360a6b55cb853bcf59604754ea5d
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#pragma once
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering/***
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering This file is part of systemd.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering Copyright 2012 Dan Walsh
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering systemd is free software; you can redistribute it and/or modify it
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering under the terms of the GNU Lesser General Public License as published by
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering the Free Software Foundation; either version 2.1 of the License, or
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering (at your option) any later version.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering systemd is distributed in the hope that it will be useful, but
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering WITHOUT ANY WARRANTY; without even the implied warranty of
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering Lesser General Public License for more details.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering You should have received a copy of the GNU Lesser General Public License
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering along with systemd; If not, see <http://www.gnu.org/licenses/>.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering***/
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include <dbus.h>
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poetteringvoid selinux_access_free(void);
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering
b5efdb8af40ea759a1ea584c1bc44ecc81dd00ceLennart Poetteringint selinux_access_check(DBusConnection *connection, DBusMessage *message, const char *path, const char *permission, DBusError *error);
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering
96aad8d15a324d0e956a4e5653a11a67b209b41aLennart Poettering#ifdef HAVE_SELINUX
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering
23c80348e656a4e6fd9ba8f17523a65b6fa349a0Kay Sievers#define SELINUX_ACCESS_CHECK(connection, message, permission) \
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering do { \
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering DBusError _error; \
25300b5a1fcf54674a69d0f4ab08925be00b0227Lennart Poettering int _r; \
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering DBusConnection *_c = (connection); \
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering DBusMessage *_m = (message); \
003dffde2c1b93afbc9aff24b277276f65424406Lennart Poettering dbus_error_init(&_error); \
4cee5eede280b7fd48c18a1942616c4ac896a554Lennart Poettering _r = selinux_access_check(_c, _m, NULL, (permission), &_error); \
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (_r < 0) \
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering return bus_send_error_reply(_c, _m, &_error, _r); \
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering } while (false)
15a5e95075a7f6007dd97b2a165c8ed16fe683dfLennart Poettering
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering#define SELINUX_UNIT_ACCESS_CHECK(unit, connection, message, permission) \
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering do { \
b1d4f8e154bf61b5de1b27461ef8e9c8c5e838a1Lennart Poettering DBusError _error; \
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering int _r; \
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering DBusConnection *_c = (connection); \
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering DBusMessage *_m = (message); \
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering Unit *_u = (unit); \
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering dbus_error_init(&_error); \
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering _r = selinux_access_check(_c, _m, _u->source_path ?: _u->fragment_path, (permission), &_error); \
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (_r < 0) \
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return bus_send_error_reply(_c, _m, &_error, _r); \
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering } while (false)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering#else
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering#define SELINUX_ACCESS_CHECK(connection, message, permission) do { } while (false)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering#define SELINUX_UNIT_ACCESS_CHECK(unit, connection, message, permission) do { } while (false)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering#endif
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering