selinux: rework selinux access check logic

a) Instead of parsing the bus messages inside of selinux-access.c simply pass everything pre-parsed in the functions b) implement the access checking with a macro that resolves to nothing on non-selinux builds c) split out the selinux checks into their own sources selinux-util.[ch] d) this unifies the job creation code behind the D-Bus calls Manager.StartUnit() and Unit.Start().
author: Lennart Poettering <lennart@poettering.net> 2012-10-02 17:07:00 -0400
committer: Lennart Poettering <lennart@poettering.net> 2012-10-02 17:07:00 -0400
commit: cad45ba11ec3572296361f53f5852ffb97a97fa3 (patch)
tree: 42c8e2f855d26efb8819b535dc6e86846de811a9 /src/core/dbus-socket.c
parent: 71ef24d09573874c0f7bc323c07c3aec2a458707 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
index b2045225d..c57cce19f 100644
--- a/src/core/dbus-socket.c
+++ b/src/core/dbus-socket.c
@@ -26,6 +26,7 @@
 #include "dbus-execute.h"
 #include "dbus-kill.h"
 #include "dbus-common.h"
+#include "selinux-access.h"
 
 #define BUS_SOCKET_INTERFACE                                            \
         " <interface name=\"org.freedesktop.systemd1.Socket\">\n"       \
@@ -138,5 +139,7 @@ DBusHandlerResult bus_socket_message_handler(Unit *u, DBusConnection *c, DBusMes
                 { NULL, }
         };
 
+        SELINUX_UNIT_ACCESS_CHECK(u, c, message, "status");
+
         return bus_default_message_handler(c, message, INTROSPECTION, INTERFACES_LIST, bps);
 }
author	Lennart Poettering <lennart@poettering.net>	2012-10-02 17:07:00 -0400
committer	Lennart Poettering <lennart@poettering.net>	2012-10-02 17:07:00 -0400
commit	cad45ba11ec3572296361f53f5852ffb97a97fa3 (patch)
tree	42c8e2f855d26efb8819b535dc6e86846de811a9 /src/core/dbus-socket.c
parent	71ef24d09573874c0f7bc323c07c3aec2a458707 (diff)