From cad45ba11ec3572296361f53f5852ffb97a97fa3 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 2 Oct 2012 17:07:00 -0400
Subject: selinux: rework selinux access check logic

a) Instead of parsing the bus messages inside of selinux-access.c
simply pass everything pre-parsed in the functions

b) implement the access checking with a macro that resolves to nothing
on non-selinux builds

c) split out the selinux checks into their own sources
selinux-util.[ch]

d) this unifies the job creation code behind the D-Bus calls
Manager.StartUnit() and Unit.Start().
---
 src/core/dbus-device.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/core/dbus-device.c')

diff --git a/src/core/dbus-device.c b/src/core/dbus-device.c
index dfbbafb66..dbd91fe3d 100644
--- a/src/core/dbus-device.c
+++ b/src/core/dbus-device.c
@@ -22,6 +22,7 @@
 #include "dbus-unit.h"
 #include "dbus-device.h"
 #include "dbus-common.h"
+#include "selinux-access.h"
 
 #define BUS_DEVICE_INTERFACE                                            \
         " <interface name=\"org.freedesktop.systemd1.Device\">\n"       \
@@ -61,5 +62,7 @@ DBusHandlerResult bus_device_message_handler(Unit *u, DBusConnection *c, DBusMes
                 { NULL, }
         };
 
+        SELINUX_UNIT_ACCESS_CHECK(u, c, message, "status");
+
         return bus_default_message_handler(c, message, INTROSPECTION, INTERFACES_LIST, bps);
 }
-- 
cgit v1.2.3