mirror of
https://github.com/systemd/systemd
synced 2024-10-15 12:34:37 +00:00
mac: add mac_ prefix to distinguish origin security apis
This commit is contained in:
parent
07788ab9d8
commit
8a188de9e0
|
@ -80,7 +80,7 @@ int bus_job_method_cancel(sd_bus *bus, sd_bus_message *message, void *userdata,
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = selinux_unit_access_check(j->unit, message, "stop", error);
|
||||
r = mac_selinux_unit_access_check(j->unit, message, "stop", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
|
@ -363,7 +363,7 @@ static int method_get_unit(sd_bus *bus, sd_bus_message *message, void *userdata,
|
|||
if (!u)
|
||||
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT, "Unit %s not loaded.", name);
|
||||
|
||||
r = selinux_unit_access_check(u, message, "status", error);
|
||||
r = mac_selinux_unit_access_check(u, message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -409,7 +409,7 @@ static int method_get_unit_by_pid(sd_bus *bus, sd_bus_message *message, void *us
|
|||
if (!u)
|
||||
return sd_bus_error_setf(error, BUS_ERROR_NO_UNIT_FOR_PID, "PID %u does not belong to any loaded unit.", pid);
|
||||
|
||||
r = selinux_unit_access_check(u, message, "status", error);
|
||||
r = mac_selinux_unit_access_check(u, message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -441,7 +441,7 @@ static int method_load_unit(sd_bus *bus, sd_bus_message *message, void *userdata
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = selinux_unit_access_check(u, message, "status", error);
|
||||
r = mac_selinux_unit_access_check(u, message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -648,7 +648,7 @@ static int method_start_transient_unit(sd_bus *bus, sd_bus_message *message, voi
|
|||
if (mode < 0)
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Job mode %s is invalid.", smode);
|
||||
|
||||
r = selinux_access_check(message, "start", error);
|
||||
r = mac_selinux_access_check(message, "start", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -702,7 +702,7 @@ static int method_get_job(sd_bus *bus, sd_bus_message *message, void *userdata,
|
|||
if (!j)
|
||||
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_JOB, "Job %u does not exist.", (unsigned) id);
|
||||
|
||||
r = selinux_unit_access_check(j->unit, message, "status", error);
|
||||
r = mac_selinux_unit_access_check(j->unit, message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -742,7 +742,7 @@ static int method_clear_jobs(sd_bus *bus, sd_bus_message *message, void *userdat
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(message, "reboot", error);
|
||||
r = mac_selinux_access_check(message, "reboot", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -759,7 +759,7 @@ static int method_reset_failed(sd_bus *bus, sd_bus_message *message, void *userd
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(message, "reload", error);
|
||||
r = mac_selinux_access_check(message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -782,7 +782,7 @@ static int list_units_filtered(sd_bus *bus, sd_bus_message *message, void *userd
|
|||
|
||||
/* Anyone can call this method */
|
||||
|
||||
r = selinux_access_check(message, "status", error);
|
||||
r = mac_selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -870,7 +870,7 @@ static int method_list_jobs(sd_bus *bus, sd_bus_message *message, void *userdata
|
|||
|
||||
/* Anyone can call this method */
|
||||
|
||||
r = selinux_access_check(message, "status", error);
|
||||
r = mac_selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -922,7 +922,7 @@ static int method_subscribe(sd_bus *bus, sd_bus_message *message, void *userdata
|
|||
|
||||
/* Anyone can call this method */
|
||||
|
||||
r = selinux_access_check(message, "status", error);
|
||||
r = mac_selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -957,7 +957,7 @@ static int method_unsubscribe(sd_bus *bus, sd_bus_message *message, void *userda
|
|||
|
||||
/* Anyone can call this method */
|
||||
|
||||
r = selinux_access_check(message, "status", error);
|
||||
r = mac_selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -985,7 +985,7 @@ static int method_dump(sd_bus *bus, sd_bus_message *message, void *userdata, sd_
|
|||
|
||||
/* Anyone can call this method */
|
||||
|
||||
r = selinux_access_check(message, "status", error);
|
||||
r = mac_selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1016,7 +1016,7 @@ static int method_create_snapshot(sd_bus *bus, sd_bus_message *message, void *us
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(message, "start", error);
|
||||
r = mac_selinux_access_check(message, "start", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1048,7 +1048,7 @@ static int method_remove_snapshot(sd_bus *bus, sd_bus_message *message, void *us
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(message, "stop", error);
|
||||
r = mac_selinux_access_check(message, "stop", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1080,7 +1080,7 @@ static int method_reload(sd_bus *bus, sd_bus_message *message, void *userdata, s
|
|||
if (r == 0)
|
||||
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
||||
|
||||
r = selinux_access_check(message, "reload", error);
|
||||
r = mac_selinux_access_check(message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1114,7 +1114,7 @@ static int method_reexecute(sd_bus *bus, sd_bus_message *message, void *userdata
|
|||
if (r == 0)
|
||||
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
||||
|
||||
r = selinux_access_check(message, "reload", error);
|
||||
r = mac_selinux_access_check(message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1133,7 +1133,7 @@ static int method_exit(sd_bus *bus, sd_bus_message *message, void *userdata, sd_
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(message, "halt", error);
|
||||
r = mac_selinux_access_check(message, "halt", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1153,7 +1153,7 @@ static int method_reboot(sd_bus *bus, sd_bus_message *message, void *userdata, s
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(message, "reboot", error);
|
||||
r = mac_selinux_access_check(message, "reboot", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1174,7 +1174,7 @@ static int method_poweroff(sd_bus *bus, sd_bus_message *message, void *userdata,
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(message, "halt", error);
|
||||
r = mac_selinux_access_check(message, "halt", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1194,7 +1194,7 @@ static int method_halt(sd_bus *bus, sd_bus_message *message, void *userdata, sd_
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(message, "halt", error);
|
||||
r = mac_selinux_access_check(message, "halt", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1214,7 +1214,7 @@ static int method_kexec(sd_bus *bus, sd_bus_message *message, void *userdata, sd
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(message, "reboot", error);
|
||||
r = mac_selinux_access_check(message, "reboot", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1236,7 +1236,7 @@ static int method_switch_root(sd_bus *bus, sd_bus_message *message, void *userda
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(message, "reboot", error);
|
||||
r = mac_selinux_access_check(message, "reboot", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1300,7 +1300,7 @@ static int method_set_environment(sd_bus *bus, sd_bus_message *message, void *us
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(message, "reload", error);
|
||||
r = mac_selinux_access_check(message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1326,7 +1326,7 @@ static int method_unset_environment(sd_bus *bus, sd_bus_message *message, void *
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(message, "reload", error);
|
||||
r = mac_selinux_access_check(message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1353,7 +1353,7 @@ static int method_unset_and_set_environment(sd_bus *bus, sd_bus_message *message
|
|||
assert(message);
|
||||
assert(m);
|
||||
|
||||
r = selinux_access_check(message, "reload", error);
|
||||
r = mac_selinux_access_check(message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1391,7 +1391,7 @@ static int method_list_unit_files(sd_bus *bus, sd_bus_message *message, void *us
|
|||
|
||||
/* Anyone can call this method */
|
||||
|
||||
r = selinux_access_check(message, "status", error);
|
||||
r = mac_selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1444,7 +1444,7 @@ static int method_get_unit_file_state(sd_bus *bus, sd_bus_message *message, void
|
|||
|
||||
/* Anyone can call this method */
|
||||
|
||||
r = selinux_access_check(message, "status", error);
|
||||
r = mac_selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1473,7 +1473,7 @@ static int method_get_default_target(sd_bus *bus, sd_bus_message *message, void
|
|||
|
||||
/* Anyone can call this method */
|
||||
|
||||
r = selinux_access_check(message, "status", error);
|
||||
r = mac_selinux_access_check(message, "status", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1585,7 +1585,7 @@ static int method_enable_unit_files_generic(
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = selinux_unit_access_check_strv(l, message, m, verb, error);
|
||||
r = mac_selinux_unit_access_check_strv(l, message, m, verb, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1659,7 +1659,7 @@ static int method_preset_unit_files_with_mode(sd_bus *bus, sd_bus_message *messa
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
r = selinux_unit_access_check_strv(l, message, m, "enable", error);
|
||||
r = mac_selinux_unit_access_check_strv(l, message, m, "enable", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1696,7 +1696,7 @@ static int method_disable_unit_files_generic(
|
|||
if (r == 0)
|
||||
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
||||
|
||||
r = selinux_access_check(message, verb, error);
|
||||
r = mac_selinux_access_check(message, verb, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1743,7 +1743,7 @@ static int method_set_default_target(sd_bus *bus, sd_bus_message *message, void
|
|||
if (r == 0)
|
||||
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
||||
|
||||
r = selinux_access_check(message, "enable", error);
|
||||
r = mac_selinux_access_check(message, "enable", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1779,7 +1779,7 @@ static int method_preset_all_unit_files(sd_bus *bus, sd_bus_message *message, vo
|
|||
if (r == 0)
|
||||
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
||||
|
||||
r = selinux_access_check(message, "enable", error);
|
||||
r = mac_selinux_access_check(message, "enable", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1837,7 +1837,7 @@ static int method_add_dependency_unit_files(sd_bus *bus, sd_bus_message *message
|
|||
if (dep < 0)
|
||||
return -EINVAL;
|
||||
|
||||
r = selinux_unit_access_check_strv(l, message, m, "enable", error);
|
||||
r = mac_selinux_unit_access_check_strv(l, message, m, "enable", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ int bus_snapshot_method_remove(sd_bus *bus, sd_bus_message *message, void *userd
|
|||
assert(message);
|
||||
assert(s);
|
||||
|
||||
r = selinux_unit_access_check(UNIT(s), message, "stop", error);
|
||||
r = mac_selinux_unit_access_check(UNIT(s), message, "stop", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
|
@ -443,7 +443,7 @@ int bus_unit_method_kill(sd_bus *bus, sd_bus_message *message, void *userdata, s
|
|||
if (signo <= 0 || signo >= _NSIG)
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Signal number out of range.");
|
||||
|
||||
r = selinux_unit_access_check(u, message, "stop", error);
|
||||
r = mac_selinux_unit_access_check(u, message, "stop", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -468,7 +468,7 @@ int bus_unit_method_reset_failed(sd_bus *bus, sd_bus_message *message, void *use
|
|||
if (r == 0)
|
||||
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
||||
|
||||
r = selinux_unit_access_check(u, message, "reload", error);
|
||||
r = mac_selinux_unit_access_check(u, message, "reload", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -495,7 +495,7 @@ int bus_unit_method_set_properties(sd_bus *bus, sd_bus_message *message, void *u
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = selinux_unit_access_check(u, message, "start", error);
|
||||
r = mac_selinux_unit_access_check(u, message, "start", error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -757,7 +757,7 @@ int bus_unit_queue_job(
|
|||
type = JOB_RELOAD;
|
||||
}
|
||||
|
||||
r = selinux_unit_access_check(
|
||||
r = mac_selinux_unit_access_check(
|
||||
u, message,
|
||||
(type == JOB_START || type == JOB_RESTART || type == JOB_TRY_RESTART) ? "start" :
|
||||
type == JOB_STOP ? "stop" : "reload", error);
|
||||
|
|
|
@ -211,7 +211,7 @@ failed:
|
|||
}
|
||||
|
||||
#ifdef HAVE_SELINUX
|
||||
static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
||||
static int mac_selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
||||
Manager *m = userdata;
|
||||
const char *verb, *path;
|
||||
Unit *u = NULL;
|
||||
|
@ -239,7 +239,7 @@ static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata,
|
|||
|
||||
if (object_path_startswith("/org/freedesktop/systemd1", path)) {
|
||||
|
||||
r = selinux_access_check(message, verb, error);
|
||||
r = mac_selinux_access_check(message, verb, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -270,7 +270,7 @@ static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata,
|
|||
if (!u)
|
||||
return 0;
|
||||
|
||||
r = selinux_unit_access_check(u, message, verb, error);
|
||||
r = mac_selinux_unit_access_check(u, message, verb, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -536,7 +536,7 @@ static int bus_setup_api_vtables(Manager *m, sd_bus *bus) {
|
|||
assert(bus);
|
||||
|
||||
#ifdef HAVE_SELINUX
|
||||
r = sd_bus_add_filter(bus, NULL, selinux_filter, m);
|
||||
r = sd_bus_add_filter(bus, NULL, mac_selinux_filter, m);
|
||||
if (r < 0) {
|
||||
log_error("Failed to add SELinux access filter: %s", strerror(-r));
|
||||
return r;
|
||||
|
|
|
@ -1293,11 +1293,11 @@ int main(int argc, char *argv[]) {
|
|||
if (!skip_setup) {
|
||||
mount_setup_early();
|
||||
dual_timestamp_get(&security_start_timestamp);
|
||||
if (selinux_setup(&loaded_policy) < 0)
|
||||
if (mac_selinux_setup(&loaded_policy) < 0)
|
||||
goto finish;
|
||||
if (ima_setup() < 0)
|
||||
goto finish;
|
||||
if (smack_setup(&loaded_policy) < 0)
|
||||
if (mac_smack_setup(&loaded_policy) < 0)
|
||||
goto finish;
|
||||
dual_timestamp_get(&security_finish_timestamp);
|
||||
}
|
||||
|
|
|
@ -142,7 +142,7 @@ static int access_init(void) {
|
|||
return r;
|
||||
}
|
||||
|
||||
static int selinux_access_init(sd_bus_error *error) {
|
||||
static int mac_selinux_access_init(sd_bus_error *error) {
|
||||
int r;
|
||||
|
||||
if (initialized)
|
||||
|
@ -158,14 +158,17 @@ static int selinux_access_init(sd_bus_error *error) {
|
|||
initialized = true;
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
void selinux_access_free(void) {
|
||||
void mac_selinux_access_free(void) {
|
||||
|
||||
#ifdef HAVE_SELINUX
|
||||
if (!initialized)
|
||||
return;
|
||||
|
||||
avc_destroy();
|
||||
initialized = false;
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -174,12 +177,13 @@ void selinux_access_free(void) {
|
|||
If the machine is in permissive mode it will return ok. Audit messages will
|
||||
still be generated if the access would be denied in enforcing mode.
|
||||
*/
|
||||
int selinux_generic_access_check(
|
||||
int mac_selinux_generic_access_check(
|
||||
sd_bus_message *message,
|
||||
const char *path,
|
||||
const char *permission,
|
||||
sd_bus_error *error) {
|
||||
|
||||
#ifdef HAVE_SELINUX
|
||||
_cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
|
||||
const char *tclass = NULL, *scon = NULL;
|
||||
struct audit_info audit_info = {};
|
||||
|
@ -195,7 +199,7 @@ int selinux_generic_access_check(
|
|||
if (!mac_selinux_use())
|
||||
return 0;
|
||||
|
||||
r = selinux_access_init(error);
|
||||
r = mac_selinux_access_init(error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -254,13 +258,17 @@ finish:
|
|||
}
|
||||
|
||||
return r;
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
int selinux_unit_access_check_strv(char **units,
|
||||
int mac_selinux_unit_access_check_strv(char **units,
|
||||
sd_bus_message *message,
|
||||
Manager *m,
|
||||
const char *permission,
|
||||
sd_bus_error *error) {
|
||||
#ifdef HAVE_SELINUX
|
||||
char **i;
|
||||
Unit *u;
|
||||
int r;
|
||||
|
@ -268,35 +276,11 @@ int selinux_unit_access_check_strv(char **units,
|
|||
STRV_FOREACH(i, units) {
|
||||
u = manager_get_unit(m, *i);
|
||||
if (u) {
|
||||
r = selinux_unit_access_check(u, message, permission, error);
|
||||
r = mac_selinux_unit_access_check(u, message, permission, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
int selinux_generic_access_check(
|
||||
sd_bus_message *message,
|
||||
const char *path,
|
||||
const char *permission,
|
||||
sd_bus_error *error) {
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void selinux_access_free(void) {
|
||||
}
|
||||
|
||||
int selinux_unit_access_check_strv(char **units,
|
||||
sd_bus_message *message,
|
||||
Manager *m,
|
||||
const char *permission,
|
||||
sd_bus_error *error) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -26,26 +26,26 @@
|
|||
#include "bus-util.h"
|
||||
#include "manager.h"
|
||||
|
||||
void selinux_access_free(void);
|
||||
void mac_selinux_access_free(void);
|
||||
|
||||
int selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
|
||||
int mac_selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
|
||||
|
||||
int selinux_unit_access_check_strv(char **units, sd_bus_message *message, Manager *m, const char *permission, sd_bus_error *error);
|
||||
int mac_selinux_unit_access_check_strv(char **units, sd_bus_message *message, Manager *m, const char *permission, sd_bus_error *error);
|
||||
|
||||
#ifdef HAVE_SELINUX
|
||||
|
||||
#define selinux_access_check(message, permission, error) \
|
||||
selinux_generic_access_check((message), NULL, (permission), (error))
|
||||
#define mac_selinux_access_check(message, permission, error) \
|
||||
mac_selinux_generic_access_check((message), NULL, (permission), (error))
|
||||
|
||||
#define selinux_unit_access_check(unit, message, permission, error) \
|
||||
#define mac_selinux_unit_access_check(unit, message, permission, error) \
|
||||
({ \
|
||||
Unit *_unit = (unit); \
|
||||
selinux_generic_access_check((message), _unit->fragment_path ?: _unit->fragment_path, (permission), (error)); \
|
||||
mac_selinux_generic_access_check((message), _unit->fragment_path ?: _unit->fragment_path, (permission), (error)); \
|
||||
})
|
||||
|
||||
#else
|
||||
|
||||
#define selinux_access_check(message, permission, error) 0
|
||||
#define selinux_unit_access_check(unit, message, permission, error) 0
|
||||
#define mac_selinux_access_check(message, permission, error) 0
|
||||
#define mac_selinux_unit_access_check(unit, message, permission, error) 0
|
||||
|
||||
#endif
|
||||
|
|
|
@ -43,7 +43,7 @@ static int null_log(int type, const char *fmt, ...) {
|
|||
}
|
||||
#endif
|
||||
|
||||
int selinux_setup(bool *loaded_policy) {
|
||||
int mac_selinux_setup(bool *loaded_policy) {
|
||||
|
||||
#ifdef HAVE_SELINUX
|
||||
int enforce = 0;
|
||||
|
|
|
@ -23,4 +23,4 @@
|
|||
|
||||
#include <stdbool.h>
|
||||
|
||||
int selinux_setup(bool *loaded_policy);
|
||||
int mac_selinux_setup(bool *loaded_policy);
|
||||
|
|
|
@ -116,7 +116,7 @@ static int write_rules(const char* dstpath, const char* srcdir) {
|
|||
|
||||
#endif
|
||||
|
||||
int smack_setup(bool *loaded_policy) {
|
||||
int mac_smack_setup(bool *loaded_policy) {
|
||||
|
||||
#ifdef HAVE_SMACK
|
||||
|
||||
|
|
|
@ -23,4 +23,4 @@
|
|||
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||||
***/
|
||||
|
||||
int smack_setup(bool *loaded_policy);
|
||||
int mac_smack_setup(bool *loaded_policy);
|
||||
|
|
Loading…
Reference in a new issue