-/*
- Define a mapping between the systemd method calls and the SELinux access to check.
- We define two tables, one for access checks on unit files, and one for
- access checks for the system in general.
-
- If we do not find a match in either table, then the "undefined" system
- check will be called.
-*/
-
-static const char * const unit_methods[][2] = {{ "DisableUnitFiles", "disable" },
- { "EnableUnitFiles", "enable" },
- { "GetUnit", "status" },
- { "GetUnitFileState", "status" },
- { "Kill", "stop" },
- { "KillUnit", "stop" },
- { "LinkUnitFiles", "enable" },
- { "MaskUnitFiles", "disable" },
- { "PresetUnitFiles", "enable" },
- { "ReenableUnitFiles", "enable" },
- { "Reexecute", "start" },
- { "ReloadOrRestart", "start" },
- { "ReloadOrRestartUnit", "start" },
- { "ReloadOrTryRestart", "start" },
- { "ReloadOrTryRestartUnit", "start" },
- { "ReloadUnit", "reload" },
- { "ResetFailedUnit", "stop" },
- { "Restart", "start" },
- { "RestartUnit", "start" },
- { "Start", "start" },
- { "StartUnit", "start" },
- { "StartUnitReplace", "start" },
- { "Stop", "stop" },
- { "StopUnit", "stop" },
- { "TryRestart", "start" },
- { "TryRestartUnit", "start" },
- { "UnmaskUnitFiles", "enable" },
- { NULL, NULL }
-};
-
-static const char * const system_methods[][2] = { { "ClearJobs", "reboot" },
- { "CreateSnapshot", "status" },
- { "Dump", "status" },
- { "Exit", "halt" },
- { "FlushDevices", "halt" },
- { "Get", "status" },
- { "GetAll", "status" },
- { "GetJob", "status" },
- { "GetSeat", "status" },
- { "GetSession", "status" },
- { "GetSessionByPID", "status" },
- { "GetUnitByPID", "status" },
- { "GetUser", "status" },
- { "Halt", "halt" },
- { "Introspect", "status" },
- { "KExec", "reboot" },
- { "KillSession", "halt" },
- { "KillUser", "halt" },
- { "LoadUnit", "reload" },
- { "ListJobs", "status" },
- { "ListSeats", "status" },
- { "ListSessions", "status" },
- { "ListUnits", "status" },
- { "ListUnitFiles", "status" },
- { "ListUsers", "status" },
- { "LockSession", "halt" },
- { "PowerOff", "halt" },
- { "Reboot", "reboot" },
- { "Reload", "reload" },
- { "Reexecute", "reload" },
- { "ResetFailed", "reload" },
- { "Subscribe", "status" },
- { "SwithcRoot", "reboot" },
- { "SetEnvironment", "status" },
- { "SetUserLinger", "halt" },
- { "TerminateSeat", "halt" },
- { "TerminateSession", "halt" },
- { "TerminateUser", "halt" },
- { "Unsubscribe", "status" },
- { "UnsetEnvironment", "status" },
- { "UnsetAndSetEnvironment", "status" },
- { NULL, NULL }
-};
-
-/*
- If the admin toggles the selinux enforcment mode this callback
- will get called before the next access check
-*/
-static int setenforce_callback(int enforcing)
-{
- selinux_enforcing = enforcing;
- return 0;
-}
-
-/* This mimics dbus_bus_get_unix_user() */