X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fselinux-access.c;h=08ea6efb78c48150dc9486be48fe97fccc6ba0af;hb=7c52a17b1a31eedd40093a4fbb460cf492087d9b;hp=21c7a8c5bcadd562419a70e22926dc88f347ff68;hpb=5b12334d35eadf1f45cc3d631fd1a2e72ffaea0a;p=elogind.git diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c index 21c7a8c5b..08ea6efb7 100644 --- a/src/core/selinux-access.c +++ b/src/core/selinux-access.c @@ -142,7 +142,7 @@ static int selinux_access_init(sd_bus_error *error) { if (initialized) return 0; - if (!use_selinux()) + if (!mac_selinux_use()) return 0; r = access_init(); @@ -169,7 +169,6 @@ void selinux_access_free(void) { still be generated if the access would be denied in enforcing mode. */ int selinux_generic_access_check( - sd_bus *bus, sd_bus_message *message, const char *path, const char *permission, @@ -183,12 +182,11 @@ int selinux_generic_access_check( char **cmdline = NULL; int r = 0; - assert(bus); assert(message); assert(permission); assert(error); - if (!use_selinux()) + if (!mac_selinux_use()) return 0; r = selinux_access_init(error); @@ -252,10 +250,30 @@ finish: return r; } +int selinux_unit_access_check_strv(char **units, + sd_bus_message *message, + Manager *m, + const char *permission, + sd_bus_error *error) { + char **i; + Unit *u; + int r; + + STRV_FOREACH(i, units) { + u = manager_get_unit(m, *i); + if (u) { + r = selinux_unit_access_check(u, message, permission, error); + if (r < 0) + return r; + } + } + + return 0; +} + #else int selinux_generic_access_check( - sd_bus *bus, sd_bus_message *message, const char *path, const char *permission, @@ -267,4 +285,12 @@ int selinux_generic_access_check( void selinux_access_free(void) { } +int selinux_unit_access_check_strv(char **units, + sd_bus_message *message, + Manager *m, + const char *permission, + sd_bus_error *error) { + return 0; +} + #endif