X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fselinux-access.c;h=0a3ee18bb9b527e9471e759d1da470be1479923e;hb=da7e457c5b9339721454ae8401a03ffdd781e6a9;hp=d9c3f9bcdaa4f31d78165a67684ef4f864b49dfd;hpb=a9e51d5752babffcaa70a0225bf6b673ab8ffe58;p=elogind.git

diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index d9c3f9bcd..0a3ee18bb 100644
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -6,16 +6,16 @@
   Copyright 2012 Dan Walsh
 
   systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU General Public License as published by
-  the Free Software Foundation; either version 2 of the License, or
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
   (at your option) any later version.
 
   systemd is distributed in the hope that it will be useful, but
   WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  General Public License for more details.
+  Lesser General Public License for more details.
 
-  You should have received a copy of the GNU General Public License
+  You should have received a copy of the GNU Lesser General Public License
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
@@ -59,6 +59,10 @@ static int bus_get_selinux_security_context(
                 DBusError *error) {
 
         _cleanup_dbus_message_unref_ DBusMessage *m = NULL, *reply = NULL;
+        DBusMessageIter iter, sub;
+        const char *bytes;
+        char *b;
+        int nbytes;
 
         m = dbus_message_new_method_call(
                         DBUS_SERVICE_DBUS,
@@ -85,12 +89,21 @@ static int bus_get_selinux_security_context(
         if (dbus_set_error_from_message(error, reply))
                 return -EIO;
 
-        if (!dbus_message_get_args(
-                            reply, error,
-                            DBUS_TYPE_STRING, scon,
-                            DBUS_TYPE_INVALID))
+        if (!dbus_message_iter_init(reply, &iter))
                 return -EIO;
 
+        if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY)
+                return -EIO;
+
+        dbus_message_iter_recurse(&iter, &sub);
+        dbus_message_iter_get_fixed_array(&sub, &bytes, &nbytes);
+
+        b = strndup(bytes, nbytes);
+        if (!b)
+                return -ENOMEM;
+
+        *scon = b;
+
         return 0;
 }
 
@@ -119,7 +132,7 @@ static int bus_get_audit_data(
         if (r < 0)
                 return r;
 
-        r = get_process_cmdline(pid, LINE_MAX, true, &audit->cmdline);
+        r = get_process_cmdline(pid, 0, true, &audit->cmdline);
         if (r < 0)
                 return r;
 
@@ -161,20 +174,25 @@ static int audit_callback(
    user_avc's into the /var/log/audit/audit.log, otherwise they will be
    sent to syslog.
 */
-static int log_callback(int type, const char *fmt, ...) {
+_printf_attr_(2, 3) static int log_callback(int type, const char *fmt, ...) {
         va_list ap;
 
         va_start(ap, fmt);
 
 #ifdef HAVE_AUDIT
         if (get_audit_fd() >= 0) {
-                char buf[LINE_MAX];
+                _cleanup_free_ char *buf = NULL;
+                int r;
 
-                vsnprintf(buf, sizeof(buf), fmt, ap);
-                audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
+                r = vasprintf(&buf, fmt, ap);
                 va_end(ap);
 
-                return 0;
+                if (r >= 0) {
+                        audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
+                        return 0;
+                }
+
+                va_start(ap, fmt);
         }
 #endif
         log_metav(LOG_USER | LOG_INFO, __FILE__, __LINE__, __FUNCTION__, fmt, ap);
@@ -243,7 +261,7 @@ static int get_audit_data(
         const char *sender;
         int r, fd;
         struct ucred ucred;
-        socklen_t len;
+        socklen_t len = sizeof(ucred);
 
         sender = dbus_message_get_sender(message);
         if (sender)
@@ -265,7 +283,7 @@ static int get_audit_data(
         if (r < 0)
                 return r;
 
-        r = get_process_cmdline(ucred.pid, LINE_MAX, true, &audit->cmdline);
+        r = get_process_cmdline(ucred.pid, 0, true, &audit->cmdline);
         if (r < 0)
                 return r;
 
@@ -297,8 +315,8 @@ static int get_calling_context(
                 if (r >= 0)
                         return r;
 
-                log_debug("bus_get_selinux_security_context failed %m");
-                dbus_error_free(error);
+                log_error("bus_get_selinux_security_context failed: %m");
+                return r;
         }
 
         if (!dbus_connection_get_unix_fd(connection, &fd)) {
@@ -345,8 +363,6 @@ int selinux_access_check(
         if (r < 0)
                 return r;
 
-        log_debug("SELinux access check for path=%s permission=%s", strna(path), permission);
-
         audit.uid = audit.loginuid = (uid_t) -1;
         audit.gid = (gid_t) -1;
         audit.cmdline = NULL;