selinux: rework selinux access check logic

[elogind.git] / src / core / dbus-snapshot.c

diff --git a/src/core/dbus-snapshot.c b/src/core/dbus-snapshot.c
index e69388a524c12137c96d8232600e9a9cc6286b1f..435c6df39ce11b9f57e39cb1e00bde38e4ec041c 100644 (file)
--- a/src/core/dbus-snapshot.c
+++ b/src/core/dbus-snapshot.c
@@ -6,22 +6,23 @@
   Copyright 2010 Lennart Poettering
 
   systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU General Public License as published by
-  the Free Software Foundation; either version 2 of the License, or
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
   (at your option) any later version.
 
   systemd is distributed in the hope that it will be useful, but
   WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  General Public License for more details.
+  Lesser General Public License for more details.
 
-  You should have received a copy of the GNU General Public License
+  You should have received a copy of the GNU Lesser General Public License
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
 #include "dbus-unit.h"
 #include "dbus-snapshot.h"
 #include "dbus-common.h"
+#include "selinux-access.h"
 
 #define BUS_SNAPSHOT_INTERFACE                                          \
         " <interface name=\"org.freedesktop.systemd1.Snapshot\">\n"     \
@@ -52,17 +53,19 @@ static const BusProperty bus_snapshot_properties[] = {
 
 DBusHandlerResult bus_snapshot_message_handler(Unit *u, DBusConnection *c, DBusMessage *message) {
         Snapshot *s = SNAPSHOT(u);
-
-        DBusMessage *reply = NULL;
+        _cleanup_dbus_message_unref_ DBusMessage *reply = NULL;
         DBusError error;
 
         dbus_error_init(&error);
 
         if (dbus_message_is_method_call(message, "org.freedesktop.systemd1.Snapshot", "Remove")) {
 
+                SELINUX_UNIT_ACCESS_CHECK(u, c, message, "stop");
+
                 snapshot_remove(SNAPSHOT(u));
 
-                if (!(reply = dbus_message_new_method_return(message)))
+                reply = dbus_message_new_method_return(message);
+                if (!reply)
                         goto oom;
 
         } else {
@@ -71,22 +74,20 @@ DBusHandlerResult bus_snapshot_message_handler(Unit *u, DBusConnection *c, DBusM
                         { "org.freedesktop.systemd1.Snapshot", bus_snapshot_properties, s },
                         { NULL, }
                 };
+
+                SELINUX_UNIT_ACCESS_CHECK(u, c, message, "status");
+
                 return bus_default_message_handler(c, message, INTROSPECTION, INTERFACES_LIST, bps);
         }
 
         if (reply) {
                 if (!dbus_connection_send(c, reply, NULL))
                         goto oom;
-
-                dbus_message_unref(reply);
         }
 
         return DBUS_HANDLER_RESULT_HANDLED;
 
 oom:
-        if (reply)
-                dbus_message_unref(reply);
-
         dbus_error_free(&error);
 
         return DBUS_HANDLER_RESULT_NEED_MEMORY;