selinux: prefer source path over fragment path

[elogind.git] / src / core / dbus-unit.c

diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 2d2f378ba47ab5458f44967b52e69dce65b25b0e..3d3458bed7de2fd13f30a02c26117132a2c38861 100644 (file)
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -26,6 +26,7 @@
 #include "dbus-unit.h"
 #include "bus-errors.h"
 #include "dbus-common.h"
+#include "selinux-access.h"
 
 const char bus_unit_interface[] _introspect_("Unit") = BUS_UNIT_INTERFACE;
 
@@ -411,9 +412,19 @@ static DBusHandlerResult bus_unit_message_dispatch(Unit *u, DBusConnection *conn
         JobType job_type = _JOB_TYPE_INVALID;
         char *path = NULL;
         bool reload_if_possible = false;
+        int r;
 
         dbus_error_init(&error);
 
+        r = selinux_unit_access_check(
+                connection,
+                message,
+                m,
+                u->source_path ? u->source_path : u->fragment_path,
+                &error);
+        if (r < 0)
+                return bus_send_error_reply(connection, message, &error, r);
+
         if (dbus_message_is_method_call(message, "org.freedesktop.systemd1.Unit", "Start"))
                 job_type = JOB_START;
         else if (dbus_message_is_method_call(message, "org.freedesktop.systemd1.Unit", "Stop"))
@@ -434,7 +445,6 @@ static DBusHandlerResult bus_unit_message_dispatch(Unit *u, DBusConnection *conn
                 const char *swho;
                 int32_t signo;
                 KillWho who;
-                int r;
 
                 if (!dbus_message_get_args(
                                     message,
@@ -479,7 +489,6 @@ static DBusHandlerResult bus_unit_message_dispatch(Unit *u, DBusConnection *conn
                 const char *smode;
                 JobMode mode;
                 Job *j;
-                int r;
 
                 if ((job_type == JOB_START && u->refuse_manual_start) ||
                     (job_type == JOB_STOP && u->refuse_manual_stop) ||
@@ -682,7 +691,7 @@ void bus_unit_send_change_signal(Unit *u) {
                 /* Send a properties changed signal. First for the
                  * specific type, then for the generic unit. The
                  * clients may rely on this order to get atomic
-                 * behaviour if needed. */
+                 * behavior if needed. */
 
                 if (UNIT_VTABLE(u)->bus_invalidating_properties) {
 
@@ -786,10 +795,12 @@ const BusProperty bus_unit_properties[] = {
         { "RequisiteOverridable", bus_unit_append_dependencies,      "as", offsetof(Unit, dependencies[UNIT_REQUISITE_OVERRIDABLE]),   true },
         { "Wants",                bus_unit_append_dependencies,      "as", offsetof(Unit, dependencies[UNIT_WANTS]),                   true },
         { "BindsTo",              bus_unit_append_dependencies,      "as", offsetof(Unit, dependencies[UNIT_BINDS_TO]),                true },
+        { "PartOf",               bus_unit_append_dependencies,      "as", offsetof(Unit, dependencies[UNIT_PART_OF]),                 true },
         { "RequiredBy",           bus_unit_append_dependencies,      "as", offsetof(Unit, dependencies[UNIT_REQUIRED_BY]),             true },
         { "RequiredByOverridable",bus_unit_append_dependencies,      "as", offsetof(Unit, dependencies[UNIT_REQUIRED_BY_OVERRIDABLE]), true },
         { "WantedBy",             bus_unit_append_dependencies,      "as", offsetof(Unit, dependencies[UNIT_WANTED_BY]),               true },
         { "BoundBy",              bus_unit_append_dependencies,      "as", offsetof(Unit, dependencies[UNIT_BOUND_BY]),                true },
+        { "ConsistsOf",           bus_unit_append_dependencies,      "as", offsetof(Unit, dependencies[UNIT_CONSISTS_OF]),             true },
         { "Conflicts",            bus_unit_append_dependencies,      "as", offsetof(Unit, dependencies[UNIT_CONFLICTS]),               true },
         { "ConflictedBy",         bus_unit_append_dependencies,      "as", offsetof(Unit, dependencies[UNIT_CONFLICTED_BY]),           true },
         { "Before",               bus_unit_append_dependencies,      "as", offsetof(Unit, dependencies[UNIT_BEFORE]),                  true },