chiark / gitweb /
bus: add new sd_bus_creds object to encapsulate process credentials
[elogind.git] / src / core / selinux-access.c
index cca3df6..21c7a8c 100644 (file)
 #include "audit.h"
 #include "selinux-util.h"
 #include "audit-fd.h"
+#include "strv.h"
 
 static bool initialized = false;
 
-struct auditstruct {
+struct audit_info {
+        sd_bus_creds *creds;
         const char *path;
-        char *cmdline;
-        uid_t loginuid;
-        uid_t uid;
-        gid_t gid;
+        const char *cmdline;
 };
 
-static int bus_get_selinux_security_context(
-                sd_bus *bus,
-                const char *name,
-                sd_bus_error *error,
-                char **ret) {
-
-        _cleanup_bus_message_unref_ sd_bus_message *m = NULL;
-        const void *p;
-        size_t sz;
-        char *b;
-        int r;
-
-        assert(bus);
-        assert(name);
-        assert(ret);
-
-        r = sd_bus_call_method(
-                        bus,
-                        "org.freedesktop.DBus",
-                        "/org/freedesktop/DBus",
-                        "org.freedesktop.DBus",
-                        "GetConnectionSELinuxSecurityContext",
-                        error, &m,
-                        "s", name);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_message_read_array(m, 'y', &p, &sz);
-        if (r < 0)
-                return r;
-
-        b = strndup(p, sz);
-        if (!b)
-                return -ENOMEM;
-
-        *ret = b;
-        return 0;
-}
-
-static int bus_get_audit_data(
-                sd_bus *bus,
-                const char *name,
-                struct auditstruct *audit) {
-
-        pid_t pid;
-        int r;
-
-        assert(bus);
-        assert(name);
-        assert(audit);
-
-        r = sd_bus_get_owner_pid(bus, name, &pid);
-        if (r < 0)
-                return r;
-
-        r = audit_loginuid_from_pid(pid, &audit->loginuid);
-        if (r < 0)
-                return r;
-
-        r = get_process_uid(pid, &audit->uid);
-        if (r < 0)
-                return r;
-
-        r = get_process_gid(pid, &audit->gid);
-        if (r < 0)
-                return r;
-
-        r = get_process_cmdline(pid, 0, true, &audit->cmdline);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
 /*
    Any time an access gets denied this callback will be called
    with the aduit data.  We then need to just copy the audit data into the msgbuf.
@@ -136,19 +61,19 @@ static int audit_callback(
                 char *msgbuf,
                 size_t msgbufsize) {
 
-        struct auditstruct *audit = (struct auditstruct *) auditdata;
+        const struct audit_info *audit = auditdata;
+        uid_t uid = 0, login_uid = 0;
+        gid_t gid = 0;
+
+        sd_bus_creds_get_audit_login_uid(audit->creds, &login_uid);
+        sd_bus_creds_get_uid(audit->creds, &uid);
+        sd_bus_creds_get_gid(audit->creds, &gid);
 
         snprintf(msgbuf, msgbufsize,
                  "auid=%d uid=%d gid=%d%s%s%s%s%s%s",
-                 audit->loginuid,
-                 audit->uid,
-                 audit->gid,
-                 (audit->path ? " path=\"" : ""),
-                 strempty(audit->path),
-                 (audit->path ? "\"" : ""),
-                 (audit->cmdline ? " cmdline=\"" : ""),
-                 strempty(audit->cmdline),
-                 (audit->cmdline ? "\"" : ""));
+                 login_uid, uid, gid,
+                 audit->path ? " path=\"" : "", strempty(audit->path), audit->path ? "\"" : "",
+                 audit->cmdline ? " cmdline=\"" : "", strempty(audit->cmdline), audit->cmdline ? "\"" : "");
 
         msgbuf[msgbufsize-1] = 0;
 
@@ -164,13 +89,12 @@ static int audit_callback(
 _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
         va_list ap;
 
-        va_start(ap, fmt);
-
 #ifdef HAVE_AUDIT
         if (get_audit_fd() >= 0) {
                 _cleanup_free_ char *buf = NULL;
                 int r;
 
+                va_start(ap, fmt);
                 r = vasprintf(&buf, fmt, ap);
                 va_end(ap);
 
@@ -178,10 +102,10 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
                         audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
                         return 0;
                 }
-
-                va_start(ap, fmt);
         }
 #endif
+
+        va_start(ap, fmt);
         log_metav(LOG_USER | LOG_INFO, __FILE__, __LINE__, __FUNCTION__, fmt, ap);
         va_end(ap);
 
@@ -238,76 +162,6 @@ void selinux_access_free(void) {
         initialized = false;
 }
 
-static int get_audit_data(
-                sd_bus *bus,
-                sd_bus_message *message,
-                struct auditstruct *audit) {
-
-        struct ucred ucred;
-        const char *sender;
-        socklen_t len;
-        int r, fd;
-
-        sender = sd_bus_message_get_sender(message);
-        if (sender)
-                return bus_get_audit_data(bus, sender, audit);
-
-        fd = sd_bus_get_fd(bus);
-        if (fd < 0)
-                return fd;
-
-        len = sizeof(ucred);
-        r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &len);
-        if (r < 0)
-                return -errno;
-
-        audit->uid = ucred.uid;
-        audit->gid = ucred.gid;
-
-        r = audit_loginuid_from_pid(ucred.pid, &audit->loginuid);
-        if (r < 0)
-                return r;
-
-        r = get_process_cmdline(ucred.pid, 0, true, &audit->cmdline);
-        if (r < 0)
-                return r;
-
-        return 0;
-}
-
-/*
-   This function returns the security context of the remote end of the dbus
-   connections.  Whether it is on the bus or a local connection.
-*/
-static int get_calling_context(
-                sd_bus *bus,
-                sd_bus_message *message,
-                sd_bus_error *error,
-                security_context_t *ret) {
-
-        const char *sender;
-        int r, fd;
-
-        /*
-           If sender exists then
-           if sender is NULL this indicates a local connection.  Grab the fd
-           from dbus and do an getpeercon to peers process context
-        */
-        sender = sd_bus_message_get_sender(message);
-        if (sender)
-                return bus_get_selinux_security_context(bus, sender, error, ret);
-
-        fd = sd_bus_get_fd(bus);
-        if (fd < 0)
-                return fd;
-
-        r = getpeercon(fd, ret);
-        if (r < 0)
-                return -errno;
-
-        return 0;
-}
-
 /*
    This function communicates with the kernel to check whether or not it should
    allow the access.
@@ -321,9 +175,12 @@ int selinux_generic_access_check(
                 const char *permission,
                 sd_bus_error *error) {
 
-        security_context_t scon = NULL, fcon = NULL;
-        const char *tclass = NULL;
-        struct auditstruct audit;
+        _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
+        const char *tclass = NULL, *scon = NULL;
+        struct audit_info audit_info = {};
+        _cleanup_free_ char *cl = NULL;
+        security_context_t fcon = NULL;
+        char **cmdline = NULL;
         int r = 0;
 
         assert(bus);
@@ -338,12 +195,16 @@ int selinux_generic_access_check(
         if (r < 0)
                 return r;
 
-        audit.uid = audit.loginuid = (uid_t) -1;
-        audit.gid = (gid_t) -1;
-        audit.cmdline = NULL;
-        audit.path = path;
+        r = sd_bus_query_sender_creds(
+                        message,
+                        SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|
+                        SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID|
+                        SD_BUS_CREDS_SELINUX_CONTEXT,
+                        &creds);
+        if (r < 0)
+                goto finish;
 
-        r = get_calling_context(bus, message, error, &scon);
+        r = sd_bus_creds_get_selinux_context(creds, &scon);
         if (r < 0)
                 goto finish;
 
@@ -367,21 +228,23 @@ int selinux_generic_access_check(
                 tclass = "system";
         }
 
-        get_audit_data(bus, message, &audit);
+        sd_bus_creds_get_cmdline(creds, &cmdline);
+        cl = strv_join(cmdline, " ");
+
+        audit_info.creds = creds;
+        audit_info.path = path;
+        audit_info.cmdline = cl;
 
-        errno = 0;
-        r = selinux_check_access(scon, fcon, tclass, permission, &audit);
+        r = selinux_check_access((security_context_t) scon, fcon, tclass, permission, &audit_info);
         if (r < 0)
                 r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "SELinux policy denies access.");
 
-        log_debug("SELinux access check scon=%s tcon=%s tclass=%s perm=%s path=%s cmdline=%s: %i", scon, fcon, tclass, permission, path, audit.cmdline, r);
+        log_debug("SELinux access check scon=%s tcon=%s tclass=%s perm=%s path=%s cmdline=%s: %i", scon, fcon, tclass, permission, path, cl, r);
 
 finish:
-        free(audit.cmdline);
-        freecon(scon);
         freecon(fcon);
 
-        if (r && security_getenforce() != 1) {
+        if (r < 0 && security_getenforce() != 1) {
                 sd_bus_error_free(error);
                 r = 0;
         }