-/*
- Define a mapping between the systemd method calls and the SELinux access to check.
- We define two tables, one for access checks on unit files, and one for
- access checks for the system in general.
-
- If we do not find a match in either table, then the "undefined" system
- check will be called.
-*/
-
-static const char unit_methods[] =
- "DisableUnitFiles\0" "disable\0"
- "EnableUnitFiles\0" "enable\0"
- "GetUnit\0" "status\0"
- "GetUnitFileState\0" "status\0"
- "Kill\0" "stop\0"
- "KillUnit\0" "stop\0"
- "LinkUnitFiles\0" "enable\0"
- "MaskUnitFiles\0" "disable\0"
- "PresetUnitFiles\0" "enable\0"
- "ReenableUnitFiles\0" "enable\0"
- "ReloadOrRestart\0" "start\0"
- "ReloadOrRestartUnit\0" "start\0"
- "ReloadOrTryRestart\0" "start\0"
- "ReloadOrTryRestartUnit\0" "start\0"
- "Reload\0" "reload\0"
- "ReloadUnit\0" "reload\0"
- "ResetFailedUnit\0" "stop\0"
- "Restart\0" "start\0"
- "RestartUnit\0" "start\0"
- "Start\0" "start\0"
- "StartUnit\0" "start\0"
- "StartUnitReplace\0" "start\0"
- "Stop\0" "stop\0"
- "StopUnit\0" "stop\0"
- "TryRestart\0" "start\0"
- "TryRestartUnit\0" "start\0"
- "UnmaskUnitFiles\0" "enable\0";
-
-static const char system_methods[] =
- "ClearJobs\0" "reboot\0"
- "CreateSnapshot\0" "status\0"
- "Dump\0" "status\0"
- "Exit\0" "halt\0"
- "FlushDevices\0" "halt\0"
- "Get\0" "status\0"
- "GetAll\0" "status\0"
- "GetJob\0" "status\0"
- "GetSeat\0" "status\0"
- "GetSession\0" "status\0"
- "GetSessionByPID\0" "status\0"
- "GetUnitByPID\0" "status\0"
- "GetUser\0" "status\0"
- "Halt\0" "halt\0"
- "Introspect\0" "status\0"
- "KExec\0" "reboot\0"
- "KillSession\0" "halt\0"
- "KillUser\0" "halt\0"
- "LoadUnit\0" "reload\0"
- "ListJobs\0" "status\0"
- "ListSeats\0" "status\0"
- "ListSessions\0" "status\0"
- "ListUnits\0" "status\0"
- "ListUnitFiles\0" "status\0"
- "ListUsers\0" "status\0"
- "LockSession\0" "halt\0"
- "PowerOff\0" "halt\0"
- "Reboot\0" "reboot\0"
- "Reload\0" "reload\0"
- "Reexecute\0" "reload\0"
- "ResetFailed\0" "reload\0"
- "Subscribe\0" "status\0"
- "SwithcRoot\0" "reboot\0"
- "SetEnvironment\0" "status\0"
- "SetUserLinger\0" "halt\0"
- "TerminateSeat\0" "halt\0"
- "TerminateSession\0" "halt\0"
- "TerminateUser\0" "halt\0"
- "Unsubscribe\0" "status\0"
- "UnsetEnvironment\0" "status\0"
- "UnsetAndSetEnvironment\0" "status\0";
-
-/*
- If the admin toggles the selinux enforcment mode this callback
- will get called before the next access check
-*/
-static int setenforce_callback(int enforcing)
-{
- selinux_enforcing = enforcing;
- return 0;
-}
-
-/* This mimics dbus_bus_get_unix_user() */