X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fselinux-access.h;h=dd1e8bb9d033b4ccbd94ee82e666ac43a91a473f;hb=821d4b6e068b2afaad94d43db22171c34a30400e;hp=2d7ac64c8f112f0e1a4af21ba79af306607d9729;hpb=03e22642617f360a6b55cb853bcf59604754ea5d;p=elogind.git

diff --git a/src/core/selinux-access.h b/src/core/selinux-access.h
index 2d7ac64c8..dd1e8bb9d 100644
--- a/src/core/selinux-access.h
+++ b/src/core/selinux-access.h
@@ -21,42 +21,31 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#include <dbus.h>
+#include "sd-bus.h"
+#include "bus-error.h"
+#include "bus-util.h"
+#include "manager.h"
 
-void selinux_access_free(void);
+void mac_selinux_access_free(void);
 
-int selinux_access_check(DBusConnection *connection, DBusMessage *message, const char *path, const char *permission, DBusError *error);
+int mac_selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
+
+int mac_selinux_unit_access_check_strv(char **units, sd_bus_message *message, Manager *m, const char *permission, sd_bus_error *error);
 
 #ifdef HAVE_SELINUX
 
-#define SELINUX_ACCESS_CHECK(connection, message, permission) \
-        do {                                                            \
-                DBusError _error;                                       \
-                int _r;                                                 \
-                DBusConnection *_c = (connection);                      \
-                DBusMessage *_m = (message);                            \
-                dbus_error_init(&_error);                               \
-                _r = selinux_access_check(_c, _m, NULL, (permission), &_error); \
-                if (_r < 0)                                             \
-                        return bus_send_error_reply(_c, _m, &_error, _r); \
-        } while (false)
-
-#define SELINUX_UNIT_ACCESS_CHECK(unit, connection, message, permission) \
-        do {                                                            \
-                DBusError _error;                                       \
-                int _r;                                                 \
-                DBusConnection *_c = (connection);                      \
-                DBusMessage *_m = (message);                            \
-                Unit *_u = (unit);                                      \
-                dbus_error_init(&_error);                               \
-                _r = selinux_access_check(_c, _m, _u->source_path ?: _u->fragment_path, (permission), &_error); \
-                if (_r < 0)                                             \
-                        return bus_send_error_reply(_c, _m, &_error, _r); \
-        } while (false)
+#define mac_selinux_access_check(message, permission, error) \
+        mac_selinux_generic_access_check((message), NULL, (permission), (error))
+
+#define mac_selinux_unit_access_check(unit, message, permission, error) \
+        ({                                                              \
+                Unit *_unit = (unit);                                   \
+                mac_selinux_generic_access_check((message), _unit->source_path ?: _unit->fragment_path, (permission), (error)); \
+        })
 
 #else
 
-#define SELINUX_ACCESS_CHECK(connection, message, permission) do { } while (false)
-#define SELINUX_UNIT_ACCESS_CHECK(unit, connection, message, permission) do { } while (false)
+#define mac_selinux_access_check(message, permission, error) 0
+#define mac_selinux_unit_access_check(unit, message, permission, error) 0
 
 #endif