void selinux_access_free(void);
-int selinux_access_check(sd_bus *bus, sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
+int selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
#ifdef HAVE_SELINUX
-#define SELINUX_ACCESS_CHECK(bus, message, permission) \
- do { \
- _cleanup_bus_error_free_ sd_bus_error _error = SD_BUS_ERROR_NULL; \
- sd_bus_message *_m = (message); \
- sd_bus *_b = (bus); \
- int _r; \
- _r = selinux_access_check(_b, _m, NULL, (permission), &_error); \
- if (_r < 0) \
- return sd_bus_reply_method_errno(_m, _r, &_error); \
- } while (false)
-
-#define SELINUX_UNIT_ACCESS_CHECK(unit, bus, message, permission) \
- do { \
- _cleanup_bus_error_free_ sd_bus_error _error = SD_BUS_ERROR_NULL; \
- sd_bus_message *_m = (message); \
- sd_bus *_b = (bus); \
- Unit *_u = (unit); \
- int _r; \
- _r = selinux_access_check(_b, _m, _u->source_path ?: _u->fragment_path, (permission), &_error); \
- if (_r < 0) \
- return sd_bus_reply_method_errno(_m, _r, &_error); \
- } while (false)
+#define selinux_access_check(message, permission, error) \
+ selinux_generic_access_check((message), NULL, (permission), (error))
+
+#define selinux_unit_access_check(unit, message, permission, error) \
+ ({ \
+ Unit *_unit = (unit); \
+ selinux_generic_access_check((message), _unit->fragment_path ?: _unit->fragment_path, (permission), (error)); \
+ })
#else
-#define SELINUX_ACCESS_CHECK(bus, message, permission) do { } while (false)
-#define SELINUX_UNIT_ACCESS_CHECK(unit, bus, message, permission) do { } while (false)
+#define selinux_access_check(message, permission, error) 0
+#define selinux_unit_access_check(unit, message, permission, error) 0
#endif
~ianmdlvl / elogind.git / blobdiff