X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcore%2Fselinux-access.h;h=9183cbc9a611278ebdb5ac44b05c419d2a1c6ca5;hp=a426e0e5cab8dcc16cc6b55e6bf24b2d32313816;hb=a4783bd17ad96f55b0fe83a50959da13555292bf;hpb=e2417e4143bb892e4599b01de7b031763421bb64

diff --git a/src/core/selinux-access.h b/src/core/selinux-access.h
index a426e0e5c..9183cbc9a 100644
--- a/src/core/selinux-access.h
+++ b/src/core/selinux-access.h
@@ -1,7 +1,6 @@
 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
 
-#ifndef selinuxaccesshfoo
-#define selinuxaccesshfoo
+#pragma once
 
 /***
   This file is part of systemd.
@@ -22,7 +21,42 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-void selinux_access_finish(void);
-int selinux_manager_access_check(DBusConnection *connection, DBusMessage *message, Manager *m, DBusError *error);
-int selinux_unit_access_check(DBusConnection *connection, DBusMessage *message, Manager *m, const char *path, DBusError *error);
+#include <dbus.h>
+
+void selinux_access_free(void);
+
+int selinux_access_check(DBusConnection *connection, DBusMessage *message, const char *path, const char *permission, DBusError *error);
+
+#ifdef HAVE_SELINUX
+
+#define SELINUX_ACCESS_CHECK(connection, message, permission) \
+        do {                                                            \
+                DBusError _error;                                       \
+                int _r;                                                 \
+                DBusConnection *_c = (connection);                      \
+                DBusMessage *_m = (message);                            \
+                dbus_error_init(&_error);                               \
+                _r = selinux_access_check(_c, _m, NULL, (permission), &_error); \
+                if (_r < 0)                                             \
+                        return bus_send_error_reply(_c, _m, &_error, _r); \
+        } while (false)
+
+#define SELINUX_UNIT_ACCESS_CHECK(unit, connection, message, permission) \
+        do {                                                            \
+                DBusError _error;                                       \
+                int _r;                                                 \
+                DBusConnection *_c = (connection);                      \
+                DBusMessage *_m = (message);                            \
+                Unit *_u = (unit);                                      \
+                dbus_error_init(&_error);                               \
+                _r = selinux_access_check(_c, _m, _u->source_path ?: _u->fragment_path, (permission), &_error); \
+                if (_r < 0)                                             \
+                        return bus_send_error_reply(_c, _m, &_error, _r); \
+        } while (false)
+
+#else
+
+#define SELINUX_ACCESS_CHECK(connection, message, permission) do { } while (false)
+#define SELINUX_UNIT_ACCESS_CHECK(unit, connection, message, permission) do { } while (false)
+
 #endif