|
|
1ff636 |
From 0ca06b7178ac205855238941eef7fe981447822a Mon Sep 17 00:00:00 2001
|
|
|
1ff636 |
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
|
1ff636 |
Date: Sun, 24 May 2015 20:20:06 -0400
|
|
|
1ff636 |
Subject: [PATCH] bus-creds: always set SD_BUS_CREDS_PID when we set pid in the
|
|
|
1ff636 |
mask
|
|
|
1ff636 |
|
|
|
1ff636 |
Also reorder the code a bit to be easier to parse.
|
|
|
1ff636 |
|
|
|
1ff636 |
Cherry-picked from: 236f83a
|
|
|
1ff636 |
Related: #1230190
|
|
|
1ff636 |
---
|
|
|
1ff636 |
src/core/selinux-access.c | 2 +-
|
|
|
1ff636 |
src/libsystemd/sd-bus/bus-creds.c | 17 +++++++----------
|
|
|
1ff636 |
2 files changed, 8 insertions(+), 11 deletions(-)
|
|
|
1ff636 |
|
|
|
1ff636 |
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
|
|
|
1ff636 |
index 1888874..ce4f394 100644
|
|
|
1ff636 |
--- a/src/core/selinux-access.c
|
|
|
1ff636 |
+++ b/src/core/selinux-access.c
|
|
|
1ff636 |
@@ -240,7 +240,7 @@ int mac_selinux_generic_access_check(
|
|
|
1ff636 |
audit_info.path = path;
|
|
|
1ff636 |
audit_info.cmdline = cl;
|
|
|
1ff636 |
|
|
|
1ff636 |
- r = selinux_check_access((security_context_t) scon, fcon, tclass, permission, &audit_info);
|
|
|
1ff636 |
+ r = selinux_check_access(scon, fcon, tclass, permission, &audit_info);
|
|
|
1ff636 |
if (r < 0)
|
|
|
1ff636 |
r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "SELinux policy denies access.");
|
|
|
1ff636 |
|
|
|
1ff636 |
diff --git a/src/libsystemd/sd-bus/bus-creds.c b/src/libsystemd/sd-bus/bus-creds.c
|
|
|
1ff636 |
index ea8a619..5b87fa9 100644
|
|
|
1ff636 |
--- a/src/libsystemd/sd-bus/bus-creds.c
|
|
|
1ff636 |
+++ b/src/libsystemd/sd-bus/bus-creds.c
|
|
|
1ff636 |
@@ -698,21 +698,18 @@ int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) {
|
|
|
1ff636 |
return 0;
|
|
|
1ff636 |
|
|
|
1ff636 |
/* Try to retrieve PID from creds if it wasn't passed to us */
|
|
|
1ff636 |
- if (pid <= 0 && (c->mask & SD_BUS_CREDS_PID))
|
|
|
1ff636 |
+ if (pid > 0) {
|
|
|
1ff636 |
+ c->pid = pid;
|
|
|
1ff636 |
+ c->mask |= SD_BUS_CREDS_PID;
|
|
|
1ff636 |
+ } else if (c->mask & SD_BUS_CREDS_PID)
|
|
|
1ff636 |
pid = c->pid;
|
|
|
1ff636 |
+ else
|
|
|
1ff636 |
+ /* Without pid we cannot do much... */
|
|
|
1ff636 |
+ return 0;
|
|
|
1ff636 |
|
|
|
1ff636 |
if (tid <= 0 && (c->mask & SD_BUS_CREDS_TID))
|
|
|
1ff636 |
tid = c->pid;
|
|
|
1ff636 |
|
|
|
1ff636 |
- /* Without pid we cannot do much... */
|
|
|
1ff636 |
- if (pid <= 0)
|
|
|
1ff636 |
- return 0;
|
|
|
1ff636 |
-
|
|
|
1ff636 |
- if (pid > 0) {
|
|
|
1ff636 |
- c->pid = pid;
|
|
|
1ff636 |
- c->mask |= SD_BUS_CREDS_PID;
|
|
|
1ff636 |
- }
|
|
|
1ff636 |
-
|
|
|
1ff636 |
if (tid > 0) {
|
|
|
1ff636 |
c->tid = tid;
|
|
|
1ff636 |
c->mask |= SD_BUS_CREDS_TID;
|