diff --git a/SOURCES/dbus-1.6.12-mls-listnames.patch b/SOURCES/dbus-1.6.12-mls-listnames.patch
new file mode 100644
index 0000000..f648f86
--- /dev/null
+++ b/SOURCES/dbus-1.6.12-mls-listnames.patch
@@ -0,0 +1,266 @@
+From 8b74179ee31652bbaaf979777b9e829b426053ef Mon Sep 17 00:00:00 2001
+From: David King <dking@redhat.com>
+Date: Tue, 4 Nov 2014 10:10:36 +0000
+Subject: [PATCH] selinux: Check ListNames permissions with MLS
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1118399
+---
+ bus/driver.c | 52 +++++++++++++++++++++++++
+ bus/selinux.c | 123 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ bus/selinux.h | 5 +++
+ 3 files changed, 180 insertions(+)
+
+diff --git a/bus/driver.c b/bus/driver.c
+index 574e0f3..20cc940 100644
+--- a/bus/driver.c
++++ b/bus/driver.c
+@@ -379,6 +379,9 @@ bus_driver_handle_list_services (DBusConnection *connection,
+ char **services;
+ BusRegistry *registry;
+ int i;
++#ifdef HAVE_SELINUX
++ dbus_bool_t mls_enabled;
++#endif
+ DBusMessageIter iter;
+ DBusMessageIter sub;
+
+@@ -425,9 +428,58 @@ bus_driver_handle_list_services (DBusConnection *connection,
+ }
+ }
+
++#ifdef HAVE_SELINUX
++ mls_enabled = bus_selinux_mls_enabled ();
++#endif
+ i = 0;
+ while (i < len)
+ {
++#ifdef HAVE_SELINUX
++ if (mls_enabled)
++ {
++ const char *requester;
++ BusService *service;
++ DBusString str;
++ DBusConnection *service_conn;
++ DBusConnection *requester_conn;
++
++ requester = dbus_message_get_destination (reply);
++ _dbus_string_init_const (&str, requester);
++ service = bus_registry_lookup (registry, &str);
++
++ if (service == NULL)
++ {
++ _dbus_warn_check_failed ("service lookup failed: %s", requester);
++ ++i;
++ continue;
++ }
++ requester_conn = bus_service_get_primary_owners_connection (service);
++ _dbus_string_init_const (&str, services[i]);
++ service = bus_registry_lookup (registry, &str);
++ if (service == NULL)
++ {
++ _dbus_warn_check_failed ("service lookup failed: %s", services[i]);
++ ++i;
++ continue;
++ }
++ service_conn = bus_service_get_primary_owners_connection (service);
++
++ if (!bus_selinux_allows_name (requester_conn, service_conn, error))
++ {
++ if (dbus_error_is_set (error) &&
++ dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY))
++ {
++ dbus_free_string_array (services);
++ dbus_message_unref (reply);
++ return FALSE;
++ }
++
++ /* Skip any services which are disallowed by SELinux policy. */
++ ++i;
++ continue;
++ }
++ }
++#endif
+ if (!dbus_message_iter_append_basic (&sub, DBUS_TYPE_STRING,
+ &services[i]))
+ {
+diff --git a/bus/selinux.c b/bus/selinux.c
+index 36287e9..6442b79 100644
+--- a/bus/selinux.c
++++ b/bus/selinux.c
+@@ -63,6 +63,9 @@
+ /* Store the value telling us if SELinux is enabled in the kernel. */
+ static dbus_bool_t selinux_enabled = FALSE;
+
++/* Store the value telling us if SELinux with MLS is enabled in the kernel. */
++static dbus_bool_t selinux_mls_enabled = FALSE;
++
+ /* Store an avc_entry_ref to speed AVC decisions. */
+ static struct avc_entry_ref aeref;
+
+@@ -289,6 +292,20 @@ bus_selinux_enabled (void)
+ }
+
+ /**
++ * Return whether or not SELinux with MLS support is enabled; must be
++ * called after bus_selinux_init.
++ */
++dbus_bool_t
++bus_selinux_mls_enabled (void)
++{
++#ifdef HAVE_SELINUX
++ return selinux_mls_enabled;
++#else
++ return FALSE;
++#endif /* HAVE_SELINUX */
++}
++
++/**
+ * Do early initialization; determine whether SELinux is enabled.
+ */
+ dbus_bool_t
+@@ -308,6 +325,16 @@ bus_selinux_pre_init (void)
+ }
+
+ selinux_enabled = r != 0;
++
++ r = is_selinux_mls_enabled ();
++ if (r < 0)
++ {
++ _dbus_warn ("Could not tell if SELinux MLS is enabled: %s\n",
++ _dbus_strerror (errno));
++ return FALSE;
++ }
++
++ selinux_mls_enabled = r != 0;
+ return TRUE;
+ #else
+ return TRUE;
+@@ -724,6 +751,102 @@ bus_connection_read_selinux_context (DBusConnection *connection,
+ #endif /* HAVE_SELINUX */
+
+ /**
++ * Check if SELinux security controls allow one connection to determine the
++ * name of the other, taking into account MLS considerations.
++ *
++ * @param source the requester of the name.
++ * @param destination the name being requested.
++ * @returns whether the name should be visible by the source of the request
++ */
++dbus_bool_t
++bus_selinux_allows_name (DBusConnection *source,
++ DBusConnection *destination,
++ DBusError *error)
++{
++#ifdef HAVE_SELINUX
++ int err;
++ char *policy_type;
++ unsigned long spid, tpid;
++ BusSELinuxID *source_sid;
++ BusSELinuxID *dest_sid;
++ dbus_bool_t ret;
++ dbus_bool_t string_alloced;
++ DBusString auxdata;
++
++ if (!selinux_mls_enabled)
++ return TRUE;
++
++ err = selinux_getpolicytype (&policy_type);
++ if (err < 0)
++ {
++ dbus_set_error_const (error, DBUS_ERROR_IO_ERROR,
++ "Failed to get SELinux policy type");
++ return FALSE;
++ }
++
++ /* Only check against MLS policy if running under that policy. */
++ if (strcmp (policy_type, "mls") != 0)
++ {
++ free (policy_type);
++ return TRUE;
++ }
++
++ free (policy_type);
++
++ _dbus_assert (source != NULL);
++ _dbus_assert (destination != NULL);
++
++ if (!source || !dbus_connection_get_unix_process_id (source, &spid))
++ spid = 0;
++ if (!destination || !dbus_connection_get_unix_process_id (destination, &tpid))
++ tpid = 0;
++
++ string_alloced = FALSE;
++ if (!_dbus_string_init (&auxdata))
++ goto oom;
++ string_alloced = TRUE;
++
++ if (spid)
++ {
++ if (!_dbus_string_append (&auxdata, " spid="))
++ goto oom;
++
++ if (!_dbus_string_append_uint (&auxdata, spid))
++ goto oom;
++ }
++
++ if (tpid)
++ {
++ if (!_dbus_string_append (&auxdata, " tpid="))
++ goto oom;
++
++ if (!_dbus_string_append_uint (&auxdata, tpid))
++ goto oom;
++ }
++
++ source_sid = bus_connection_get_selinux_id (source);
++ dest_sid = bus_connection_get_selinux_id (destination);
++
++ ret = bus_selinux_check (source_sid,
++ dest_sid,
++ SECCLASS_CONTEXT,
++ CONTEXT__CONTAINS,
++ &auxdata);
++
++ _dbus_string_free (&auxdata);
++ return ret;
++
++ oom:
++ if (string_alloced)
++ _dbus_string_free (&auxdata);
++ BUS_SET_OOM (error);
++ return FALSE;
++#else
++ return TRUE;
++#endif /* HAVE_SELINUX */
++}
++
++/**
+ * Read the SELinux ID from the connection.
+ *
+ * @param connection the connection to read from
+diff --git a/bus/selinux.h b/bus/selinux.h
+index 3bab36d..fcaac5f 100644
+--- a/bus/selinux.h
++++ b/bus/selinux.h
+@@ -32,6 +32,7 @@ dbus_bool_t bus_selinux_full_init(void);
+ void bus_selinux_shutdown (void);
+
+ dbus_bool_t bus_selinux_enabled (void);
++dbus_bool_t bus_selinux_mls_enabled (void);
+
+ void bus_selinux_id_ref (BusSELinuxID *sid);
+ void bus_selinux_id_unref (BusSELinuxID *sid);
+@@ -54,6 +55,10 @@ dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection,
+ const char *service_name,
+ DBusError *error);
+
++dbus_bool_t bus_selinux_allows_name (DBusConnection *source,
++ DBusConnection *destination,
++ DBusError *error);
++
+ dbus_bool_t bus_selinux_allows_send (DBusConnection *sender,
+ DBusConnection *proposed_recipient,
+ const char *msgtype, /* Supplementary audit data */
+--
+2.1.0
+
diff --git a/SPECS/dbus.spec b/SPECS/dbus.spec
index 503fdac..42b6835 100644
--- a/SPECS/dbus.spec
+++ b/SPECS/dbus.spec
@@ -13,7 +13,7 @@ Summary: D-BUS message bus
Name: dbus
Epoch: 1
Version: 1.6.12
-Release: 8%{?dist}
+Release: 11%{?dist}
URL: http://www.freedesktop.org/software/dbus/
#VCS: git:git://git.freedesktop.org/git/dbus/dbus
Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
@@ -55,6 +55,7 @@ Patch2: 0001-test-marshal-Ensure-we-use-suitably-aligned-buffers.patch
Patch3: 0001-_dbus_babysitter_unref-avoid-infinite-loop-if-waitpi.patch
Patch4: avoid-undefined-7c00ed22d9b5c33f5b33221e906946b11a9bde3b.patch
Patch5: 0001-tests-Disable-name-test.patch
+Patch6: dbus-1.6.12-mls-listnames.patch
%description
D-BUS is a system for sending messages between applications. It is
@@ -109,6 +110,7 @@ in this separate package so server systems need not install X.
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
%build
if test -f autogen.sh; then env NOCONFIGURE=1 ./autogen.sh; else autoreconf -v -f -i; fi
@@ -254,6 +256,15 @@ fi
%{_includedir}/*
%changelog
+* Fri Nov 27 2014 David King <dking@redhat.com> - 1:1.6.12-11
+- Fix scope after if statement for MLS check (#1118399)
+
+* Thu Nov 27 2014 David King <dking@redhat.com> - 1:1.6.12-10
+- Check current policy type before performing MLS check (#1118399)
+
+* Tue Nov 25 2014 David King <dking@redhat.com> - 1:1.6.12-9
+- Add MLS checking for listing service names (#1118399)
+
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1:1.6.12-8
- Mass rebuild 2014-01-24