if (r < 0)
return r;
- r = mac_selinux_unit_access_check_strv(l, message, m, verb, error);
- if (r < 0)
- return r;
-
r = bus_verify_manage_unit_files_async(m, message, error);
if (r < 0)
return r;
return -EINVAL;
}
- r = mac_selinux_unit_access_check_strv(l, message, m, "enable", error);
- if (r < 0)
- return r;
-
r = bus_verify_manage_unit_files_async(m, message, error);
if (r < 0)
return r;
if (r < 0)
return r;
- r = mac_selinux_unit_access_check_strv(l, message, m, verb, error);
- if (r < 0)
- return r;
-
scope = m->running_as == MANAGER_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
r = bus_verify_manage_unit_files_async(m, message, error);
if (dep < 0)
return -EINVAL;
- r = mac_selinux_unit_access_check_strv(l, message, m, "enable", error);
- if (r < 0)
- return r;
-
scope = m->running_as == MANAGER_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
r = unit_file_add_dependency(scope, runtime, NULL, l, target, dep, force, &changes, &n_changes);
return 0;
#endif
}
-
-int mac_selinux_unit_access_check_strv(
- char **units,
- sd_bus_message *message,
- Manager *m,
- const char *permission,
- sd_bus_error *error) {
-
-#ifdef HAVE_SELINUX
- char **i;
- Unit *u;
- int r;
-
- STRV_FOREACH(i, units) {
- if (is_path(*i))
- r = manager_load_unit(m, NULL, *i, error, &u);
- else
- r = manager_load_unit(m, *i, NULL, error, &u);
- if (r < 0)
- return r;
- r = mac_selinux_unit_access_check(u, message, permission, error);
- if (r < 0)
- return r;
- }
-#endif
- return 0;
-}
int mac_selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
-int mac_selinux_unit_access_check_strv(char **units, sd_bus_message *message, Manager *m, const char *permission, sd_bus_error *error);
-
#ifdef HAVE_SELINUX
#define mac_selinux_access_check(message, permission, error) \