sidget and sidput functions are noop and deprecated since libselinux 2.0.86.
Also use pkg-config to detect libselinux and force version >= 2.0.86
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100912
Reviewed-by: Simon McVittie <smcv@collabora.com>
• Fix some integration test issues (fd.o #100686, Simon McVittie)
+Dependencies:
+
+• SELinux support requires at least libselinux 2.0.86 as explicit refcounting
+ for SID (sidput/sidget) has been removed from the code.
+
D-Bus 1.11.12 (2017-04-07)
==
if (d->policy)
bus_client_policy_unref (d->policy);
- if (d->selinux_id)
- bus_selinux_id_unref (d->selinux_id);
-
if (d->apparmor_confinement)
bus_apparmor_confinement_unref (d->apparmor_confinement);
out:
if (!retval)
{
- if (d->selinux_id)
- bus_selinux_id_unref (d->selinux_id);
d->selinux_id = NULL;
if (d->apparmor_confinement)
return TRUE;
}
-/**
- * Decrement SID reference count.
- *
- * @param sid the SID to decrement
- */
-void
-bus_selinux_id_unref (BusSELinuxID *sid)
-{
-#ifdef HAVE_SELINUX
- if (!selinux_enabled)
- return;
-
- _dbus_assert (sid != NULL);
-
- sidput (SELINUX_SID_FROM_BUS (sid));
-#endif /* HAVE_SELINUX */
-}
-
-void
-bus_selinux_id_ref (BusSELinuxID *sid)
-{
-#ifdef HAVE_SELINUX
- if (!selinux_enabled)
- return;
-
- _dbus_assert (sid != NULL);
-
- sidget (SELINUX_SID_FROM_BUS (sid));
-#endif /* HAVE_SELINUX */
-}
-
/**
* Determine if the SELinux security policy allows the given sender
* security context to go to the given recipient security context.
#endif /* HAVE_SELINUX */
}
-
-/**
- * Function for freeing hash table data. These SIDs
- * should no longer be referenced.
- */
-static void
-bus_selinux_id_table_free_value (BusSELinuxID *sid)
-{
-#ifdef HAVE_SELINUX
- /* NULL sometimes due to how DBusHashTable works */
- if (sid)
- bus_selinux_id_unref (sid);
-#endif /* HAVE_SELINUX */
-}
-
/**
* Creates a new table mapping service names to security ID.
* A security ID is a "compiled" security context, a security
bus_selinux_id_table_new (void)
{
return _dbus_hash_table_new (DBUS_HASH_STRING,
- (DBusFreeFunction) dbus_free,
- (DBusFreeFunction) bus_selinux_id_table_free_value);
+ (DBusFreeFunction) dbus_free, NULL);
}
/**
retval = TRUE;
out:
- if (sid != SECSID_WILD)
- sidput (sid);
-
if (key)
dbus_free (key);
if (bus_sid != SECSID_WILD)
{
- sidput (bus_sid);
bus_sid = SECSID_WILD;
bus_avc_print_stats ();
dbus_bool_t bus_selinux_enabled (void);
-void bus_selinux_id_ref (BusSELinuxID *sid);
-void bus_selinux_id_unref (BusSELinuxID *sid);
-
DBusHashTable* bus_selinux_id_table_new (void);
BusSELinuxID* bus_selinux_id_table_lookup (DBusHashTable *service_table,
const DBusString *service_name);
have_selinux=no;
else
# See if we have SELinux library
- AC_CHECK_LIB(selinux, is_selinux_enabled,
- have_selinux=yes, have_selinux=no)
+ PKG_CHECK_MODULES([SELINUX], [libselinux >= 2.0.86],
+ [have_selinux=yes], [have_selinux=no])
# see if we have the SELinux header with the new D-Bus stuff in it
if test x$have_selinux = xyes ; then
AC_CHECK_FUNC(pthread_create,,[AC_CHECK_LIB(pthread,pthread_create,
[SELINUX_THREAD_LIBS="-lpthread"])])
- SELINUX_LIBS="-lselinux $SELINUX_THREAD_LIBS"
+ SELINUX_LIBS="$SELINUX_LIBS $SELINUX_THREAD_LIBS"
AC_DEFINE(HAVE_SELINUX,1,[SELinux support])
else
SELINUX_LIBS=
projects / thirdparty / dbus.git / commitdiff
