sd_bus_creds *creds;
const char *path;
const char *cmdline;
+ const char *function;
};
/*
xsprintf(gid_buf, GID_FMT, gid);
(void) snprintf(msgbuf, msgbufsize,
- "auid=%s uid=%s gid=%s%s%s%s%s%s%s",
+ "auid=%s uid=%s gid=%s%s%s%s%s%s%s%s%s%s",
login_uid_buf, uid_buf, gid_buf,
audit->path ? " path=\"" : "", strempty(audit->path), audit->path ? "\"" : "",
- audit->cmdline ? " cmdline=\"" : "", strempty(audit->cmdline), audit->cmdline ? "\"" : "");
+ audit->cmdline ? " cmdline=\"" : "", strempty(audit->cmdline), audit->cmdline ? "\"" : "",
+ audit->function ? " function=\"" : "", strempty(audit->function), audit->function ? "\"" : "");
return 0;
}
sd_bus_message *message,
const char *path,
const char *permission,
+ const char *function,
sd_bus_error *error) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
assert(message);
assert(permission);
+ assert(function);
assert(error);
r = access_init(error);
.creds = creds,
.path = path,
.cmdline = cl,
+ .function = function,
};
r = selinux_check_access(scon, fcon, tclass, permission, &audit_info);
}
log_full_errno_zerook(LOG_DEBUG, r,
- "SELinux access check scon=%s tcon=%s tclass=%s perm=%s state=%s path=%s cmdline=%s: %m",
- scon, fcon, tclass, permission, enforce ? "enforcing" : "permissive", path, cl);
+ "SELinux access check scon=%s tcon=%s tclass=%s perm=%s state=%s function=%s path=%s cmdline=%s: %m",
+ scon, fcon, tclass, permission, enforce ? "enforcing" : "permissive", function, path, cl);
return enforce ? r : 0;
}
sd_bus_message *message,
const char *path,
const char *permission,
+ const char *function,
sd_bus_error *error) {
return 0;
#include "manager.h"
-int mac_selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
+int mac_selinux_generic_access_check(sd_bus_message *message,
+ const char *path,
+ const char *permission,
+ const char *function,
+ sd_bus_error *error);
#define mac_selinux_access_check(message, permission, error) \
- mac_selinux_generic_access_check((message), NULL, (permission), (error))
+ mac_selinux_generic_access_check((message), NULL, (permission), __func__, (error))
#define mac_selinux_unit_access_check(unit, message, permission, error) \
- mac_selinux_generic_access_check((message), unit_label_path(unit), (permission), (error))
+ mac_selinux_generic_access_check((message), unit_label_path(unit), (permission), __func__, (error))
projects / thirdparty / systemd.git / commitdiff
