From: Laurent Bigonville Date: Mon, 3 Oct 2016 18:08:20 +0000 (+0200) Subject: Remove calls to sidget/sidput X-Git-Tag: dbus-1.11.14~63 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=89419e0a8c385bf2796c5839ea7d2c444f34229a;p=thirdparty%2Fdbus.git Remove calls to sidget/sidput sidget and sidput functions are noop and deprecated since libselinux 2.0.86. Also use pkg-config to detect libselinux and force version >= 2.0.86 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100912 Reviewed-by: Simon McVittie --- diff --git a/NEWS b/NEWS index 2fedb977b..0f524412b 100644 --- a/NEWS +++ b/NEWS @@ -33,6 +33,11 @@ Fixes: • Fix some integration test issues (fd.o #100686, Simon McVittie) +Dependencies: + +• SELinux support requires at least libselinux 2.0.86 as explicit refcounting + for SID (sidput/sidget) has been removed from the code. + D-Bus 1.11.12 (2017-04-07) == diff --git a/bus/connection.c b/bus/connection.c index 5144218cf..3fc62c787 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -441,9 +441,6 @@ free_connection_data (void *data) if (d->policy) bus_client_policy_unref (d->policy); - if (d->selinux_id) - bus_selinux_id_unref (d->selinux_id); - if (d->apparmor_confinement) bus_apparmor_confinement_unref (d->apparmor_confinement); @@ -869,8 +866,6 @@ bus_connections_setup_connection (BusConnections *connections, out: if (!retval) { - if (d->selinux_id) - bus_selinux_id_unref (d->selinux_id); d->selinux_id = NULL; if (d->apparmor_confinement) diff --git a/bus/selinux.c b/bus/selinux.c index e484be68f..271048a1e 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -388,37 +388,6 @@ bus_selinux_full_init (void) return TRUE; } -/** - * Decrement SID reference count. - * - * @param sid the SID to decrement - */ -void -bus_selinux_id_unref (BusSELinuxID *sid) -{ -#ifdef HAVE_SELINUX - if (!selinux_enabled) - return; - - _dbus_assert (sid != NULL); - - sidput (SELINUX_SID_FROM_BUS (sid)); -#endif /* HAVE_SELINUX */ -} - -void -bus_selinux_id_ref (BusSELinuxID *sid) -{ -#ifdef HAVE_SELINUX - if (!selinux_enabled) - return; - - _dbus_assert (sid != NULL); - - sidget (SELINUX_SID_FROM_BUS (sid)); -#endif /* HAVE_SELINUX */ -} - /** * Determine if the SELinux security policy allows the given sender * security context to go to the given recipient security context. @@ -789,21 +758,6 @@ bus_selinux_init_connection_id (DBusConnection *connection, #endif /* HAVE_SELINUX */ } - -/** - * Function for freeing hash table data. These SIDs - * should no longer be referenced. - */ -static void -bus_selinux_id_table_free_value (BusSELinuxID *sid) -{ -#ifdef HAVE_SELINUX - /* NULL sometimes due to how DBusHashTable works */ - if (sid) - bus_selinux_id_unref (sid); -#endif /* HAVE_SELINUX */ -} - /** * Creates a new table mapping service names to security ID. * A security ID is a "compiled" security context, a security @@ -815,8 +769,7 @@ DBusHashTable* bus_selinux_id_table_new (void) { return _dbus_hash_table_new (DBUS_HASH_STRING, - (DBusFreeFunction) dbus_free, - (DBusFreeFunction) bus_selinux_id_table_free_value); + (DBusFreeFunction) dbus_free, NULL); } /** @@ -878,9 +831,6 @@ bus_selinux_id_table_insert (DBusHashTable *service_table, retval = TRUE; out: - if (sid != SECSID_WILD) - sidput (sid); - if (key) dbus_free (key); @@ -1015,7 +965,6 @@ bus_selinux_shutdown (void) if (bus_sid != SECSID_WILD) { - sidput (bus_sid); bus_sid = SECSID_WILD; bus_avc_print_stats (); diff --git a/bus/selinux.h b/bus/selinux.h index 5252b1898..8c7cb0a31 100644 --- a/bus/selinux.h +++ b/bus/selinux.h @@ -33,9 +33,6 @@ void bus_selinux_shutdown (void); dbus_bool_t bus_selinux_enabled (void); -void bus_selinux_id_ref (BusSELinuxID *sid); -void bus_selinux_id_unref (BusSELinuxID *sid); - DBusHashTable* bus_selinux_id_table_new (void); BusSELinuxID* bus_selinux_id_table_lookup (DBusHashTable *service_table, const DBusString *service_name); diff --git a/configure.ac b/configure.ac index 64c60ff2a..3a518d0fa 100644 --- a/configure.ac +++ b/configure.ac @@ -1011,8 +1011,8 @@ if test x$enable_selinux = xno ; then have_selinux=no; else # See if we have SELinux library - AC_CHECK_LIB(selinux, is_selinux_enabled, - have_selinux=yes, have_selinux=no) + PKG_CHECK_MODULES([SELINUX], [libselinux >= 2.0.86], + [have_selinux=yes], [have_selinux=no]) # see if we have the SELinux header with the new D-Bus stuff in it if test x$have_selinux = xyes ; then @@ -1046,7 +1046,7 @@ if test x$have_selinux = xyes ; then AC_CHECK_FUNC(pthread_create,,[AC_CHECK_LIB(pthread,pthread_create, [SELINUX_THREAD_LIBS="-lpthread"])]) - SELINUX_LIBS="-lselinux $SELINUX_THREAD_LIBS" + SELINUX_LIBS="$SELINUX_LIBS $SELINUX_THREAD_LIBS" AC_DEFINE(HAVE_SELINUX,1,[SELinux support]) else SELINUX_LIBS=