From: Simon McVittie Date: Tue, 15 Mar 2011 14:02:06 +0000 (+0000) Subject: bus_context_check_security_policy: for SELinux denials, share code to set errors X-Git-Tag: dbus-1.4.10~6 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=be07ce63621701f1ebebec23436c9e2b61d1d4ec;p=thirdparty%2Fdbus.git bus_context_check_security_policy: for SELinux denials, share code to set errors Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35358 Reviewed-by: Colin Walters --- diff --git a/bus/bus.c b/bus/bus.c index bf327248d..19436f9a1 100644 --- a/bus/bus.c +++ b/bus/bus.c @@ -1455,21 +1455,12 @@ bus_context_check_security_policy (BusContext *context, { if (error != NULL && !dbus_error_is_set (error)) { - sender_name = bus_connection_get_name (sender); - - dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, - "An SELinux policy prevents this sender " - "from sending this message to this recipient " - "(rejected message had sender \"%s\" interface \"%s\" " - "member \"%s\" error name \"%s\" destination \"%s\")", - sender_name ? sender_name : "(unset)", - dbus_message_get_interface (message) ? - dbus_message_get_interface (message) : "(unset)", - dbus_message_get_member (message) ? - dbus_message_get_member (message) : "(unset)", - dbus_message_get_error_name (message) ? - dbus_message_get_error_name (message) : "(unset)", - dest ? dest : DBUS_SERVICE_DBUS); + /* don't syslog this, just set the error: avc_has_perm should + * have already written to either the audit log or syslog */ + complain_about_message (context, + "An SELinux policy prevents this sender from sending this " + "message to this recipient", + 0, message, sender, proposed_recipient, FALSE, FALSE, error); _dbus_verbose ("SELinux security check denying send to service\n"); }