Make SELinux use the public interface for querying client command string. SELinux could be optimized further by removing its own copy of the command string. However, that optimization has been left out for simplicity.
Signed-off-by: Rami Ylimäki <[email protected]> --- Xext/xselinux_hooks.c | 37 ++++++++----------------------------- 1 files changed, 8 insertions(+), 29 deletions(-) diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c index 560e1e9..baca533 100644 --- a/Xext/xselinux_hooks.c +++ b/Xext/xselinux_hooks.c @@ -33,6 +33,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #include <libaudit.h> #include <X11/Xatom.h> +#include "client.h" #include "selection.h" #include "inputstr.h" #include "scrnintstr.h" @@ -129,26 +130,12 @@ SELinuxLabelClient(ClientPtr client) /* For local clients, try and determine the executable name */ if (XaceIsLocal(client)) { - struct ucred creds; - socklen_t len = sizeof(creds); - char path[PATH_MAX + 1]; - size_t bytes; + const char *cmd = GetClientCmd(client); - memset(&creds, 0, sizeof(creds)); - if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &creds, &len) < 0) + if (!cmd) goto finish; - snprintf(path, PATH_MAX + 1, "/proc/%d/cmdline", creds.pid); - fd = open(path, O_RDONLY); - if (fd < 0) - goto finish; - - bytes = read(fd, path, PATH_MAX + 1); - close(fd); - if (bytes <= 0) - goto finish; - - strncpy(subj->command, path, COMMAND_LEN - 1); + strncpy(subj->command, cmd, COMMAND_LEN - 1); } finish: @@ -741,16 +728,8 @@ SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata) static void SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata) { - NewClientInfoRec *pci = calldata; - - switch (pci->client->clientState) { - case ClientStateInitial: - SELinuxLabelClient(pci->client); - break; - - default: - break; - } + ClientPtr client = calldata; + SELinuxLabelClient(client); } static void @@ -819,7 +798,7 @@ void SELinuxFlaskReset(void) { /* Unregister callbacks */ - DeleteCallback(&ClientStateCallback, SELinuxClientState, NULL); + DeleteCallback(GetClientIdsReservedCbs(), SELinuxClientState, NULL); DeleteCallback(&ResourceStateCallback, SELinuxResourceState, NULL); XaceDeleteCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL); @@ -912,7 +891,7 @@ SELinuxFlaskInit(void) NULL); /* Register callbacks */ - ret &= AddCallback(&ClientStateCallback, SELinuxClientState, NULL); + ret &= AddCallback(GetClientIdsReservedCbs(), SELinuxClientState, NULL); ret &= AddCallback(&ResourceStateCallback, SELinuxResourceState, NULL); ret &= XaceRegisterCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL); -- 1.6.3.3 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
