On Fri, Sep 10, 2010 at 06:58:40PM +0200, ext Rami Ylimäki wrote: > Make SELinux use the public interface for querying client command > string. SELinux could be optimized further by removing its own copy of > the command string. However, that optimization has been left out for > simplicity.
do we want to make SELinux depend on client tracking infrastructure? Seems that we're going to be tying more the stuff. > Signed-off-by: Rami Ylimäki <[email protected]> > --- > Xext/xselinux_hooks.c | 37 ++++++++----------------------------- > 1 files changed, 8 insertions(+), 29 deletions(-) > > diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c > index 560e1e9..baca533 100644 > --- a/Xext/xselinux_hooks.c > +++ b/Xext/xselinux_hooks.c > @@ -33,6 +33,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS > IN THE SOFTWARE. > #include <libaudit.h> > > #include <X11/Xatom.h> > +#include "client.h" > #include "selection.h" > #include "inputstr.h" > #include "scrnintstr.h" > @@ -129,26 +130,12 @@ SELinuxLabelClient(ClientPtr client) > > /* For local clients, try and determine the executable name */ > if (XaceIsLocal(client)) { > - struct ucred creds; > - socklen_t len = sizeof(creds); > - char path[PATH_MAX + 1]; > - size_t bytes; > + const char *cmd = GetClientCmd(client); > > - memset(&creds, 0, sizeof(creds)); > - if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &creds, &len) < 0) > + if (!cmd) > goto finish; > > - snprintf(path, PATH_MAX + 1, "/proc/%d/cmdline", creds.pid); > - fd = open(path, O_RDONLY); > - if (fd < 0) > - goto finish; > - > - bytes = read(fd, path, PATH_MAX + 1); > - close(fd); > - if (bytes <= 0) > - goto finish; > - > - strncpy(subj->command, path, COMMAND_LEN - 1); > + strncpy(subj->command, cmd, COMMAND_LEN - 1); > } > > finish: > @@ -741,16 +728,8 @@ SELinuxServer(CallbackListPtr *pcbl, pointer unused, > pointer calldata) > static void > SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata) > { > - NewClientInfoRec *pci = calldata; > - > - switch (pci->client->clientState) { > - case ClientStateInitial: > - SELinuxLabelClient(pci->client); > - break; > - > - default: > - break; > - } > + ClientPtr client = calldata; > + SELinuxLabelClient(client); > } > > static void > @@ -819,7 +798,7 @@ void > SELinuxFlaskReset(void) > { > /* Unregister callbacks */ > - DeleteCallback(&ClientStateCallback, SELinuxClientState, NULL); > + DeleteCallback(GetClientIdsReservedCbs(), SELinuxClientState, NULL); > DeleteCallback(&ResourceStateCallback, SELinuxResourceState, NULL); > > XaceDeleteCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL); > @@ -912,7 +891,7 @@ SELinuxFlaskInit(void) > NULL); > > /* Register callbacks */ > - ret &= AddCallback(&ClientStateCallback, SELinuxClientState, NULL); > + ret &= AddCallback(GetClientIdsReservedCbs(), SELinuxClientState, NULL); > ret &= AddCallback(&ResourceStateCallback, SELinuxResourceState, NULL); > > ret &= XaceRegisterCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL); > -- > 1.6.3.3 > Tiago _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
