From: Daniel Wagner <daniel.wag...@bmw-carit.de> Hi,
This series introduces a PoC for a new policy plugin. I have called it IVI but that is nothing specific to IVI. It just a very good short name. If you have a better name, I am glad to accept it. The first few patches are bug fixes ore small cleanups in general. So up to patch "session: Update sessions on config updates" should be applied indepenent of the rest. The plugin will read from /var/lib/connman/*.policy init style files and tries them to apply to new sessions, which are identified using SELinux. Here is a small demo, which shows what happens if the user and the plugin try to write the AllowedBearers. http://www.monom.org/misc/allowed_bearers.ogg I think we need to always to preserve the user input and filter out the bearers we don't wont. Currently, the result of the filter step will overwrite the user settings. cheers, daniel Daniel Wagner (24): session: Handle destruction of policy during shutdown session: Add callback to policy create() session: Factor out user settings in __connman_session_create() session: Factor out memore release part of cleanup_session manager: Allow async CreateSession method call session: Register session after policy plugin return config session: Handle NULL config pointer session: Update sessions on config updates storage: Add void if function does not have any arguments config: Factor out config inotify handler storage: Move generic inotify into storage.c gdbus: Add GetConnectionSELinuxSecurityContext session: Add connman_session_get_owner() session_policy_ivi: Add policy plugin for IVI session_policy_ivi: Add D-Bus connection session_policy_ivi: Get SELinux context of session owner session_policy_ivi: Create session config session_policy_ivi: Factor out config creation session_policy_ivi: Read policy config from file system session_policy_ivi: Watch for changes on policy files session_policy_ivi: Factor out SELinux context parser session_policy_ivi: Use the policy read from filesystem session: Export session parsing functions session_policy_ivi: Implement policy_load() Makefile.am | 2 +- Makefile.plugins | 12 + configure.ac | 6 + gdbus/gdbus.h | 9 + gdbus/selinux.c | 167 ++++++++++++++ include/session.h | 17 +- include/storage.h | 8 + plugins/session_policy.c | 13 +- plugins/session_policy_ivi.c | 520 +++++++++++++++++++++++++++++++++++++++++++ src/config.c | 181 +++------------ src/connman.h | 11 +- src/main.c | 2 + src/manager.c | 8 +- src/session.c | 381 ++++++++++++++++++++----------- src/storage.c | 163 +++++++++++++- 15 files changed, 1207 insertions(+), 293 deletions(-) create mode 100644 gdbus/selinux.c create mode 100644 plugins/session_policy_ivi.c -- 1.7.12.1.382.gb0576a6 _______________________________________________ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman