Hi Patrik,
On 19.10.2012 22:43, Patrik Flykt wrote:
On Wed, 2012-10-17 at 14:42 +0200, Daniel Wagner wrote:
From: Daniel Wagner <daniel.wag...@bmw-carit.de>
---
plugins/session_policy_ivi.c | 36 ++++++++++++++++++++++++++++--------
1 file changed, 28 insertions(+), 8 deletions(-)
diff --git a/plugins/session_policy_ivi.c b/plugins/session_policy_ivi.c
index dd3bda0..70889ec 100644
--- a/plugins/session_policy_ivi.c
+++ b/plugins/session_policy_ivi.c
@@ -90,20 +90,40 @@ static struct connman_session_config *new_config(void)
return config;
}
+static char *parse_ident(unsigned char *context, unsigned int size)
+{
+ char *str, *ident, **tokens;
+
+ str = g_strndup((const gchar*)context, (gsize) size);
+ if (str == NULL)
+ return NULL;
+
+ DBG("SELinux context %s", str);
+
+ tokens = g_strsplit(str, ":", 0);
+ if (tokens == NULL) {
+ g_free(str);
+ return NULL;
+ }
+
+ ident = g_strdup(tokens[2]);
+ g_strfreev(tokens);
+
+ DBG("ident: %s", ident);
+
+ return ident;
+}
This part should have been added earlier, no need to have a separate
patch to factor it out.
Sure, no problem.
The function above gets interesting. The commit message really should
explain how the ident is created via the SELinux security context.
The question is if we want to have the SELinux part adding directly here
in the plugin or have some core code supporting to extract an ident from
a D-Bus message. In the case someone wants to use SMACK or another LSM
s/he this code needs to be touched. I was thinking on having something
like this:
const char *g_dbus_get_ident(DBusMessage *message);
Obviously, the SELinux part in this part would need also me moved out of
the plugin.
What do you think?
cheers,
daniel
_______________________________________________
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
