Hi Patrik
On 29.10.2012 11:50, Patrik Flykt wrote:
Hi,
On Thu, 2012-10-25 at 11:26 +0200, Daniel Wagner wrote:
ConnMan needs to identify application in a secure way when they are
using the Session API. The current D-Bus server implemention supports
two types of LSM, POSIX and SELinux. In order to support SMACK or
TOMOYO the D-Bus code base needs to be patch. This is the initial work
to support at least POSIX and SELinux. Maybe in the future we are able
to support also the other LSMs.
The idea behind gsec is to keep the LSM related code together in one
directory. The API introduces in this patch is not any way final. It
will need some more time figuring out how are able to intregrate this
in a nice way.
The current API introduces g_sec_get_selinux_label() which will return
the SELinux context. The function will issuing a
GetConnectionSELinuxSecurityContext method call.
Note, that this function is not documented in the D-Bus
specification. See for more details the source code dbus/bus/drivers.c
and dbus/bus/selinux.c in the D-Bus reference implementation.
Since we have only one (well, two) functions in here, why do we need a
new directory structure at this point? I'd rather see this as part of
connman_dbus_ family of functions. So far it is used only in one place
and implemented only for SELinux.
The reason I moved it into gsec dir, is that I thought those function
might be also useful for other projects. And also if someone wants to
add SMACK support it might be simpler to have a separate directory for this.
In short there is no real technical reason to do so. If you prefer to
have it in connman's core part, then I can do that. No problem with that.
We'd still need an explicit argument in the callback telling whether it
succeeded or failed. How else is an empty context going to be
distinguished from an out of memory one?
Oh, that was an oversight. Will add this in the next version.
cheers,
daniel
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
