diff options
author | Rami Ylimäki <rami.ylimaki@vincit.fi> | 2010-12-22 16:57:17 +0200 |
---|---|---|
committer | Rami Ylimäki <rami.ylimaki@vincit.fi> | 2010-12-23 13:53:25 +0200 |
commit | 296561506a91742cc150a0fb6fc0df5dbe98c780 (patch) | |
tree | d9684dbf7de655d7b5dee1f1500962dc497d6a49 /Xext | |
parent | 1e933665bef26c74196bb7c59910e6a78bcacf0e (diff) |
Xext: Use general OS functions to determine client command string in SELinux.
Signed-off-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Reviewed-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Diffstat (limited to 'Xext')
-rw-r--r-- | Xext/xselinux_hooks.c | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c index 560e1e9bf..f1d8e5d2f 100644 --- a/Xext/xselinux_hooks.c +++ b/Xext/xselinux_hooks.c @@ -40,6 +40,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #include "propertyst.h" #include "extnsionst.h" #include "xacestr.h" +#include "client.h" #include "../os/osdep.h" #define _XSELINUX_NEED_FLASK_MAP #include "xselinuxint.h" @@ -129,26 +130,25 @@ SELinuxLabelClient(ClientPtr client) /* For local clients, try and determine the executable name */ if (XaceIsLocal(client)) { - struct ucred creds; - socklen_t len = sizeof(creds); - char path[PATH_MAX + 1]; - size_t bytes; - - memset(&creds, 0, sizeof(creds)); - if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &creds, &len) < 0) - goto finish; + /* Get cached command name if CLIENTIDS is enabled. */ + const char *cmdname = GetClientCmdName(client); + Bool cached = (cmdname != NULL); + /* If CLIENTIDS is disabled, figure out the command name from + * scratch. */ + if (!cmdname) + { + pid_t pid = DetermineClientPid(client); + if (pid != -1) + DetermineClientCmd(pid, &cmdname, NULL); + } - snprintf(path, PATH_MAX + 1, "/proc/%d/cmdline", creds.pid); - fd = open(path, O_RDONLY); - if (fd < 0) + if (!cmdname) goto finish; - bytes = read(fd, path, PATH_MAX + 1); - close(fd); - if (bytes <= 0) - goto finish; + strncpy(subj->command, cmdname, COMMAND_LEN - 1); - strncpy(subj->command, path, COMMAND_LEN - 1); + if (!cached) + free((void *) cmdname); /* const char * */ } finish: |