Xext: Use general OS functions to determine client command string in SELinux.
Signed-off-by: Rami Ylimäki <rami.ylimaki@vincit.fi> Reviewed-by: Tiago Vignatti <tiago.vignatti@nokia.com>
This commit is contained in:
parent
1e933665be
commit
296561506a
|
@ -40,6 +40,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||||
#include "propertyst.h"
|
#include "propertyst.h"
|
||||||
#include "extnsionst.h"
|
#include "extnsionst.h"
|
||||||
#include "xacestr.h"
|
#include "xacestr.h"
|
||||||
|
#include "client.h"
|
||||||
#include "../os/osdep.h"
|
#include "../os/osdep.h"
|
||||||
#define _XSELINUX_NEED_FLASK_MAP
|
#define _XSELINUX_NEED_FLASK_MAP
|
||||||
#include "xselinuxint.h"
|
#include "xselinuxint.h"
|
||||||
|
@ -129,26 +130,25 @@ SELinuxLabelClient(ClientPtr client)
|
||||||
|
|
||||||
/* For local clients, try and determine the executable name */
|
/* For local clients, try and determine the executable name */
|
||||||
if (XaceIsLocal(client)) {
|
if (XaceIsLocal(client)) {
|
||||||
struct ucred creds;
|
/* Get cached command name if CLIENTIDS is enabled. */
|
||||||
socklen_t len = sizeof(creds);
|
const char *cmdname = GetClientCmdName(client);
|
||||||
char path[PATH_MAX + 1];
|
Bool cached = (cmdname != NULL);
|
||||||
size_t bytes;
|
/* If CLIENTIDS is disabled, figure out the command name from
|
||||||
|
* scratch. */
|
||||||
|
if (!cmdname)
|
||||||
|
{
|
||||||
|
pid_t pid = DetermineClientPid(client);
|
||||||
|
if (pid != -1)
|
||||||
|
DetermineClientCmd(pid, &cmdname, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
memset(&creds, 0, sizeof(creds));
|
if (!cmdname)
|
||||||
if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &creds, &len) < 0)
|
|
||||||
goto finish;
|
goto finish;
|
||||||
|
|
||||||
snprintf(path, PATH_MAX + 1, "/proc/%d/cmdline", creds.pid);
|
strncpy(subj->command, cmdname, COMMAND_LEN - 1);
|
||||||
fd = open(path, O_RDONLY);
|
|
||||||
if (fd < 0)
|
|
||||||
goto finish;
|
|
||||||
|
|
||||||
bytes = read(fd, path, PATH_MAX + 1);
|
if (!cached)
|
||||||
close(fd);
|
free((void *) cmdname); /* const char * */
|
||||||
if (bytes <= 0)
|
|
||||||
goto finish;
|
|
||||||
|
|
||||||
strncpy(subj->command, path, COMMAND_LEN - 1);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
finish:
|
finish:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user