int bus_job_method_cancel(sd_bus_message *message, void *userdata, sd_bus_error *error) { Job *j = userdata; int r; assert(message); assert(j); r = mac_selinux_unit_access_check(j->unit, message, "stop", error); if (r < 0) return r; /* Access is granted to the job owner */ if (!sd_bus_track_contains(j->clients, sd_bus_message_get_sender(message))) { /* And for everybody else consult PolicyKit */ r = bus_verify_manage_units_async(j->unit->manager, message, error); if (r < 0) return r; if (r == 0) return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ } job_finish_and_invalidate(j, JOB_CANCELED, true); return sd_bus_reply_method_return(message, NULL); }
int bus_scope_method_abandon(sd_bus_message *message, void *userdata, sd_bus_error *error) { Scope *s = userdata; int r; assert(message); assert(s); r = mac_selinux_unit_access_check(UNIT(s), message, "stop", error); if (r < 0) return r; r = bus_verify_manage_units_async(UNIT(s)->manager, message, error); if (r < 0) return r; if (r == 0) return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ r = scope_abandon(s); if (r == -ESTALE) return sd_bus_error_setf(error, BUS_ERROR_SCOPE_NOT_RUNNING, "Scope %s is not running, cannot abandon.", UNIT(s)->id); if (r < 0) return r; return sd_bus_reply_method_return(message, NULL); }
int mac_selinux_unit_access_check_strv(char **units, sd_bus_message *message, Manager *m, const char *permission, sd_bus_error *error) { #ifdef HAVE_SELINUX char **i; Unit *u; int r; STRV_FOREACH(i, units) { u = manager_get_unit(m, *i); if (u) { r = mac_selinux_unit_access_check(u, message, permission, error); if (r < 0) return r; } }
int bus_job_method_cancel(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { Job *j = userdata; int r; assert(bus); assert(message); assert(j); r = verify_sys_admin_or_owner_sync(message, j, error); if (r < 0) return r; r = mac_selinux_unit_access_check(j->unit, message, "stop", error); if (r < 0) return r; job_finish_and_invalidate(j, JOB_CANCELED, true); return sd_bus_reply_method_return(message, NULL); }
int bus_snapshot_method_remove(sd_bus_message *message, void *userdata, sd_bus_error *error) { Snapshot *s = userdata; int r; assert(message); assert(s); r = mac_selinux_unit_access_check(UNIT(s), message, "stop", error); if (r < 0) return r; r = bus_verify_manage_units_async(UNIT(s)->manager, message, error); if (r < 0) return r; if (r == 0) return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ snapshot_remove(s); return sd_bus_reply_method_return(message, NULL); }
int mac_selinux_unit_access_check_strv(char **units, sd_bus_message *message, Manager *m, const char *permission, sd_bus_error *error) { #ifdef HAVE_SELINUX char **i; Unit *u; int r; STRV_FOREACH(i, units) { if (is_path(*i)) r = manager_load_unit(m, NULL, *i, error, &u); else r = manager_load_unit(m, *i, NULL, error, &u); if (r < 0) return r; r = mac_selinux_unit_access_check(u, message, permission, error); if (r < 0) return r; } #endif return 0; }