[PATCH v3 2/2] Xext: Use general OS functions to determine client command string in SELinux.
Vignatti Tiago (Nokia-MS/Helsinki)
tiago.vignatti at nokia.com
Tue Oct 19 09:48:23 PDT 2010
On Fri, Oct 01, 2010 at 05:14:45PM +0200, ext Rami Ylimäki wrote:
> SELinux could be also modified to take advantage of client ID tracking
> but we don't introduce that dependency here. People interested in
> SELinux are free to add that dependency later.
>
> Signed-off-by: Rami Ylimäki <rami.ylimaki at vincit.fi>
Reviewed-by: Tiago Vignatti <tiago.vignatti at nokia.com>
> ---
> Xext/xselinux_hooks.c | 22 +++++-----------------
> 1 files changed, 5 insertions(+), 17 deletions(-)
>
> diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c
> index 560e1e9..73a1179 100644
> --- a/Xext/xselinux_hooks.c
> +++ b/Xext/xselinux_hooks.c
> @@ -129,26 +129,14 @@ SELinuxLabelClient(ClientPtr client)
>
> /* For local clients, try and determine the executable name */
> if (XaceIsLocal(client)) {
> - struct ucred creds;
> - socklen_t len = sizeof(creds);
> - char path[PATH_MAX + 1];
> - size_t bytes;
> + pid_t pid = GetPidFromClient(client);
> + const char *cmd = GetCommandFromPid(pid);
>
> - memset(&creds, 0, sizeof(creds));
> - if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &creds, &len) < 0)
> + if (!cmd)
> goto finish;
>
> - snprintf(path, PATH_MAX + 1, "/proc/%d/cmdline", creds.pid);
> - fd = open(path, O_RDONLY);
> - if (fd < 0)
> - goto finish;
> -
> - bytes = read(fd, path, PATH_MAX + 1);
> - close(fd);
> - if (bytes <= 0)
> - goto finish;
> -
> - strncpy(subj->command, path, COMMAND_LEN - 1);
> + strncpy(subj->command, cmd, COMMAND_LEN - 1);
> + free((void *) cmd);
> }
>
> finish:
> --
> 1.6.3.3
>
Tiago
More information about the xorg-devel
mailing list