From 8930ff209a6cfbdf61a3593b5482e440a2724582 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 15 Mar 2011 14:02:06 +0000 Subject: [PATCH 2/6] bus_context_check_security_policy: syslog SELinux rejections if enabled This also reduces duplication a bit. --- bus/bus.c | 20 +++++--------------- 1 files changed, 5 insertions(+), 15 deletions(-) diff --git a/bus/bus.c b/bus/bus.c index bf32724..1532bbb 100644 --- a/bus/bus.c +++ b/bus/bus.c @@ -1455,21 +1455,11 @@ bus_context_check_security_policy (BusContext *context, { if (error != NULL && !dbus_error_is_set (error)) { - sender_name = bus_connection_get_name (sender); - - dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, - "An SELinux policy prevents this sender " - "from sending this message to this recipient " - "(rejected message had sender \"%s\" interface \"%s\" " - "member \"%s\" error name \"%s\" destination \"%s\")", - sender_name ? sender_name : "(unset)", - dbus_message_get_interface (message) ? - dbus_message_get_interface (message) : "(unset)", - dbus_message_get_member (message) ? - dbus_message_get_member (message) : "(unset)", - dbus_message_get_error_name (message) ? - dbus_message_get_error_name (message) : "(unset)", - dest ? dest : DBUS_SERVICE_DBUS); + complain_about_message (context, + "An SELinux policy prevents this sender from sending this " + "message to this recipient", + 0, message, sender, proposed_recipient, FALSE, + (addressed_recipient == proposed_recipient), error); _dbus_verbose ("SELinux security check denying send to service\n"); } -- 1.7.4.1