This patch adds SL context switching into IPP backend to implement MLS cups-to-cups printing diff --git cups/backend/ipp.c cups/backend/ipp.c index 6c3e7df02..1386762d8 100644 --- cups/backend/ipp.c +++ cups/backend/ipp.c @@ -38,6 +38,9 @@ extern void xpc_connection_set_target_uid(xpc_connection_t connection, #endif /* HAVE_GSSAPI && HAVE_XPC */ +#include +#include + /* * Bits for job-state-reasons we care about... */ @@ -276,7 +279,8 @@ main(int argc, /* I - Number of command-line args */ ppd_file_t *ppd = NULL; /* PPD file */ _ppd_cache_t *pc = NULL; /* PPD cache and mapping data */ fd_set input; /* Input set for select() */ - + context_t con; + char *context; /* * Make sure status messages are not buffered... @@ -284,6 +288,30 @@ main(int argc, /* I - Number of command-line args */ setbuf(stderr, NULL); +/* set selinux context */ + if (is_selinux_mls_enabled () ) + { + if ( getcon ( &context ) == 0 ) + { + const char *range; + + int lnoptions; /* Number of printer options */ + cups_option_t *loptions; /* Printer options */ + + lnoptions = cupsParseOptions(argv[5], 0, &loptions); + range = cupsGetOption("security-context-range", lnoptions, + loptions); + + if( range ) + { + con = context_new( context ); + context_range_set (con, range ); + setcon ( context_str( con ) ); + fprintf(stderr, "DEBUG: set context %s\n", context_str( con )); + } + } + } + /* * Ignore SIGPIPE and catch SIGTERM signals... */ diff --git a/backend/Makefile b/backend/Makefile index 2e566ae..c3d7f62 100644 --- cups/backend/Makefile +++ cups/backend/Makefile @@ -259,7 +259,7 @@ dnssd: dnssd.o ../cups/$(LIBCUPS) libbackend.a ipp: ipp.o ../cups/$(LIBCUPS) libbackend.a echo Linking $@... - $(LD_CC) $(ALL_LDFLAGS) -o ipp ipp.o libbackend.a $(LINKCUPS) + $(LD_CC) $(ALL_LDFLAGS) -o ipp ipp.o libbackend.a $(LINKCUPS) $(COMMONLIBS) $(CODE_SIGN) -s "$(CODE_SIGN_IDENTITY)" $@ $(RM) http https ipps for file in $(IPPALIASES); do \