fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-05-09 07:18:03 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Mediation of processes becoming a monitor

Browse source 
When an AppArmor confined process wants to become a monitor, a check is
performed to see if eavesdropping should be allowed.

The check is based on the connection's label and the bus type.

This patch reuses the bus_apparmor_allows_eavesdropping() hook.

An example AppArmor rule that would allow a process to become a monitor
on the system bus would be:

  dbus eavesdrop bus=system,

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This commit is contained in:
Tyler Hicks 2015-02-09 00:41:37 -06:00 committed by Simon McVittie
parent 66979aae61
commit 439723610e
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bus/driver.c
View file

@ -1924,6 +1924,8 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
DBusError *error)
{
char **match_rules = NULL;
const char *bustype;
BusContext *context;
BusMatchRule *rule;
DBusList *rules = NULL;
DBusList *iter;
@ -1938,6 +1940,11 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
if (!bus_driver_check_message_is_for_us (message, error))
goto out;
context = bus_transaction_get_context (transaction);
bustype = context ? bus_context_get_type (context) : NULL;
if (!bus_apparmor_allows_eavesdropping (connection, bustype, error))
goto out;
if (!bus_driver_check_caller_is_privileged (connection, transaction,
message, error))
goto out;