Add apparmor element support to bus config parsing

The <apparmor> element can contain a single mode attribute that has one of three values: "enabled" "disabled" "required" "enabled" means that kernel support is autodetected and, if available, AppArmor mediation occurs in dbus-daemon. If kernel support is not detected, mediation is disabled. "disabled" means that mediation does not occur. "required" means that kernel support must be detected for dbus-daemon to start. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
author: Tyler Hicks <tyhicks@canonical.com> 2014-02-10 19:02:04 -0600
committer: Simon McVittie <simon.mcvittie@collabora.co.uk> 2015-02-18 17:04:00 +0000
commit: 06033cb20fb6b33fc26c2ef3f5bec1bf75596e34 (patch)
tree: 548ba7b8c62f81ab3663e6753fa1fcd073a15dba /bus/config-parser.c
parent: f62bff5bca2c187262a550f6f0a0c2a662adaaf6 (diff)
download: dbus-06033cb20fb6b33fc26c2ef3f5bec1bf75596e34.tar.gz
1 files changed, 24 insertions, 0 deletions
diff --git a/bus/config-parser.c b/bus/config-parser.c
index ee2d4e7d..58048a50 100644
--- a/bus/config-parser.c
+++ b/bus/config-parser.c
@@ -28,6 +28,7 @@
 #include "utils.h"
 #include "policy.h"
 #include "selinux.h"
+#include "apparmor.h"
 #include <dbus/dbus-list.h>
 #include <dbus/dbus-internals.h>
 #include <dbus/dbus-misc.h>
@@ -1136,6 +1137,27 @@ start_busconfig_child (BusConfigParser   *parser,
 
       return TRUE;
     }
+  else if (element_type == ELEMENT_APPARMOR)
+    {
+      Element *e;
+      const char *mode;
+
+      if ((e = push_element (parser, ELEMENT_APPARMOR)) == NULL)
+        {
+          BUS_SET_OOM (error);
+          return FALSE;
+        }
+
+      if (!locate_attributes (parser, "apparmor",
+                              attribute_names,
+                              attribute_values,
+                              error,
+                              "mode", &mode,
+                              NULL))
+        return FALSE;
+
+      return bus_apparmor_set_mode_from_config (mode, error);
+    }
   else
     {
       dbus_set_error (error, DBUS_ERROR_FAILED,
@@ -2074,6 +2096,7 @@ bus_config_parser_end_element (BusConfigParser   *parser,
     case ELEMENT_STANDARD_SESSION_SERVICEDIRS:
     case ELEMENT_STANDARD_SYSTEM_SERVICEDIRS:
     case ELEMENT_ALLOW_ANONYMOUS:
+    case ELEMENT_APPARMOR:
       break;
     }
 
@@ -2373,6 +2396,7 @@ bus_config_parser_content (BusConfigParser   *parser,
     case ELEMENT_ALLOW_ANONYMOUS:
     case ELEMENT_SELINUX:
     case ELEMENT_ASSOCIATE:
+    case ELEMENT_APPARMOR:
       if (all_whitespace (content))
         return TRUE;
       else
author	Tyler Hicks <tyhicks@canonical.com>	2014-02-10 19:02:04 -0600
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>	2015-02-18 17:04:00 +0000
commit	06033cb20fb6b33fc26c2ef3f5bec1bf75596e34 (patch)
tree	548ba7b8c62f81ab3663e6753fa1fcd073a15dba /bus/config-parser.c
parent	f62bff5bca2c187262a550f6f0a0c2a662adaaf6 (diff)
download	dbus-06033cb20fb6b33fc26c2ef3f5bec1bf75596e34.tar.gz