diff options
| author | Tyler Hicks <tyhicks@canonical.com> | 2014-02-13 13:17:23 -0600 |
|---|---|---|
| committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-02-18 18:59:46 +0000 |
| commit | 66979aae614eef97a30a9cad1ab4c77f277b63f4 (patch) | |
| tree | c250163990c366458787a3b10407693afd85c069 /bus/signals.h | |
| parent | d9a2fdb96adf18d6876406a6cd4335b802d66af7 (diff) | |
| download | dbus-66979aae614eef97a30a9cad1ab4c77f277b63f4.tar.gz | |
Mediation of processes eavesdropping
When an AppArmor confined process wants to eavesdrop on a bus, a check
is performed to see if the action should be allowed.
The check is based on the connection's label and the bus type.
This patch adds a new hook, which was not previously included in the
SELinux mediation, to mediate eavesdropping from
bus_driver_handle_add_match().
A new function is added to bus/signals.c to see if a match rule is an
eavesdropping rule since the rule flags field is private to signals.c.
An example AppArmor rule that would allow a process to eavesdrop on the
session bus would be:
dbus eavesdrop bus=session,
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Diffstat (limited to 'bus/signals.h')
| -rw-r--r-- | bus/signals.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/bus/signals.h b/bus/signals.h index d19fc7c5..0edfb07e 100644 --- a/bus/signals.h +++ b/bus/signals.h @@ -73,6 +73,8 @@ dbus_bool_t bus_match_rule_set_arg (BusMatchRule *rule, void bus_match_rule_set_client_is_eavesdropping (BusMatchRule *rule, dbus_bool_t is_eavesdropping); +dbus_bool_t bus_match_rule_get_client_is_eavesdropping (BusMatchRule *rule); + BusMatchRule* bus_match_rule_parse (DBusConnection *matches_go_to, const DBusString *rule_text, DBusError *error); |