diff options
author | Tyler Hicks <tyhicks@canonical.com> | 2015-02-09 00:41:37 -0600 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-02-18 18:59:46 +0000 |
commit | 439723610e0d66ab4b3f9de6e453e517921bd361 (patch) | |
tree | 0f3fe5af7b4d8771c858fc1483be9c337c44f23d /bus | |
parent | 66979aae614eef97a30a9cad1ab4c77f277b63f4 (diff) | |
download | dbus-439723610e0d66ab4b3f9de6e453e517921bd361.tar.gz |
Mediation of processes becoming a monitor
When an AppArmor confined process wants to become a monitor, a check is
performed to see if eavesdropping should be allowed.
The check is based on the connection's label and the bus type.
This patch reuses the bus_apparmor_allows_eavesdropping() hook.
An example AppArmor rule that would allow a process to become a monitor
on the system bus would be:
dbus eavesdrop bus=system,
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Diffstat (limited to 'bus')
-rw-r--r-- | bus/driver.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/bus/driver.c b/bus/driver.c index 53bd5590..aab922ae 100644 --- a/bus/driver.c +++ b/bus/driver.c @@ -1924,6 +1924,8 @@ bus_driver_handle_become_monitor (DBusConnection *connection, DBusError *error) { char **match_rules = NULL; + const char *bustype; + BusContext *context; BusMatchRule *rule; DBusList *rules = NULL; DBusList *iter; @@ -1938,6 +1940,11 @@ bus_driver_handle_become_monitor (DBusConnection *connection, if (!bus_driver_check_message_is_for_us (message, error)) goto out; + context = bus_transaction_get_context (transaction); + bustype = context ? bus_context_get_type (context) : NULL; + if (!bus_apparmor_allows_eavesdropping (connection, bustype, error)) + goto out; + if (!bus_driver_check_caller_is_privileged (connection, transaction, message, error)) goto out; |