| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an AppArmor confined process wants to eavesdrop on a bus, a check
is performed to see if the action should be allowed.
The check is based on the connection's label and the bus type.
This patch adds a new hook, which was not previously included in the
SELinux mediation, to mediate eavesdropping from
bus_driver_handle_add_match().
A new function is added to bus/signals.c to see if a match rule is an
eavesdropping rule since the rule flags field is private to signals.c.
An example AppArmor rule that would allow a process to eavesdrop on the
session bus would be:
dbus eavesdrop bus=session,
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Usage:
$ dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus \
org.freedesktop.DBus.Debug.Stats.GetAllMatchRules
method return sender=org.freedesktop.DBus -> dest=:1.13 reply_serial=2
array [
dict entry(
string ":1.4"
array [
]
)
dict entry(
string ":1.9"
array [
string "type='signal',interface='org.freedesktop.DBus',member='NameOwnerChanged'"
]
)
dict entry(
string ":1.11"
array [
string "eavesdrop='true'"
]
)
]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=24307
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Adds "eavesdrop=true" as a match rule, meaning that the owner
intend to eavedrop.
Otherwise the owner will receive only broadcasted messages and the ones
meant to be delivered to it.
[plus a typo fix in an error message -smcv]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=37890
Bug-NB: NB#269748
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| |
|
|
|
|
|
|
|
| |
Also disallow having both path and path_namespace in the same match rule
(it wouldn't make sense, path is more specific than path_namespace).
As per IRC discussion with davidz and wjt.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34870
|
| |
|
|
|
|
|
|
|
|
| |
Add a new path_prefix match rule that can be used for efficient
implementations of the org.freedesktop.DBus.ObjectManager interface
(see bug 34869).
https://bugs.freedesktop.org/show_bug.cgi?id=34870
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Rather like "arg0path='/foo/'" matching all object paths starting with
"/foo/", this adds support for matching a prefix of a string argument
with "arg0namespace='org.freedesktop.Telepathy.Client.'" (for example).
This is mostly intended for use with NameOwnerChanged and
PropertiesChanged; thus, only matching the 0th argument is permitted.
(This also means it could work with the multicast-plus-socket-filters
model being considered for DBus-in-the-kernel without having to hash
every period-separated prefix of every string argument.)
|
| | |
|
| |
|
|
|
|
| |
No comment.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2007-09-20 Ryan Lortie <desrt@desrt.ca>
* dbus/signals.c (struct DBusMatchRule, bus_match_rule_new,
bus_match_rule_set_arg, bus_match_rule_parse_arg_match,
match_rule_matches): Add support for parsing and matching on
arg0path='/some/path' type rules.
* dbus/signals.h (bus_match_rule_set_arg): change to take const
DBusString instead of const char * for the string to match against.
* dbus/dbus-bus.c: add a quick note to dbus_bus_add_match
documentation about the path matching.
* doc/dbus-specification.xml: add a more detailed description of the
changes here.
|
| |
|
|
| |
* Add indent-tabs-mode: nil to all file headers.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* bus/signals.c (bus_signals_test): add match_rule_equal() tests
(match_rule_matches): remove unused arg
(test_matching): add tests for match_rule_matches()
* bus/signals.c (bus_match_rule_parse_arg_match): add ability to
do arg0='foo' arg5='bar' in the match rules
(match_rule_matches): don't match if the arg0='foo' doesn't match.
* dbus/dbus-protocol.h (DBUS_MAXIMUM_MATCH_RULE_ARG_NUMBER): add this
|
| |
|
|
|
| |
* COPYING: switch to Academic Free License version 2.1 instead of
2.0, to resolve complaints about patent termination clause.
|
| |
|
|
|
| |
* Update AFL version to 2.0 throughout the source files to reflect
the update that was done a while ago.
|
| |
|
|
|
|
| |
* bus/*.[ch]:
* dbus/*.[ch]:
* glib/*.[ch]: Made ref functions return the pointer
|
|
|
Get matching rules mostly working in the bus; only actually
parsing the rule text remains. However, the client side of
"signal connections" hasn't been started, this patch is only the
bus side.
* dbus/dispatch.c: fix for the matching rules changes
* bus/driver.c (bus_driver_handle_remove_match)
(bus_driver_handle_add_match): send an ack reply from these
method calls
* glib/dbus-gproxy.c (dbus_gproxy_begin_call): fix order of
arguments, reported by Seth Nickell
* bus/config-parser.c (append_rule_from_element): support
eavesdrop=true|false attribute on policies so match rules
can be prevented from snooping on the system bus.
* bus/dbus-daemon-1.1.in: consistently use terminology "sender"
and "destination" in attribute names; fix some docs bugs;
add eavesdrop=true|false attribute
* bus/driver.c (bus_driver_handle_add_match)
(bus_driver_handle_remove_match): handle AddMatch, RemoveMatch
messages
* dbus/dbus-protocol.h (DBUS_SERVICE_ORG_FREEDESKTOP_BROADCAST): get
rid of broadcast service concept, signals are just always broadcast
* bus/signals.c, bus/dispatch.c, bus/connection.c, bus/bus.c:
mostly implement matching rules stuff (currently only exposed as signal
connections)
|
