From 03406096ceb9b395bb7245eae8f08d606f61e04b Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 6 Mar 2025 23:46:49 +0100 Subject: [PATCH] feat(dbus): simplify the way to provide unix address for dbus. --- apparmor.d/abstractions/bus-session | 4 +--- apparmor.d/abstractions/bus-system | 2 ++ pkg/prebuild/directive/dbus.go | 24 +++++------------------- pkg/prebuild/directive/dbus_test.go | 12 +++--------- 4 files changed, 11 insertions(+), 31 deletions(-) diff --git a/apparmor.d/abstractions/bus-session b/apparmor.d/abstractions/bus-session index 95325d7d3..0c3abd96e 100644 --- a/apparmor.d/abstractions/bus-session +++ b/apparmor.d/abstractions/bus-session @@ -4,9 +4,7 @@ abi , - unix (bind, listen) type=stream addr="@/tmp/dbus-*", - unix (connect, send, receive, accept) type=stream addr="@/tmp/dbus-*", - unix (connect, send, receive, accept) type=stream peer=(addr="@/tmp/dbus-*"), + unix bind type=stream addr=@@{udbus}/bus/@{profile_name}/session, dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/abstractions/bus-system b/apparmor.d/abstractions/bus-system index 870443002..24d2cf4c2 100644 --- a/apparmor.d/abstractions/bus-system +++ b/apparmor.d/abstractions/bus-system @@ -4,6 +4,8 @@ abi , + unix bind type=stream addr=@@{udbus}/bus/@{profile_name}/system, + dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} diff --git a/pkg/prebuild/directive/dbus.go b/pkg/prebuild/directive/dbus.go index 4a9030505..99a8f6138 100644 --- a/pkg/prebuild/directive/dbus.go +++ b/pkg/prebuild/directive/dbus.go @@ -45,15 +45,11 @@ func (d Dbus) Apply(opt *Option, profile string) (string, error) { if err != nil { return "", err } - name := opt.File.Base() - if len(name) > 15 { - name = name[:15] - } switch action { case "own": - r = d.own(opt.ArgMap, name) + r = d.own(opt.ArgMap) case "talk": - r = d.talk(opt.ArgMap, name) + r = d.talk(opt.ArgMap) } aa.IndentationLevel = strings.Count( @@ -107,14 +103,10 @@ func getInterfaces(rules map[string]string) []string { return interfaces } -func (d Dbus) own(rules map[string]string, name string) aa.Rules { +func (d Dbus) own(rules map[string]string) aa.Rules { interfaces := getInterfaces(rules) res := aa.Rules{ - &aa.Unix{ - Access: []string{"bind"}, Type: "stream", - Address: `@@{udbus}/bus/` + name + `/` + rules["bus"], - }, &aa.Dbus{ Access: []string{"bind"}, Bus: rules["bus"], Name: rules["name"], }, @@ -170,15 +162,9 @@ func (d Dbus) own(rules map[string]string, name string) aa.Rules { return res } -func (d Dbus) talk(rules map[string]string, name string) aa.Rules { +func (d Dbus) talk(rules map[string]string) aa.Rules { interfaces := getInterfaces(rules) - - res := aa.Rules{ - &aa.Unix{ - Access: []string{"bind"}, Type: "stream", - Address: `@@{udbus}/bus/` + name + `/` + rules["bus"], - }, - } + res := aa.Rules{} // Interfaces for _, iface := range interfaces { diff --git a/pkg/prebuild/directive/dbus_test.go b/pkg/prebuild/directive/dbus_test.go index f2d4997e4..5f8d57d10 100644 --- a/pkg/prebuild/directive/dbus_test.go +++ b/pkg/prebuild/directive/dbus_test.go @@ -10,9 +10,7 @@ import ( "github.com/roddhjav/apparmor.d/pkg/paths" ) -const dbusOwnSystemd1 = ` unix bind type=stream addr=@@{udbus}/bus/fake-own/system, - - dbus bind bus=system name=org.freedesktop.systemd1{,.*}, +const dbusOwnSystemd1 = ` dbus bind bus=system name=org.freedesktop.systemd1{,.*}, dbus receive bus=system path=/org/freedesktop/systemd1{,/**} interface=org.freedesktop.systemd1{,.*} peer=(name="@{busname}"), @@ -75,9 +73,7 @@ func TestDbus_Apply(t *testing.T) { Raw: " #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions", }, profile: " #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions", - want: ` unix bind type=stream addr=@@{udbus}/bus/fake-interface/session, - - dbus bind bus=session name=com.rastersoft.ding{,.*}, + want: ` dbus bind bus=session name=com.rastersoft.ding{,.*}, dbus receive bus=session path=/com/rastersoft/ding{,/**} interface=com.rastersoft.ding{,.*} peer=(name="@{busname}"), @@ -122,9 +118,7 @@ func TestDbus_Apply(t *testing.T) { Raw: " #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon", }, profile: " #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon", - want: ` unix bind type=stream addr=@@{udbus}/bus/gdm-session-wor/system, - - dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**} + want: ` dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**} interface=org.freedesktop.Accounts{,.*} peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon), dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**}