felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(dbus): simplify the way to provide unix address for dbus.

Browse source
This commit is contained in:
Alexandre Pujol 2025-03-06 23:46:49 +01:00
parent f360d12ec1
commit 03406096ce
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
4 changed files with 11 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/abstractions/bus-session
View file

@ -4,9 +4,7 @@
abi <abi/4.0>, abi <abi/4.0>,
unix (bind, listen) type=stream addr="@/tmp/dbus-*", unix bind type=stream addr=@@{udbus}/bus/@{profile_name}/session,
unix (connect, send, receive, accept) type=stream addr="@/tmp/dbus-*",
unix (connect, send, receive, accept) type=stream peer=(addr="@/tmp/dbus-*"),
dbus send bus=session path=/org/freedesktop/DBus dbus send bus=session path=/org/freedesktop/DBus
interface=org.freedesktop.DBus interface=org.freedesktop.DBus

2
apparmor.d/abstractions/bus-system
View file

@ -4,6 +4,8 @@
abi <abi/4.0>, abi <abi/4.0>,
unix bind type=stream addr=@@{udbus}/bus/@{profile_name}/system,
dbus send bus=system path=/org/freedesktop/DBus dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus interface=org.freedesktop.DBus
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}

24
pkg/prebuild/directive/dbus.go
View file

@ -45,15 +45,11 @@ func (d Dbus) Apply(opt *Option, profile string) (string, error) {
if err != nil { if err != nil {
return "", err return "", err
} }
name := opt.File.Base()
if len(name) > 15 {
name = name[:15]
}
switch action { switch action {
case "own": case "own":
r = d.own(opt.ArgMap, name) r = d.own(opt.ArgMap)
case "talk": case "talk":
r = d.talk(opt.ArgMap, name) r = d.talk(opt.ArgMap)
} }
aa.IndentationLevel = strings.Count( aa.IndentationLevel = strings.Count(
@ -107,14 +103,10 @@ func getInterfaces(rules map[string]string) []string {
return interfaces return interfaces
} }
func (d Dbus) own(rules map[string]string, name string) aa.Rules { func (d Dbus) own(rules map[string]string) aa.Rules {
interfaces := getInterfaces(rules) interfaces := getInterfaces(rules)
res := aa.Rules{ res := aa.Rules{
&aa.Unix{
Access: []string{"bind"}, Type: "stream",
Address: `@@{udbus}/bus/` + name + `/` + rules["bus"],
},
&aa.Dbus{ &aa.Dbus{
Access: []string{"bind"}, Bus: rules["bus"], Name: rules["name"], Access: []string{"bind"}, Bus: rules["bus"], Name: rules["name"],
}, },
@ -170,15 +162,9 @@ func (d Dbus) own(rules map[string]string, name string) aa.Rules {
return res return res
} }
func (d Dbus) talk(rules map[string]string, name string) aa.Rules { func (d Dbus) talk(rules map[string]string) aa.Rules {
interfaces := getInterfaces(rules) interfaces := getInterfaces(rules)
res := aa.Rules{}
res := aa.Rules{
&aa.Unix{
Access: []string{"bind"}, Type: "stream",
Address: `@@{udbus}/bus/` + name + `/` + rules["bus"],
},
}
// Interfaces // Interfaces
for _, iface := range interfaces { for _, iface := range interfaces {

12
pkg/prebuild/directive/dbus_test.go
View file

@ -10,9 +10,7 @@ import (
"github.com/roddhjav/apparmor.d/pkg/paths" "github.com/roddhjav/apparmor.d/pkg/paths"
) )
const dbusOwnSystemd1 = ` unix bind type=stream addr=@@{udbus}/bus/fake-own/system, const dbusOwnSystemd1 = ` dbus bind bus=system name=org.freedesktop.systemd1{,.*},
dbus bind bus=system name=org.freedesktop.systemd1{,.*},
dbus receive bus=system path=/org/freedesktop/systemd1{,/**} dbus receive bus=system path=/org/freedesktop/systemd1{,/**}
interface=org.freedesktop.systemd1{,.*} interface=org.freedesktop.systemd1{,.*}
peer=(name="@{busname}"), peer=(name="@{busname}"),
@ -75,9 +73,7 @@ func TestDbus_Apply(t *testing.T) {
Raw: " #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions", Raw: " #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions",
}, },
profile: " #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions", profile: " #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions",
want: ` unix bind type=stream addr=@@{udbus}/bus/fake-interface/session, want: ` dbus bind bus=session name=com.rastersoft.ding{,.*},
dbus bind bus=session name=com.rastersoft.ding{,.*},
dbus receive bus=session path=/com/rastersoft/ding{,/**} dbus receive bus=session path=/com/rastersoft/ding{,/**}
interface=com.rastersoft.ding{,.*} interface=com.rastersoft.ding{,.*}
peer=(name="@{busname}"), peer=(name="@{busname}"),
@ -122,9 +118,7 @@ func TestDbus_Apply(t *testing.T) {
Raw: " #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon", Raw: " #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon",
}, },
profile: " #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon", profile: " #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon",
want: ` unix bind type=stream addr=@@{udbus}/bus/gdm-session-wor/system, want: ` dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**}
dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**}
interface=org.freedesktop.Accounts{,.*} interface=org.freedesktop.Accounts{,.*}
peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon), peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon),
dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**} dbus (send receive) bus=system path=/org/freedesktop/Accounts{,/**}