build(directive): add the dbus common subdirective for bus abstraction.

pkg/prebuild/directive/dbus.go

@@ -33,6 +33,7 @@ func init() {
 			Help: []string{
 				"own bus=<bus> name=<name> [interface=AARE] [path=AARE]",
 				"talk bus=<bus> name=<name> label=<profile> [interface=AARE] [path=AARE]",
+				"common bus=<bus> name=<name> label=<profile>",
 			},
 		}},
 	)
@@ -50,6 +51,8 @@ func (d Dbus) Apply(opt *Option, profile string) (string, error) {
 		r = d.own(opt.ArgMap)
 	case "talk":
 		r = d.talk(opt.ArgMap)
+	case "common":
+		r = d.common(opt.ArgMap)
 	}
 
 	aa.IndentationLevel = strings.Count(
@@ -67,7 +70,7 @@ func (d Dbus) sanityCheck(opt *Option) (string, error) {
 		return "", fmt.Errorf("Unknown dbus action: %s in %s", opt.Name, opt.File)
 	}
 	action := opt.ArgList[0]
-	if action != "own" && action != "talk" {
+	if action != "own" && action != "talk" && action != "common" {
 		return "", fmt.Errorf("Unknown dbus action: %s in %s", opt.Name, opt.File)
 	}
 
@@ -208,3 +211,53 @@ func (d Dbus) talk(rules map[string]string) aa.Rules {
 	)
 	return res
 }
+
+func (d Dbus) common(rules map[string]string) aa.Rules {
+	res := aa.Rules{
+
+		// DBus.Properties: read all properties from the interface
+		&aa.Comment{
+			Base: aa.Base{
+				Comment:    " DBus.Properties: read all properties from the interface",
+				IsLineRule: true,
+			},
+		},
+		&aa.Dbus{
+			Access: []string{"send"}, Bus: rules["bus"], Path: rules["path"],
+			Interface: "org.freedesktop.DBus.Properties",
+			Member:    "{Get,GetAll}",
+			PeerName:  `"{@{busname},` + rules["name"] + `}"`, PeerLabel: rules["label"],
+		},
+		nil,
+
+		// DBus.Properties: receive property changed events
+		&aa.Comment{
+			Base: aa.Base{
+				Comment:    " DBus.Properties: receive property changed events",
+				IsLineRule: true,
+			},
+		},
+		&aa.Dbus{
+			Access: []string{"receive"}, Bus: rules["bus"], Path: rules["path"],
+			Interface: "org.freedesktop.DBus.Properties",
+			Member:    "PropertiesChanged",
+			PeerName:  `"{@{busname},` + rules["name"] + `}"`, PeerLabel: rules["label"],
+		},
+		nil,
+
+		// DBus.Introspectable: allow clients to introspect the service
+		&aa.Comment{
+			Base: aa.Base{
+				Comment:    " DBus.Introspectable: allow clients to introspect the service",
+				IsLineRule: true,
+			},
+		},
+		&aa.Dbus{
+			Access: []string{"send"}, Bus: rules["bus"], Path: rules["path"],
+			Interface: "org.freedesktop.DBus.Introspectable",
+			Member:    "Introspect",
+			PeerName:  `"{@{busname},` + rules["name"] + `}"`, PeerLabel: rules["label"],
+		},
+	}
+	return res
+}

pkg/prebuild/directive/dbus_test.go

@@ -6,8 +6,6 @@ package directive
 
 import (
 	"testing"
-
-	"github.com/roddhjav/apparmor.d/pkg/paths"
 )
 
 const dbusOwnSystemd1 = `  dbus bind bus=system name=org.freedesktop.systemd1{,.*},
@@ -52,7 +50,7 @@ func TestDbus_Apply(t *testing.T) {
 					"own":  "",
 				},
 				ArgList: []string{"own", "bus=system", "name=org.freedesktop.systemd1"},
-				File:    paths.New("fake-own"),
+				File:    nil,
 				Raw:     "  #aa:dbus own bus=system name=org.freedesktop.systemd1",
 			},
 			profile: "  #aa:dbus own bus=system name=org.freedesktop.systemd1",
@@ -69,7 +67,7 @@ func TestDbus_Apply(t *testing.T) {
 					"own":        "",
 				},
 				ArgList: []string{"own", "bus=session", "name=com.rastersoft.ding", "interface+=org.gtk.Actions"},
-				File:    paths.New("fake-interface"),
+				File:    nil,
 				Raw:     "  #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions",
 			},
 			profile: "  #aa:dbus own bus=session name=com.rastersoft.ding interface+=org.gtk.Actions",
@@ -114,7 +112,7 @@ func TestDbus_Apply(t *testing.T) {
 					"talk":  "",
 				},
 				ArgList: []string{"talk", "bus=system", "name=org.freedesktop.Accounts", "label=accounts-daemon"},
-				File:    paths.New("gdm-session-worker"),
+				File:    nil,
 				Raw:     "  #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon",
 			},
 			profile: "  #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon",
@@ -138,6 +136,39 @@ func TestDbus_Apply(t *testing.T) {
        member={InterfacesAdded,InterfacesRemoved}
        peer=(name="{@{busname},org.freedesktop.Accounts{,.*}}", label=accounts-daemon),`,
 		},
+		{
+			name: "common",
+			opt: &Option{
+				Name: "dbus",
+				ArgMap: map[string]string{
+					"bus":   "system",
+					"name":  "net.hadess.PowerProfiles",
+					"label": "power-profiles-daemon",
+					"talk":  "",
+				},
+				ArgList: []string{"common", "bus=system", "name=net.hadess.PowerProfiles", "power-profiles-daemon"},
+				File:    nil,
+				Raw:     "  #aa:dbus common bus=system name=net.hadess.PowerProfiles label=power-profiles-daemon",
+			},
+			profile: "  #aa:dbus common bus=system name=net.hadess.PowerProfiles label=power-profiles-daemon",
+			want: `  # DBus.Properties: read all properties from the interface
+  dbus send bus=system path=/net/hadess/PowerProfiles{,/**}
+       interface=org.freedesktop.DBus.Properties
+       member={Get,GetAll}
+       peer=(name="{@{busname},net.hadess.PowerProfiles{,.*}}", label=power-profiles-daemon),
+
+  # DBus.Properties: receive property changed events
+  dbus receive bus=system path=/net/hadess/PowerProfiles{,/**}
+       interface=org.freedesktop.DBus.Properties
+       member=PropertiesChanged
+       peer=(name="{@{busname},net.hadess.PowerProfiles{,.*}}", label=power-profiles-daemon),
+
+  # DBus.Introspectable: allow clients to introspect the service
+  dbus send bus=system path=/net/hadess/PowerProfiles{,/**}
+       interface=org.freedesktop.DBus.Introspectable
+       member=Introspect
+       peer=(name="{@{busname},net.hadess.PowerProfiles{,.*}}", label=power-profiles-daemon),`,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {