• Simon McVittie's avatar
    Mediate auto-activation attempts through AppArmor · dc25979e
    Simon McVittie authored
    Because the recipient process is not yet available, we have to make some
    assumption about its AppArmor profile. Parsing the first word of
    the Exec value and then chasing symlinks seems like too much magic,
    so I've gone for something more explicit. If the .service file contains
    then we will do the AppArmor query on the assumption that the recipient
    AppArmor label will be as stated. Otherwise, we will do a query
    with an unspecified label, which means that AppArmor rules that do
    specify a peer label will never match it.
    Regardless of the result of this query, we will do an independent
    AppArmor query when the activation has actually happened, this time
    with the correct peer label; that second query will still be used
    to decide whether to deliver the message. As a result, if this change
    has any effect, it is to make the bus more restrictive; it does not
    allow anything that would previously have been denied.
    Signed-off-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
    Reviewed-by: Philip Withnall's avatarPhilip Withnall <philip.withnall@collabora.co.uk>
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98666
desktop-file.h 2.19 KB