Commit 43972361 authored by Tyler Hicks's avatar Tyler Hicks Committed by Simon McVittie

Mediation of processes becoming a monitor

When an AppArmor confined process wants to become a monitor, a check is
performed to see if eavesdropping should be allowed.

The check is based on the connection's label and the bus type.

This patch reuses the bus_apparmor_allows_eavesdropping() hook.

An example AppArmor rule that would allow a process to become a monitor
on the system bus would be:

  dbus eavesdrop bus=system,

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
Reviewed-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
parent 66979aae
......@@ -1924,6 +1924,8 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
DBusError *error)
{
char **match_rules = NULL;
const char *bustype;
BusContext *context;
BusMatchRule *rule;
DBusList *rules = NULL;
DBusList *iter;
......@@ -1938,6 +1940,11 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
if (!bus_driver_check_message_is_for_us (message, error))
goto out;
context = bus_transaction_get_context (transaction);
bustype = context ? bus_context_get_type (context) : NULL;
if (!bus_apparmor_allows_eavesdropping (connection, bustype, error))
goto out;
if (!bus_driver_check_caller_is_privileged (connection, transaction,
message, error))
goto out;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment