Commit 43972361 authored by Tyler Hicks's avatar Tyler Hicks Committed by Simon McVittie

Mediation of processes becoming a monitor

When an AppArmor confined process wants to become a monitor, a check is
performed to see if eavesdropping should be allowed.

The check is based on the connection's label and the bus type.

This patch reuses the bus_apparmor_allows_eavesdropping() hook.

An example AppArmor rule that would allow a process to become a monitor
on the system bus would be:

  dbus eavesdrop bus=system,

Bug: default avatarTyler Hicks <>
Reviewed-by: default avatarSimon McVittie <>
parent 66979aae
......@@ -1924,6 +1924,8 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
DBusError *error)
char **match_rules = NULL;
const char *bustype;
BusContext *context;
BusMatchRule *rule;
DBusList *rules = NULL;
DBusList *iter;
......@@ -1938,6 +1940,11 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
if (!bus_driver_check_message_is_for_us (message, error))
goto out;
context = bus_transaction_get_context (transaction);
bustype = context ? bus_context_get_type (context) : NULL;
if (!bus_apparmor_allows_eavesdropping (connection, bustype, error))
goto out;
if (!bus_driver_check_caller_is_privileged (connection, transaction,
message, error))
goto out;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment