1. 18 Feb, 2015 7 commits
    • Tyler Hicks's avatar
      Add DBus method to return the AA context of a connection · 24f1502e
      Tyler Hicks authored
      This is not intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.
      
      [Altered by Simon McVittie: survive non-UTF-8 contexts which
      would otherwise be a local denial of service, except that Ubuntu
      inherits a non-fatal warnings patch from Debian; new commit message
      taken from the Ubuntu changelog; do not emit unreachable code if
      AppArmor is disabled.]
      24f1502e
    • Tyler Hicks's avatar
      Mediation of processes eavesdropping · 66979aae
      Tyler Hicks authored
      When an AppArmor confined process wants to eavesdrop on a bus, a check
      is performed to see if the action should be allowed.
      
      The check is based on the connection's label and the bus type.
      
      This patch adds a new hook, which was not previously included in the
      SELinux mediation, to mediate eavesdropping from
      bus_driver_handle_add_match().
      
      A new function is added to bus/signals.c to see if a match rule is an
      eavesdropping rule since the rule flags field is private to signals.c.
      
      An example AppArmor rule that would allow a process to eavesdrop on the
      session bus would be:
      
        dbus eavesdrop bus=session,
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Reviewed-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
      66979aae
    • John Johansen's avatar
      Mediation of processes sending and receiving messages · d9a2fdb9
      John Johansen authored
      When an AppArmor confined process wants to send or receive a message, a
      check is performed to see if the action should be allowed.
      
      When a message is going through dbus-daemon, there are two checks
      performed at once. One for the sending process and one for the receiving
      process.
      
      The checks are based on the process's label, the bus type, destination,
      path, interface, and member, as well as the peer's label and/or
      destination name.
      
      This allows for the traditional connection-based enforcement, as well as
      any fine-grained filtering desired by the system administrator.
      
      It is important to note that error and method_return messages are
      allowed to cut down on the amount of rules needed. If a process was
      allowed to send a message, it can receive error and method_return
      messages.
      
      An example AppArmor rule that would be needed to allow a process to call
      the UpdateActivationEnvironment method of the session bus itself would be:
      
        dbus send bus=session path=/org/freedesktop/DBus
             interface=org.freedesktop.DBus member=UpdateActivationEnvironment
             peer=(name=org.freedesktop.DBus),
      
      To receive any message on the system bus from a process confined by
      the "confined-client" AppArmor profile:
      
        dbus receive bus=system peer=(label=confined-client),
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      [tyhicks: Use BusAppArmorConfinement, bug fixes, cleanup, commit msg]
      [tyhicks: Pass the message type to the AppArmor hook]
      [tyhicks: Don't audit unrequested reply message denials]
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      [smcv: when AA denies sending, don't label requested_reply as "matched rules"]
      Reviewed-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
      Reviewed-by: default avatarTyler Hicks <tyhicks@canonical.com>
      d9a2fdb9
    • John Johansen's avatar
      Mediation of processes that acquire well-known names · c2686d53
      John Johansen authored
      When an AppArmor confined process wants to acquire a well-known name, a
      check is performed to see if the action should be allowed.
      
      The check is based on the connection's label, the bus type, and the name
      being requested.
      
      An example AppArmor rule that would allow the name
      "com.example.ExampleName" to be acquired on the system bus would be:
      
        dbus bind bus=system name=com.example.ExampleName,
      
      To let a process acquire any name on any bus, the rule would be:
      
        dbus bind,
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      [tyhicks: Use BusAppArmorConfinement, bug fixes, cleanup, commit msg]
      [tyhicks: initialize reserved area at the start of the query string]
      [tyhicks: Use empty string for NULL bustypes when building queries]
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Reviewed-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
      c2686d53
    • Tyler Hicks's avatar
      Store AppArmor label of connecting processes · cd23a5df
      Tyler Hicks authored
      When processes connect the bus, the AppArmor confinement context should
      be stored for later use when checks are to be done during message
      sending/receiving, acquire a name, and eavesdropping.
      
      Code outside of apparmor.c will need to initialize and unreference the
      confinement context, so bus_apparmor_confinement_unref() can no longer
      be a static function.
      
      [Move bus_apparmor_confinement_unref back to its old location for
      a more reasonable diff -smcv]
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113Reviewed-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
      cd23a5df
    • John Johansen's avatar
      Initialize AppArmor mediation · 2a881a9e
      John Johansen authored
      When starting dbus-daemon, autodetect AppArmor kernel support and use
      the results from parsing the busconfig to determine if mediation should
      be enabled.
      
      In the busconfig, "enabled" means that kernel support is autodetected
      and, if available, AppArmor mediation occurs in dbus-daemon. In
      "enabled" mode, if kernel support is not detected, mediation is
      disabled. "disabled" means that mediation does not occur. "required"
      means that kernel support must be detected for dbus-daemon to start.
      
      Additionally, when libaudit support is built into dbus-daemon, the
      AppArmor initialization routines set up the audit connection.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      [tyhicks: Honor enforcement modes and detect AppArmor dbus rule support]
      [tyhicks: fix unreachable return when AppArmor support is built]
      [tyhicks: make bus_apparmor_full_init() able to raise a DBusError]
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      [smcv: _bus_apparmor_aa_supports_dbus: document necessary kernel API guarantee]
      [smcv: bus_apparmor_pre_init: distinguish between OOM and AppArmor not enabled]
      [smcv: document why we open() and not just stat()]
      Reviewed-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
      Reviewed-by: default avatarTyler Hicks <tyhicks@canonical.com>
      2a881a9e
    • Tyler Hicks's avatar
      Add apparmor element support to bus config parsing · 06033cb2
      Tyler Hicks authored
      The <apparmor> element can contain a single mode attribute that has one
      of three values:
      
       "enabled"
       "disabled"
       "required"
      
      "enabled" means that kernel support is autodetected and, if available,
      AppArmor mediation occurs in dbus-daemon. If kernel support is not
      detected, mediation is disabled. "disabled" means that mediation does
      not occur. "required" means that kernel support must be detected for
      dbus-daemon to start.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Reviewed-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
      06033cb2
  2. 14 Jul, 2009 1 commit
  3. 10 Jul, 2009 1 commit
  4. 14 Jul, 2007 1 commit
  5. 24 May, 2007 1 commit
  6. 16 Sep, 2006 1 commit
    • Havoc Pennington's avatar
      voc Pennington <hp@redhat.com> · 8027efc9
      Havoc Pennington authored
      	* dbus/dbus-server.c (dbus_server_listen): change how this works
      	to be able to delegate to a set of handlers that can succeed,
      	fail, or choose not to handle. Allows us to have
      	dbus_server_listen_platform_specific.
      
      	* dbus/dbus-server-socket.c (_dbus_server_new_for_tcp_socket):
      	factor out the tcp socket stuff to be used on windows, leaving
      	unix domain socket only in dbus-socket-unix.c
      
      	* dbus/dbus-transport-socket.c
      	(_dbus_transport_new_for_tcp_socket): factor out the tcp socket
      	stuff to be used on windows, leaving unix domain socket only
      	in dbus-transport-unix.c
      
      	* dbus/dbus-connection.c (dbus_connection_get_unix_user): insert
      	temporary hack to be sure this fails on windows
      	(dbus_connection_get_unix_process_id): ditto
      8027efc9
  7. 09 Sep, 2004 1 commit
  8. 10 Aug, 2004 1 commit
  9. 02 Dec, 2003 1 commit
  10. 04 Jun, 2003 1 commit
    • Havoc Pennington's avatar
      2003-06-04 Havoc Pennington <hp@pobox.com> · a70b042f
      Havoc Pennington authored
      	* dbus/dbus-server.c (dbus_server_listen): allow abstract sockets
      	using unix:abstract=/foo, and when listening in a tmpdir
      	i.e. unix:tmpdir=/tmp, always use abstract sockets if we can.
      
      	* dbus/dbus-transport.c (_dbus_transport_open): support
      	unix:abstract=/foo
      
      	* dbus/dbus-server-unix.c (_dbus_server_new_for_domain_socket):
      	support abstract sockets
      
      	* dbus/dbus-transport-unix.c
      	(_dbus_transport_new_for_domain_socket): support abstract sockets
      
      	* dbus/dbus-sysdeps.c (_dbus_connect_unix_socket): add "abstract"
      	toggle as an argument, implement abstract namespace support
      	(_dbus_listen_unix_socket): ditto
      
      	* configure.in: add --enable-abstract-sockets and implement
      	a configure check for autodetection of the right value.
      a70b042f
  11. 31 Mar, 2003 1 commit
    • Havoc Pennington's avatar
      2003-03-31 Havoc Pennington <hp@pobox.com> · 29c71168
      Havoc Pennington authored
      	* dbus/dbus-transport-unix.c (_dbus_transport_new_for_domain_socket)
      	(_dbus_transport_new_for_tcp_socket): these didn't need the "server"
      	argument since they are always client side
      
      	* dbus/dbus-server.c (dbus_server_get_address): new function
      
      	* bus/main.c (main): take the configuration file as an argument.
      
      	* test/data/valid-config-files/debug-allow-all.conf: new file to
      	use with dispatch.c tests for example
      
      	* bus/test-main.c (main): require test data dir
      
      	* bus/bus.c (bus_context_new): change this to take a
      	configuration file name as argument
      
      	* doc/config-file.txt (Elements): add <servicedir>
      
      	* bus/system.conf, bus/session.conf: new files
      
      	* dbus/dbus-bus.c (dbus_bus_get): look for system bus on
      	well-known socket if none set
      
      	* configure.in: create system.conf and session.conf
      29c71168
  12. 25 Mar, 2003 1 commit
    • Havoc Pennington's avatar
      2003-03-24 Havoc Pennington <hp@redhat.com> · ce4fd314
      Havoc Pennington authored
      	* dbus/dbus-sysdeps.c (_dbus_set_fd_nonblocking): move to this
      	file
      
      	* dbus/dbus-errors.c (dbus_set_error, dbus_set_error_const): allow
      	NULL argument for "message" if the error is a well-known one,
      	fill in a generic message in this case.
      
      	* dbus/dbus-errors.h (DBusResultCode): Kill DBusResultCode in
      	favor of DBusError
      
      	* bus/test.c (bus_test_flush_bus): add
      
      	* bus/policy.c (bus_policy_test): test code stub
      ce4fd314
  13. 19 Feb, 2003 1 commit
    • Mikael Hallendal's avatar
      2003-02-19 Mikael Hallendal <micke@codefactory.se> · 6180d695
      Mikael Hallendal authored
      	* dbus/dbus-server.c (dbus_server_listen): Support tcp: addresses.
      
      	* dbus/dbus-transport-unix.c (_dbus_transport_new_for_tcp_socket):
      	Added to create a transport connecting using a tcp/ip socket.
      
      	* dbus/dbus-sysdeps.c (_dbus_connect_tcp_socket): Added to connect
      	to a tcp socket at given host and port.
      	(_dbus_listen_tcp_socket): added to listen on tcp socket for given
      	hostname and port.
      
      	* dbus/dbus-server.c (dbus_server_listen): Support tcp: addresses.
      
      	* dbus/dbus-server-unix.c (_dbus_server_new_for_tcp_socket):
      	Added to create a server listening on a TCP/IP socket.
      6180d695
  14. 25 Nov, 2002 1 commit
    • Havoc Pennington's avatar
      2002-11-24 Havoc Pennington <hp@pobox.com> · 041b0767
      Havoc Pennington authored
              * test/echo-client.c, test/echo-server.c: cheesy test
      	clients.
      
      	* configure.in (AC_CHECK_FUNCS): check for writev
      
      	* dbus/dbus-message.c (_dbus_message_get_network_data): new
      	function
      
      	* dbus/dbus-list.c (_dbus_list_foreach): new function
      
      	* dbus/dbus-internals.c (_dbus_verbose): new function
      
      	* dbus/dbus-server.c, dbus/dbus-server.h: public object
      	representing a server that listens for connections.
      
      	* dbus/.cvsignore: create
      
      	* dbus/dbus-errors.h, dbus/dbus-errors.c:
      	public API for reporting errors
      
      	* dbus/dbus-connection.h, dbus/dbus-connection.c:
      	public object representing a connection that
      	sends/receives messages. (Same object used for
      	both client and server.)
      
      	* dbus/dbus-transport.h, dbus/dbus-transport.c:
      	Basic abstraction for different kinds of stream
      	that we might read/write messages from.
      041b0767
  15. 23 Nov, 2002 1 commit
    • Havoc Pennington's avatar
      2002-11-23 Havoc Pennington <hp@pobox.com> · 1428c65e
      Havoc Pennington authored
      	* configure.in: pile on more warning flags if using gcc
      
      	* Doxyfile.in (EXTRACT_STATIC): set to NO, so we don't have
      	to document static functions
      
      	* configure.in: add summary to end of configure so it
      	looks nice and attractive
      
      	* dbus/dbus-hash.c: finish implementation and write unit
      	tests and docs
      
      	* configure.in: add --enable-tests to enable unit tests
      
      	* dbus/dbus-test.c: test program to run unit tests
      	for all files in dbus/*, initially runs a test for
      	dbus-hash.c
      
      	* dbus/dbus-internals.h: file to hold some internal utility stuff
      1428c65e
  16. 22 Nov, 2002 3 commits
  17. 21 Nov, 2002 3 commits
    • Havoc Pennington's avatar
      2002-11-21 Havoc Pennington <hp@redhat.com> · 5a6adeee
      Havoc Pennington authored
      	* dbus/Makefile.am (INCLUDES): define DBUS_COMPILATION
      	so we can allow ourselves to include files directly,
      	instead of having to use dbus.h
      
      	* dbus/dbus.h: fill in
      
      	* dbus/dbus-message.h: sketch out a sample header file.
      	Include griping if you include it directly instead of
      	via dbus.h
      
      	* dbus/dbus-macros.h: new file with macros for extern "C",
      	TRUE/FALSE, NULL, etc.
      
      	* doc/file-boilerplate.c: put include guards in here
      5a6adeee
    • Havoc Pennington's avatar
      2002-11-21 Havoc Pennington <hp@redhat.com> · 89161753
      Havoc Pennington authored
      	* doc/file-boilerplate.c: include both AFL and GPL boilerplate.
      
      	* COPYING: include the GPL as well, and license code
      	under both AFL and GPL.
      89161753
    • Havoc Pennington's avatar
      add file-boilerplate.c · f6343e58
      Havoc Pennington authored
      f6343e58