[apparmor] [patch] Add a test_multi testcase for dbus eavesdrop

Christian Boltz apparmor at cboltz.de
Wed Nov 2 20:55:09 UTC 2016 

Hello,

Am Mittwoch, 2. November 2016, 14:15:54 CET schrieb Seth Arnold:
> On Tue, Nov 01, 2016 at 10:38:16PM +0100, Christian Boltz wrote:
> > Hello,
> > 
> > $subject.
> > 
> > The log line (with a different profile=...) was sitting around on my
> > disk since a year, so let's do something useful with it ;-)
> 
> Yay!
> 
> Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks!

> One question inline...
> 
> > === added file
> > 'libraries/libapparmor/testsuite/test_multi/testcase_dbus_07.profil
> > e' ---
> > libraries/libapparmor/testsuite/test_multi/testcase_dbus_07.profile
> > 1970-01-01 00:00:00 +0000 +++
> > libraries/libapparmor/testsuite/test_multi/testcase_dbus_07.profile
> > 2016-11-01 21:20:50 +0000 @@ -0,0 +1,4 @@
> > +/usr/sbin/whatever {
> > +  dbus eavesdrop bus=session,
> > +
> > +}
> 
> This policy isn't quite as strict as it could be; 

As you probably know, I can't really test this myself because dbus rules 
are only supported in the Ubuntu kernel. (Well, at least I can test the 
profile with apparmor_parser.)

That said - man apparmor.d tells me

    The 'eavesdrop' permission cannot be used in rules containing any 
    conditionals outside of the 'bus' conditional.

and that's also what I did when implementing DbusRule in the tools.
Also, apparmor_parser only allows bus= for dbus eavesdrop rules.

I know the log line contains more details, so my guess is that the 
kernel can't do finegrained checks for eavesdrop for whatever reason. 
(It's still surprising that the logging is more detailed.)

> what exactly does it
> represent? Is this just the user hitting <enter> at all questions in
> aa-logprof?

test_multi/*.profile are basically the log "translated" to a rule 
(without any globbing etc.), which means an as-strict-as-possible rule.


Regards,

Christian Boltz
-- 
Der Tag hat 24 Stunden und wenn es sein muss,
dann arbeiten wir auch noch nachts!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161102/43881a22/attachment.pgp>

More information about the AppArmor mailing list