parser: Add dbus eavesdrop permission support to apparmor_parser

Allows for the policy writer to grant permission to eavesdrop on the specified bus. Some example rules for granting the eavesdrop permission are: # Grant send, receive, bind, and eavesdrop dbus, # Grant send, receive, bind, and eavesdrop on the session bus dbus bus=session, # Grant send and eavesdrop on the system bus dbus (send eavesdrop) bus=system, # Grant eavesdrop on any bus dbus eavesdrop, Eavesdropping rules can contain the bus conditional. Any other conditionals are not compatible with eavesdropping rules and the parser will return an error. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2025-08-31 06:16:03 +00:00 · 2013-12-06 11:17:43 -08:00
parent b7e9efdc98
commit 1580ba5ac1
7 changed files with 27 additions and 4 deletions
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -146,6 +146,7 @@ static struct keyword_table keyword_table[] = {
 	{"bind",                TOK_BIND},
 	{"read",                TOK_READ},
 	{"write",               TOK_WRITE},
+	{"eavesdrop",		TOK_EAVESDROP},
 	{"peer",		TOK_PEER},

 	/* terminate */