mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-22 10:07:12 +00:00
ab84444d3a
This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
The apparmor_parser allows you to add, replace, and remove AppArmor policy through the use of command line options. The default is to add. `apparmor_parser --help` shows what the command line options are. You can also find more information at <http://forge.novell.com/modules/xfmod/project/?apparmor>. Please send all complaints, bug reports, feature requests, rants about the software, and questions to apparmor-general@forge.novell.com. Security issues should be directed to security@suse.de or secure@novell.com, where we will attempt to conform to the RFP vulnerability disclosure protocol: http://www.wiretrip.net/rfp/policy.html Thanks. -- The AppArmor development team