Jamie had asked for opinions of Proposal 3 vs Proposal 4 and we didn't get the responses that I had hoped for. There were two votes (Jamie and myself) for Proposal 3 and one (Seth) for Proposal 4.
Rather than let the conversation come to a halt, I'd like to figure out
what tweaks we'd want to make to Proposal 3. It just so happens that
these tweaks should mostly apply to Proposal 4, as well. However, this
email focuses on 3.
I think it is entirely possible to come up with a single line rule
syntax (a la Proposal 3) that can be extended to a multiple line rule
syntax (a la Proposal 4) in the future.
On 2013-06-10 18:44:13, Tyler Hicks wrote:
> * Proposal 3 - Grouping of subject and peer address components
>
> Based on Steve's suggestion[4] and refined by Jamie[5]. It groups the
> connection attributes together based on whether it is the subject's connection
> attributes or the peer's.
>
> dbus [<bus>] [subj=(<subject>)] [acquire],
> dbus [<bus>] [subj=(<subject>)] [peer=(<peer>)] [send | receive],
>
> /usr/bin/gnome-screensaver {
> # Ignore file and accessibility bus access for this exercise
> file,
> dbus bus=accessibility,
>
> # Talks to system and session buses
> dbus bus={system,session} peer=(name=org.freedesktop.DBus) (send receive),
>
> # Sends messages on the system bus
> dbus bus=system peer=(name=org.freedesktop.ConsoleKit
> path=/org/freedesktop/ConsoleKit/Manager
> interface=org.freedesktop.ConsoleKit.Manager) send,
> dbus bus=system peer=(name=org.freedesktop.Accounts
> path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts) send,
> dbus bus=system peer=(name=org.freedesktop.Accounts
> path=/org/freedesktop/Accounts/User*
> interface=org.freedesktop.DBus.Properties) send,
>
> # Receives messages on the session bus
> dbus bus=session subj=(name=org.gnome.ScreenSaver) acquire,
> dbus bus=session subj=(path=/org/gnome/ScreenSaver
> interface=org.freedesktop.DBus.Properties) receive,
> # Be selective because the Lock method is mediated by these rules
> dbus bus=session subj=(path=/org/gnome/ScreenSaver
> interface=org.gnome.ScreenSaver) peer=(label=/usr/bin/gnome-settings-daemon)
> receive,
> dbus bus=session subj=(path=/org/gnome/ScreenSaver
> interface=org.gnome.ScreenSaver) peer=(name=com.canonical.indicator.session)
> receive,
>
> # Sends messages on the session bus
> dbus bus=session peer=(name=org.gnome.SessionManager
> path=/org/gnome/SessionManager/Presence
> interface=org.freedesktop.DBus.Properties) send,
> dbus bus=session peer=(path=/org/gtk/vfs/mounttracker
> interface=org.gtk.vfs.MountTracker) send,
> dbus bus=session peer=(name=org.gnome.Shell path=/org/gnome/Shell
> interface=org.freedesktop.DBus.Properties) send,
> }
>
* Proposal 3.1 - Change subj= to subject=
We don't abbreviate any of the other conditional names, so I think this
is a no-brainer and I'm going to include this change in all of the
proposals below.
I'm including this as its own proposal since we may wish to only make
this change.
dbus [<bus>] [subject=(<subject>)] [acquire],
dbus [<bus>] [subject=(<subject>)] [peer=(<peer>)] [send | receive],
/usr/bin/gnome-screensaver {
# Ignore file and accessibility bus access for this exercise
file,
dbus bus=accessibility,
# Talks to system and session buses
dbus bus={system,session} peer=(name=org.freedesktop.DBus) (send receive),
# Sends messages on the system bus
dbus bus=system peer=(name=org.freedesktop.ConsoleKit
path=/org/freedesktop/ConsoleKit/Manager
interface=org.freedesktop.ConsoleKit.Manager) send,
dbus bus=system peer=(name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts) send,
dbus bus=system peer=(name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts/User* interface=org.freedesktop.DBus.Properties)
send,
# Receives messages on the session bus
dbus bus=session subject=(name=org.gnome.ScreenSaver) acquire,
dbus bus=session subject=(path=/org/gnome/ScreenSaver
interface=org.freedesktop.DBus.Properties) receive,
# Be selective because the Lock method is mediated by these rules
dbus bus=session subject=(path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver) peer=(label=/usr/bin/gnome-settings-daemon)
receive,
dbus bus=session subject=(path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver) peer=(name=com.canonical.indicator.session)
receive,
# Sends messages on the session bus
dbus bus=session peer=(name=org.gnome.SessionManager
path=/org/gnome/SessionManager/Presence
interface=org.freedesktop.DBus.Properties) send,
dbus bus=session peer=(path=/org/gtk/vfs/mounttracker
interface=org.gtk.vfs.MountTracker) send,
dbus bus=session peer=(name=org.gnome.Shell path=/org/gnome/Shell
interface=org.freedesktop.DBus.Properties) send,
}
* Proposal 3.2 - Move the access to the front
NOTE: This proposal can be combined with any of the other proposals
Move the access towards the front of the rule, just behind the "dbus"
keyword. This may help a policy reader quickly identify what permissions
are being granted by the rule.
I don't like the look of putting the access just after the bus=
conditional, so I'm not including that as an example. If someone feels
very strongly about that option, speak up.
dbus [acquire] [<bus>] [subject=(<subject>)] [acquire],
dbus [send | receive] [<bus>] [subject=(<subject>)] [peer=(<peer>)],
/usr/bin/gnome-screensaver {
# Ignore file and accessibility bus access for this exercise
file,
dbus bus=accessibility,
# Talks to system and session buses
dbus (send receive) bus={system,session} peer=(name=org.freedesktop.DBus),
# Sends messages on the system bus
dbus send bus=system peer=(name=org.freedesktop.ConsoleKit
path=/org/freedesktop/ConsoleKit/Manager
interface=org.freedesktop.ConsoleKit.Manager),
dbus send bus=system peer=(name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts),
dbus send bus=system peer=(name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts/User* interface=org.freedesktop.DBus.Properties),
# Receives messages on the session bus
dbus acquire bus=session subject=(name=org.gnome.ScreenSaver),
dbus receive bus=session subject=(path=/org/gnome/ScreenSaver
interface=org.freedesktop.DBus.Properties),
# Be selective because the Lock method is mediated by these rules
dbus receive bus=session subject=(path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver) peer=(label=/usr/bin/gnome-settings-daemon),
dbus receive bus=session subject=(path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver) peer=(name=com.canonical.indicator.session),
# Sends messages on the session bus
dbus send bus=session peer=(name=org.gnome.SessionManager
path=/org/gnome/SessionManager/Presence
interface=org.freedesktop.DBus.Properties),
dbus send bus=session peer=(path=/org/gtk/vfs/mounttracker
interface=org.gtk.vfs.MountTracker),
dbus send bus=session peer=(name=org.gnome.Shell path=/org/gnome/Shell
interface=org.freedesktop.DBus.Properties),
}
* Proposal 3.3 - Drop the equal signs for grouping
Remove the equals sign from the subject and peer groupings.
dbus [<bus>] [subject(<subject>)] [acquire],
dbus [<bus>] [subject(<subject>)] [peer(<peer>)] [send | receive],
/usr/bin/gnome-screensaver {
# Ignore file and accessibility bus access for this excercise
file,
dbus bus=accessibility,
# Talks to system and session buses
dbus bus={system,session} peer(name=org.freedesktop.DBus) (send receive),
# Sends messages on the system bus
dbus bus=system peer(name=org.freedesktop.ConsoleKit
path=/org/freedesktop/ConsoleKit/Manager
interface=org.freedesktop.ConsoleKit.Manager) send,
dbus bus=system peer(name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts) send,
dbus bus=system peer(name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts/User* interface=org.freedesktop.DBus.Properties)
send,
# Receives messages on the session bus
dbus bus=session subject(name=org.gnome.ScreenSaver) acquire,
dbus bus=session subject(path=/org/gnome/ScreenSaver
interface=org.freedesktop.DBus.Properties) receive,
# Be selective because the Lock method is mediated by these rules
dbus bus=session subject(path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver) peer(label=/usr/bin/gnome-settings-daemon)
receive,
dbus bus=session subject(path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver) peer(name=com.canonical.indicator.session)
receive,
# Sends messages on the session bus
dbus bus=session peer(name=org.gnome.SessionManager
path=/org/gnome/SessionManager/Presence
interface=org.freedesktop.DBus.Properties) send,
dbus bus=session peer(path=/org/gtk/vfs/mounttracker
interface=org.gtk.vfs.MountTracker) send,
dbus bus=session peer(name=org.gnome.Shell path=/org/gnome/Shell
interface=org.freedesktop.DBus.Properties) send,
}
* Proposal 3.4 - Replace the equal signs with a space for grouping
dbus [<bus>] [subject (<subject>)] [acquire],
dbus [<bus>] [subject (<subject>)] [peer (<peer>)] [send | receive],
/usr/bin/gnome-screensaver {
# Ignore file and accessibility bus access for this excercise
file,
dbus bus=accessibility,
# Talks to system and session buses
dbus bus={system,session} peer (name=org.freedesktop.DBus) (send receive),
# Sends messages on the system bus
dbus bus=system peer (name=org.freedesktop.ConsoleKit
path=/org/freedesktop/ConsoleKit/Manager
interface=org.freedesktop.ConsoleKit.Manager) send,
dbus bus=system peer (name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts) send,
dbus bus=system peer (name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts/User* interface=org.freedesktop.DBus.Properties)
send,
# Receives messages on the session bus
dbus bus=session subject (name=org.gnome.ScreenSaver) acquire,
dbus bus=session subject (path=/org/gnome/ScreenSaver
interface=org.freedesktop.DBus.Properties) receive,
# Be selective because the Lock method is mediated by these rules
dbus bus=session subject (path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver) peer (label=/usr/bin/gnome-settings-daemon)
receive,
dbus bus=session subject (path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver) peer (name=com.canonical.indicator.session)
receive,
# Sends messages on the session bus
dbus bus=session peer (name=org.gnome.SessionManager
path=/org/gnome/SessionManager/Presence
interface=org.freedesktop.DBus.Properties) send,
dbus bus=session peer (path=/org/gtk/vfs/mounttracker
interface=org.gtk.vfs.MountTracker) send,
dbus bus=session peer (name=org.gnome.Shell path=/org/gnome/Shell
interface=org.freedesktop.DBus.Properties) send,
}
* Proposal 3.5 - Replace the equal signs with a space and use curly
braces for grouping
dbus [<bus>] [subject {<subject>}] [acquire],
dbus [<bus>] [subject {<subject>}] [peer {<peer>}] [send | receive],
/usr/bin/gnome-screensaver {
# Ignore file and accessibility bus access for this excercise
file,
dbus bus=accessibility,
# Talks to system and session buses
dbus bus={system,session} peer {name=org.freedesktop.DBus} (send receive),
# Sends messages on the system bus
dbus bus=system peer {name=org.freedesktop.ConsoleKit
path=/org/freedesktop/ConsoleKit/Manager
interface=org.freedesktop.ConsoleKit.Manager} send,
dbus bus=system peer {name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts} send,
dbus bus=system peer {name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts/User* interface=org.freedesktop.DBus.Properties}
send,
# Receives messages on the session bus
dbus bus=session subject {name=org.gnome.ScreenSaver} acquire,
dbus bus=session subject {path=/org/gnome/ScreenSaver
interface=org.freedesktop.DBus.Properties} receive,
# Be selective because the Lock method is mediated by these rules
dbus bus=session subject {path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver} peer {label=/usr/bin/gnome-settings-daemon}
receive,
dbus bus=session subject {path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver} peer {name=com.canonical.indicator.session}
receive,
# Sends messages on the session bus
dbus bus=session peer {name=org.gnome.SessionManager
path=/org/gnome/SessionManager/Presence
interface=org.freedesktop.DBus.Properties} send,
dbus bus=session peer {path=/org/gtk/vfs/mounttracker
interface=org.gtk.vfs.MountTracker} send,
dbus bus=session peer {name=org.gnome.Shell path=/org/gnome/Shell
interface=org.freedesktop.DBus.Properties} send,
}
* Proposal 3.6 - Replace the equals signs with a space and use no
characters for grouping
dbus [<bus>] [subject <subject>] [acquire],
dbus [<bus>] [subject <subject>] [peer <peer>] [send | receive],
/usr/bin/gnome-screensaver {
# Ignore file and accessibility bus access for this excercise
file,
dbus bus=accessibility,
# Talks to system and session buses
dbus bus={system,session} peer name=org.freedesktop.DBus (send receive),
# Sends messages on the system bus
dbus bus=system peer name=org.freedesktop.ConsoleKit
path=/org/freedesktop/ConsoleKit/Manager
interface=org.freedesktop.ConsoleKit.Manager send,
dbus bus=system peer name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts send,
dbus bus=system peer name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts/User* interface=org.freedesktop.DBus.Properties
send,
# Receives messages on the session bus
dbus bus=session subject name=org.gnome.ScreenSaver acquire,
dbus bus=session subject path=/org/gnome/ScreenSaver
interface=org.freedesktop.DBus.Properties receive,
# Be selective because the Lock method is mediated by these rules
dbus bus=session subject path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver peer label=/usr/bin/gnome-settings-daemon
receive,
dbus bus=session subject path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver peer name=com.canonical.indicator.session
receive,
# Sends messages on the session bus
dbus bus=session peer name=org.gnome.SessionManager
path=/org/gnome/SessionManager/Presence
interface=org.freedesktop.DBus.Properties send,
dbus bus=session peer path=/org/gtk/vfs/mounttracker
interface=org.gtk.vfs.MountTracker send,
dbus bus=session peer name=org.gnome.Shell path=/org/gnome/Shell
interface=org.freedesktop.DBus.Properties send,
}
Tyler
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
