mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/parser/dbus.cc

306 lines
7.9 KiB
C++
Raw Normal View History

parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
/*
* Copyright (c) 2013
* Canonical, Ltd. (All rights reserved)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, contact Novell, Inc. or Canonical
* Ltd.
*/
#include <stdlib.h>
#include <string.h>
parser: Add make variable to build against local or system libapparmor [v3] By default, statically link against the in-tree libapparmor. If the in-tree libapparmor is not yet built, print a helpful error message. To build against the system libapparmor, the USE_SYSTEM make variable can be set on the command line like so: $ make USE_SYSTEM=1 This patch also fixes issues around the inclusion of the apparmor.h header. Previously, the in-tree apparmor.h was always being included even if the parser was being linked against the system libapparmor. It modifies the apparmor.h include path based on the previous patch separating them out in the libapparmor source. This was needed because header file name collisions were already occurring. For source files needing to include apparmor.h, the make targets were also updated to depend on the local apparmor.h when building against the in-tree libapparmor. When building against the system libapparmor, the variable used in the dependency list is empty. Likewise, a libapparmor.a dependency is added to the apparmor_parser target when building against the in-tree apparmor. Patch history: v1: from Tyler Hicks <tyhicks@canonical.com> - initial version v2: revert to altering the include search path rather than including the apparmor.h header directly via cpp arguments, alter the include statements to <sys/apparmor.h> which will work against either in-tree or (default) system paths. v3: convert controlling variable to USE_SYSTEM from SYSTEM_LIBAPPARMOR to unify between the parser and the regression tests. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Steve Beattie <steve@nxnw.org>
2014-01-06 14:46:10 -08:00
#include <sys/apparmor.h>
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
#include <iomanip>
#include <string>
#include <sstream>
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
#include "parser.h"
Convert codomain to a class Convert the codomain to a class, and the policy lists that store codomains to stl containers instead of glibc twalk. Signed-off-by: John Johansen <john.johansen@canonical.com> [tyhicks: Merge with dbus changes and process_file_entries() cleanup] Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2013-09-27 16:16:37 -07:00
#include "profile.h"
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
#include "parser_yacc.h"
#include "dbus.h"
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
int parse_dbus_mode(const char *str_mode, int *mode, int fail)
{
make the parse_sub_mode code more generic Make it more generic so that it can be shared with signals. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:19:19 -07:00
return parse_X_mode("DBus", AA_VALID_DBUS_PERMS, str_mode, mode, fail);
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
}
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
void dbus_rule::move_conditionals(struct cond_entry *conds)
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
{
struct cond_entry *cond_ent;
list_for_each(conds, cond_ent) {
/* for now disallow keyword 'in' (list) */
if (!cond_ent->eq)
yyerror("keyword \"in\" is not allowed in dbus rules\n");
if (list_len(cond_ent->vals) > 1)
yyerror("dbus conditional \"%s\" only supports a single value\n",
cond_ent->name);
if (strcmp(cond_ent->name, "bus") == 0) {
fix: the what names can treated as a condlistid The match {VARIABLE_NAME}/{WS}*={WS}*\( is too broad causing mount and dbus rules to fail for sets of values eg. mount options=(ro bind) Instead of doing a broad match, for now lets lock it down to just peer=(...) being the only cond that can cause entry into CONDLISTID Signed-off-by: John Johansen <john.johansen@canonical.com>
2014-04-23 11:36:26 -07:00
move_conditional_value("dbus", &bus, cond_ent);
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
} else if (strcmp(cond_ent->name, "name") == 0) {
fix: the what names can treated as a condlistid The match {VARIABLE_NAME}/{WS}*={WS}*\( is too broad causing mount and dbus rules to fail for sets of values eg. mount options=(ro bind) Instead of doing a broad match, for now lets lock it down to just peer=(...) being the only cond that can cause entry into CONDLISTID Signed-off-by: John Johansen <john.johansen@canonical.com>
2014-04-23 11:36:26 -07:00
move_conditional_value("dbus", &name, cond_ent);
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
} else if (strcmp(cond_ent->name, "label") == 0) {
fix: the what names can treated as a condlistid The match {VARIABLE_NAME}/{WS}*={WS}*\( is too broad causing mount and dbus rules to fail for sets of values eg. mount options=(ro bind) Instead of doing a broad match, for now lets lock it down to just peer=(...) being the only cond that can cause entry into CONDLISTID Signed-off-by: John Johansen <john.johansen@canonical.com>
2014-04-23 11:36:26 -07:00
move_conditional_value("dbus", &peer_label, cond_ent);
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
} else if (strcmp(cond_ent->name, "path") == 0) {
fix: the what names can treated as a condlistid The match {VARIABLE_NAME}/{WS}*={WS}*\( is too broad causing mount and dbus rules to fail for sets of values eg. mount options=(ro bind) Instead of doing a broad match, for now lets lock it down to just peer=(...) being the only cond that can cause entry into CONDLISTID Signed-off-by: John Johansen <john.johansen@canonical.com>
2014-04-23 11:36:26 -07:00
move_conditional_value("dbus", &path, cond_ent);
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
} else if (strcmp(cond_ent->name, "interface") == 0) {
fix: the what names can treated as a condlistid The match {VARIABLE_NAME}/{WS}*={WS}*\( is too broad causing mount and dbus rules to fail for sets of values eg. mount options=(ro bind) Instead of doing a broad match, for now lets lock it down to just peer=(...) being the only cond that can cause entry into CONDLISTID Signed-off-by: John Johansen <john.johansen@canonical.com>
2014-04-23 11:36:26 -07:00
move_conditional_value("dbus", &interface, cond_ent);
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
} else if (strcmp(cond_ent->name, "member") == 0) {
fix: the what names can treated as a condlistid The match {VARIABLE_NAME}/{WS}*={WS}*\( is too broad causing mount and dbus rules to fail for sets of values eg. mount options=(ro bind) Instead of doing a broad match, for now lets lock it down to just peer=(...) being the only cond that can cause entry into CONDLISTID Signed-off-by: John Johansen <john.johansen@canonical.com>
2014-04-23 11:36:26 -07:00
move_conditional_value("dbus", &member, cond_ent);
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
} else {
yyerror("invalid dbus conditional \"%s\"\n",
cond_ent->name);
}
}
}
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
dbus_rule::dbus_rule(int mode_p, struct cond_entry *conds,
struct cond_entry *peer_conds):
bus(NULL), name(NULL), peer_label(NULL), path(NULL), interface(NULL), member(NULL),
mode(0), audit(0), deny(0)
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
{
int name_is_subject_cond = 0, message_rule = 0, service_rule = 0;
/* Move the global/subject conditionals over & check the results */
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
move_conditionals(conds);
if (name)
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
name_is_subject_cond = 1;
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
if (peer_label)
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
yyerror("dbus \"label\" conditional can only be used inside of the \"peer=()\" grouping\n");
/* Move the peer conditionals */
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
move_conditionals(peer_conds);
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
if (path || interface || member || peer_label ||
(name && !name_is_subject_cond))
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
message_rule = 1;
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
if (name && name_is_subject_cond)
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
service_rule = 1;
if (message_rule && service_rule)
yyerror("dbus rule contains message conditionals and service conditionals\n");
/* Copy mode. If no mode was specified, assign an implied mode. */
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
if (mode_p) {
mode = mode_p;
if (mode & ~AA_VALID_DBUS_PERMS)
parser/dbus.cc: fix "accesss" typo.
2015-05-01 10:25:57 +02:00
yyerror("mode contains unknown dbus access\n");
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
else if (message_rule && (mode & AA_DBUS_BIND))
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
yyerror("dbus \"bind\" access cannot be used with message rule conditionals\n");
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
else if (service_rule && (mode & (AA_DBUS_SEND | AA_DBUS_RECEIVE)))
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
yyerror("dbus \"send\" and/or \"receive\" accesses cannot be used with service rule conditionals\n");
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
else if (mode & AA_DBUS_EAVESDROP &&
(path || interface || member ||
peer_label || name)) {
parser: Add dbus eavesdrop permission support to apparmor_parser Allows for the policy writer to grant permission to eavesdrop on the specified bus. Some example rules for granting the eavesdrop permission are: # Grant send, receive, bind, and eavesdrop dbus, # Grant send, receive, bind, and eavesdrop on the session bus dbus bus=session, # Grant send and eavesdrop on the system bus dbus (send eavesdrop) bus=system, # Grant eavesdrop on any bus dbus eavesdrop, Eavesdropping rules can contain the bus conditional. Any other conditionals are not compatible with eavesdropping rules and the parser will return an error. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-06 11:17:43 -08:00
yyerror("dbus \"eavesdrop\" access can only contain a bus conditional\n");
}
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
} else {
if (message_rule)
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
mode = (AA_DBUS_SEND | AA_DBUS_RECEIVE);
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
else if (service_rule)
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
mode = (AA_DBUS_BIND);
parser: Add dbus eavesdrop permission support to apparmor_parser Allows for the policy writer to grant permission to eavesdrop on the specified bus. Some example rules for granting the eavesdrop permission are: # Grant send, receive, bind, and eavesdrop dbus, # Grant send, receive, bind, and eavesdrop on the session bus dbus bus=session, # Grant send and eavesdrop on the system bus dbus (send eavesdrop) bus=system, # Grant eavesdrop on any bus dbus eavesdrop, Eavesdropping rules can contain the bus conditional. Any other conditionals are not compatible with eavesdropping rules and the parser will return an error. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-06 11:17:43 -08:00
else
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
mode = AA_VALID_DBUS_PERMS;
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
}
free_cond_list(conds);
Subject: parser - fix dbus peer_conds memory leak in new_dbus_entry() The function new_dbus_entry() free()s the conds argument but not the peer_conds argument. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Tyler Hicks <tyhicks@canonical.com>
2013-09-06 13:41:03 -07:00
free_cond_list(peer_conds);
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
}
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
ostream &dbus_rule::dump(ostream &os)
parser - add support for variable expansion in dbus rules Bug: https://bugs.launchpad.net/bugs/1218099 This patch adds support for expanding variables with dbus rules. Specifically, they can expanded within the bus, name, path, member, interface, and peer label fields. Parser test cases and regression test cases are added as well. Patch history: v1: initial version of patch v2: add equality.sh tests to verify that the results of using variable expansion is the same as what should be equivalent rules Signed-off-by: Steve Beattie <sbeattie@ubuntu.com> Acked-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-08-29 12:34:13 -07:00
{
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
if (audit)
os << "audit ";
if (deny)
os << "deny ";
os << "dbus ( ";
if (mode & AA_DBUS_SEND)
os << "send ";
if (mode & AA_DBUS_RECEIVE)
os << "receive ";
if (mode & AA_DBUS_BIND)
os << "bind ";
if (mode & AA_DBUS_EAVESDROP)
os << "eavesdrop ";
os << ")";
if (bus)
os << " bus=\"" << bus << "\"";
if ((mode & AA_DBUS_BIND) && name)
os << " name=\"" << name << "\"";
if (path)
os << " path=\"" << path << "\"";
if (interface)
os << " interface=\"" << interface << "\"";
if (member)
This should fix a gcc 5 build failure (untested) with os << .. << os This build failure was discovered by doko's archive rebuild: http://people.ubuntuwire.org/~wgrant/rebuild-ftbfs-test/test-rebuild-20150202-gcc5-vivid.html
2015-02-12 13:20:57 -08:00
os << " member=\"" << member << "\"";
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
if (!(mode & AA_DBUS_BIND) && (peer_label || name)) {
os << " peer=( ";
if (peer_label)
os << "label=\"" << peer_label << "\" ";
if (name)
os << "name=\"" << name << "\" ";
os << ")";
}
os << ",\n";
return os;
}
int dbus_rule::expand_variables(void)
{
int error = expand_entry_variables(&bus);
if (error)
return error;
error = expand_entry_variables(&name);
if (error)
return error;
error = expand_entry_variables(&peer_label);
if (error)
return error;
error = expand_entry_variables(&path);
if (error)
return error;
parser: call filter slashes for the dbus path conditional Similar to unix addr rules, the dbus path conditional is more a path than a profile name and should get its slashes filtered after variable expansion. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/607 Signed-off-by: John Johansen <john.johansen@canonical.com>
2020-08-31 21:41:07 -07:00
filter_slashes(path);
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
error = expand_entry_variables(&interface);
if (error)
return error;
error = expand_entry_variables(&member);
if (error)
return error;
return 0;
}
parser: replace duplicate warn_once() with common function The warn_once() function is duplicated in 6 different places. A common, reusable version has been added to parser_common.c. Signed-off-by: Mike Salvatore <mike.salvatore@canonical.com>
2020-08-09 14:51:55 -04:00
void dbus_rule::warn_once(const char *name)
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
{
parser: replace duplicate warn_once() with common function The warn_once() function is duplicated in 6 different places. A common, reusable version has been added to parser_common.c. Signed-off-by: Mike Salvatore <mike.salvatore@canonical.com>
2020-08-09 14:51:55 -04:00
rule_t::warn_once(name, "dbus rules not enforced");
parser - add support for variable expansion in dbus rules Bug: https://bugs.launchpad.net/bugs/1218099 This patch adds support for expanding variables with dbus rules. Specifically, they can expanded within the bus, name, path, member, interface, and peer label fields. Parser test cases and regression test cases are added as well. Patch history: v1: initial version of patch v2: add equality.sh tests to verify that the results of using variable expansion is the same as what should be equivalent rules Signed-off-by: Steve Beattie <sbeattie@ubuntu.com> Acked-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-08-29 12:34:13 -07:00
}
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
int dbus_rule::gen_policy_re(Profile &prof)
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
{
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
std::string busbuf;
std::string namebuf;
std::string peer_labelbuf;
std::string pathbuf;
std::string ifacebuf;
std::string memberbuf;
std::ostringstream buffer;
const char *vec[6];
pattern_t ptype;
int pos;
parser: feature abi: setup parser to intersect policy and kernel features The features abi adds the ability to track the policy abi separate from the kernel. This allow the compiler to determine whether policy was developed with a certain feature in mind, eg. unix rules. This allows the compiler to know whether it should tell the kernel to enforce the feature if the kernel supports the rule but the policy doesn't use it. To find if a feature is supported we take the intersection of what is supported by the policy and what is supported by the kernel. Policy encoding features like whether to diff_encode policy are not influenced by policy so these remain kernel only features. In addition to adding the above intersection of policy rename --compile-features to --policy-features as better represents what it represents. --compile-features is left as a hidden item for backwards compatibility. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/491 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <sbeattie@ubuntu.com>
2020-04-29 02:18:24 -07:00
if (!features_supports_dbus) {
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
warn_once(prof.name);
return RULE_NOT_SUPPORTED;
}
buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << AA_CLASS_DBUS;
busbuf.append(buffer.str());
if (bus) {
And the related patch to fix globbing for af_unix abstract names Abstract af_unix socket names can contain a null character, however the aare to pcre conversion explicitly disallows null characters because they are not valid characters for pathnames. Fix this so that they type of globbing is selectable. this is a partial fix for Bug: http://bugs.launchpad.net/bugs/1413410 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2015-02-12 10:19:16 -08:00
ptype = convert_aaregex_to_pcre(bus, 0, glob_default, busbuf, &pos);
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
if (ptype == ePatternInvalid)
goto fail;
} else {
/* match any char except \000 0 or more times */
busbuf.append(default_match_pattern);
}
vec[0] = busbuf.c_str();
if (name) {
And the related patch to fix globbing for af_unix abstract names Abstract af_unix socket names can contain a null character, however the aare to pcre conversion explicitly disallows null characters because they are not valid characters for pathnames. Fix this so that they type of globbing is selectable. this is a partial fix for Bug: http://bugs.launchpad.net/bugs/1413410 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2015-02-12 10:19:16 -08:00
ptype = convert_aaregex_to_pcre(name, 0, glob_default, namebuf, &pos);
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
if (ptype == ePatternInvalid)
goto fail;
vec[1] = namebuf.c_str();
} else {
/* match any char except \000 0 or more times */
vec[1] = default_match_pattern;
}
if (peer_label) {
And the related patch to fix globbing for af_unix abstract names Abstract af_unix socket names can contain a null character, however the aare to pcre conversion explicitly disallows null characters because they are not valid characters for pathnames. Fix this so that they type of globbing is selectable. this is a partial fix for Bug: http://bugs.launchpad.net/bugs/1413410 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2015-02-12 10:19:16 -08:00
ptype = convert_aaregex_to_pcre(peer_label, 0, glob_default,
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
peer_labelbuf, &pos);
if (ptype == ePatternInvalid)
goto fail;
vec[2] = peer_labelbuf.c_str();
} else {
/* match any char except \000 0 or more times */
vec[2] = default_match_pattern;
}
if (path) {
And the related patch to fix globbing for af_unix abstract names Abstract af_unix socket names can contain a null character, however the aare to pcre conversion explicitly disallows null characters because they are not valid characters for pathnames. Fix this so that they type of globbing is selectable. this is a partial fix for Bug: http://bugs.launchpad.net/bugs/1413410 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2015-02-12 10:19:16 -08:00
ptype = convert_aaregex_to_pcre(path, 0, glob_default, pathbuf, &pos);
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
if (ptype == ePatternInvalid)
goto fail;
vec[3] = pathbuf.c_str();
} else {
/* match any char except \000 0 or more times */
vec[3] = default_match_pattern;
}
if (interface) {
And the related patch to fix globbing for af_unix abstract names Abstract af_unix socket names can contain a null character, however the aare to pcre conversion explicitly disallows null characters because they are not valid characters for pathnames. Fix this so that they type of globbing is selectable. this is a partial fix for Bug: http://bugs.launchpad.net/bugs/1413410 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2015-02-12 10:19:16 -08:00
ptype = convert_aaregex_to_pcre(interface, 0, glob_default, ifacebuf, &pos);
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
if (ptype == ePatternInvalid)
goto fail;
vec[4] = ifacebuf.c_str();
} else {
/* match any char except \000 0 or more times */
vec[4] = default_match_pattern;
}
if (member) {
And the related patch to fix globbing for af_unix abstract names Abstract af_unix socket names can contain a null character, however the aare to pcre conversion explicitly disallows null characters because they are not valid characters for pathnames. Fix this so that they type of globbing is selectable. this is a partial fix for Bug: http://bugs.launchpad.net/bugs/1413410 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2015-02-12 10:19:16 -08:00
ptype = convert_aaregex_to_pcre(member, 0, glob_default, memberbuf, &pos);
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
if (ptype == ePatternInvalid)
goto fail;
vec[5] = memberbuf.c_str();
} else {
/* match any char except \000 0 or more times */
vec[5] = default_match_pattern;
}
if (mode & AA_DBUS_BIND) {
Convert aare_rules into a class This cleans things up a bit and fixes a bug where not all rules are getting properly counted so that the addition of policy_mediation rules fails to generate the policy dfa in some cases. Because the policy dfa is being generated correctly now we need to fix some tests to use the new -M flag to specify the expected features set of the test. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-04-23 10:57:16 -07:00
if (!prof.policy.rules->add_rule_vec(deny, mode & AA_DBUS_BIND,
audit & AA_DBUS_BIND,
add ability to use out of band transitions Currently the NULL character is used as an out of band transition for string/path elements. This works for them as the NULL character is not valid for this data. However this does not work for binary data that can contain a NULL character. So far we have only dealt with fixed length fields of binary data making the NULL separator either unnecessary. However binary data like in the xattr match and mount data field are variable length and can contain NULL characters. To deal with this add the ability to specify out of band transitions, that can only be triggered by code not input data. The out of band transition can be used to separate variable length data fields just as the NULL transition has been used to separate variable length strings. In the compressed hfa out of band transitions are expressed as a negative offset from the states base. This leaves us room to expand the character match range in the future if desired and on average makes the range between the out of band transition and the input transitions smaller than would be had if the out of band transition had been stored after the valid input transitions. Out of band transitions in the dfa will not break old kernels that don't know about them, but they won't be able to trigger the out of band transition match. So they should not be used unless the kernel indicates that it supports them. It should be noted that this patch only adds support for a single out of band transition. If multiple out of band transitions are required. It is trivial to extend. - Add a tag indicating support in the kernel - add a oob max range field to the dfa header so the kernel knows what the max range that needs verifying is. - extend oob generation fns to generate oob based on value instead of a fixed -1. Signed-off-by: John Johansen <john.johansen@canonical.com>
2019-08-11 06:18:27 -07:00
2, vec, dfaflags, false))
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
goto fail;
}
if (mode & (AA_DBUS_SEND | AA_DBUS_RECEIVE)) {
Convert aare_rules into a class This cleans things up a bit and fixes a bug where not all rules are getting properly counted so that the addition of policy_mediation rules fails to generate the policy dfa in some cases. Because the policy dfa is being generated correctly now we need to fix some tests to use the new -M flag to specify the expected features set of the test. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-04-23 10:57:16 -07:00
if (!prof.policy.rules->add_rule_vec(deny,
mode & (AA_DBUS_SEND | AA_DBUS_RECEIVE),
audit & (AA_DBUS_SEND | AA_DBUS_RECEIVE),
add ability to use out of band transitions Currently the NULL character is used as an out of band transition for string/path elements. This works for them as the NULL character is not valid for this data. However this does not work for binary data that can contain a NULL character. So far we have only dealt with fixed length fields of binary data making the NULL separator either unnecessary. However binary data like in the xattr match and mount data field are variable length and can contain NULL characters. To deal with this add the ability to specify out of band transitions, that can only be triggered by code not input data. The out of band transition can be used to separate variable length data fields just as the NULL transition has been used to separate variable length strings. In the compressed hfa out of band transitions are expressed as a negative offset from the states base. This leaves us room to expand the character match range in the future if desired and on average makes the range between the out of band transition and the input transitions smaller than would be had if the out of band transition had been stored after the valid input transitions. Out of band transitions in the dfa will not break old kernels that don't know about them, but they won't be able to trigger the out of band transition match. So they should not be used unless the kernel indicates that it supports them. It should be noted that this patch only adds support for a single out of band transition. If multiple out of band transitions are required. It is trivial to extend. - Add a tag indicating support in the kernel - add a oob max range field to the dfa header so the kernel knows what the max range that needs verifying is. - extend oob generation fns to generate oob based on value instead of a fixed -1. Signed-off-by: John Johansen <john.johansen@canonical.com>
2019-08-11 06:18:27 -07:00
6, vec, dfaflags, false))
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
goto fail;
}
if (mode & AA_DBUS_EAVESDROP) {
Convert aare_rules into a class This cleans things up a bit and fixes a bug where not all rules are getting properly counted so that the addition of policy_mediation rules fails to generate the policy dfa in some cases. Because the policy dfa is being generated correctly now we need to fix some tests to use the new -M flag to specify the expected features set of the test. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-04-23 10:57:16 -07:00
if (!prof.policy.rules->add_rule_vec(deny,
mode & AA_DBUS_EAVESDROP,
audit & AA_DBUS_EAVESDROP,
add ability to use out of band transitions Currently the NULL character is used as an out of band transition for string/path elements. This works for them as the NULL character is not valid for this data. However this does not work for binary data that can contain a NULL character. So far we have only dealt with fixed length fields of binary data making the NULL separator either unnecessary. However binary data like in the xattr match and mount data field are variable length and can contain NULL characters. To deal with this add the ability to specify out of band transitions, that can only be triggered by code not input data. The out of band transition can be used to separate variable length data fields just as the NULL transition has been used to separate variable length strings. In the compressed hfa out of band transitions are expressed as a negative offset from the states base. This leaves us room to expand the character match range in the future if desired and on average makes the range between the out of band transition and the input transitions smaller than would be had if the out of band transition had been stored after the valid input transitions. Out of band transitions in the dfa will not break old kernels that don't know about them, but they won't be able to trigger the out of band transition match. So they should not be used unless the kernel indicates that it supports them. It should be noted that this patch only adds support for a single out of band transition. If multiple out of band transitions are required. It is trivial to extend. - Add a tag indicating support in the kernel - add a oob max range field to the dfa header so the kernel knows what the max range that needs verifying is. - extend oob generation fns to generate oob based on value instead of a fixed -1. Signed-off-by: John Johansen <john.johansen@canonical.com>
2019-08-11 06:18:27 -07:00
1, vec, dfaflags, false))
Convert mount and dbus to be subclasses of a generic rule class This will simplify add new features as most of the code can reside in its own class. There are still things to improve but its a start. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-04-07 03:16:50 -07:00
goto fail;
}
return RULE_OK;
fail:
return RULE_ERROR;
parser: Add support for DBus rules This patch implements the parsing of DBus rules. It attempts to catch all corner cases, such as specifying a bind permission with an interface conditional or specifying a subject name conditional and a peer name conditional in the same rule. It introduces the concept of conditional lists to the lexer and parser in order to handle 'peer=(label=/usr/bin/foo name=com.foo.bar)', since the existing list support in the lexer only supports a list of values. The DBus rules are encoded as follows: bus,name<bind_perm>,peer_label,path,interface,member<rw_perms> Bind rules stop matching at name<bind_perm>. Note that name is used for the subject name in bind rules and the peer name in rw rules. The function new_dbus_entry() is what does the proper sanitization to make sure that if a name conditional is specified, that it is the subject name in the case of a bind rule or that it is the peer name in the case of a rw rule. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-07-31 09:05:51 -07:00
}
Reference in a new issue Copy permalink