mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update AppArmorDBus

John Johansen 2018-06-14 18:38:31 +00:00
parent 3a2b628523
commit 792114da5b
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
AppArmorDBus.md

@ -59,7 +59,7 @@ Some AppArmor DBus permissions are not compatible with all AppArmor DBus rules.
AppArmor DBus permissions are implied when a rule does not explicitly state an access list. By default, all DBus permissions are implied. Only message permissions are implied for message rules and only service permissions are implied for service rules.
Example AppArmor DBus rules:
```
# Allow all DBus access
dbus,
@ -95,9 +95,11 @@ Example AppArmor DBus rules:
# Allow and audit all eavesdropping
audit dbus eavesdrop,
```
## DBus rule syntax
DBUS RULE = ( DBUS MESSAGE RULE | DBUS SERVICE RULE | DBUS EAVESDROP RULE | DBUS COMBINED RULE )
```
DBUS RULE = ( DBUS MESSAGE RULE | DBUS SERVICE RULE | DBUS EAVESDROP RULE | DBUS COMBINED RULE )
DBUS MESSAGE RULE = [ QUALIFIERS ] 'dbus' [ DBUS ACCESS EXPRESSION ] [ DBUS BUS ] [ DBUS PATH ] [ DBUS INTERFACE ] [ DBUS MEMBER ] [DBUS PEER ]
@ -128,7 +130,7 @@ Example AppArmor DBus rules:
DBUS ACCESS = ( 'send' | 'receive' | 'bind' | 'eavesdrop' | 'r' | 'read' | 'w' | 'write' | 'rw' )
* Some accesses are incompatible with some rules; see below.
```
## DBus binary policy encoding
DBus policy is encoded similar to kernel based AppArmor policy where it is encoded as part of the [policydb](Technicaldoc_policydb). This means that it is loaded into the kernel and can be queried using the apparmor query and instrospection infrastructure.