On Mon, Jun 10, 2013 at 06:44:13PM -0700, Tyler Hicks wrote: > To start us off, here's the profile using the current DBus syntax. It is > complex, but it uses all of the DBus accesses (send, receive, and > acquire) and it is representative of what a real profile may look like.
Thanks for this. These are all less readable than I'd expected, and as you pointed out, when we used com.example.foo it was too easy to overlook the complexity we've got here. So, here's a first shot at Proposal #4: I'm having trouble coming up with a BNF-style description of my newest proposal, which doesn't bode well for implementing it, but I hope factoring out common pieces of policy that "float up" makes some sense. First, move the permission next to the 'dbus' keyword; this makes it easier to spot, groups like-permissions, and allows bus= handling to be very similar to the other keywords. Next, more brackets! If a portion of a rule can be 'factored' out of several rules, pull it 'up', and push the specifics 'down'. Here's the example gnome-screensaver; I've converted the original 16 lines into 50 lines, so it isn't exactly space-saving. There's no reason for the newlines 'within' a block except to keep it from going longer than 80 chars, so it could be much shorter, but I think this is how I would want to write the rules. /usr/bin/gnome-screensaver { # Ignore file and accessibility bus access for this excercise file, dbus bus=accessibility, # sarnold> I think we could remove this entirely; for any bus with # bus= rules later on, add this rule implicitly. We can do this with # any of the proposals.. # Talks to system and session buses # dbus bus={system,session} peer=(name=org.freedesktop.DBus) (send receive), dbus send { bus=system { peer { name=org.freedesktop.ConsoleKit path=/org/freedesktop/ConsoleKit/Manager interface=org.freedesktop.ConsoleKit.Manager }, peer name=org.freedesktop.Accounts { { path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts }, { path=/org/freedesktop/Accounts/User* interface=org.freedesktop.DBus.Properties }, } } bus=session { peer { name=org.gnome.SessionManager path=/org/gnome/SessionManager/Presence interface=org.freedesktop.DBus.Properties }, peer { path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker }, peer { name=org.gnome.Shell path=/org/gnome/Shell interface=org.freedesktop.DBus.Properties }, } } # Receives messages on the session bus dbus acquire bus=session { subj name=org.gnome.ScreenSaver, } dbus receive bus=session { subj path=/org/gnome/ScreenSaver { interface=org.freedesktop.DBus.Properties, interface=org.gnome.ScreenSaver { peer label=/usr/bin/gnome-settings-daemon, peer name=com.canonical.indicator.session, } } } } I think the language I've proposed could be used in either compressed or expanded modes. The last block could also be written like this: dbus receive bus=session subj path=/org/gnome/ScreenSaver interface=org.freedesktop.DBus.Properties, dbus receive bus=session subj path=/org/gnome/ScreenSaver interface=org.gnome.ScreenSaver peer label=/usr/bin/gnome-settings-daemon, dbus receive bus=session subj path=/org/gnome/ScreenSaver interface=org.gnome.ScreenSaver peer name=com.canonical.indicator.session, But, the fact that describing this thing in a BNF is difficult might make implementing it too expensive. So here's proposal #3 with linewraps where I think I'd want to put them to try to make them long-term legible. It's still shorter than my "factoring" approach above, but the density still makes my eyes glaze over a bit. :) /usr/bin/gnome-screensaver { # Ignore file and accessibility bus access for this excercise file, dbus bus=accessibility, # Talks to system and session buses dbus bus={system,session} peer=(name=org.freedesktop.DBus) (send receive), # Sends messages on the system bus dbus bus=system peer=(name=org.freedesktop.ConsoleKit path=/org/freedesktop/ConsoleKit/Manager interface=org.freedesktop.ConsoleKit.Manager) send, dbus bus=system peer=(name=org.freedesktop.Accounts path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts) send, dbus bus=system peer=(name=org.freedesktop.Accounts path=/org/freedesktop/Accounts/User* interface=org.freedesktop.DBus.Properties) send, # Receives messages on the session bus dbus bus=session subj=(name=org.gnome.ScreenSaver) acquire, dbus bus=session subj=(path=/org/gnome/ScreenSaver interface=org.freedesktop.DBus.Properties) receive, # Be selective because the Lock method is mediated by these rules dbus bus=session subj=(path=/org/gnome/ScreenSaver interface=org.gnome.ScreenSaver) peer=(label=/usr/bin/gnome-settings-daemon) receive, dbus bus=session subj=(path=/org/gnome/ScreenSaver interface=org.gnome.ScreenSaver) peer=(name=com.canonical.indicator.session) receive, # Sends messages on the session bus dbus bus=session peer=(name=org.gnome.SessionManager path=/org/gnome/SessionManager/Presence interface=org.freedesktop.DBus.Properties) send, dbus bus=session peer=(path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker) send, dbus bus=session peer=(name=org.gnome.Shell path=/org/gnome/Shell interface=org.freedesktop.DBus.Properties) send, } So, does anyone else like my factoring approach? are there cleaner / nicer ways to perform the factoring? Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor