@Simmon, You are right, that will require extending what is supported in the mediation, beyond even landing support for #2. It will take a bit of work, but we can definitely do it. My preferred solution is more work than the quickest/easiest solution, as it requires landing a few things that haven't landed yet or are in the process of landing, but overall I would rather go with the best long term solution.
What time frame are you looking for to land fixes for this. Earliest possible for the userspace mediation would be the next apparmor release in the fall. The dbus code changes could be done off of development trees, and as long as care is taken to maintain backwards compatibility, along with a few build conditionals, it could land any time that is suitable for dbus. A going with a solution that uses the current interfaces and doesn't have any build deps could potentially be added to an apparmor point release, and land a bit sooner. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1692582 Title: RFE: dbus AppArmor mediation matching by message type Status in apparmor package in Ubuntu: New Bug description: Suppose you're writing an AppArmor profile for a D-Bus service like Tracker. The service might get compromised (perhaps it's network- facing) so you don't want it to be able to act as a client of privileged processes like systemd --user. However, imagine you do want arbitrary third-party "apps" to be allowed to use the service if they have appropriate rules in their own AppArmor profiles. One reasonably natural way to encode this without tightly coupling the service and its clients would be: profile /usr/bin/my-service { ... dbus send bus=session type=signal, dbus receive bus=session type=method_call, } profile /usr/bin/my-client-app { ... dbus (send,receive) bus=session peer=(label=/usr/bin/my-service), } However, the AppArmor integration in src:dbus and the rule parser in src:apparmor don't allow this: they match fine-grained information like the method name and object path, but have no concept of message types. This seems backwards: I only expect the object path to be useful in very rare/niche cases, but the message type is "larger" and more important than anything else from the message payload. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1692582/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
