From 923673c6aa01346da7f2cbdeac0a2fac8316d18a Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 16 Feb 2015 17:11:35 +0000 Subject: [PATCH 29/31] apparmor: tighten up terminology for context vs. label vs. profile The thing returned by SO_PEERSEC (which we're calling LinuxSecurityLabel within D-Bus) can have a different meaning for each LSM. In AppArmor, according to discussion on the linux-security-module list, it's the AppArmor context, which is made up of an AppArmor label and an optional confinement mode; the label further subdivides into one or more profiles. In practice, the part that dbus-daemon wants is the label, and occasionally also the mode. --- bus/apparmor.c | 76 ++++++++++++++++++++++++++++++---------------------------- 1 file changed, 39 insertions(+), 37 deletions(-) diff --git a/bus/apparmor.c b/bus/apparmor.c index 964ba68..6a8691a 100644 --- a/bus/apparmor.c +++ b/bus/apparmor.c @@ -66,29 +66,31 @@ static AppArmorConfigMode apparmor_config_mode = APPARMOR_ENABLED; static int audit_fd = -1; #endif +/* The AppArmor context, consisting of a label and a mode. */ struct BusAppArmorConfinement { int refcount; /* Reference count */ - char *context; /* AppArmor confinement context (label) */ + char *label; /* AppArmor confinement label */ const char *mode; /* AppArmor confinement mode (freed by freeing *context) */ }; static BusAppArmorConfinement *bus_con = NULL; /** - * Callers of this function give up ownership of the *context and *mode + * Callers of this function give up ownership of the *label and *mode * pointers. * - * Additionally, the responsibility of freeing *context and *mode becomes the + * Additionally, the responsibility of freeing *label and *mode becomes the * responsibility of the bus_apparmor_confinement_unref() function. However, it * does not free *mode because libapparmor's aa_getcon(), and libapparmor's - * other related functions, allocate a single buffer for *context and *mode and + * other related functions, allocate a single buffer for *label and *mode and * then separate the two char arrays with a NUL char. See the aa_getcon(2) man * page for more details. */ static BusAppArmorConfinement* -bus_apparmor_confinement_new (char *context, const char *mode) +bus_apparmor_confinement_new (char *label, + const char *mode) { BusAppArmorConfinement *confinement; @@ -96,7 +98,7 @@ bus_apparmor_confinement_new (char *context, const char *mode) if (confinement != NULL) { confinement->refcount = 1; - confinement->context = context; + confinement->label = label; confinement->mode = mode; } @@ -119,9 +121,9 @@ bus_apparmor_confinement_unref (BusAppArmorConfinement *confinement) { /** * Do not free confinement->mode, as libapparmor does a single malloc for - * both confinement->context and confinement->mode. + * both confinement->label and confinement->mode. */ - free (confinement->context); + free (confinement->label); dbus_free (confinement); } #endif @@ -467,13 +469,13 @@ bus_apparmor_set_mode_from_config (const char *mode, DBusError *error) /** * Verify that the config mode is compatible with the kernel's AppArmor * support. If AppArmor mediation will be enabled, determine the bus - * confinement context. + * confinement label. */ dbus_bool_t bus_apparmor_full_init (DBusError *error) { #ifdef HAVE_APPARMOR - char *context, *mode; + char *label, *mode; if (apparmor_enabled) { @@ -485,7 +487,7 @@ bus_apparmor_full_init (DBusError *error) if (bus_con == NULL) { - if (aa_getcon (&context, &mode) == -1) + if (aa_getcon (&label, &mode) == -1) { dbus_set_error (error, DBUS_ERROR_FAILED, "Error getting AppArmor context of bus: %s", @@ -493,11 +495,11 @@ bus_apparmor_full_init (DBusError *error) return FALSE; } - bus_con = bus_apparmor_confinement_new (context, mode); + bus_con = bus_apparmor_confinement_new (label, mode); if (bus_con == NULL) { BUS_SET_OOM (error); - free (context); + free (label); return FALSE; } } @@ -569,7 +571,7 @@ bus_apparmor_init_connection_confinement (DBusConnection *connection, { #ifdef HAVE_APPARMOR BusAppArmorConfinement *confinement; - char *context, *mode; + char *label, *mode; int fd; if (!apparmor_enabled) @@ -584,7 +586,7 @@ bus_apparmor_init_connection_confinement (DBusConnection *connection, return NULL; } - if (aa_getpeercon (fd, &context, &mode) == -1) + if (aa_getpeercon (fd, &label, &mode) == -1) { if (errno == ENOMEM) BUS_SET_OOM (error); @@ -595,11 +597,11 @@ bus_apparmor_init_connection_confinement (DBusConnection *connection, return NULL; } - confinement = bus_apparmor_confinement_new (context, mode); + confinement = bus_apparmor_confinement_new (label, mode); if (confinement == NULL) { BUS_SET_OOM (error); - free (context); + free (label); return NULL; } @@ -641,7 +643,7 @@ bus_apparmor_allows_acquire_service (DBusConnection *connection, con = bus_connection_dup_apparmor_confinement (connection); - if (is_unconfined (con->context, con->mode)) + if (is_unconfined (con->label, con->mode)) { allow = TRUE; audit = FALSE; @@ -651,7 +653,7 @@ bus_apparmor_allows_acquire_service (DBusConnection *connection, if (!_dbus_string_init (&qstr)) goto oom; - if (!build_service_query (&qstr, con->context, bustype, service_name)) + if (!build_service_query (&qstr, con->label, bustype, service_name)) { _dbus_string_free (&qstr); goto oom; @@ -705,7 +707,7 @@ bus_apparmor_allows_acquire_service (DBusConnection *connection, !_dbus_append_pair_uint (&auxdata, "pid", pid)) goto oom; - if (con->context && !_dbus_append_pair_str (&auxdata, "profile", con->context)) + if (con->label && !_dbus_append_pair_str (&auxdata, "label", con->label)) goto oom; log_message (allow, "bind", &auxdata); @@ -807,7 +809,7 @@ bus_apparmor_allows_send (DBusConnection *sender, goto out; } - if (is_unconfined (src_con->context, src_con->mode)) + if (is_unconfined (src_con->label, src_con->mode)) { src_allow = TRUE; src_audit = FALSE; @@ -817,8 +819,8 @@ bus_apparmor_allows_send (DBusConnection *sender, if (!_dbus_string_init (&qstr)) goto oom; - if (!build_message_query (&qstr, src_con->context, bustype, destination, - dst_con->context, path, interface, member)) + if (!build_message_query (&qstr, src_con->label, bustype, destination, + dst_con->label, path, interface, member)) { _dbus_string_free (&qstr); goto oom; @@ -837,7 +839,7 @@ bus_apparmor_allows_send (DBusConnection *sender, } } - if (is_unconfined (dst_con->context, dst_con->mode)) + if (is_unconfined (dst_con->label, dst_con->mode)) { dst_allow = TRUE; dst_audit = FALSE; @@ -847,8 +849,8 @@ bus_apparmor_allows_send (DBusConnection *sender, if (!_dbus_string_init (&qstr)) goto oom; - if (!build_message_query (&qstr, dst_con->context, bustype, source, - src_con->context, path, interface, member)) + if (!build_message_query (&qstr, dst_con->label, bustype, source, + src_con->label, path, interface, member)) { _dbus_string_free (&qstr); goto oom; @@ -932,8 +934,8 @@ bus_apparmor_allows_send (DBusConnection *sender, !_dbus_append_pair_uint (&auxdata, "pid", pid)) goto oom; - if (src_con->context && - !_dbus_append_pair_str (&auxdata, "profile", src_con->context)) + if (src_con->label && + !_dbus_append_pair_str (&auxdata, "label", src_con->label)) goto oom; if (proposed_recipient && @@ -941,8 +943,8 @@ bus_apparmor_allows_send (DBusConnection *sender, !_dbus_append_pair_uint (&auxdata, "peer_pid", pid)) goto oom; - if (dst_con->context && - !_dbus_append_pair_str (&auxdata, "peer_profile", dst_con->context)) + if (dst_con->label && + !_dbus_append_pair_str (&auxdata, "peer_label", dst_con->label)) goto oom; if (src_errno && !_dbus_append_pair_str (&auxdata, "info", strerror (src_errno))) @@ -969,16 +971,16 @@ bus_apparmor_allows_send (DBusConnection *sender, !_dbus_append_pair_uint (&auxdata, "pid", pid)) goto oom; - if (dst_con->context && - !_dbus_append_pair_str (&auxdata, "profile", dst_con->context)) + if (dst_con->label && + !_dbus_append_pair_str (&auxdata, "label", dst_con->label)) goto oom; if (sender && dbus_connection_get_unix_process_id (sender, &pid) && !_dbus_append_pair_uint (&auxdata, "peer_pid", pid)) goto oom; - if (src_con->context && - !_dbus_append_pair_str (&auxdata, "peer_profile", src_con->context)) + if (src_con->label && + !_dbus_append_pair_str (&auxdata, "peer_label", src_con->label)) goto oom; if (dst_errno && !_dbus_append_pair_str (&auxdata, "info", strerror (dst_errno))) @@ -1040,7 +1042,7 @@ bus_apparmor_allows_eavesdropping (DBusConnection *connection, con = bus_connection_dup_apparmor_confinement (connection); - if (is_unconfined (con->context, con->mode)) + if (is_unconfined (con->label, con->mode)) { allow = TRUE; audit = FALSE; @@ -1050,7 +1052,7 @@ bus_apparmor_allows_eavesdropping (DBusConnection *connection, if (!_dbus_string_init (&qstr)) goto oom; - if (!build_eavesdrop_query (&qstr, con->context, bustype)) + if (!build_eavesdrop_query (&qstr, con->label, bustype)) { _dbus_string_free (&qstr); goto oom; @@ -1100,7 +1102,7 @@ bus_apparmor_allows_eavesdropping (DBusConnection *connection, !_dbus_append_pair_uint (&auxdata, "pid", pid)) goto oom; - if (con->context && !_dbus_append_pair_str (&auxdata, "profile", con->context)) + if (con->label && !_dbus_append_pair_str (&auxdata, "label", con->label)) goto oom; log_message (allow, "eavesdrop", &auxdata); -- 2.1.4