From 439723610e0d66ab4b3f9de6e453e517921bd361 Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks@canonical.com>
Date: Mon, 9 Feb 2015 00:41:37 -0600
Subject: [PATCH 12/14] Mediation of processes becoming a monitor

When an AppArmor confined process wants to become a monitor, a check is
performed to see if eavesdropping should be allowed.

The check is based on the connection's label and the bus type.

This patch reuses the bus_apparmor_allows_eavesdropping() hook.

An example AppArmor rule that would allow a process to become a monitor
on the system bus would be:

  dbus eavesdrop bus=system,

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
---
 bus/driver.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/bus/driver.c b/bus/driver.c
index 53bd559..aab922a 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -1924,6 +1924,8 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
                                   DBusError      *error)
 {
   char **match_rules = NULL;
+  const char *bustype;
+  BusContext *context;
   BusMatchRule *rule;
   DBusList *rules = NULL;
   DBusList *iter;
@@ -1938,6 +1940,11 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
   if (!bus_driver_check_message_is_for_us (message, error))
     goto out;
 
+  context = bus_transaction_get_context (transaction);
+  bustype = context ? bus_context_get_type (context) : NULL;
+  if (!bus_apparmor_allows_eavesdropping (connection, bustype, error))
+    goto out;
+
   if (!bus_driver_check_caller_is_privileged (connection, transaction,
                                               message, error))
     goto out;
-- 
2.1.4