Add argument checks to policy <allow>/<deny> rules.
Pekka Pessi
ppessi at gmail.com
Mon Jun 7 07:49:45 PDT 2010
Hi Colin,
2010/6/5 Colin Walters <walters at verbum.org>:
>> The patches add send_signature*, send_arg*, receive_signature, and
>> receive_arg* attributes to the <allow> and <deny> policy rules. With the
>> additions it is possible to restrict access to certain methods and signals
>> based on the argument values.
>
> On the GP desktop space we've been trying to move away from dbus'
> built in authorization because it's not really flexible (as you've
> discovered), and in the end, just too crazy.
>
> The replacement is for services to do authorization internally; when
> you receive a message, you can look up a variety of information from
> the bus, like the sender's process ID, user id, SELinux context, etc.
> The general purpose toolkit developed for this is PolicyKit:
> http://www.freedesktop.org/wiki/Software/PolicyKit
>
> Did you consider this approach at all? If PolicyKit isn't an option,
> absolutely nothing stops you from having an interception layer in your
> program.
I think the policykit was considered, I don't know why it was not
accepted. Perhaps later. For all I know, we use bus policy because it
does not require any changes to D-Bus services or clients and it is
lightweight enough. And the main reason is because it is there.
--
Pekka.Pessi mail at nokia.com
More information about the dbus
mailing list