Add argument checks to policy <allow>/<deny> rules.

Pekka Pessi ppessi at gmail.com
Tue Jun 29 09:42:14 PDT 2010 

010/6/18 Colin Walters <walters at verbum.org>:
> On Mon, Jun 7, 2010 at 10:49 AM, Pekka Pessi <ppessi at gmail.com> wrote:
>>
>> I think the policykit was considered, I don't know why it was not
>> accepted. Perhaps later.
>
> I wasn't actually suggesting PolicyKit exactly - you can also as I
> mentioned do checks easily enough using GetConnectionUnixUid or
> whatever inside your service without the full blown generality of
> PolicyKit.
>
>> For all I know, we use bus policy because it
>> does not require any changes to D-Bus services or clients and it is
>> lightweight enough.
>
> What I need from you is more details about exactly how you're using
> this patch.  Concretely - are you using uid-based checks?  Do you have
> something custom like the "console" stuff that's wedged into dbus now?

Oh. yes there is. We have a platform security, where the package
manager takes care of distributing access rights based on special
Aegis declaration:

http://wiki.maemo.org/Maemo_Summit_2009/Day_3#Maemo_Platform_Security:_Principles_and_Concepts

The Aegis declaration contains annotated D-Bus interface
specification, which is currently converted to dbus policy.

See http://meego.gitorious.org/meego-platform-security for various

>> And the main reason is because it is there.
>
> Yes, but...let's say that libdbus had convenience API wrappers around
> filtering messages using GetConnectionUnixUid - would that be
> acceptable?  Might be something like:
>
>  DBusMessageFilter *filter = dbus_message_filter_new ("/path/to/rules.xml");
>
> where rules.xml had:
>
>  <allow uid=500/>
>
> Then in your dbus (message) filter function you say if
> (!dbus_message_filter_check (filter, connection, message)) return;
>
> and it would take care of returning an error mesage.

That would certainly do the trick; but we would rather have some
credentials accessible with libcreds2, for instance, when a cellular
call is being created, we would like to check that calling process has
Cellular capability. See
http://meego.gitorious.org/meego-platform-security

-- 
Pekka.Pessi mail at nokia.com

More information about the dbus mailing list