Loadable security modules for D-Bus
Felipe Zimmerle
felipe.zimmerle at collabora.co.uk
Sun Jan 8 15:56:05 PST 2012
Hello,
Currently version of D-Bus daemon supports the mediation of messages via
SELinux. However others linux security models are also part of the Kernel,
they are:
* AppArmor
* Smack
* Tomoyo
These security models have been adopted by some distributions (Ubuntu,
SUSE, OpenSUSE, Mandriva) and are in use and they have already expressed
an interest in supporting mediation of D-Bus messages, like SELinux.
Handling specific code for each implementation can increase the number of
dependencies and the complexity of the D-Bus daemon. Then comes the idea
to have a simple API, enabling the creation of plugins. The idea is to
place all LSM specific dependencies into those plugins, instead of in
the D-Bus daemon, just the opposite of we have with the SELinux, which
has code everywhere in the daemon.
Attached to this email there is a PoC that summarizes the idea. I am
also making available two plugins, the first to support the AppArmor
and the second was made in order to do the initial tests of the PoC,
labeled dummy-dsm.
Note that the current AppArmor plugin, was an adaptation of Ubuntu
security team experiments. It has no support for cache, and it was used
just for tests. The AppArmor security project has plans to revise and
update the plugin. Simple modules like the dummy module just need to
include <dbus/dbus.h> and place a function "pre_init" to be a valid
module.
It is not clear to me, the necessity to load the module dynamically.
The plugin could be compiled together with D-Bus, no need for dynamic load.
The source can be independent, just respecting the API but built together.
We also need to specify somehow the plugins which are mandatory to be
loaded.
Also this implementation can be generic enough to handle mediations of
other operational systems, Linux was just my target in the creation
of this PoC. That is why it is called DSM, D-Bus Security Modules.
The main idea here is just to start a discussion about the subject.
Patch: http://www.zimmerle.org/~zimmerle/dbus-dsm-draft.patch
Or:
* http://cgit.collabora.com/git/user/zimmerle/dbus-dsm.git/
* http://cgit.collabora.com/git/user/zimmerle/dbus-dummy-dsm.git/
* http://cgit.collabora.com/git/user/zimmerle/dbus-apparmor-dsm.git/
Br,
F.
More information about the dbus
mailing list