Add argument checks to policy <allow>/<deny> rules.
Colin Walters
walters at verbum.org
Fri Jun 4 14:44:16 PDT 2010
Hi,
On Fri, Jun 4, 2010 at 12:58 PM, Pekka Pessi <Pekka.Pessi at nokia.com> wrote:
> Hi all,
>
> The patches add send_signature*, send_arg*, receive_signature, and
> receive_arg* attributes to the <allow> and <deny> policy rules. With the
> additions it is possible to restrict access to certain methods and signals
> based on the argument values.
On the GP desktop space we've been trying to move away from dbus'
built in authorization because it's not really flexible (as you've
discovered), and in the end, just too crazy.
The replacement is for services to do authorization internally; when
you receive a message, you can look up a variety of information from
the bus, like the sender's process ID, user id, SELinux context, etc.
The general purpose toolkit developed for this is PolicyKit:
http://www.freedesktop.org/wiki/Software/PolicyKit
Did you consider this approach at all? If PolicyKit isn't an option,
absolutely nothing stops you from having an interception layer in your
program.
More information about the dbus
mailing list