SMACK / Mandatory Access Control in D-Bus Daemon

[Christopher-A. Kopel]

Hi all!

I'm student of computer science at Graz University of Technology 
(Austria). We're working on a project for a company constructing 
hydroelectric power stations using the D-Bus daemon for their 
communication CPU. Our task is to apply some mandatory access control 
forr sandboxing purposes on their system (running on IACTU Linux). At 
first glance we decided on using SMACK due to its good tradeoff between 
security and simplicity and because there was said to be some SMACK 
support for D-Bus. Now, however, the latter doesn't seem to be that 
clear: I read that there have been some attempts to merge SMACK support 
into the mainline D-Bus daemon but it's not really clear if by the 
current version anything of this is available. Could you tell us about 
the current state of that, please?

Is there any kind of built-in functionality in the D-Bus daemon to 
determine which connection may talk to which one? I know you can apply 
different policies on connections depending on the user the clients are 
running as but this doesn't seem to me to be the optimal way in order to 
apply individual access rules for each connection. (I know there is 
support for SELinux and AppArmor but if possible we'd prefer not to 
change to a completely different LSM).

By the way: Studying the doc of the daemon config files I found no 
explanation for the 4 different possible attributes of the <policy> tag; 
what can you achieve by using the context="mandatory" and the 
at_console="..." attributes?

Thank you very much in advance for any help!

Cheers,

    Chris