[patch] Add SELinux mediation on sender -> service context, add
walters at verbum.org
Tue Nov 9 23:06:55 PST 2004
Right now the SELinux mediation only has the granularity of allowing one
domain to send any dbus message to another domain. This is problematic
for several reasons, but the primary reason is that simply in order
to send a reply message, a domain needs send_msg to the sender domain.
For example in the case of Imsep, it needs send_msg back to unconfined_t
(i.e. the rest of the desktop session). This is rather undesirable.
I talked to Stephen Smalley about this, and we agreed that it made sense
to also add mediation on the sender -> service context. So for example,
org.freedesktop.Imsep is labeled as imsep_service_t. Any domain sending
a message is checked for send_msg against that type and the type of the
current service owner (in this case, imsep_master_t).
I also added the ability to specify a default label for services not
labeled in the dbus_contexts file. Previously, unlabeled services had
the type of the bus process itself. This didn't allow one to
distinguish between sending a message to the bus itself and sending a
message to an unlabeled service.
In order to implement this, I needed a way to store the default SID in
the context mapping. I know BusSELinuxData is a rather lame name; I had
considered calling it "BusSELinuxContext", but unfortunately "context"
is rather overloaded in this context.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 17470 bytes
Desc: not available
Url : http://freedesktop.org/pipermail/dbus/attachments/20041110/6f501662/dbus-selinux-service-mediation-0001.bin
More information about the dbus