AppArmor mediation of applications that use DBus

Registered by Jamie Strandboge on 2011-05-04

DBus aware applications currently cannot be properly mediated with AppArmor. While a confined application can be disallowed access to the DBus system bus, this is too coarse-grained. Furthermore, because AppArmor does not currently mediate IPC (and therefore the abstract unix domain sockets that DBus uses in Ubuntu for the per-user session bus), applications currently confined by AppArmor are allowed to talk to any application with an interface on the session bus.

The completed blueprint should provide a working implementation for DBus to use AppArmor to mediate message delivery (ie, what a sending application can talk to, and a receiving application can respond to). This requires kernel, AppArmor userspace and DBus changes. Message content mediation is out of scope for this blueprint.

Blueprint information

Status:
Started
Approver:
Jamie Strandboge
Priority:
High
Drafter:
Jamie Strandboge
Direction:
Approved
Assignee:
Ubuntu Security Team
Definition:
Approved
Series goal:
Proposed for precise
Implementation:
Beta Available
Milestone target:
milestone icon ubuntu-11.10
Started by
Jamie Strandboge on 2011-05-20

Related branches

Sprints

Whiteboard

Some of this was discussed in https://launchpad.net/ubuntu/+spec/security-o-apparmor-ubuntu. Work items fell out of that discussion.

Work items:
[jjohansen] base ipc support in kernel: DONE
[jjohansen] base ipc support in parser: DONE
[jjohansen] libapparmor support (userspace querying of kernel): DONE
[sbeattie] base ipc support in tools: POSTPONED
[jjohansen] ipc regression tests: DONE
[jdstrand] study current dbus implementation: DONE
[jdstrand] review dbus/selinux implementation: DONE
[jdstrand] define test cases for dbus mediation: DONE
[jdstrand] implement test cases for dbus mediation: INPROGRESS
[jjohansen] dbus patch for apparmor mediation: DONE
[jdstrand] integrate dbus mediation into Ubuntu: POSTPONED

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.