AppArmor extended conditionals work for trusted helpers

Registered by Jamie Strandboge on 2013-04-15

The initial implementation for trusted helpers a) mediates access to the trusted helper DBus server and b) allows the trusted helper to query AppArmor for information (eg, the security label) it can use to make access decisions. This works well enough in the short term, but longer term these types of access decisions often will be better handled in AppArmor itself. Add a limited set of extended conditionals with query interface improvements to support trusted helpers so they can remove their hard-coded policy.

Blueprint information

Status:
Complete
Approver:
Jamie Strandboge
Priority:
Medium
Drafter:
John Johansen
Direction:
Approved
Assignee:
John Johansen
Definition:
Approved
Series goal:
Accepted for saucy
Implementation:
Implemented
Milestone target:
None
Started by
Jamie Strandboge on 2013-04-26
Completed by
Jamie Strandboge on 2013-11-26

Related branches

Sprints

Whiteboard

1. design for generalized extended conditionals (ie beyond what is present for DBus)
2. add (some limited set of) conditionals (TBD)
 * label conditional
3. extend the query interface to support conditionals

(?)

Work Items

Work items for ubuntu-13.05:
[jjohansen] widen the permission set in the kernel: DONE
[jjohansen] map loaded policy to wider set: DONE

Work items for ubuntu-13.06:
[jjohansen] make wider set available in parser (for stacking policy to work): POSTPONED

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.