[patch] Improved D-BUS SELinux mediation

Hi,

The attached patch improves on the previous patch sent to the D-BUS list for also having D-BUS check service labels for the send_msg permission. One problem I ran into is that send_msg also mediates reply messages; so in order to have a domain just reply to a sent message, it needs the general send_msg back to the sender domain, as well as the service domain. The solution is to add a separate "reply" access vector. D-BUS will check that permission if a message is in reply to a known sent message, otherwise it will use "send_msg".

While I was changing the access vectors, I thought I would go ahead and add an "activate_svc" vector too (and add the requisite check in the DBUS  code). The long term plan I think is to use D-BUS for system service activation too, and it seems undesirable for e.g. CUPS to have the permission to activate your mail server (which could have other side effects like binding to ports, etc).

The patch to D-BUS is first, and the patch to the Flask access_vectors follows.

I'll be working on a patch to update the policy itself to handle these new changes soon, along with labeling all the services we currently use.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.



text/x-patch attachment: dbus-selinux-more-mediation.patch__charset_UTF-8



text/x-patch attachment: selinux-dbus-access-vectors.patch__charset_UTF-8