Saturday, December 24, 2011

AppArmor D-Bus Mediations

Looking like the SELinux but less boring, the AppArmor is a Linux security module (LSM) which provides mandatory access control (MAC). The first distro to adopt the utilization of AppArmor was SUSE in SUSE Linux Enterprise Server 10 and in openSUSE 10.1. It is part of Ubuntu since the version 8.04 and the adoption increase version to version since more profiles are created.

Other software that is part of more and more applications each day is the D-Bus, adopted by GNOME and KDE as an inter-process communication mechanism, the usage of D-Bus allows the communication between different applications. It is used, for example, to provide the communication between a software Core with the UI. Due to the nature of the communication of certain applications (sensible data) is indispensable to have some control about who can acquire some interface or who can listen or send some message.

D-Bus daemon has support to mediate SELinux messages and there is also a D-Bus internal mechanism that has some control over the use of the bus, but none of this is related to AppArmor. There are some experiments that show that it is possible however the necessary patches (Kernel, libapparmor and D-Bus daemon) were not submitted to be part of the respective projects, as explained in the earlier post.

The patches on the experiment enable apparmor parser to understand the tag dbus, as illustrated on the example bellow (line 15). More information about the experiment and the syntax of the file can be seen in: https://lists.ubuntu.com/archives/apparmor/2011-September/001541.html

/home/zimmerle/hello.py flags=(complain) {
#include <abstractions/base>

/usr/bin/python2.7 ix,
/usr/include/python2.7/pyconfig.h r,
/usr/local/lib/python2.7/dist-packages/ r,
/usr/share/pyshared/PIL.pth r,
/usr/share/pyshared/lazr.restfulclient-0.11.2-nspkg.pth r,
/usr/share/pyshared/lazr.uri-1.0.2-nspkg.pth r,
/usr/share/pyshared/pygst.pth r,
/usr/share/pyshared/pygtk.pth r,
/usr/share/pyshared/ubuntu-sso-client.pth r,
/usr/share/pyshared/ubuntuone-client.pth r,

dbus bar.foo.hello acquire,
}

In order to ensure the functionality of the suggestion made in the post: D-Bus Loadable security module support, I decided to modify the AppArmor D-Bus daemon patches to make them compatible with the suggested model. And it is working like a charm.

The code of the current experiment can be fetched from:

http://cgit.collabora.com/git/user/zimmerle/dbus-apparmor-lsm.git/

Note that in this experiment I had to use the D-Bus internal functions/headers. I made little hacks in order to get it working but apparently, this is a good way to go.