diff options
author | Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2020-02-21 16:37:55 +0100 |
---|---|---|
committer | Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2020-02-21 16:37:55 +0100 |
commit | df4ed283e18f3dfe9f42f0012b12cb0af57bcdbb (patch) | |
tree | 40ad4b148e24c47d319bbbd23bbfc4af75a36e94 /meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0005-Perform-Cynara-runtime-policy-checks-by-default.patch | |
parent | d40e55dbb362c455f0ee863b23c21ac2628cf3f8 (diff) | |
parent | 47aa65ba73e1b29459171de24fb0ee0040cbb39c (diff) |
Merge remote-tracking branch 'agl/next'
* agl/next:
meta-agl-bsp: Add CONFIG_LSM workaround for 5.1+ kernels
meta-agl-profile-cluster-qt5: disable qtbase patches
zeus updates for dragonboard-410c
meta-security: activates dbus-cynagora
recipes-graphics/wayland/weston: Expose weston_output_damage()
meta-agl-profile-core: tweak udisks2 configuration for AGL
meta-agl-bsp/meta-arago: update weston bbappend
[RCAR] Update rcar driver weston 7 bsp 3.21.0
[RCAR] Update rcar driver weston 7 bsp 3.21.0
[RCAR] Split ADSP path for ulcb and ulcb-kf
Fix nss-localuser post install
meta-agl-bsp: meta-raspberrypi: handle zeus upgrade
meta-agl-profile-core: add patch for systemd-udevd SECLABEL crash
meta-security: disable dbus-cynara patches
meta-agl-bsp: handle ptest-runner upgrade
meta-agl-distro: Add inc file for next branch over-rides
meta-agl-distro: BBMASK problematic upstream meta-security bbappend
meta-agl-distro: prefer linux-yocto 4.19 LTS kernel
meta-agl-profile-graphical-qt5: enable qt5location services
meta-agl-profile-core: update most recipe
meta-agl-profile-core: update neardal recipe
Update base local.conf.sample
meta-agl-profile-graphical: don't always build agl-compositor
meta-agl-profile-graphical: update weston and weston-init
meta-agl-profile-graphical: update wayland-ivi-extension for weston 7.0.0
meta-agl-distro: add polkit to DISTRO_FEATURES
meta-agl-profile-core: update fontconfig bbappend
meta-agl-profile-core: switch to udisks2
meta-security: handle systemd upgrade
meta-agl-profile-graphical-qt5: handle qtwayland upgrade
meta-agl-profile-core: handle freetype upgrade
meta-agl-bsp meta-agl-profile-core: upgrade to opencv 4.x
meta-agl-profile-core: update rtl-sdr recipe for zeus
meta-security meta-app-framework: handle xmlsec1 upgrade
meta-agl-profile-graphical: upgrade to gstreamer 1.16
meta-agl-profile-core: remove libmicrohttpd backport
meta-agl-profile-core: remove backported curl and nghttp2 recipes
meta-agl-profile-core: remove libnfc recipe
meta-agl-profile-core: remove connman backport
meta-agl-profile-graphical: remove weston 5.0.0 patches
meta-agl-profile-core: remove old glibc patch
meta-agl-bsp/meta-intel: remove linux-firmware_git.bbappend
meta-agl-bsp: remove weston and wayland-protocols backports
meta-app-framework: remove libzip recipe
meta-security: remove keyutils recipe
Declare layer compatibility with zeus
Change-Id: Ie8ee1e37958279e7cf2d503c54ffacb46ba0c31c
Diffstat (limited to 'meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0005-Perform-Cynara-runtime-policy-checks-by-default.patch')
-rw-r--r-- | meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0005-Perform-Cynara-runtime-policy-checks-by-default.patch | 180 |
1 files changed, 180 insertions, 0 deletions
diff --git a/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0005-Perform-Cynara-runtime-policy-checks-by-default.patch b/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0005-Perform-Cynara-runtime-policy-checks-by-default.patch new file mode 100644 index 000000000..5f7e96a3b --- /dev/null +++ b/meta-security/recipes-core/dbus-cynagora/dbus-cynagora/0005-Perform-Cynara-runtime-policy-checks-by-default.patch @@ -0,0 +1,180 @@ +From 1f7ba56c9ced669951061d13b06e31d96a170e37 Mon Sep 17 00:00:00 2001 +From: Jacek Bukarewicz <j.bukarewicz@samsung.com> +Date: Tue, 23 Jun 2015 11:08:48 +0200 +Subject: [PATCH 5/8] Perform Cynara runtime policy checks by default +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This change introduces http://tizen.org/privilege/internal/dbus privilege +which is supposed to be available only to trusted system resources. +Checks for this privilege are used in place of certain allow rules to +make security policy more strict. + +For system bus sending and receiving signals now requires +http://tizen.org/privilege/internal/dbus privilege. Requesting name +ownership and sending methods is still denied by default. + +For session bus http://tizen.org/privilege/internal/dbus privilege +is now required for requesting name, calling methods, sending and receiving +signals. + +Services are supposed to override these default settings to implement their +own security policy. + +Cherry picked from e8610297cf7031e94eb314a2e8c11246f4405403 by Jose Bollo + +Updated for dbus 1.10.20 by Scott Murray and José Bollo + +Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com> +Signed-off-by: José Bollo <jose.bollo@iot.bzh> +Signed-off-by: Scott Murray <scott.murray@konsulko.com> +--- + bus/activation.c | 42 ++++++++++++++++++++++++++---------------- + bus/session.conf.in | 32 ++++++++++++++++++++++++++------ + bus/system.conf.in | 19 +++++++++++++++---- + 3 files changed, 67 insertions(+), 26 deletions(-) + +diff --git a/bus/activation.c b/bus/activation.c +index d4b597c..8aabeaa 100644 +--- a/bus/activation.c ++++ b/bus/activation.c +@@ -1840,22 +1840,32 @@ bus_activation_activate_service (BusActivation *activation, + } + + if (auto_activation && +- entry != NULL && +- BUS_RESULT_TRUE != bus_context_check_security_policy (activation->context, +- transaction, +- connection, /* sender */ +- NULL, /* addressed recipient */ +- NULL, /* proposed recipient */ +- activation_message, +- entry, +- error, +- NULL)) +- { +- _DBUS_ASSERT_ERROR_IS_SET (error); +- _dbus_verbose ("activation not authorized: %s: %s\n", +- error != NULL ? error->name : "(error ignored)", +- error != NULL ? error->message : "(error ignored)"); +- return FALSE; ++ entry != NULL) ++ { ++ BusResult result; ++ ++ result = bus_context_check_security_policy (activation->context, ++ transaction, ++ connection, /* sender */ ++ NULL, /* addressed recipient */ ++ NULL, /* proposed recipient */ ++ activation_message, ++ entry, ++ error, ++ NULL); ++ if (result == BUS_RESULT_FALSE) ++ { ++ _DBUS_ASSERT_ERROR_IS_SET (error); ++ _dbus_verbose ("activation not authorized: %s: %s\n", ++ error != NULL ? error->name : "(error ignored)", ++ error != NULL ? error->message : "(error ignored)"); ++ return FALSE; ++ } ++ if (result == BUS_RESULT_LATER) ++ { ++ /* TODO */ ++ _dbus_verbose ("ALERT FIX ME!!!!!!!!!!!!!!!"); ++ } + } + + /* Bypass the registry lookup if we're auto-activating, bus_dispatch would not +diff --git a/bus/session.conf.in b/bus/session.conf.in +index affa7f1..157dfb4 100644 +--- a/bus/session.conf.in ++++ b/bus/session.conf.in +@@ -27,12 +27,32 @@ + <standard_session_servicedirs /> + + <policy context="default"> +- <!-- Allow everything to be sent --> +- <allow send_destination="*" eavesdrop="true"/> +- <!-- Allow everything to be received --> +- <allow eavesdrop="true"/> +- <!-- Allow anyone to own anything --> +- <allow own="*"/> ++ <!-- By default clients require internal/dbus privilege to communicate ++ with D-Bus services and to claim name ownership. This is internal privilege that ++ is only accessible to trusted system services --> ++ <check own="*" privilege="http://tizen.org/privilege/internal/dbus" /> ++ <check send_type="method_call" privilege="http://tizen.org/privilege/internal/dbus" /> ++ <check send_type="signal" privilege="http://tizen.org/privilege/internal/dbus" /> ++ <check receive_type="signal" privilege="http://tizen.org/privilege/internal/dbus" /> ++ ++ <!-- Reply messages (method returns, errors) are allowed ++ by default --> ++ <allow send_requested_reply="true" send_type="method_return"/> ++ <allow send_requested_reply="true" send_type="error"/> ++ ++ <!-- All messages but signals may be received by default --> ++ <allow receive_type="method_call"/> ++ <allow receive_type="method_return"/> ++ <allow receive_type="error"/> ++ ++ <!-- Allow anyone to talk to the message bus --> ++ <allow send_destination="org.freedesktop.DBus"/> ++ <allow receive_sender="org.freedesktop.DBus"/> ++ ++ <!-- But disallow some specific bus services --> ++ <deny send_destination="org.freedesktop.DBus" ++ send_interface="org.freedesktop.DBus" ++ send_member="UpdateActivationEnvironment"/> + </policy> + + <!-- Include legacy configuration location --> +diff --git a/bus/system.conf.in b/bus/system.conf.in +index f139b55..19d0c04 100644 +--- a/bus/system.conf.in ++++ b/bus/system.conf.in +@@ -50,17 +50,20 @@ + <deny own="*"/> + <deny send_type="method_call"/> + +- <!-- Signals and reply messages (method returns, errors) are allowed ++ <!-- By default clients require internal/dbus privilege to send and receive signaks. ++ This is internal privilege that is only accessible to trusted system services --> ++ <check send_type="signal" privilege="http://tizen.org/privilege/internal/dbus" /> ++ <check receive_type="signal" privilege="http://tizen.org/privilege/internal/dbus" /> ++ ++ <!-- Reply messages (method returns, errors) are allowed + by default --> +- <allow send_type="signal"/> + <allow send_requested_reply="true" send_type="method_return"/> + <allow send_requested_reply="true" send_type="error"/> + +- <!-- All messages may be received by default --> ++ <!-- All messages but signals may be received by default --> + <allow receive_type="method_call"/> + <allow receive_type="method_return"/> + <allow receive_type="error"/> +- <allow receive_type="signal"/> + + <!-- Allow anyone to talk to the message bus --> + <allow send_destination="org.freedesktop.DBus" +@@ -69,6 +72,14 @@ + send_interface="org.freedesktop.DBus.Introspectable"/> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Properties"/> ++ <!-- If there is a need specific bus services could be protected by Cynara as well. ++ However, this can lead to deadlock during the boot process when such check is made and ++ Cynara is not yet activated (systemd calls protected method synchronously, ++ dbus daemon tries to consult Cynara, Cynara waits for systemd activation). ++ Therefore it is advised to allow root processes to use bus services. ++ Currently anyone is allowed to talk to the message bus --> ++ <allow receive_sender="org.freedesktop.DBus"/> ++ + <!-- But disallow some specific bus services --> + <deny send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus" +-- +2.21.1 + |