diff options
| author |   José Bollo <jose.bollo@iot.bzh> | 2018-03-27 11:05:46 +0200 |
|---|---|---|
| committer | José Bollo <jose.bollo@iot.bzh> | 2018-04-04 21:19:22 +0200 |
| commit | 1b847a21fac05e88510fe37db63d0d9e4b72e633 (patch) | |
| tree | 2034b132f94888bd7c6c6263a438c3f642183489 /meta-security/recipes-core/dbus-cynara/dbus/0005-Perform-Cynara-runtime-policy-checks-by-default.patch | |
| parent | ea00cb6f79616987d7e3c7e83a6ee01cb73eb170 (diff) | |
dbus-cynara: Avoid dependency loop
The dependency loop appeared when compiling
with DISTRO_FEATURE ptest.
To avoid it, I restore the logic implemented before in
meta-intel-iot-security. I also remove unless files.
Bug-AGL: SPEC-1334
Change-Id: Ibe8b9359a65fec034df2534c5fceb4769e63aa99
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'meta-security/recipes-core/dbus-cynara/dbus/0005-Perform-Cynara-runtime-policy-checks-by-default.patch')
| -rw-r--r-- | meta-security/recipes-core/dbus-cynara/dbus/0005-Perform-Cynara-runtime-policy-checks-by-default.patch | 123 |
1 files changed, 0 insertions, 123 deletions
diff --git a/meta-security/recipes-core/dbus-cynara/dbus/0005-Perform-Cynara-runtime-policy-checks-by-default.patch b/meta-security/recipes-core/dbus-cynara/dbus/0005-Perform-Cynara-runtime-policy-checks-by-default.patch deleted file mode 100644 index d30b2dbf8..000000000 --- a/meta-security/recipes-core/dbus-cynara/dbus/0005-Perform-Cynara-runtime-policy-checks-by-default.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 92a373a6dbb1c7cd7c9824167aac232f3e0daebd Mon Sep 17 00:00:00 2001 -From: Jacek Bukarewicz <j.bukarewicz@samsung.com> -Date: Tue, 23 Jun 2015 11:08:48 +0200 -Subject: [PATCH 5/5] Perform Cynara runtime policy checks by default -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This change introduces http://tizen.org/privilege/internal/dbus privilege -which is supposed to be available only to trusted system resources. -Checks for this privilege are used in place of certain allow rules to -make security policy more strict. - -For system bus sending and receiving signals now requires -http://tizen.org/privilege/internal/dbus privilege. Requesting name -ownership and sending methods is still denied by default. - -For session bus http://tizen.org/privilege/internal/dbus privilege -is now required for requesting name, calling methods, sending and receiving -signals. - -Services are supposed to override these default settings to implement their -own security policy. - -Change-Id: Ifb4a160bf6e0638404e0295a2e4fa3077efd881c -Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com> - -Cherry picked from e8610297cf7031e94eb314a2e8c11246f4405403 by Jose Bollo -Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - bus/session.conf.in | 32 ++++++++++++++++++++++++++------ - bus/system.conf.in | 19 +++++++++++++++---- - 2 files changed, 41 insertions(+), 10 deletions(-) - -diff --git a/bus/session.conf.in b/bus/session.conf.in -index affa7f1d..157dfb4d 100644 ---- a/bus/session.conf.in -+++ b/bus/session.conf.in -@@ -27,12 +27,32 @@ - <standard_session_servicedirs /> - - <policy context="default"> -- <!-- Allow everything to be sent --> -- <allow send_destination="*" eavesdrop="true"/> -- <!-- Allow everything to be received --> -- <allow eavesdrop="true"/> -- <!-- Allow anyone to own anything --> -- <allow own="*"/> -+ <!-- By default clients require internal/dbus privilege to communicate -+ with D-Bus services and to claim name ownership. This is internal privilege that -+ is only accessible to trusted system services --> -+ <check own="*" privilege="http://tizen.org/privilege/internal/dbus" /> -+ <check send_type="method_call" privilege="http://tizen.org/privilege/internal/dbus" /> -+ <check send_type="signal" privilege="http://tizen.org/privilege/internal/dbus" /> -+ <check receive_type="signal" privilege="http://tizen.org/privilege/internal/dbus" /> -+ -+ <!-- Reply messages (method returns, errors) are allowed -+ by default --> -+ <allow send_requested_reply="true" send_type="method_return"/> -+ <allow send_requested_reply="true" send_type="error"/> -+ -+ <!-- All messages but signals may be received by default --> -+ <allow receive_type="method_call"/> -+ <allow receive_type="method_return"/> -+ <allow receive_type="error"/> -+ -+ <!-- Allow anyone to talk to the message bus --> -+ <allow send_destination="org.freedesktop.DBus"/> -+ <allow receive_sender="org.freedesktop.DBus"/> -+ -+ <!-- But disallow some specific bus services --> -+ <deny send_destination="org.freedesktop.DBus" -+ send_interface="org.freedesktop.DBus" -+ send_member="UpdateActivationEnvironment"/> - </policy> - - <!-- Include legacy configuration location --> -diff --git a/bus/system.conf.in b/bus/system.conf.in -index 014f67ee..ebbd468a 100644 ---- a/bus/system.conf.in -+++ b/bus/system.conf.in -@@ -50,23 +50,34 @@ - <deny own="*"/> - <deny send_type="method_call"/> - -- <!-- Signals and reply messages (method returns, errors) are allowed -+ <!-- By default clients require internal/dbus privilege to send and receive signaks. -+ This is internal privilege that is only accessible to trusted system services --> -+ <check send_type="signal" privilege="http://tizen.org/privilege/internal/dbus" /> -+ <check receive_type="signal" privilege="http://tizen.org/privilege/internal/dbus" /> -+ -+ <!-- Reply messages (method returns, errors) are allowed - by default --> -- <allow send_type="signal"/> - <allow send_requested_reply="true" send_type="method_return"/> - <allow send_requested_reply="true" send_type="error"/> - -- <!-- All messages may be received by default --> -+ <!-- All messages but signals may be received by default --> - <allow receive_type="method_call"/> - <allow receive_type="method_return"/> - <allow receive_type="error"/> -- <allow receive_type="signal"/> - - <!-- Allow anyone to talk to the message bus --> - <allow send_destination="org.freedesktop.DBus" - send_interface="org.freedesktop.DBus" /> - <allow send_destination="org.freedesktop.DBus" - send_interface="org.freedesktop.DBus.Introspectable"/> -+ <!-- If there is a need specific bus services could be protected by Cynara as well. -+ However, this can lead to deadlock during the boot process when such check is made and -+ Cynara is not yet activated (systemd calls protected method synchronously, -+ dbus daemon tries to consult Cynara, Cynara waits for systemd activation). -+ Therefore it is advised to allow root processes to use bus services. -+ Currently anyone is allowed to talk to the message bus --> -+ <allow receive_sender="org.freedesktop.DBus"/> -+ - <!-- But disallow some specific bus services --> - <deny send_destination="org.freedesktop.DBus" - send_interface="org.freedesktop.DBus" --- -2.14.3 - |