signon-apparmor-extension

Merge lp:~mardy/signon-apparmor-extension/lp1415492 into lp:signon-apparmor-extension

  1. lp1415492
  2. Merge into trunk
Proposed by Alberto Mardegan
Status: Merged
Approved by: David Barth
Approved revision: 19
Merged at revision: 19
Proposed branch: lp:~mardy/signon-apparmor-extension/lp1415492
Merge into: lp:signon-apparmor-extension
Diff against target: 72 lines (+7/-24)
2 files modified
src/access-control-manager.cpp (+6/-21)
tests/tst_extension.cpp (+1/-3)
To merge this branch: bzr merge lp:~mardy/signon-apparmor-extension/lp1415492
Reviewer Review Type Date Requested Status
PS Jenkins bot (community) continuous-integration Needs Fixing
David Barth (community) Approve
Review via email: mp+247854@code.launchpad.net

Commit message

Treat p2p clients as unconfined

Description of the change

Treat p2p clients as unconfined

To post a comment you must log in.
Revision history for this message
David Barth (dbarth) :
review: Approve
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:19
http://jenkins.qa.ubuntu.com/job/signon-apparmor-extension-ci/15/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/signon-apparmor-extension-vivid-amd64-ci/1/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/signon-apparmor-extension-vivid-armhf-ci/1/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/signon-apparmor-extension-vivid-i386-ci/1/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/signon-apparmor-extension-ci/15/rebuild

review: Needs Fixing (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'src/access-control-manager.cpp'
--- src/access-control-manager.cpp 2014-10-02 13:54:26 +0000
+++ src/access-control-manager.cpp 2015-01-28 15:37:31 +0000
@@ -25,10 +25,9 @@
25#include <QDBusMessage>25#include <QDBusMessage>
26#include <QDebug>26#include <QDebug>
27#include <QStringList>27#include <QStringList>
28#include <dbus/dbus.h>
29#include <sys/apparmor.h>28#include <sys/apparmor.h>
3029
31static const char keychainAppId[] = "SignondKeychain";30static const char keychainAppId[] = "unconfined";
3231
33AccessReply::AccessReply(const SignOn::AccessRequest &request,32AccessReply::AccessReply(const SignOn::AccessRequest &request,
34 QObject *parent):33 QObject *parent):
@@ -72,29 +71,15 @@
72QString AccessControlManager::appIdOfPeer(const QDBusConnection &peerConnection,71QString AccessControlManager::appIdOfPeer(const QDBusConnection &peerConnection,
73 const QDBusMessage &peerMessage)72 const QDBusMessage &peerMessage)
74{73{
74 Q_UNUSED(peerConnection);
75
75 QString uniqueConnectionId = peerMessage.service();76 QString uniqueConnectionId = peerMessage.service();
76 QString appId;77 QString appId;
7778
78 if (uniqueConnectionId.isEmpty()) {79 if (uniqueConnectionId.isEmpty()) {
79 /* it's a p2p connection; get the fd of the socket, and ask apparmor to80 /* it's a p2p connection; we treat the peer as "unconfined" */
80 * identify the peer. */81 qDebug() << "Client connected via P2P socket; treating as unconfined";
81 DBusConnection *connection =82 appId = "unconfined";
82 (DBusConnection *)peerConnection.internalPointer();
83 int fd = 0;
84 dbus_bool_t ok = dbus_connection_get_unix_fd(connection, &fd);
85 if (Q_LIKELY(ok)) {
86 char *con = NULL, *mode = NULL;
87 int ret = aa_getpeercon(fd, &con, &mode);
88 if (Q_LIKELY(ret >= 0)) {
89 appId = QString::fromUtf8(con);
90 qDebug() << "App ID:" << appId;
91 free(con);
92 } else {
93 qWarning() << "Couldn't get apparmor profile of peer";
94 }
95 } else {
96 qWarning() << "Couldn't get fd of caller!";
97 }
98 } else {83 } else {
99 QDBusMessage msg =84 QDBusMessage msg =
100 QDBusMessage::createMethodCall("org.freedesktop.DBus",85 QDBusMessage::createMethodCall("org.freedesktop.DBus",
10186
=== modified file 'tests/tst_extension.cpp'
--- tests/tst_extension.cpp 2014-10-02 13:54:26 +0000
+++ tests/tst_extension.cpp 2015-01-28 15:37:31 +0000
@@ -122,8 +122,6 @@
122 QDBusMessage msg =122 QDBusMessage msg =
123 QDBusMessage::createMethodCall("", "/", "my.interface", "hi");123 QDBusMessage::createMethodCall("", "/", "my.interface", "hi");
124 QString appId = m_acm->appIdOfPeer(m_p2pConnection, msg);124 QString appId = m_acm->appIdOfPeer(m_p2pConnection, msg);
125 /* At the moment, AppArmor doesn't implement the
126 * GetConnectionAppArmorSecurityContext method, so expect an error. */
127 QCOMPARE(appId, QStringLiteral("unconfined"));125 QCOMPARE(appId, QStringLiteral("unconfined"));
128}126}
129127
@@ -132,7 +130,7 @@
132 /* forge a QDBusMessage */130 /* forge a QDBusMessage */
133 setMockedProfile("com.ubuntu.myapp_myapp_0.2");131 setMockedProfile("com.ubuntu.myapp_myapp_0.2");
134 QDBusMessage msg =132 QDBusMessage msg =
135 QDBusMessage::createMethodCall("", "/", "my.interface", "hi");133 QDBusMessage::createMethodCall(":0.1", "/", "my.interface", "hi");
136 bool allowed = m_acm->isPeerAllowedToAccess(m_busConnection, msg,134 bool allowed = m_acm->isPeerAllowedToAccess(m_busConnection, msg,
137 "anyContext");135 "anyContext");
138 QVERIFY(!allowed);136 QVERIFY(!allowed);

Subscribers

People subscribed via source and target branches