Merge lp:~mardy/signon-apparmor-extension/lp1415492-rtm into lp:~online-accounts/signon-apparmor-extension/rtm-14.09

Proposed by Alberto Mardegan on 2015-02-05
Status: Merged
Approved by: Alberto Mardegan on 2015-02-11
Approved revision: 18
Merged at revision: 18
Proposed branch: lp:~mardy/signon-apparmor-extension/lp1415492-rtm
Merge into: lp:~online-accounts/signon-apparmor-extension/rtm-14.09
Diff against target: 72 lines (+7/-24)
2 files modified
src/access-control-manager.cpp (+6/-21)
tests/tst_extension.cpp (+1/-3)
To merge this branch: bzr merge lp:~mardy/signon-apparmor-extension/lp1415492-rtm
Reviewer Review Type Date Requested Status
Alberto Mardegan (community) Approve on 2015-02-11
Review via email: mp+248736@code.launchpad.net

Commit message

Treat p2p clients as unconfined

Description of the change

Treat p2p clients as unconfined

To post a comment you must log in.
Alberto Mardegan (mardy) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'src/access-control-manager.cpp'
2--- src/access-control-manager.cpp 2014-10-02 13:54:26 +0000
3+++ src/access-control-manager.cpp 2015-02-05 12:03:05 +0000
4@@ -25,10 +25,9 @@
5 #include <QDBusMessage>
6 #include <QDebug>
7 #include <QStringList>
8-#include <dbus/dbus.h>
9 #include <sys/apparmor.h>
10
11-static const char keychainAppId[] = "SignondKeychain";
12+static const char keychainAppId[] = "unconfined";
13
14 AccessReply::AccessReply(const SignOn::AccessRequest &request,
15 QObject *parent):
16@@ -72,29 +71,15 @@
17 QString AccessControlManager::appIdOfPeer(const QDBusConnection &peerConnection,
18 const QDBusMessage &peerMessage)
19 {
20+ Q_UNUSED(peerConnection);
21+
22 QString uniqueConnectionId = peerMessage.service();
23 QString appId;
24
25 if (uniqueConnectionId.isEmpty()) {
26- /* it's a p2p connection; get the fd of the socket, and ask apparmor to
27- * identify the peer. */
28- DBusConnection *connection =
29- (DBusConnection *)peerConnection.internalPointer();
30- int fd = 0;
31- dbus_bool_t ok = dbus_connection_get_unix_fd(connection, &fd);
32- if (Q_LIKELY(ok)) {
33- char *con = NULL, *mode = NULL;
34- int ret = aa_getpeercon(fd, &con, &mode);
35- if (Q_LIKELY(ret >= 0)) {
36- appId = QString::fromUtf8(con);
37- qDebug() << "App ID:" << appId;
38- free(con);
39- } else {
40- qWarning() << "Couldn't get apparmor profile of peer";
41- }
42- } else {
43- qWarning() << "Couldn't get fd of caller!";
44- }
45+ /* it's a p2p connection; we treat the peer as "unconfined" */
46+ qDebug() << "Client connected via P2P socket; treating as unconfined";
47+ appId = "unconfined";
48 } else {
49 QDBusMessage msg =
50 QDBusMessage::createMethodCall("org.freedesktop.DBus",
51
52=== modified file 'tests/tst_extension.cpp'
53--- tests/tst_extension.cpp 2014-10-02 13:54:26 +0000
54+++ tests/tst_extension.cpp 2015-02-05 12:03:05 +0000
55@@ -122,8 +122,6 @@
56 QDBusMessage msg =
57 QDBusMessage::createMethodCall("", "/", "my.interface", "hi");
58 QString appId = m_acm->appIdOfPeer(m_p2pConnection, msg);
59- /* At the moment, AppArmor doesn't implement the
60- * GetConnectionAppArmorSecurityContext method, so expect an error. */
61 QCOMPARE(appId, QStringLiteral("unconfined"));
62 }
63
64@@ -132,7 +130,7 @@
65 /* forge a QDBusMessage */
66 setMockedProfile("com.ubuntu.myapp_myapp_0.2");
67 QDBusMessage msg =
68- QDBusMessage::createMethodCall("", "/", "my.interface", "hi");
69+ QDBusMessage::createMethodCall(":0.1", "/", "my.interface", "hi");
70 bool allowed = m_acm->isPeerAllowedToAccess(m_busConnection, msg,
71 "anyContext");
72 QVERIFY(!allowed);

Subscribers

People subscribed via source and target branches