touch-packages team mailing list archive

Thread
Date

[Bug 1381713] Re: Support policy query interface for file

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: John Johansen <john.johansen@xxxxxxxxxxxxx>
Date: Wed, 27 May 2015 18:38:07 -0000
Reply-to: Bug 1381713 <1381713@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Attached is a example program that builds a file query string.

to build
  gcc -o query_file query_file.c -l apparmor

to use
  query_file <profile_name> file1 file2 file3 ...

eg.
  > ./query_file firefox /tmp  /tmp/
  read '/tmp' denied
  read '/tmp/' allowed


** Attachment added: "example program querying file permission access"
   https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1381713/+attachment/4405699/+files/query_file.c

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1381713

Title:
  Support policy query interface for file

Status in AppArmor Linux application security framework:
  Triaged
Status in apparmor package in Ubuntu:
  Fix Released

Bug description:
  This bug tracks the work needed to support querying if a label can
  access a file. This is particularly useful with trusted helpers where
  an application requests access to a file and the trusted helper does
  something with it. For example, on Ubuntu when an app wants to play a
  music file, it (eventually) goes through the media-hub service. The
  media-hub service should be able to query if the app's policy has
  access to the file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1381713/+subscriptions