touch-packages team mailing list archive

Thread
Date

[Bug 1381713] Re: Support policy query interface for file

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: James Henstridge <james.henstridge@xxxxxxxxxxxxx>
Date: Thu, 11 Jun 2015 15:22:04 -0000
Reply-to: Bug 1381713 <1381713@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

So I gave (2) by creating a symlink in a folder that a particular
profile was could access to a file in folder it didn't have access to.
The query_file utility attached to this bug said I was allowed access to
the symlink.

So I think we need a bit more guidance on how to use this interface
safely.  I guess a call to realpath() could help with the symlink issue,
but the issue of races if we're separating the access check from the use
of the resource.  Do we just decide that this isn't a problem worth
solving, or is there some other way to use this API that I'm not seeing?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1381713

Title:
  Support policy query interface for file

Status in AppArmor Linux application security framework:
  Triaged
Status in Media Hub:
  New
Status in Media Scanner v2:
  New
Status in Thumbnail generator for all kinds of files:
  New
Status in apparmor package in Ubuntu:
  Fix Released

Bug description:
  This bug tracks the work needed to support querying if a label can
  access a file. This is particularly useful with trusted helpers where
  an application requests access to a file and the trusted helper does
  something with it. For example, on Ubuntu when an app wants to play a
  music file, it (eventually) goes through the media-hub service. The
  media-hub service should be able to query if the app's policy has
  access to the file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1381713/+subscriptions