touch-packages team mailing list archive

Thread
Date

[Bug 1381713] Re: Support policy query interface for file

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: John Johansen <john.johansen@xxxxxxxxxxxxx>
Date: Sun, 21 Jun 2015 17:50:48 -0000
Reply-to: Bug 1381713 <1381713@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

It is analogous to access, however the set of races is smaller. Only the
privileged MAC admin user can change the policy, where with access a
user may change a files permissions. If you are using this to test
whether you can open a file, in hopes that open() won't deny it, then
yes this is similar to access, in that permissions can change.  If this
is being used by a trusted helper to determine check permissions that it
enforces then it is different in that it is the trusted helper who ends
up enforcing permissions. So it will depend on how/what you are using
the interface for. With a split between kernel policy and user space
decisions there will always be some potential for races; that even
exists in the kernel as opening a file does not guarantee the rights to
continue to access the file, those rights can be revoked by a policy
replacement and subsequent writes or reads could fail.

With that said, yes we recognize the need for an fd based query, and
other improvements to help expand what can be done safely from userspace

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1381713

Title:
  Support policy query interface for file

Status in AppArmor Linux application security framework:
  Triaged
Status in Media Hub:
  New
Status in Media Scanner v2:
  New
Status in Thumbnail generator for all kinds of files:
  Fix Committed
Status in apparmor package in Ubuntu:
  Fix Released

Bug description:
  This bug tracks the work needed to support querying if a label can
  access a file. This is particularly useful with trusted helpers where
  an application requests access to a file and the trusted helper does
  something with it. For example, on Ubuntu when an app wants to play a
  music file, it (eventually) goes through the media-hub service. The
  media-hub service should be able to query if the app's policy has
  access to the file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1381713/+subscriptions