-
Notifications
You must be signed in to change notification settings - Fork 562
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
i/prompting: add constraints and abstract permissions #13850
i/prompting: add constraints and abstract permissions #13850
Commits on May 2, 2024
-
i/prompting: add constraints and abstract permissions
Signed-off-by: Oliver Calder <oliver.calder@canonical.com> i/prompting: added function to select one interface Multiple interfaces may be included in the tag in the kernel message, and the listener passes these on to the other prompting components. This PR adds a function to decide which of those interfaces to use in prompt requests and rules. Rules only apply to a particular interface, and we don't want duplicate rules, so we must choose one interface from the list provided by the listener which we use for the prompting requests and rules associated with the listener request. It is rather arbitrary which interfaces should have priority, and in many cases interfaces do not have overlapping permissions, but we should nonetheless manually assign a priority to any interface for which we enable prompting. Any request with only interfaces which are not explicitly included in the list will be treated as having interface "other", as will any request with an empty interfaces list. Signed-off-by: Oliver Calder <oliver.calder@canonical.com> i/prompting: add "constraints" field to rules and replies Adds a "constraints" field to request rules and other related structure, such as prompt replies. These constraints vary by interface, with some interfaces supporting different permissions than others, some interfaces supporting different constraints on path patterns (or non-path resources), and possibly future extensions in the future. The idea behind constraints is to allow these interface-specific variations in the future. Addionally, there are some changes to behavior which are introduced alongside the constraints changes: 1. Constraints (formerly permissions lists) are no longer duplicated when creating rules, to avoid unnecessary memory allocations. 2. Permissions are removed from constraints (formerly permission lists) in-place, rather than by creating a new list, again to avoid unnecessary memory allocations, so constraints should never be shared or reused between multiple rules. 3. Prompt reply fields are validated *before* sending back a reply to the kernel, and if any fields are invalid, or the reply constraints do not match the original request, a reply is not sent. Signed-off-by: Oliver Calder <oliver.calder@canonical.com> i/prompting: abstract apparmor permissions Convert AppArmor permissions into abstract permission strings, where the available permissions are dependent on the interface associated with the prompt or rule. This allows greater flexibility to accept requests with new interfaces and/or new mediation classes from the kernel without changing the user-facing API (at least, regarding permissions), and with minimal internal code changes. In particular, the functions for parsing request permissions from AppArmor are modular, and all that is required to add a new interface with an existing mediation class is to add the mappings from abstract to AppArmor permissions. Additionally, reorganized and added more unit tests to increase coverage. Signed-off-by: Oliver Calder <oliver.calder@canonical.com> o/i/a/common: unexport unused exported function Signed-off-by: Oliver Calder <oliver.calder@canonical.com> i/prompting: small refactors and quote variables in error messages Signed-off-by: Oliver Calder <oliver.calder@canonical.com> i/prompting: mark constraints fields as omitempty Signed-off-by: Oliver Calder <oliver.calder@canonical.com> i/prompting: move constraints and abstract permissions to interfaces/prompting Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for a27a815 - Browse repository at this point
Copy the full SHA a27a815View commit details -
i/prompting: remove SelectSingleInterface and references to camera in…
…terface Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for fc39dc7 - Browse repository at this point
Copy the full SHA fc39dc7View commit details -
i/prompting: removed switches for handlers based on interface name
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 0c219e9 - Browse repository at this point
Copy the full SHA 0c219e9View commit details -
i/prompting: use *time.Time for expiration
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 1372e6e - Browse repository at this point
Copy the full SHA 1372e6eView commit details -
i/prompting: simplify RemovePermission
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for c074e1a - Browse repository at this point
Copy the full SHA c074e1aView commit details -
i/prompting: renamed AbstractPermissionsFromList to ValidatePermissions
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 73baf0c - Browse repository at this point
Copy the full SHA 73baf0cView commit details -
i/prompting: remove ValidateConstraintsOutcomeLifespan* functions
`ValidateConstraintsOutcomeLifespanExpiration` should be replaced by a `Validate` method on the forthcoming `RequestRule` type, while `ValidateConstraintsOutcomeLifespanDuration` should be unnecessary, since validation of outcomes and lifespans will occur during unmarshalling, and converting from duration to expiration should be done explicitly when necessary. Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 97d24b4 - Browse repository at this point
Copy the full SHA 97d24b4View commit details -
i/prompting: assume file permissions in AbstractPermissions{To,From}A…
…ppArmorPermissions Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 85e2e59 - Browse repository at this point
Copy the full SHA 85e2e59View commit details -
i/prompting: adjust abstract permission error messages
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for e8b25f8 - Browse repository at this point
Copy the full SHA e8b25f8View commit details -
i/prompting: use separate test suite for constraints
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 59aeeb6 - Browse repository at this point
Copy the full SHA 59aeeb6View commit details