1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
2 * apparmor.c AppArmor security checks for D-Bus
6 * Copyright © 2014-2015 Canonical, Ltd.
8 * Licensed under the Academic Free License version 2.1
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
31 #include <dbus/dbus-internals.h>
32 #include <dbus/dbus-string.h>
39 #include <sys/apparmor.h>
41 #include <sys/types.h>
47 #endif /* HAVE_LIBAUDIT */
49 #include "activation.h"
51 #include "connection.h"
54 /* Store the value telling us if AppArmor D-Bus mediation is enabled. */
55 static dbus_bool_t apparmor_enabled = FALSE;
63 /* Store the value of the AppArmor mediation mode in the bus configuration */
64 static AppArmorConfigMode apparmor_config_mode = APPARMOR_ENABLED;
66 /* The AppArmor context, consisting of a label and a mode. */
67 struct BusAppArmorConfinement
69 int refcount; /* Reference count */
71 char *label; /* AppArmor confinement label */
72 const char *mode; /* AppArmor confinement mode (freed by freeing *label) */
75 static BusAppArmorConfinement *bus_con = NULL;
78 * Callers of this function give up ownership of the *label and *mode
81 * Additionally, the responsibility of freeing *label and *mode becomes the
82 * responsibility of the bus_apparmor_confinement_unref() function. However, it
83 * does not free *mode because libapparmor's aa_getcon(), and libapparmor's
84 * other related functions, allocate a single buffer for *label and *mode and
85 * then separate the two char arrays with a NUL char. See the aa_getcon(2) man
86 * page for more details.
88 static BusAppArmorConfinement*
89 bus_apparmor_confinement_new (char *label,
92 BusAppArmorConfinement *confinement;
94 confinement = dbus_new0 (BusAppArmorConfinement, 1);
95 if (confinement != NULL)
97 confinement->refcount = 1;
98 confinement->label = label;
99 confinement->mode = mode;
106 * Return TRUE on successful check, FALSE on OOM.
107 * Set *is_supported to whether AA has D-Bus features.
110 _bus_apparmor_detect_aa_dbus_support (dbus_bool_t *is_supported)
114 char *aa_securityfs = NULL;
115 dbus_bool_t retval = FALSE;
117 *is_supported = FALSE;
119 if (!_dbus_string_init (&aa_dbus))
122 if (aa_find_mountpoint (&aa_securityfs) != 0)
126 * John Johansen has confirmed that the mainline kernel will not have
127 * the apparmorfs/features/dbus/mask file until the mainline kernel
128 * has AppArmor getpeersec support.
130 if (!_dbus_string_append (&aa_dbus, aa_securityfs) ||
131 !_dbus_string_append (&aa_dbus, "/features/dbus/mask"))
134 /* We need to open() the flag file, not just stat() it, because AppArmor
135 * does not mediate stat() in the apparmorfs. If you have a
136 * dbus-daemon inside an LXC container, with insufficiently broad
137 * AppArmor privileges to do its own AppArmor mediation, the desired
138 * result is that it behaves as if AppArmor was not present; but a stat()
139 * here would succeed, and result in it trying and failing to do full
140 * mediation. https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1238267 */
141 mask_file = open (_dbus_string_get_const_data (&aa_dbus),
142 O_RDONLY | O_CLOEXEC);
145 *is_supported = TRUE;
152 free (aa_securityfs);
153 _dbus_string_free (&aa_dbus);
159 modestr_is_complain (const char *mode)
161 if (mode && strcmp (mode, "complain") == 0)
167 log_message (dbus_bool_t allow, const char *op, DBusString *data)
180 audit_fd = bus_audit_get_fd ();
186 if (!_dbus_string_init (&avc))
189 if (!_dbus_string_append_printf (&avc,
190 "apparmor=\"%s\" operation=\"dbus_%s\" %s\n",
191 mstr, op, _dbus_string_get_const_data (data)))
193 _dbus_string_free (&avc);
197 /* FIXME: need to change this to show real user */
198 audit_log_user_avc_message (audit_fd, AUDIT_USER_AVC,
199 _dbus_string_get_const_data (&avc),
200 NULL, NULL, NULL, getuid ());
201 _dbus_string_free (&avc);
206 #endif /* HAVE_LIBAUDIT */
208 syslog (LOG_USER | LOG_NOTICE, "apparmor=\"%s\" operation=\"dbus_%s\" %s\n",
209 mstr, op, _dbus_string_get_const_data (data));
213 _dbus_append_pair_uint (DBusString *auxdata, const char *name,
216 return _dbus_string_append (auxdata, " ") &&
217 _dbus_string_append (auxdata, name) &&
218 _dbus_string_append (auxdata, "=") &&
219 _dbus_string_append_uint (auxdata, value);
223 _dbus_append_pair_str (DBusString *auxdata, const char *name, const char *value)
225 return _dbus_string_append (auxdata, " ") &&
226 _dbus_string_append (auxdata, name) &&
227 _dbus_string_append (auxdata, "=\"") &&
228 _dbus_string_append (auxdata, value) &&
229 _dbus_string_append (auxdata, "\"");
233 _dbus_append_mask (DBusString *auxdata, uint32_t mask)
235 const char *mask_str;
237 /* Only one permission bit can be set */
238 if (mask == AA_DBUS_SEND)
240 else if (mask == AA_DBUS_RECEIVE)
241 mask_str = "receive";
242 else if (mask == AA_DBUS_BIND)
247 return _dbus_append_pair_str (auxdata, "mask", mask_str);
251 is_unconfined (const char *con, const char *mode)
253 /* treat con == NULL as confined as it is going to result in a denial */
254 if ((!mode && con && strcmp (con, "unconfined") == 0) ||
255 strcmp (mode, "unconfined") == 0)
264 query_append (DBusString *query, const char *buffer)
266 if (!_dbus_string_append_byte (query, '\0'))
269 if (buffer && !_dbus_string_append (query, buffer))
276 build_common_query (DBusString *query, const char *con, const char *bustype)
279 * libapparmor's aa_query_label() function scribbles over the first
280 * AA_QUERY_CMD_LABEL_SIZE bytes of the query string with a private value.
282 return _dbus_string_insert_bytes (query, 0, AA_QUERY_CMD_LABEL_SIZE, 0) &&
283 _dbus_string_append (query, con) &&
284 _dbus_string_append_byte (query, '\0') &&
285 _dbus_string_append_byte (query, AA_CLASS_DBUS) &&
286 _dbus_string_append (query, bustype ? bustype : "");
290 build_service_query (DBusString *query,
295 return build_common_query (query, con, bustype) &&
296 query_append (query, name);
300 build_message_query (DBusString *query,
306 const char *interface,
309 return build_common_query (query, src_con, bustype) &&
310 query_append (query, name) &&
311 query_append (query, dst_con) &&
312 query_append (query, path) &&
313 query_append (query, interface) &&
314 query_append (query, member);
318 build_eavesdrop_query (DBusString *query, const char *con, const char *bustype)
320 return build_common_query (query, con, bustype);
324 set_error_from_query_errno (DBusError *error, int error_number)
326 dbus_set_error (error, _dbus_error_from_errno (error_number),
327 "Failed to query AppArmor policy: %s",
328 _dbus_strerror (error_number));
332 set_error_from_denied_message (DBusError *error,
333 DBusConnection *sender,
334 DBusConnection *proposed_recipient,
335 dbus_bool_t requested_reply,
338 const char *interface,
340 const char *error_name,
341 const char *destination)
343 const char *proposed_recipient_loginfo;
344 const char *unset = "(unset)";
346 proposed_recipient_loginfo = proposed_recipient ?
347 bus_connection_get_loginfo (proposed_recipient) :
350 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
351 "An AppArmor policy prevents this sender from sending this "
352 "message to this recipient; type=\"%s\", "
353 "sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" "
354 "error name=\"%s\" requested_reply=\"%d\" "
355 "destination=\"%s\" (%s)",
357 bus_connection_get_name (sender),
358 bus_connection_get_loginfo (sender),
359 interface ? interface : unset,
360 member ? member : unset,
361 error_name ? error_name : unset,
364 proposed_recipient_loginfo);
366 #endif /* HAVE_APPARMOR */
369 * Do early initialization; determine whether AppArmor is enabled.
370 * Return TRUE on successful check (whether AppArmor is actually
371 * enabled or not) or FALSE on OOM.
374 bus_apparmor_pre_init (void)
377 apparmor_enabled = FALSE;
379 if (!aa_is_enabled ())
382 if (!_bus_apparmor_detect_aa_dbus_support (&apparmor_enabled))
390 bus_apparmor_set_mode_from_config (const char *mode, DBusError *error)
395 if (strcmp (mode, "disabled") == 0)
396 apparmor_config_mode = APPARMOR_DISABLED;
397 else if (strcmp (mode, "enabled") == 0)
398 apparmor_config_mode = APPARMOR_ENABLED;
399 else if (strcmp (mode, "required") == 0)
400 apparmor_config_mode = APPARMOR_REQUIRED;
403 dbus_set_error (error, DBUS_ERROR_FAILED,
404 "Mode attribute on <apparmor> must have value "
405 "\"required\", \"enabled\" or \"disabled\", "
413 if (mode == NULL || strcmp (mode, "disabled") == 0 ||
414 strcmp (mode, "enabled") == 0)
417 dbus_set_error (error, DBUS_ERROR_FAILED,
418 "Mode attribute on <apparmor> must have value \"enabled\" or "
419 "\"disabled\" but cannot be \"%s\" when D-Bus is built "
420 "without AppArmor support", mode);
426 * Verify that the config mode is compatible with the kernel's AppArmor
427 * support. If AppArmor mediation will be enabled, determine the bus
431 bus_apparmor_full_init (DBusError *error)
436 if (apparmor_enabled)
438 if (apparmor_config_mode == APPARMOR_DISABLED)
440 apparmor_enabled = FALSE;
446 if (aa_getcon (&label, &mode) == -1)
448 dbus_set_error (error, DBUS_ERROR_FAILED,
449 "Error getting AppArmor context of bus: %s",
450 _dbus_strerror (errno));
454 bus_con = bus_apparmor_confinement_new (label, mode);
465 if (apparmor_config_mode == APPARMOR_REQUIRED)
467 dbus_set_error (error, DBUS_ERROR_FAILED,
468 "AppArmor mediation required but not present");
471 else if (apparmor_config_mode == APPARMOR_ENABLED)
482 bus_apparmor_shutdown (void)
485 if (!apparmor_enabled)
488 _dbus_verbose ("AppArmor shutdown\n");
490 bus_apparmor_confinement_unref (bus_con);
492 #endif /* HAVE_APPARMOR */
496 bus_apparmor_enabled (void)
499 return apparmor_enabled;
506 bus_apparmor_confinement_unref (BusAppArmorConfinement *confinement)
509 if (!apparmor_enabled)
512 _dbus_assert (confinement != NULL);
513 _dbus_assert (confinement->refcount > 0);
515 confinement->refcount -= 1;
517 if (confinement->refcount == 0)
520 * Do not free confinement->mode, as libapparmor does a single malloc for
521 * both confinement->label and confinement->mode.
523 free (confinement->label);
524 dbus_free (confinement);
530 bus_apparmor_confinement_ref (BusAppArmorConfinement *confinement)
533 if (!apparmor_enabled)
536 _dbus_assert (confinement != NULL);
537 _dbus_assert (confinement->refcount > 0);
539 confinement->refcount += 1;
540 #endif /* HAVE_APPARMOR */
543 BusAppArmorConfinement*
544 bus_apparmor_init_connection_confinement (DBusConnection *connection,
548 BusAppArmorConfinement *confinement;
552 if (!apparmor_enabled)
555 _dbus_assert (connection != NULL);
557 if (!dbus_connection_get_socket (connection, &fd))
559 dbus_set_error (error, DBUS_ERROR_FAILED,
560 "Failed to get socket file descriptor of connection");
564 if (aa_getpeercon (fd, &label, &mode) == -1)
569 dbus_set_error (error, _dbus_error_from_errno (errno),
570 "Failed to get AppArmor confinement information of socket peer: %s",
571 _dbus_strerror (errno));
575 confinement = bus_apparmor_confinement_new (label, mode);
576 if (confinement == NULL)
586 #endif /* HAVE_APPARMOR */
590 * Returns true if the given connection can acquire a service,
591 * using the tasks security context
593 * @param connection connection that wants to own the service
594 * @param bustype name of the bus
595 * @param service_name the name of the service to acquire
596 * @param error the reason for failure when FALSE is returned
597 * @returns TRUE if acquire is permitted
600 bus_apparmor_allows_acquire_service (DBusConnection *connection,
602 const char *service_name,
607 BusAppArmorConfinement *con = NULL;
608 DBusString qstr, auxdata;
609 dbus_bool_t free_auxdata = FALSE;
610 /* the AppArmor API uses pointers to int for pointers to boolean, and
611 * int is not strictly guaranteed to be the same as dbus_bool_t */
612 int allow = FALSE, audit = TRUE;
616 if (!apparmor_enabled)
619 _dbus_assert (connection != NULL);
621 con = bus_connection_dup_apparmor_confinement (connection);
623 if (is_unconfined (con->label, con->mode))
630 if (!_dbus_string_init (&qstr))
633 if (!build_service_query (&qstr, con->label, bustype, service_name))
635 _dbus_string_free (&qstr);
639 res = aa_query_label (AA_DBUS_BIND,
640 _dbus_string_get_data (&qstr),
641 _dbus_string_get_length (&qstr),
643 _dbus_string_free (&qstr);
647 set_error_from_query_errno (error, serrno);
651 /* Don't fail operations on profiles in complain mode */
652 if (modestr_is_complain (con->mode))
656 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
657 "Connection \"%s\" is not allowed to own the service "
658 "\"%s\" due to AppArmor policy",
659 bus_connection_is_active (connection) ?
660 bus_connection_get_name (connection) : "(inactive)",
667 if (!_dbus_string_init (&auxdata))
671 if (!_dbus_append_pair_str (&auxdata, "bus", bustype ? bustype : "unknown"))
674 if (!_dbus_append_pair_str (&auxdata, "name", service_name))
677 if (serrno && !_dbus_append_pair_str (&auxdata, "info", strerror (serrno)))
680 if (!_dbus_append_mask (&auxdata, AA_DBUS_BIND))
683 if (connection && dbus_connection_get_unix_process_id (connection, &pid) &&
684 !_dbus_append_pair_uint (&auxdata, "pid", pid))
687 if (con->label && !_dbus_append_pair_str (&auxdata, "label", con->label))
690 log_message (allow, "bind", &auxdata);
694 bus_apparmor_confinement_unref (con);
696 _dbus_string_free (&auxdata);
700 if (error != NULL && !dbus_error_is_set (error))
707 #endif /* HAVE_APPARMOR */
711 * Check if Apparmor security controls allow the message to be sent to a
712 * particular connection based on the security context of the sender and
713 * that of the receiver. The destination connection need not be the
714 * addressed recipient, it could be an "eavesdropper"
716 * @param sender the sender of the message.
717 * @param proposed_recipient the connection the message is to be sent to.
718 * @param requested_reply TRUE if the message is a reply requested by
720 * @param bustype name of the bus
721 * @param msgtype message type (DBUS_MESSAGE_TYPE_METHOD_CALL, etc.)
722 * @param path object path the message should be sent to
723 * @param interface the type of the object instance
724 * @param member the member of the object
725 * @param error_name the name of the error if the message type is error
726 * @param destination name that the message should be sent to
727 * @param source name that the message should be sent from
728 * @param error the reason for failure when FALSE is returned
729 * @returns TRUE if the message is permitted
732 bus_apparmor_allows_send (DBusConnection *sender,
733 DBusConnection *proposed_recipient,
734 dbus_bool_t requested_reply,
738 const char *interface,
740 const char *error_name,
741 const char *destination,
743 BusActivationEntry *activation_entry,
747 BusAppArmorConfinement *src_con = NULL, *dst_con = NULL;
748 DBusString qstr, auxdata;
749 int src_allow = FALSE, dst_allow = FALSE;
750 int src_audit = TRUE, dst_audit = TRUE;
751 dbus_bool_t free_auxdata = FALSE;
753 int len, res, src_errno = 0, dst_errno = 0;
754 uint32_t src_perm = AA_DBUS_SEND, dst_perm = AA_DBUS_RECEIVE;
755 const char *msgtypestr = dbus_message_type_to_string(msgtype);
756 const char *dst_label = NULL;
757 const char *dst_mode = NULL;
759 if (!apparmor_enabled)
762 /* We do not mediate activation attempts yet. */
763 if (activation_entry != NULL)
766 _dbus_assert (sender != NULL);
768 src_con = bus_connection_dup_apparmor_confinement (sender);
770 if (proposed_recipient)
772 dst_con = bus_connection_dup_apparmor_confinement (proposed_recipient);
774 else if (activation_entry != NULL)
776 dst_label = bus_activation_entry_get_assumed_apparmor_label (activation_entry);
781 bus_apparmor_confinement_ref (dst_con);
786 dst_label = dst_con->label;
787 dst_mode = dst_con->mode;
790 /* map reply messages to initial send and receive permission. That is
791 * permission to receive a message from X grants permission to reply to X.
792 * And permission to send a message to Y grants permission to receive a reply
793 * from Y. Note that this only applies to requested replies. Unrequested
794 * replies still require a policy query.
798 /* ignore requested reply messages and let dbus reply mapping handle them
799 * as the send was already allowed
806 if (is_unconfined (src_con->label, src_con->mode))
813 if (!_dbus_string_init (&qstr))
816 if (!build_message_query (&qstr, src_con->label, bustype, destination,
817 dst_label, path, interface, member))
819 _dbus_string_free (&qstr);
823 res = aa_query_label (src_perm,
824 _dbus_string_get_data (&qstr),
825 _dbus_string_get_length (&qstr),
826 &src_allow, &src_audit);
827 _dbus_string_free (&qstr);
831 set_error_from_query_errno (error, src_errno);
836 /* When deciding whether we can activate a service, we only check that
837 * we are allowed to send a message to it, not that it is allowed to
838 * receive that message from us.
840 if (activation_entry != NULL || is_unconfined (dst_label, dst_mode))
847 if (!_dbus_string_init (&qstr))
850 if (!build_message_query (&qstr, dst_label, bustype, source,
851 src_con->label, path, interface, member))
853 _dbus_string_free (&qstr);
857 res = aa_query_label (dst_perm,
858 _dbus_string_get_data (&qstr),
859 _dbus_string_get_length (&qstr),
860 &dst_allow, &dst_audit);
861 _dbus_string_free (&qstr);
865 set_error_from_query_errno (error, dst_errno);
870 /* Don't fail operations on profiles in complain mode */
871 if (modestr_is_complain (src_con->mode))
873 if (modestr_is_complain (dst_mode))
876 if (!src_allow || !dst_allow)
877 set_error_from_denied_message (error,
888 /* Don't audit the message if one of the following conditions is true:
889 * 1) The AppArmor query indicates that auditing should not happen.
890 * 2) The message is a reply type. Reply message are not audited because
891 * the AppArmor policy language does not have the notion of a reply
892 * message. Unrequested replies will be silently discarded if the sender
893 * does not have permission to send to the receiver or if the receiver
894 * does not have permission to receive from the sender.
896 if ((!src_audit && !dst_audit) ||
897 (msgtype == DBUS_MESSAGE_TYPE_METHOD_RETURN ||
898 msgtype == DBUS_MESSAGE_TYPE_ERROR))
902 if (!_dbus_string_init (&auxdata))
906 if (!_dbus_append_pair_str (&auxdata, "bus", bustype ? bustype : "unknown"))
909 if (path && !_dbus_append_pair_str (&auxdata, "path", path))
912 if (interface && !_dbus_append_pair_str (&auxdata, "interface", interface))
915 if (member && !_dbus_append_pair_str (&auxdata, "member", member))
918 if (error_name && !_dbus_append_pair_str (&auxdata, "error_name", error_name))
921 len = _dbus_string_get_length (&auxdata);
925 if (!_dbus_append_mask (&auxdata, src_perm))
928 if (destination && !_dbus_append_pair_str (&auxdata, "name", destination))
931 if (sender && dbus_connection_get_unix_process_id (sender, &pid) &&
932 !_dbus_append_pair_uint (&auxdata, "pid", pid))
935 if (src_con->label &&
936 !_dbus_append_pair_str (&auxdata, "label", src_con->label))
939 if (proposed_recipient &&
940 dbus_connection_get_unix_process_id (proposed_recipient, &pid) &&
941 !_dbus_append_pair_uint (&auxdata, "peer_pid", pid))
945 !_dbus_append_pair_str (&auxdata, "peer_label", dst_label))
948 if (src_errno && !_dbus_append_pair_str (&auxdata, "info", strerror (src_errno)))
952 !_dbus_append_pair_str (&auxdata, "peer_info", strerror (dst_errno)))
955 log_message (src_allow, msgtypestr, &auxdata);
959 _dbus_string_set_length (&auxdata, len);
961 if (source && !_dbus_append_pair_str (&auxdata, "name", source))
964 if (!_dbus_append_mask (&auxdata, dst_perm))
967 if (proposed_recipient &&
968 dbus_connection_get_unix_process_id (proposed_recipient, &pid) &&
969 !_dbus_append_pair_uint (&auxdata, "pid", pid))
973 !_dbus_append_pair_str (&auxdata, "label", dst_label))
976 if (sender && dbus_connection_get_unix_process_id (sender, &pid) &&
977 !_dbus_append_pair_uint (&auxdata, "peer_pid", pid))
980 if (src_con->label &&
981 !_dbus_append_pair_str (&auxdata, "peer_label", src_con->label))
984 if (dst_errno && !_dbus_append_pair_str (&auxdata, "info", strerror (dst_errno)))
988 !_dbus_append_pair_str (&auxdata, "peer_info", strerror (src_errno)))
991 log_message (dst_allow, msgtypestr, &auxdata);
996 bus_apparmor_confinement_unref (src_con);
998 bus_apparmor_confinement_unref (dst_con);
1000 _dbus_string_free (&auxdata);
1002 return src_allow && dst_allow;
1005 if (error != NULL && !dbus_error_is_set (error))
1006 BUS_SET_OOM (error);
1013 #endif /* HAVE_APPARMOR */
1017 * Check if Apparmor security controls allow the connection to eavesdrop on
1018 * other connections.
1020 * @param connection the connection attempting to eavesdrop.
1021 * @param bustype name of the bus
1022 * @param error the reason for failure when FALSE is returned
1023 * @returns TRUE if eavesdropping is permitted
1026 bus_apparmor_allows_eavesdropping (DBusConnection *connection,
1027 const char *bustype,
1030 #ifdef HAVE_APPARMOR
1031 BusAppArmorConfinement *con = NULL;
1032 DBusString qstr, auxdata;
1033 int allow = FALSE, audit = TRUE;
1034 dbus_bool_t free_auxdata = FALSE;
1036 int res, serrno = 0;
1038 if (!apparmor_enabled)
1041 con = bus_connection_dup_apparmor_confinement (connection);
1043 if (is_unconfined (con->label, con->mode))
1050 if (!_dbus_string_init (&qstr))
1053 if (!build_eavesdrop_query (&qstr, con->label, bustype))
1055 _dbus_string_free (&qstr);
1059 res = aa_query_label (AA_DBUS_EAVESDROP,
1060 _dbus_string_get_data (&qstr),
1061 _dbus_string_get_length (&qstr),
1063 _dbus_string_free (&qstr);
1067 set_error_from_query_errno (error, serrno);
1071 /* Don't fail operations on profiles in complain mode */
1072 if (modestr_is_complain (con->mode))
1076 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1077 "Connection \"%s\" is not allowed to eavesdrop due to "
1079 bus_connection_is_active (connection) ?
1080 bus_connection_get_name (connection) : "(inactive)");
1086 if (!_dbus_string_init (&auxdata))
1088 free_auxdata = TRUE;
1090 if (!_dbus_append_pair_str (&auxdata, "bus", bustype ? bustype : "unknown"))
1093 if (serrno && !_dbus_append_pair_str (&auxdata, "info", strerror (serrno)))
1096 if (!_dbus_append_pair_str (&auxdata, "mask", "eavesdrop"))
1099 if (connection && dbus_connection_get_unix_process_id (connection, &pid) &&
1100 !_dbus_append_pair_uint (&auxdata, "pid", pid))
1103 if (con->label && !_dbus_append_pair_str (&auxdata, "label", con->label))
1106 log_message (allow, "eavesdrop", &auxdata);
1110 bus_apparmor_confinement_unref (con);
1112 _dbus_string_free (&auxdata);
1117 if (error != NULL && !dbus_error_is_set (error))
1118 BUS_SET_OOM (error);
1124 #endif /* HAVE_APPARMOR */