Mediation of processes that acquire well-known names

Mediation of processes that acquire well-known names

When an AppArmor confined process wants to acquire a well-known name, a
check is performed to see if the action should be allowed.

The check is based on the connection's label, the bus type, and the name
being requested.

An example AppArmor rule that would allow the name
"com.example.ExampleName" to be acquired on the system bus would be:

  dbus bind bus=system name=com.example.ExampleName,

To let a process acquire any name on any bus, the rule would be:

  dbus bind,

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: John Johansen <john.johansen@canonical.com>
[tyhicks: Use BusAppArmorConfinement, bug fixes, cleanup, commit msg]
[tyhicks: initialize reserved area at the start of the query string]
[tyhicks: Use empty string for NULL bustypes when building queries]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>