Skip to content

Restrict access to onionkit via D-Bus

The new backend of Tails Server, onionkit, is accessed via D-Bus. We don’t want unauthorized programs to be able to access onionkit, because it allows performing privileged actions (e.g. starting and stopping services) and gives access to sensitive information (e.g. onion addresses and server passwords).

The polkit currently shipped in Debian Stretch and Buster only allows creating rules based on unix usernames and groups, because it still uses the old-style .pkla rules. So polkit can be used to restrict access to amnesia, but we also don’t want all programs running as amnesia to be able to access onionkit.

The new JavaScript based .rules would allow more fine-grained access control, for example by using the program name (action.lookup("program")).

Parent Task: #5688

Original created by @segfault on 15299 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information