Restrict access to onionkit via D-Bus
The new backend of Tails Server, onionkit, is accessed via D-Bus. We don’t want unauthorized programs to be able to access onionkit, because it allows performing privileged actions (e.g. starting and stopping services) and gives access to sensitive information (e.g. onion addresses and server passwords).
The polkit currently shipped in Debian Stretch and Buster only allows
creating rules based on unix usernames and groups, because it still uses
the old-style .pkla
rules. So polkit can be used to restrict access to
amnesia
, but we also don’t want all programs running as amnesia
to
be able to access onionkit.
The new JavaScript based .rules
would allow more fine-grained access
control, for example by using the program name
(action.lookup("program")
).
Parent Task: #5688
Original created by @segfault on 15299 (Redmine)