[apparmor] dbus/pair address rule encoding

[John Johansen]

On 05/09/2013 07:16 AM, Christian Boltz wrote:
> Hello,
> 
> Am Mittwoch, 8. Mai 2013 schrieb John Johansen:
>> On 05/08/2013 05:23 PM, Tyler Hicks wrote:
>>> On 2013-05-08 14:43:59, John Johansen wrote:
>>> The arrow notation make sense in this example, but I just realized
>>> how confusing it is if we need to specify the receive permission
>>> instead of send:
>>>
>>>   dbus name=foo.com -> name=bar.com receive,
>>>
>>> That rule allows foo.com to receive a message from bar.com but the
>>> arrow is backwards from what the rule actually does.
>>>
>>> I know we talked about using 'peer' or '|' instead of '->' and I
>>> thought that '->' looked the best, but now I'm thinking that it
>>> might be the most confusing of the options that we discussed. :/
>>
>> I am open to suggestions
>>
>> <-
>> <->
>>
>> or maybe the different symbols depending on the perm?
> 
> What about fixing the syntax instead? ;-)
> 
> If I understand you right, the current syntax is
>     dbus name=receiver.com -> name=sender.com receive,
> 
> Independent on the arrow, it looks confusing to me because the receiver 
> is mentioned first.
> 
> Could we just switch it to the way that is also used for send? 
> I'd propose
>     dbus name=sender.com -> name=receiver.com receive,
> 
> Advantages are:
> - we can keep the arrow
> - same order for send and receive (s/receive,/send,/ and you have the 
>   rule for the sending program)
>

Well this doesn't fix the syntax because we have

  dbus name=receiver.con acquire,

  dbus name=receiver.com -> name=sender.com send,
  dbus name=receiver.com -> name=sender.com (send, receive),

  dbus -> name=sender.com receive,

  dbus name=receiver.com receive,

  dbus receive,