[apparmor] [SROS] Reuse of ApprArmor’s utils python library?

ruffsl roxfoxpox at gmail.com
Mon Mar 6 18:40:09 UTC 2017 

Hello AppArmor community,

We are a few developers for SROS, a project geared towards securing the
Robotic Operating System [1]. We’d like to inquire about some of the inner
workings of ApprArmor’s utils python library [2] for several aspects:
security event logging, policy profile syntax parsing, and logprof/genprof
CLI tools.

Currently we are in the stages of prototyping levels of access control for
the computation graph in ROS. Distributed communication between nodes in
the graph are done through exchanges via message topics, services, and
parameters within a namespace reference frame. To control access within the
graph, i.e. which nodes can

   -

   publish/subscribe to a topic
   -

   advertise/call a service
   -

   read/write a parameter


We are currently developing features to enable ROS users to specify these
policies into the underlying protocol. In addition we’d like to make it
simple to generate policies via learning by demonstration or auditing
logged events, as well as provide a simple set of CLI tools much like
apparmor has now for amending policies.

To do this, we’d like to see what amount of apparmor utility code could be
reused, what sections of the code base may be most applicable, and perhaps
if any common core functions could be shared. We'd like the idea of code
reuse here, as there is much security policy oriented features, syntax, and
unittests we would like to mirror for our own middleware for robotic
systems. So if you’d be willing, we’d like to start a dialogue and find
what we can learn from your community.

Thank you,

Ruffin White and Gianluca Caiazza

[1] http://www.ros.org/

[2] http://bazaar.launchpad.net/~apparmor-dev/apparmor/2.10/file
s/head:/utils/

P.S. I suppose it's been a while, but a couple months ago we sent out audit
request for our AppArmor profile for ROS. I believe the audit is still open
for for suggestions and recommendations, your feedback and expertise is
really appreciated.

https://lists.ubuntu.com/archives/apparmor/2016-June/009785.html

https://github.com/ros-infrastructure/apparmor_profiles/issues/1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170306/93fd69ca/attachment.html>

More information about the AppArmor mailing list