Restrict access to onionkit via D-Bus
The new backend of Tails Server, onionkit, is accessed via D-Bus. We don’t want unauthorized programs to be able to access onionkit, because it allows performing privileged actions (e.g. starting and stopping services) and gives access to sensitive information (e.g. onion addresses and server passwords).
The polkit currently shipped in Debian Stretch and Buster only allows
creating rules based on unix usernames and groups, because it still uses
.pkla rules. So polkit can be used to restrict access to
amnesia, but we also don’t want all programs running as
be able to access onionkit.
.rules would allow more fine-grained access
control, for example by using the program name
Parent Task: #5688