[selinux-policy: 595/3172] start adding in templated interfaces

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 19:56:06 UTC 2010 

commit 2a94561a89e72558ad6a5ba211352078e773c508
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Aug 25 20:27:20 2005 +0000

    start adding in templated interfaces

 refpolicy/Rules.monolithic                    |    2 +-
 refpolicy/policy/modules/admin/su.if          |    8 +-
 refpolicy/policy/modules/admin/sudo.if        |    7 +-
 refpolicy/policy/modules/services/cron.if     |   21 ++-
 refpolicy/policy/modules/system/authlogin.if  |   40 ++++
 refpolicy/policy/modules/system/userdomain.if |  307 ++++++++++++++++++++++++-
 6 files changed, 366 insertions(+), 19 deletions(-)
---
diff --git a/refpolicy/Rules.monolithic b/refpolicy/Rules.monolithic
index d2a2f1e..0833fa3 100644
--- a/refpolicy/Rules.monolithic
+++ b/refpolicy/Rules.monolithic
@@ -96,7 +96,7 @@ tmp/generated_definitions.conf: $(ALL_LAYERS) $(ALL_TE_FILES)
 	@test -d tmp || mkdir -p tmp
 	$(QUIET) echo "define(\`per_userdomain_templates',\`" > $@
 	$(QUIET) for i in $(patsubst %.te,%,$(notdir $(ALL_MODULES))); do \
-		echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$1'")')" \
+		echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \
 			>> $@ ;\
 	done
 	$(QUIET) echo "')" >> $@
diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if
index d86b4c1..992493c 100644
--- a/refpolicy/policy/modules/admin/su.if
+++ b/refpolicy/policy/modules/admin/su.if
@@ -75,6 +75,7 @@ template(`su_per_userdomain_template',`
 	term_use_all_user_ttys($1_su_t)
 	term_use_all_user_ptys($1_su_t)
 
+	auth_domtrans_user_chk_passwd($1_su_t,$1)
 	auth_dontaudit_read_shadow($1_su_t)
 
 	domain_wide_inherit_fd($1_su_t)
@@ -96,6 +97,8 @@ template(`su_per_userdomain_template',`
 	seutil_read_config($1_su_t)
 	seutil_read_default_contexts($1_su_t)
 
+	userdom_use_user_terminals($1_su_t,$1)
+
 	if(secure_mode)
 	{
 		# Only allow transitions to unprivileged user domains.
@@ -130,17 +133,12 @@ template(`su_per_userdomain_template',`
 	')
 
 	ifdef(`TODO',`
-	domain_auto_trans($1_su_t, chkpwd_exec_t, $1_chkpwd_t)
-
 	# Caused by su - init scripts
 	dontaudit $1_su_t initrc_devpts_t:chr_file { getattr ioctl };
 
 	# Inherit and use descriptors from gnome-pty-helper.
 	ifdef(`gnome-pty-helper.te', `allow $1_su_t $1_gph_t:fd use;')
 
-	# Write to the user domain tty.
-	access_terminal($1_su_t, $1)
-
 	allow $1_su_t { home_root_t $1_home_dir_t }:dir search;
 	allow $1_su_t $1_home_t:file create_file_perms;
 
diff --git a/refpolicy/policy/modules/admin/sudo.if b/refpolicy/policy/modules/admin/sudo.if
index d1373ae..4ff3ed5 100644
--- a/refpolicy/policy/modules/admin/sudo.if
+++ b/refpolicy/policy/modules/admin/sudo.if
@@ -121,6 +121,10 @@ template(`sudo_per_userdomain_template',`
 	seutil_read_config($1_sudo_t)
 	seutil_read_default_contexts($1_sudo_t)
 
+	userdom_manage_user_home_subdir_files($1_sudo_t,$1)
+	userdom_manage_user_home_subdir_symlinks($1_sudo_t,$1)
+	userdom_manage_user_tmp_files($1_sudo_t,$1)
+	userdom_manage_user_tmp_symlinks($1_sudo_t,$1)
 	userdom_use_unpriv_users_fd($1_sudo_t)
 	# for some PAM modules and for cwd
 	userdom_dontaudit_search_all_users_home($1_sudo_t)
@@ -156,8 +160,5 @@ template(`sudo_per_userdomain_template',`
 	allow $1_sudo_t pam_var_run_t:dir create_dir_perms;
 	allow $1_sudo_t pam_var_run_t:file create_file_perms;
 	')
-
-	rw_dir_create_file($1_sudo_t, $1_tmp_t)
-	rw_dir_create_file($1_sudo_t, $1_home_t)
 	') dnl end TODO
 ')
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index f69bd70..ac380e1 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -112,6 +112,13 @@ template(`cron_per_userdomain_template',`
 
 	miscfiles_read_localization($1_crond_t)
 
+	userdom_manage_user_tmp_files($1_crond_t,$1)
+	userdom_manage_user_tmp_symlinks($1_crond_t,$1)
+	userdom_manage_user_tmp_pipes($1_crond_t,$1)
+	userdom_manage_user_tmp_sockets($1_crond_t,$1)
+	# Run scripts in user home directory and access shared libs.
+	userdom_exec_user_home_files($1_crond_t,$1)
+
 	tunable_policy(`fcron_crond', `
 		allow crond_t $1_cron_spool_t:file create_file_perms;
 	')
@@ -122,13 +129,10 @@ template(`cron_per_userdomain_template',`
 
 	ifdef(`TODO',`
 	# Access user files and dirs.
-	allow $1_crond_t home_root_t:dir search;
 	file_type_auto_trans($1_crond_t, $1_home_dir_t, $1_home_t)
 
-	# Run scripts in user home directory and access shared libs.
-	can_exec($1_crond_t, $1_home_t)
-
-	file_type_auto_trans($1_crond_t, tmp_t, $1_tmp_t)
+	allow $1_crond_t tmp_t:dir rw_dir_perms;
+	type_transition $1_crond_t $1_tmp_t:{ file lnk_file sock_file fifo_file } $1_tmp_t;
 
 	ifdef(`mta.te', `
 		domain_auto_trans($1_crond_t, sendmail_exec_t, $1_mail_t)
@@ -198,6 +202,9 @@ template(`cron_per_userdomain_template',`
 
 	seutil_dontaudit_search_config($1_crontab_t)
 
+	userdom_manage_user_tmp_dirs($1_crontab_t,$1)
+	userdom_manage_user_tmp_files($1_crontab_t,$1)
+
 	tunable_policy(`fcron_crond', `
 		# fcron wants an instant update of a crontab change for the administrator
 		# also crontab does a security check for crontab -u
@@ -210,8 +217,8 @@ template(`cron_per_userdomain_template',`
 
 	dontaudit $1_crontab_t proc_t:dir search;
 
-	# Type for temporary files.
-	file_type_auto_trans($1_crontab_t, tmp_t, $1_tmp_t, { dir file })
+	allow $1_crond_t tmp_t:dir rw_dir_perms;
+	type_transition $1_crond_t $1_tmp_t:{ file dir } $1_tmp_t;
 
 	# Run helper programs as $1_t
 	domain_auto_trans($1_crontab_t, { bin_t sbin_t shell_exec_t }, $1_t)
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 7037a40..c4ada70 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -115,6 +115,46 @@ template(`authlogin_per_userdomain_template',`
 
 ########################################
 ## <summary>
+##	Run unix_chkpwd to check a password
+##	for a user domain.
+## </summary>
+## <desc>
+##	<p>
+##	Run unix_chkpwd to check a password
+##	for a user domain.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+#
+template(`auth_domtrans_user_chk_passwd',`
+	gen_require(`
+		type chkpwd_exec_t;
+		class process sigchld;
+		class fd use;
+		class fifo_file rw_file_perms;
+	')
+
+	corecmd_search_bin($1)
+	domain_auto_trans($1,chkpwd_exec_t,$2_chkpwd_t)
+
+	allow $1 $2_chkpwd_t:fd use;
+	allow $2_chkpwd_t $1:fd use;
+	allow $2_chkpwd_t $1:fifo_file rw_file_perms;
+	allow $2_chkpwd_t $1:process sigchld;
+')
+
+########################################
+## <summary>
 ##	Use the login program as an entry point program.
 ## </summary>
 ## <param name="domain">
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 19969fc..7668c03 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -81,7 +81,7 @@ template(`base_user_template',`
 	dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
 
 	# execute files in the home directory
-	allow $1_t $1_home_t:file { rx_file_perms execute_no_trans };
+	can_exec($1_t,$1_home_t)
 
 	# full control of the home directory
 	allow $1_t $1_home_t:file { create_file_perms relabelfrom relabelto };
@@ -92,7 +92,7 @@ template(`base_user_template',`
 	allow $1_t $1_home_dir_t:dir create_dir_perms;
 	type_transition $1_t $1_home_dir_t:{ dir notdevfile_class_set } $1_home_t;
 
-	allow $1_t $1_tmp_t:file { rx_file_perms execute_no_trans };
+	can_exec($1_t,$1_tmp_t)
 
 	# Bind to a Unix domain socket in /tmp.
 	# cjp: this is combination is not checked and should be removed
@@ -114,7 +114,7 @@ template(`base_user_template',`
 	# user domain and the program, and allow us to maintain separation
 	# between different instances of the program being run by different
 	# user domains.
-	per_userdomain_templates($1)
+	per_userdomain_templates($1,$1_t)
 
 	kernel_read_kernel_sysctl($1_t)
 	selinux_get_fs_mount($1_t)
@@ -867,6 +867,307 @@ template(`admin_user_template',`
 
 ########################################
 ## <summary>
+##	Execute user home files.
+## </summary>
+## <desc>
+##	<p>
+##	Execute user home files.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
+#
+template(`userdom_exec_user_home_files',`
+	gen_require(`
+		class dir search;
+	')
+
+	files_search_home($1)
+	allow $1 $2_home_dir_t:dir search;
+	allow $1 $2_home_t:dir search;
+	can_exec($1,$2_home_t)
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete files
+##	in a user home subdirectory.
+## </summary>
+## <desc>
+##	<p>
+##	Create, read, write, and delete files
+##	in a user home subdirectory.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
+#
+template(`userdom_manage_user_home_subdir_files',`
+	gen_require(`
+		class dir rw_dir_perms;
+		class file create_file_perms;
+	')
+
+	files_search_home($1)
+	allow $1 $2_home_dir_t:dir search;
+	allow $1 $2_home_t:dir rw_dir_perms;
+	allow $1 $2_home_t:file create_file_perms;
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete symbolic links
+##	in a user home subdirectory.
+## </summary>
+## <desc>
+##	<p>
+##	Create, read, write, and delete symbolic links
+##	in a user home subdirectory.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
+#
+template(`userdom_manage_user_home_subdir_symlinks',`
+	gen_require(`
+		class dir rw_dir_perms;
+		class lnk_file create_lnk_perms;
+	')
+
+	files_search_home($1)
+	allow $1 $2_home_dir_t:dir search;
+	allow $1 $2_home_t:dir rw_dir_perms;
+	allow $1 $2_home_t:lnk_file create_lnk_perms;
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete user
+##	temporary directories.
+## </summary>
+## <desc>
+##	<p>
+##	Create, read, write, and delete user
+##	temporary directories.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
+#
+template(`userdom_manage_user_tmp_dirs',`
+	gen_require(`
+		class dir create_dir_perms;
+	')
+
+	files_search_tmp($1)
+	allow $1 $2_tmp_t:dir create_dir_perms;
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete user
+##	temporary files.
+## </summary>
+## <desc>
+##	<p>
+##	Create, read, write, and delete user
+##	temporary files.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
+#
+template(`userdom_manage_user_tmp_files',`
+	gen_require(`
+		class dir rw_dir_perms;
+		class file create_file_perms;
+	')
+
+	files_search_tmp($1)
+	allow $1 $2_tmp_t:dir rw_dir_perms;
+	allow $1 $2_tmp_t:file create_file_perms;
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete user
+##	temporary symbolic links.
+## </summary>
+## <desc>
+##	<p>
+##	Create, read, write, and delete user
+##	temporary symbolic links.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
+#
+template(`userdom_manage_user_tmp_symlinks',`
+	gen_require(`
+		class dir rw_dir_perms;
+		class lnk_file create_lnk_perms;
+	')
+
+	files_search_tmp($1)
+	allow $1 $2_tmp_t:dir rw_dir_perms;
+	allow $1 $2_tmp_t:lnk_file create_lnk_perms;
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete user
+##	temporary named pipes.
+## </summary>
+## <desc>
+##	<p>
+##	Create, read, write, and delete user
+##	temporary named pipes.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
+#
+template(`userdom_manage_user_tmp_pipes',`
+	gen_require(`
+		class dir rw_dir_perms;
+		class fifo_file create_file_perms;
+	')
+
+	files_search_tmp($1)
+	allow $1 $2_tmp_t:dir rw_dir_perms;
+	allow $1 $2_tmp_t:fifo_file create_file_perms;
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete user
+##	temporary named sockets.
+## </summary>
+## <desc>
+##	<p>
+##	Create, read, write, and delete user
+##	temporary named sockets.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
+#
+template(`userdom_manage_user_tmp_sockets',`
+	gen_require(`
+		class dir rw_dir_perms;
+		class sock_file create_file_perms;
+	')
+
+	files_search_tmp($1)
+	allow $1 $2_tmp_t:dir rw_dir_perms;
+	allow $1 $2_tmp_t:sock_file create_file_perms;
+')
+
+########################################
+## <summary>
+##	Read and write a user domain tty and pty.
+## </summary>
+## <desc>
+##	<p>
+##	Read and write a user domain tty and pty.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
+#
+template(`userdom_use_user_terminals',`
+	gen_require(`
+		class chr_file rw_term_perms;
+	')
+
+	allow $1 $2_tty_device_t:chr_file rw_term_perms;
+	allow $1 $2_devpts_t:chr_file rw_term_perms;
+	term_list_ptys($1)
+')
+
+########################################
+## <summary>
 ##	Execute a shell in all user domains.  This
 ##	is an explicit transition, requiring the
 ##	caller to use setexeccon().

More information about the scm-commits mailing list