[selinux-policy: 1262/3172] add thunderbird
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:54:12 UTC 2010
commit 1852726f02cc107c4a67e3f3cf392969d5d9092e
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Mar 8 20:09:42 2006 +0000
add thunderbird
refpolicy/Changelog | 1 +
refpolicy/policy/global_tunables | 16 ++
refpolicy/policy/modules/apps/gpg.if | 37 +++
refpolicy/policy/modules/apps/gpg.te | 2 +-
refpolicy/policy/modules/apps/thunderbird.fc | 8 +
refpolicy/policy/modules/apps/thunderbird.if | 359 +++++++++++++++++++++++++
refpolicy/policy/modules/apps/thunderbird.te | 10 +
refpolicy/policy/modules/kernel/files.if | 19 ++
refpolicy/policy/modules/kernel/files.te | 2 +-
refpolicy/policy/modules/services/dbus.if | 69 +++++
refpolicy/policy/modules/services/dbus.te | 2 +-
refpolicy/policy/modules/services/lpd.if | 38 +++
refpolicy/policy/modules/services/lpd.te | 2 +-
refpolicy/policy/modules/system/userdomain.if | 147 ++++++++++-
refpolicy/policy/modules/system/userdomain.te | 2 +-
15 files changed, 705 insertions(+), 9 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index da7184e..59c2a64 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -3,6 +3,7 @@
apt (Erich Schubert)
clamav (Erich Schubert)
dpkg (Erich Schubert)
+ thunderbird
tor (Erich Schubert)
* Tue Mar 07 2006 Chris PeBenito <selinux at tresys.com> - 20060307
diff --git a/refpolicy/policy/global_tunables b/refpolicy/policy/global_tunables
index 1d556fb..974636b 100644
--- a/refpolicy/policy/global_tunables
+++ b/refpolicy/policy/global_tunables
@@ -371,6 +371,22 @@ gen_tunable(cron_can_relabel,false)
## <desc>
## <p>
+## Disable transitions to user thunderbird domains
+## </p>
+## </desc>
+gen_tunable(disable_thunderbird_trans,false)
+
+## <desc>
+## <p>
+## Allow email client to various content.
+## nfs, samba, removable devices, user temp
+## and untrusted content files
+## </p>
+## </desc>
+gen_tunable(mail_read_content,false)
+
+## <desc>
+## <p>
## Allow pppd to be run for a regular user
## </p>
## </desc>
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index ebe004f..db8f672 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -354,3 +354,40 @@ template(`gpg_per_userdomain_template',`
') dnl end TODO
')
+########################################
+## <summary>
+## Transition to a user gpg domain.
+## </summary>
+## <desc>
+## <p>
+## Transition to a user gpg domain.
+## </p>
+## <p>
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+## </p>
+## </desc>
+## <param name="userdomain_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+template(`gpg_domtrans_user_gpg',`
+ gen_require(`
+ type $1_gpg_t, gpg_exec_t;
+ ')
+
+ domain_auto_trans($2, gpg_exec_t, $1_gpg_t)
+ allow $2 $1_gpg_t:fd use;
+ allow $1_gpg_t $2:fd use;
+ allow $1_gpg_t $2:fifo_file rw_file_perms;
+ allow $1_gpg_t $2:process sigchld;
+')
+
diff --git a/refpolicy/policy/modules/apps/gpg.te b/refpolicy/policy/modules/apps/gpg.te
index 489027c..e9271c6 100644
--- a/refpolicy/policy/modules/apps/gpg.te
+++ b/refpolicy/policy/modules/apps/gpg.te
@@ -1,5 +1,5 @@
-policy_module(gpg, 1.0.0)
+policy_module(gpg, 1.0.1)
########################################
#
diff --git a/refpolicy/policy/modules/apps/thunderbird.fc b/refpolicy/policy/modules/apps/thunderbird.fc
new file mode 100644
index 0000000..cd80a95
--- /dev/null
+++ b/refpolicy/policy/modules/apps/thunderbird.fc
@@ -0,0 +1,8 @@
+#
+# /usr
+#
+/usr/bin/thunderbird.* -- gen_context(system_u:object_r:thunderbird_exec_t,s0)
+
+ifdef(`strict_policy',`
+HOME_DIR/\.thunderbird(/.*)? gen_context(system_u:object_r:ROLE_thunderbird_home_t,s0)
+')
diff --git a/refpolicy/policy/modules/apps/thunderbird.if b/refpolicy/policy/modules/apps/thunderbird.if
new file mode 100644
index 0000000..d9fbf9b
--- /dev/null
+++ b/refpolicy/policy/modules/apps/thunderbird.if
@@ -0,0 +1,359 @@
+## <summary>Thunderbird email client</summary>
+
+#######################################
+## <summary>
+## The per user domain template for the thunderbird module.
+## </summary>
+## <desc>
+## <p>
+## This template creates a derived domain which is used
+## for the thunderbird email client.
+## </p>
+## <p>
+## This template is invoked automatically for each user, and
+## generally does not need to be invoked directly
+## by policy writers.
+## </p>
+## </desc>
+## <param name="userdomain_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="user_domain">
+## <summary>
+## The type of the user domain.
+## </summary>
+## </param>
+## <param name="user_role">
+## <summary>
+## The role associated with the user domain.
+## </summary>
+## </param>
+#
+template(`thunderbird_per_userdomain_template',`
+
+ ########################################
+ #
+ # Declarations
+ #
+
+ type $1_thunderbird_t;
+ domain_type($1_thunderbird_t)
+ domain_entry_file($1_thunderbird_t,thunderbird_exec_t)
+ role $3 types $1_thunderbird_t;
+
+ type $1_thunderbird_home_t alias $1_thunderbird_rw_t;
+ files_poly_member($1_thunderbird_home_t)
+
+ type $1_thunderbird_tmpfs_t;
+ files_tmpfs_file($1_thunderbird_tmpfs_t)
+
+ ########################################
+ #
+ # Local policy
+ #
+
+ allow $1_thunderbird_t self:capability sys_nice;
+ allow $1_thunderbird_t self:process { signal_perms setsched getsched execheap execmem execstack };
+ allow $1_thunderbird_t self:fifo_file { ioctl read write getattr };
+ allow $1_thunderbird_t self:unix_dgram_socket { create connect };
+ allow $1_thunderbird_t self:unix_stream_socket { create accept connect write getattr read listen bind };
+ allow $1_thunderbird_t self:tcp_socket create_socket_perms;
+ allow $1_thunderbird_t self:shm { read write create destroy unix_read unix_write };
+
+ # Access ~/.thunderbird
+ allow $1_thunderbird_t $1_thunderbird_home_t:dir manage_dir_perms;
+ allow $1_thunderbird_t $1_thunderbird_home_t:file manage_file_perms;
+ allow $1_thunderbird_t $1_thunderbird_home_t:lnk_file create_lnk_perms;
+ userdom_search_user_home_dirs($1,$1_thunderbird_t)
+
+ allow $1_thunderbird_t $1_thunderbird_tmpfs_t:dir rw_dir_perms;
+ allow $1_thunderbird_t $1_thunderbird_tmpfs_t:file manage_file_perms;
+ allow $1_thunderbird_t $1_thunderbird_tmpfs_t:lnk_file create_lnk_perms;
+ allow $1_thunderbird_t $1_thunderbird_tmpfs_t:sock_file manage_file_perms;
+ allow $1_thunderbird_t $1_thunderbird_tmpfs_t:fifo_file manage_file_perms;
+ fs_filetrans_tmpfs($1_thunderbird_t,$1_thunderbird_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+
+ allow $2 $1_thunderbird_t:fd use;
+ allow $2 $1_thunderbird_t:shm { associate getattr };
+ allow $2 $1_thunderbird_t:unix_stream_socket connectto;
+ allow $1_thunderbird_t $2:fd use;
+ allow $1_thunderbird_t $2:process sigchld;
+ allow $1_thunderbird_t $2:unix_stream_socket connectto;
+
+ # Allow the user domain to signal/ps.
+ allow $2 $1_thunderbird_t:dir { search getattr read };
+ allow $2 $1_thunderbird_t:{ file lnk_file } { read getattr };
+ allow $2 $1_thunderbird_t:process getattr;
+ # We need to suppress this denial because procps tries to access
+ # /proc/pid/environ and this now triggers a ptrace check in recent kernels
+ # (2.4 and 2.6). Might want to change procps to not do this, or only if
+ # running in a privileged domain.
+ dontaudit $2 $1_thunderbird_t:process ptrace;
+
+ # Access ~/.thunderbird
+ allow $2 $1_thunderbird_home_t:dir manage_dir_perms;
+ allow $2 $1_thunderbird_home_t:file manage_file_perms;
+ allow $2 $1_thunderbird_home_t:lnk_file create_lnk_perms;
+ allow $2 $1_thunderbird_home_t:{ dir file lnk_file } { relabelfrom relabelto };
+
+ # Allow netstat
+ kernel_read_network_state($1_thunderbird_t)
+
+ corecmd_exec_shell($1_thunderbird_t)
+ # Startup shellscript
+ corecmd_exec_bin($1_thunderbird_t)
+
+ corenet_tcp_sendrecv_generic_if($1_thunderbird_t)
+ corenet_raw_sendrecv_generic_if($1_thunderbird_t)
+ corenet_tcp_sendrecv_ipp_port($1_thunderbird_t)
+ corenet_tcp_sendrecv_ldap_port($1_thunderbird_t)
+ corenet_tcp_sendrecv_innd_port($1_thunderbird_t)
+ corenet_tcp_sendrecv_smtp_port($1_thunderbird_t)
+ corenet_tcp_sendrecv_pop_port($1_thunderbird_t)
+ corenet_tcp_sendrecv_http_port($1_thunderbird_t)
+ corenet_tcp_sendrecv_all_nodes($1_thunderbird_t)
+ corenet_raw_sendrecv_all_nodes($1_thunderbird_t)
+ corenet_non_ipsec_sendrecv($1_thunderbird_t)
+ corenet_tcp_bind_all_nodes($1_thunderbird_t)
+ corenet_tcp_connect_ipp_port($1_thunderbird_t)
+ corenet_tcp_connect_ldap_port($1_thunderbird_t)
+ corenet_tcp_connect_innd_port($1_thunderbird_t)
+ corenet_tcp_connect_smtp_port($1_thunderbird_t)
+ corenet_tcp_connect_pop_port($1_thunderbird_t)
+ corenet_tcp_connect_http_port($1_thunderbird_t)
+
+ files_list_tmp($1_thunderbird_t)
+ files_read_usr_files($1_thunderbird_t)
+ files_read_etc_files($1_thunderbird_t)
+
+ fs_getattr_xattr_fs($1_thunderbird_t)
+ # Access ~/.thunderbird
+ fs_search_auto_mountpoints($1_thunderbird_t)
+
+ libs_use_shared_libs($1_thunderbird_t)
+ libs_use_ld_so($1_thunderbird_t)
+
+ miscfiles_read_fonts($1_thunderbird_t)
+
+ sysnet_read_config($1_thunderbird_t)
+ # Allow DNS
+ sysnet_dns_name_resolve($1_thunderbird_t)
+
+ userdom_manage_user_tmp_dirs($1,$1_thunderbird_t)
+ userdom_read_user_tmp_files($1,$1_thunderbird_t)
+ userdom_write_user_tmp_sockets($1,$1_thunderbird_t)
+ userdom_manage_user_tmp_sockets($1,$1_thunderbird_t)
+ # .kde/....gtkrc
+ userdom_read_user_home_content_files($1,$1_thunderbird_t)
+
+ xserver_user_client_template($1,$1_thunderbird_t,$1_thunderbird_tmpfs_t)
+
+ # Transition from user type
+ tunable_policy(`! disable_thunderbird_trans',`
+ domain_auto_trans($2, thunderbird_exec_t, $1_thunderbird_t)
+ ')
+
+ # Access ~/.thunderbird
+ tunable_policy(`use_nfs_home_dirs',`
+ fs_manage_nfs_dirs($1_thunderbird_t)
+ fs_manage_nfs_files($1_thunderbird_t)
+ fs_manage_nfs_symlinks($1_thunderbird_t)
+ ')
+
+ tunable_policy(`use_samba_home_dirs',`
+ fs_manage_cifs_dirs($1_thunderbird_t)
+ fs_manage_cifs_files($1_thunderbird_t)
+ fs_manage_cifs_symlinks($1_thunderbird_t)
+ ')
+
+ tunable_policy(`mail_read_content && use_nfs_home_dirs',`
+ files_list_home($1_thunderbird_t)
+
+ fs_list_auto_mountpoints($1_thunderbird_t)
+ fs_read_nfs_files($1_thunderbird_t)
+ fs_read_nfs_symlinks($1_thunderbird_t)
+ ',`
+ files_dontaudit_list_home($1_thunderbird_t)
+
+ fs_dontaudit_list_auto_mountpoints($1_thunderbird_t)
+ fs_dontaudit_list_nfs($1_thunderbird_t)
+ fs_dontaudit_read_nfs_files($1_thunderbird_t)
+ ')
+
+ tunable_policy(`mail_read_content && use_samba_home_dirs',`
+ files_list_home($1_thunderbird_t)
+
+ fs_list_auto_mountpoints($1_thunderbird_t)
+ fs_read_cifs_files($1_thunderbird_t)
+ fs_read_cifs_symlinks($1_thunderbird_t)
+ ',`
+ files_dontaudit_list_home($1_thunderbird_t)
+
+ fs_dontaudit_list_auto_mountpoints($1_thunderbird_t)
+ fs_dontaudit_read_cifs_files($1_thunderbird_t)
+ fs_dontaudit_list_cifs($1_thunderbird_t)
+ ')
+
+ tunable_policy(`mail_read_content',`
+ userdom_list_user_tmp($1,$1_thunderbird_t)
+ userdom_read_user_tmp_files($1,$1_thunderbird_t)
+ userdom_read_user_tmp_symlinks($1,$1_thunderbird_t)
+ userdom_search_user_home_dirs($1,$1_thunderbird_t)
+ userdom_read_user_home_content_files($1,$1_thunderbird_t)
+ userdom_read_user_home_content_symlinks($1,$1_thunderbird_t)
+
+ ifdef(`mls_policy',`
+ ',`
+ fs_search_removable($1_thunderbird_t)
+ fs_read_removable_files($1_thunderbird_t)
+ fs_read_removable_symlinks($1_thunderbird_t)
+ ')
+ ',`
+ files_dontaudit_list_tmp($1_thunderbird_t)
+ files_dontaudit_list_home($1_thunderbird_t)
+
+ fs_dontaudit_list_removable($1_thunderbird_t)
+ fs_donaudit_read_removable_files($1_thunderbird_t)
+
+ userdom_dontaudit_list_user_tmp($1,$1_thunderbird_t)
+ userdom_dontaudit_read_user_tmp_files($1,$1_thunderbird_t)
+ userdom_dontaudit_list_user_home_dirs($1,$1_thunderbird_t)
+ userdom_dontaudit_read_user_home_content_files($1,$1_thunderbird_t)
+ ')
+
+ tunable_policy(`mail_read_content && read_default_t',`
+ files_list_default($1_thunderbird_t)
+ files_read_default_files($1_thunderbird_t)
+ files_read_default_symlinks($1_thunderbird_t)
+ ',`
+ files_dontaudit_read_default_files($1_thunderbird_t)
+ files_dontaudit_list_default($1_thunderbird_t)
+ ')
+
+ tunable_policy(`mail_read_content && read_untrusted_content',`
+ files_list_tmp($1_thunderbird_t)
+ files_list_home($1_thunderbird_t)
+
+ userdom_search_user_home_dirs($1,$1_thunderbird_t)
+ userdom_list_user_untrusted_content($1,$1_thunderbird_t)
+ userdom_read_user_untrusted_content_files($1,$1_thunderbird_t)
+ userdom_read_user_untrusted_content_symlinks($1,$1_thunderbird_t)
+ userdom_list_user_tmp_untrusted_content($1,$1_thunderbird_t)
+ userdom_read_user_tmp_untrusted_content_files($1,$1_thunderbird_t)
+ userdom_read_user_tmp_untrusted_content_symlinks($1,$1_thunderbird_t)
+ ',`
+ files_dontaudit_list_tmp($1_thunderbird_t)
+ files_dontaudit_list_home($1_thunderbird_t)
+
+ userdom_dontaudit_list_user_home_dirs($1,$1_thunderbird_t)
+ userdom_dontaudit_list_user_untrusted_content($1,$1_thunderbird_t)
+ userdom_dontaudit_read_user_untrusted_content_files($1,$1_thunderbird_t)
+ userdom_dontaudit_list_user_tmp_untrusted_content($1,$1_thunderbird_t)
+ userdom_dontaudit_read_user_tmp_untrusted_content_files($1,$1_thunderbird_t)
+ ')
+
+ # Manage nfs homedirs
+ tunable_policy(`write_untrusted_content && use_nfs_home_dirs',`
+ files_search_home($1_thunderbird_t)
+
+ fs_search_auto_mountpoints($1_thunderbird_t)
+ fs_manage_nfs_dirs($1_thunderbird_t)
+ fs_manage_nfs_files($1_thunderbird_t)
+ fs_manage_nfs_symlinks($1_thunderbird_t)
+ ',`
+ fs_dontaudit_list_auto_mountpoints($1_thunderbird_t)
+ fs_dontaudit_manage_nfs_dirs($1_thunderbird_t)
+ fs_dontaudit_manage_nfs_files($1_thunderbird_t)
+ ')
+
+ # Manage samba homedirs
+ tunable_policy(`write_untrusted_content && use_samba_home_dirs',`
+ files_search_home($1_thunderbird_t)
+
+ fs_search_auto_mountpoints($1_thunderbird_t)
+ fs_manage_cifs_dirs($1_thunderbird_t)
+ fs_manage_cifs_files($1_thunderbird_t)
+ fs_manage_cifs_symlinks($1_thunderbird_t)
+ ',`
+ fs_dontaudit_list_auto_mountpoints($1_thunderbird_t)
+ fs_dontaudit_manage_cifs_dirs($1_thunderbird_t)
+ fs_dontaudit_manage_cifs_files($1_thunderbird_t)
+ ')
+
+ # Manage /tmp and /home
+ tunable_policy(`write_untrusted_content',`
+ files_search_home($1_thunderbird_t)
+ files_tmp_filetrans($1_thunderbird_t,$1_untrusted_content_tmp_t,file)
+ files_tmp_filetrans($1_thunderbird_t,$1_untrusted_content_tmp_t,dir)
+
+ userdom_manage_user_untrusted_content_files($1,$1_thunderbird_t,file)
+ userdom_manage_user_untrusted_content_files($1,$1_thunderbird_t,dir)
+ ',`
+ files_dontaudit_list_home($1_thunderbird_t)
+ files_dontaudit_list_tmp($1_thunderbird_t)
+
+ userdom_dontaudit_list_user_home_dirs($1,$1_thunderbird_t)
+ userdom_dontaudit_manage_user_tmp_dirs($1,$1_thunderbird_t)
+ userdom_dontaudit_manage_user_tmp_files($1,$1_thunderbird_t)
+ userdom_dontaudit_manage_user_home_content_dirs($1,$1_thunderbird_t)
+ ')
+
+ optional_policy(`dbus', `
+ dbus_system_bus_client_template($1_thunderbird,$1_thunderbird_t)
+ dbus_user_bus_client_template($1,$1_thunderbird,$1_thunderbird_t)
+ dbus_send_system_bus($1_thunderbird_t)
+ dbus_send_user_bus($1,$1_thunderbird_t)
+ ')
+
+ optional_policy(`lpr',`
+ lpd_domtrans_user_lpr($1,$1_thunderbird_t)
+ ')
+
+ optional_policy(`cups',`
+ cups_read_rw_config($1_thunderbird_t)
+ ')
+
+ optional_policy(`gpg', `
+ gpg_domtrans_user_gpg($1,$1_thunderbird_t)
+ ')
+
+ optional_policy(`nis',`
+ nis_use_ypbind($1_thunderbird_t)
+ ')
+
+ ifdef(`TODO',`
+ # FIXME: Rules were removed to centralize policy in a gnome_app macro
+ # A similar thing might be necessary for mozilla compiled without GNOME
+ # support (is this possible?).
+
+ # FIXME: Why does it try to do that?
+ #dontaudit $1_thunderbird_t evolution_exec_t:file { getattr execute };
+
+ # Why is thunderbird looking in .mozilla ?
+ # FIXME: there are legitimate uses of invoking the browser - about -> release notes
+ dontaudit $1_thunderbird_t $1_mozilla_home_t:dir search;
+
+ # Start links in web browser
+ ifdef(`mozilla.te', `
+ can_exec($1_thunderbird_t, shell_exec_t)
+ domain_auto_trans($1_thunderbird_t, mozilla_exec_t, $1_mozilla_t)
+ ')
+
+ # GNOME support
+ optional_policy(`gnome', `
+ gnome_application($1_thunderbird, $1)
+ gnome_file_dialog($1_thunderbird, $1)
+ allow $1_thunderbird_t $1_gnome_settings_t:file { read write };
+ ')
+ optinal_policy(`dbus',`
+ allow $1_t $2_dbusd_t:dbus send_msg;
+ ifdef(`cups.te', `
+ allow cupsd_t $1_t:dbus send_msg;
+ ')
+ ')
+
+ ')
+')
diff --git a/refpolicy/policy/modules/apps/thunderbird.te b/refpolicy/policy/modules/apps/thunderbird.te
new file mode 100644
index 0000000..60f093d
--- /dev/null
+++ b/refpolicy/policy/modules/apps/thunderbird.te
@@ -0,0 +1,10 @@
+
+policy_module(thunderbird,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type thunderbird_exec_t;
+files_type(thunderbird_exec_t)
diff --git a/refpolicy/policy/modules/kernel/files.if b/refpolicy/policy/modules/kernel/files.if
index 8853e04..4bec122 100644
--- a/refpolicy/policy/modules/kernel/files.if
+++ b/refpolicy/policy/modules/kernel/files.if
@@ -2644,6 +2644,25 @@ interface(`files_read_generic_tmp_files',`
########################################
## <summary>
+## Manage temporary files and directories in /tmp.
+## </summary>
+## <param name="domain">
+## <summary>
+## The type of the process performing this action.
+## </summary>
+## </param>
+#
+interface(`files_manage_generic_tmp_files',`
+ gen_require(`
+ type tmp_t;
+ ')
+
+ allow $1 tmp_t:dir rw_dir_perms;
+ allow $1 tmp_t:file manage_file_perms;
+')
+
+########################################
+## <summary>
## Read symbolic links in the tmp directory (/tmp).
## </summary>
## <param name="domain">
diff --git a/refpolicy/policy/modules/kernel/files.te b/refpolicy/policy/modules/kernel/files.te
index 7f506e4..0b49aa7 100644
--- a/refpolicy/policy/modules/kernel/files.te
+++ b/refpolicy/policy/modules/kernel/files.te
@@ -1,5 +1,5 @@
-policy_module(files,1.2.0)
+policy_module(files,1.2.1)
########################################
#
diff --git a/refpolicy/policy/modules/services/dbus.if b/refpolicy/policy/modules/services/dbus.if
index b96f17f..e376365 100644
--- a/refpolicy/policy/modules/services/dbus.if
+++ b/refpolicy/policy/modules/services/dbus.if
@@ -216,6 +216,75 @@ template(`dbus_system_bus_client_template',`
allow $2 system_dbusd_t:unix_stream_socket connectto;
')
+#######################################
+## <summary>
+## Template for creating connections to
+## a user DBUS.
+## </summary>
+## <param name="user_prefix">
+## <summary>
+## The prefix of the domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain_prefix">
+## <summary>
+## The prefix of the domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## The type of the domain.
+## </summary>
+## </param>
+#
+template(`dbus_user_bus_client_template',`
+ gen_require(`
+ type $1_dbusd_t, $1_dbusd_t;
+ type $1_dbusd_var_run_t;
+ class dbus send_msg;
+ ')
+
+ type $2_dbusd_$1_t;
+ type_change $3 $1_dbusd_t:dbus $2_dbusd_$1_t;
+
+ # SE-DBus specific permissions
+ allow $2_dbusd_$1_t { $1_dbusd_t self }:dbus send_msg;
+
+ # For connecting to the bus
+ files_search_pids($3)
+ allow $3 system_dbusd_var_run_t:dir search;
+ allow $3 system_dbusd_var_run_t:sock_file write;
+ allow $3 system_dbusd_t:unix_stream_socket connectto;
+')
+
+########################################
+## <summary>
+## Send a message on user/application specific DBUS.
+## </summary>
+## <param name="domain_prefix">
+## <summary>
+## The prefix of the domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+template(`dbus_send_user_bus',`
+ gen_require(`
+ type $1_dbusd_t;
+ class dbus send_msg;
+ ')
+
+ allow $2 $1_dbusd_t:dbus send_msg;
+')
+
+
########################################
## <summary>
## Read dbus configuration.
diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te
index e969d8a..2d35030 100644
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@@ -1,5 +1,5 @@
-policy_module(dbus,1.2.0)
+policy_module(dbus,1.2.1)
gen_require(`
class dbus { send_msg acquire_svc };
diff --git a/refpolicy/policy/modules/services/lpd.if b/refpolicy/policy/modules/services/lpd.if
index da7e607..3873992 100644
--- a/refpolicy/policy/modules/services/lpd.if
+++ b/refpolicy/policy/modules/services/lpd.if
@@ -356,3 +356,41 @@ interface(`lpd_read_config',`
allow $1 printconf_t:dir list_dir_perms;
allow $1 printconf_t:file r_file_perms;
')
+
+########################################
+## <summary>
+## Transition to a user lpr domain.
+## </summary>
+## <desc>
+## <p>
+## Transition to a user lpr domain.
+## </p>
+## <p>
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+## </p>
+## </desc>
+## <param name="userdomain_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+template(`lpd_domtrans_user_lpr',`
+ gen_require(`
+ type $1_lpr_t, lpr_exec_t;
+ ')
+
+ domain_auto_trans($2, lpr_exec_t, $1_lpr_t)
+ allow $2 $1_lpr_t:fd use;
+ allow $1_lpr_t $2:fd use;
+ allow $1_lpr_t $2:fifo_file rw_file_perms;
+ allow $1_lpr_t $2:process sigchld;
+')
+
diff --git a/refpolicy/policy/modules/services/lpd.te b/refpolicy/policy/modules/services/lpd.te
index a7aabb9..f3e7514 100644
--- a/refpolicy/policy/modules/services/lpd.te
+++ b/refpolicy/policy/modules/services/lpd.te
@@ -1,5 +1,5 @@
-policy_module(lpd,1.2.0)
+policy_module(lpd,1.2.1)
########################################
#
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 45d4ec6..04e03b9 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -1552,6 +1552,41 @@ template(`userdom_manage_user_home_content_files',`
########################################
## <summary>
+## Do not audit attempts to create, read, write, and delete directories
+## in a user home subdirectory.
+## </summary>
+## <desc>
+## <p>
+## Do not audit attempts to create, read, write, and delete directories
+## in a user home subdirectory.
+## </p>
+## <p>
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+## </p>
+## </desc>
+## <param name="userdomain_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+template(`userdom_dontaudit_manage_user_home_content_dirs',`
+ gen_require(`
+ type $1_home_dir_t, $1_home_t;
+ ')
+
+ dontaudit $2 $1_home_t:dir manage_dir_perms;
+')
+
+########################################
+## <summary>
## Create, read, write, and delete symbolic links
## in a user home subdirectory.
## </summary>
@@ -1864,6 +1899,41 @@ template(`userdom_dontaudit_list_user_tmp',`
########################################
## <summary>
+## Do not audit attempts to manage users
+## temporary directories.
+## </summary>
+## <desc>
+## <p>
+## Do not audit attempts to manage users
+## temporary directories.
+## </p>
+## <p>
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+## </p>
+## </desc>
+## <param name="userdomain_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+template(`userdom_dontaudit_manage_user_tmp_dirs',`
+ gen_require(`
+ type $1_tmp_t;
+ ')
+
+ dontaudit $2 $1_tmp_t:dir manage_dir_perms;
+')
+
+########################################
+## <summary>
## Read user temporary files.
## </summary>
## <desc>
@@ -2004,6 +2074,41 @@ template(`userdom_rw_user_tmp_files',`
########################################
## <summary>
+## Do not audit attempts to manage users
+## temporary files.
+## </summary>
+## <desc>
+## <p>
+## Do not audit attempts to manage users
+## temporary files.
+## </p>
+## <p>
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+## </p>
+## </desc>
+## <param name="userdomain_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+template(`userdom_dontaudit_manage_user_tmp_files',`
+ gen_require(`
+ type $1_tmp_t;
+ ')
+
+ dontaudit $2 $1_tmp_t:file manage_file_perms;
+')
+
+########################################
+## <summary>
## Read user
## temporary symbolic links.
## </summary>
@@ -2357,12 +2462,46 @@ template(`userdom_read_user_untrusted_content_files',`
type $1_untrusted_content_t;
')
- allow $2 $1_untrusted_content_t:dir rw_dir_perms;
+ allow $2 $1_untrusted_content_t:dir r_dir_perms;
allow $2 $1_untrusted_content_t:file r_file_perms;
')
########################################
## <summary>
+## Manage user untrusted files.
+## </summary>
+## <desc>
+## <p>
+## Create, read, write, and delete untrusted files.
+## </p>
+## <p>
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+## </p>
+## </desc>
+## <param name="userdomain_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+template(`userdom_manage_user_untrusted_content_files',`
+ gen_require(`
+ type $1_untrusted_content_t;
+ ')
+
+ allow $2 $1_tmp_t:dir rw_dir_perms;
+ allow $2 $1_untrusted_content_tmp_t:file manage_file_perms;
+')
+
+########################################
+## <summary>
## Do not audit attempts to read users
## untrusted files.
## </summary>
@@ -2426,7 +2565,7 @@ template(`userdom_read_user_untrusted_content_symlinks',`
type $1_untrusted_content_t;
')
- allow $2 $1_untrusted_content_t:dir rw_dir_perms;
+ allow $2 $1_untrusted_content_t:dir r_dir_perms;
allow $2 $1_untrusted_content_t:lnk_file r_file_perms;
')
@@ -2528,7 +2667,7 @@ template(`userdom_read_user_tmp_untrusted_content_files',`
type $1_untrusted_content_tmp_t;
')
- allow $2 $1_untrusted_content_tmp_t:dir rw_dir_perms;
+ allow $2 $1_untrusted_content_tmp_t:dir r_dir_perms;
allow $2 $1_untrusted_content_tmp_t:file r_file_perms;
')
@@ -2597,7 +2736,7 @@ template(`userdom_read_user_tmp_untrusted_content_symlinks',`
type $1_untrusted_content_tmp_t;
')
- allow $2 $1_untrusted_content_tmp_t:dir rw_dir_perms;
+ allow $2 $1_untrusted_content_tmp_t:dir r_dir_perms;
allow $2 $1_untrusted_content_tmp_t:lnk_file r_file_perms;
')
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index 2dffbc3..286f55f 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -1,5 +1,5 @@
-policy_module(userdomain,1.3.2)
+policy_module(userdomain,1.3.3)
gen_require(`
role sysadm_r, staff_r, user_r;
More information about the scm-commits
mailing list