[selinux-policy: 1608/3172] This patch adds a GConf policy to refpolicy.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:24:08 UTC 2010 

commit 00219064d7dc35a5a7ffc944e1574b80a6370cc6
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Oct 2 15:22:48 2006 +0000

    This patch adds a GConf policy to refpolicy.
    
    This policy is much tighter than the GConf policy from the old example
    policy.  It only allows gconfd to access configuration data stored by
    GConf.  Users can modify configuration data using gconftool-2 or
    gconf-editor, both of which use gconfd.  GConf manages multiple
    configuration sources, so gconfd should be used to make any changes
    anyway.  Normal users who aren't trying to directly edit the
    configuration data of GConf won't notice anything different.
    
    There is also a difference between this policy and the old example
    policy in handling directories in /tmp.  The old example policy
    labeled /tmp/gconfd-USER with ROLE_gconfd_tmp_t, but, since there was no
    use of the file_type_auto_trans macro, if that directory was deleted
    gconfd would create one labeled as tmp_t.  This policy uses the
    files_tmp-filetrans macro to cause a directory in /tmp created by gconfd
    to be labeled as $1_tmp_t.  It is not labeled with $1_gconf_tmp_t,
    because if /tmp/orbit-USER is deleted, gconfd will create it (through
    use of ORBit) and it would get the $1_gconf_tmp_t label.  By having
    gconfd create $1_tmp_t directories in /tmp and $1_gconf_tmp_t files and
    directories in directories labeled with $1_tmp_t, it can control its
    data without requiring any future bonobo or Gnome policies to have
    access to $1_gconf_tmp_t.
    
    This patch is related to work that I am doing in making gconfd an
    userspace object manager.  If any user program can modify the
    configuration data that GConf stores, than making gconfd an userspace
    object manager would be useless.
    
    Signed-off-by:  James Carter <jwcart2 at tycho.nsa.gov>

 Changelog                           |    1 +
 policy/modules/apps/gnome.fc        |    9 +++
 policy/modules/apps/gnome.if        |  129 +++++++++++++++++++++++++++++++++++
 policy/modules/apps/gnome.te        |   13 ++++
 policy/modules/system/userdomain.fc |   12 ++--
 policy/modules/system/userdomain.if |   95 +++++++++++++++++++++++++-
 policy/modules/system/userdomain.te |    2 +-
 7 files changed, 254 insertions(+), 7 deletions(-)
---
diff --git a/Changelog b/Changelog
index e0f065b..c87f076 100644
--- a/Changelog
+++ b/Changelog
@@ -95,6 +95,7 @@
 	games
 	gatekeeper
 	gift
+	gnome (James Carter)
 	imaze
 	ircd
 	jabber
diff --git a/policy/modules/apps/gnome.fc b/policy/modules/apps/gnome.fc
new file mode 100644
index 0000000..0146bd4
--- /dev/null
+++ b/policy/modules/apps/gnome.fc
@@ -0,0 +1,9 @@
+/etc/gconf(/.*)?		gen_context(system_u:object_r:gconf_etc_t,s0)
+
+/usr/libexec/gconfd-2 	--	gen_context(system_u:object_r:gconfd_exec_t,s0)
+
+ifdef(`strict_policy',`
+HOME_DIR/\.gconf(d)?(/.*)?	gen_context(system_u:object_r:ROLE_gconf_home_t,s0)
+
+/tmp/gconfd-USER/.*	--	gen_context(system_u:object_r:ROLE_gconf_tmp_t,s0)
+')
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
new file mode 100644
index 0000000..46ee2da
--- /dev/null
+++ b/policy/modules/apps/gnome.if
@@ -0,0 +1,129 @@
+## <summary>GNU network object model environment (GNOME)</summary>
+
+########################################
+## <summary>
+##	The per role template for the gnome module.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a derived domain which is used
+##	for gconf sessions.
+##	</p>
+##	<p>
+##	This template is invoked automatically for each role, and
+##	generally does not need to be invoked directly
+##	by policy writers.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+#
+template(`gnome_per_role_template',`
+	gen_require(`
+		type gconfd_exec_t;
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+	type $1_gconfd_t;
+	domain_type($1_gconfd_t)
+	domain_entry_file($1_gconfd_t, gconfd_exec_t)
+	role $3 types $1_gconfd_t;
+
+	type $1_gconf_home_t;
+	files_type($1_gconf_home_t)
+
+	type $1_gconf_tmp_t;
+	files_tmp_file($1_gconf_tmp_t)
+
+	##############################
+	#
+	# Local Policy
+	#
+
+	allow $1_gconfd_t self:process getsched;
+
+	allow $1_gconfd_t $1_gconf_home_t:dir manage_dir_perms;
+	allow $1_gconfd_t $1_gconf_home_t:file manage_file_perms;
+	userdom_user_home_dir_filetrans($1, $1_gconfd_t, $1_gconf_home_t, dir)
+
+	allow $1_gconfd_t $1_gconf_tmp_t:dir manage_dir_perms;
+	allow $1_gconfd_t $1_gconf_tmp_t:file manage_file_perms;
+	userdom_user_tmp_filetrans($1,$1_gconfd_t,$1_gconf_tmp_t,{ dir file })
+
+	domain_auto_trans($2, gconfd_exec_t, $1_gconfd_t)
+	allow $1_gconfd_t $2:fd use;
+	allow $1_gconfd_t $2:fifo_file write;
+	allow $1_gconfd_t $2:unix_stream_socket connectto;
+
+	allow $1_gconfd_t gconf_etc_t:dir list_dir_perms;
+	allow $1_gconfd_t gconf_etc_t:file read_file_perms;
+
+	dev_read_urand($1_gconfd_t)
+
+	files_read_etc_files($1_gconfd_t)
+
+	libs_use_ld_so($1_gconfd_t)
+	libs_use_shared_libs($1_gconfd_t)
+
+	miscfiles_read_localization($1_gconfd_t)
+
+	logging_send_syslog_msg($1_gconfd_t)
+
+	userdom_manage_user_tmp_sockets($1, $1_gconfd_t)
+	userdom_manage_user_tmp_dirs($1,$1_gconfd_t)
+	userdom_tmp_filetrans_user_tmp($1,$1_gconfd_t,dir)
+
+	gnome_stream_connect_gconf_template($1,$2)
+
+	optional_policy(`
+		nscd_dontaudit_search_pid($1_gconfd_t)
+	')
+
+	optional_policy(`
+		xserver_use_xdm_fds($1_gconfd_t)
+		xserver_rw_xdm_pipes($1_gconfd_t)
+	')
+')
+	
+########################################
+## <summary>
+##	gconf connection template.
+## </summary>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+template(`gnome_stream_connect_gconf_template',`
+	gen_require(`
+		type $1_gconfd_t;
+		type $1_gconf_tmp_t;
+	')
+
+	allow $2 $1_gconfd_t:unix_stream_socket connectto;
+	allow $2 $1_gconf_tmp_t:file r_file_perms;
+')
diff --git a/policy/modules/apps/gnome.te b/policy/modules/apps/gnome.te
new file mode 100644
index 0000000..996809a
--- /dev/null
+++ b/policy/modules/apps/gnome.te
@@ -0,0 +1,13 @@
+
+policy_module(gnome,1.0.0)
+
+##############################
+#
+# Declarations
+#
+
+type gconf_etc_t;
+files_type(gconf_etc_t)
+
+type gconfd_exec_t;
+corecmd_executable_file(gconfd_exec_t)
diff --git a/policy/modules/system/userdomain.fc b/policy/modules/system/userdomain.fc
index 58d0e2d..177b096 100644
--- a/policy/modules/system/userdomain.fc
+++ b/policy/modules/system/userdomain.fc
@@ -1,9 +1,11 @@
+ifdef(`strict_policy',`
+HOME_DIR	-d	gen_context(system_u:object_r:ROLE_home_dir_t,s0-s15:c0.c255)
+HOME_DIR/.+		gen_context(system_u:object_r:ROLE_home_t,s0)
+
+/tmp/gconfd-USER -d	gen_context(system_u:object_r:ROLE_tmp_t,s0)
+')
 
-# temporary hack till genhomedircon is fixed
 ifdef(`targeted_policy',`
-HOME_DIR		-d	gen_context(system_u:object_r:user_home_dir_t,s0)
+HOME_DIR	-d	gen_context(system_u:object_r:user_home_dir_t,s0)
 HOME_DIR/.+		gen_context(system_u:object_r:user_home_t,s0)
-',`
-HOME_DIR		-d	gen_context(system_u:object_r:ROLE_home_dir_t,s0-s15:c0.c255)
-HOME_DIR/.+		gen_context(system_u:object_r:ROLE_home_t,s0)
 ')
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index e98a911..713adba 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -2678,7 +2678,7 @@ template(`userdom_manage_user_tmp_dirs',`
 	')
 
 	files_search_tmp($2)
-	allow $2 $1_tmp_t:dir create_dir_perms;
+	allow $2 $1_tmp_t:dir manage_dir_perms;
 ')
 
 ########################################
@@ -2831,6 +2831,99 @@ template(`userdom_manage_user_tmp_sockets',`
 
 ########################################
 ## <summary>
+##	Create objects in a user temporary directory
+##	with an automatic type transition to
+##	a specified private type.
+## </summary>
+## <desc>
+##	<p>
+##	Create objects in a user temporary directory
+##	with an automatic type transition to
+##	a specified private type.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.  If not
+##	specified, file is used.
+##	</summary>
+## </param>
+#
+template(`userdom_user_tmp_filetrans',`
+	gen_require(`
+		type $1_tmp_t;
+	')
+
+	allow $2 $1_tmp_t:dir rw_dir_perms;
+	type_transition $2 $1_tmp_t:$4 $3;
+	files_search_tmp($2)
+')
+
+########################################
+## <summary>
+##	Create objects in the temporary directory
+##	with an automatic type transition to
+##	the user temporary type.
+## </summary>
+## <desc>
+##	<p>
+##	Create objects in the temporary directory
+##	with an automatic type transition to
+##	the user temporary type.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.  If not
+##	specified, file is used.
+##	</summary>
+## </param>
+#
+template(`userdom_tmp_filetrans_user_tmp',`
+	gen_require(`
+		type $1_home_dir_t;
+	')
+
+	files_tmp_filetrans($2,$1_tmp_t,$3)
+')
+
+########################################
+## <summary>
 ##	Read user tmpfs files.
 ## </summary>
 ## <desc>
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 6f96406..b07abb6 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -1,5 +1,5 @@
 
-policy_module(userdomain,1.3.35)
+policy_module(userdomain,1.3.36)
 
 gen_require(`
 	role sysadm_r, staff_r, user_r;

More information about the scm-commits mailing list