[selinux-policy: 714/3172] start adding secure_file_type implementation
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:06:36 UTC 2010
commit a2868f6eae01369d18f52aa4b81c9f95f237849a
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Sep 28 19:07:22 2005 +0000
start adding secure_file_type implementation
refpolicy/policy/modules/services/bind.te | 4 +-
refpolicy/policy/modules/services/kerberos.te | 4 +-
refpolicy/policy/modules/system/files.if | 140 ++++++++++++++++++++++++-
refpolicy/policy/modules/system/files.te | 4 +
refpolicy/policy/modules/system/logging.te | 8 +-
refpolicy/policy/modules/system/userdomain.if | 12 ++-
6 files changed, 160 insertions(+), 12 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index 4a6af13..b853c52 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -7,8 +7,8 @@ policy_module(bind,1.0)
#
# for DNSSEC key files
-type dnssec_t; #, secure_file_type;
-files_type(dnssec_t)
+type dnssec_t;
+files_security_file(dnssec_t)
type named_t;
type named_exec_t;
diff --git a/refpolicy/policy/modules/services/kerberos.te b/refpolicy/policy/modules/services/kerberos.te
index 27fac58..6701465 100644
--- a/refpolicy/policy/modules/services/kerberos.te
+++ b/refpolicy/policy/modules/services/kerberos.te
@@ -23,8 +23,8 @@ type krb5_conf_t;
files_type(krb5_conf_t)
# types for general configuration files in /etc
-type krb5_keytab_t; #, secure_file_type;
-files_type(krb5_keytab_t)
+type krb5_keytab_t;
+files_security_file(krb5_keytab_t)
# types for KDC configs and principal file(s)
type krb5kdc_conf_t;
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index f59f485..c0910e8 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -153,6 +153,26 @@ interface(`files_poly_member_tmp',`
########################################
## <summary>
+## Make the specified type a file that
+## should not be dontaudited from
+## browsing from user domains.
+## </summary>
+## <param name="file_type">
+## Type of the file to be used as a
+## member directory.
+## </param>
+#
+interface(`files_security_file',`
+ gen_require(`
+ attribute security_file_type;
+ ')
+
+ files_type($1)
+ typeattribute $1 security_file_type;
+')
+
+########################################
+## <summary>
## Make the specified type a file
## used for temporary files.
## </summary>
@@ -247,6 +267,23 @@ interface(`files_list_all_dirs',`
########################################
## <summary>
+## Do not audit attempts to list all
+## non security directories.
+## </summary>
+## <param name="domain">
+## Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_list_non_security',`
+ gen_require(`
+ attribute file_type, security_file_type;
+ ')
+
+ dontaudit $1 { file_type -security_file_type }:dir r_dir_perms;
+')
+
+########################################
+## <summary>
## Get the attributes of all files.
## </summary>
## <param name="domain">
@@ -276,7 +313,6 @@ interface(`files_getattr_all_files',`
interface(`files_dontaudit_getattr_all_files',`
gen_require(`
attribute file_type;
- class file getattr;
')
dontaudit $1 file_type:file getattr;
@@ -284,6 +320,23 @@ interface(`files_dontaudit_getattr_all_files',`
########################################
## <summary>
+## Do not audit attempts to get the attributes
+## of non security files.
+## </summary>
+## <param name="domain">
+## Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_getattr_non_security_files',`
+ gen_require(`
+ attribute file_type, security_file_type;
+ ')
+
+ dontaudit $1 { file_type -security_file_type }:file getattr;
+')
+
+########################################
+## <summary>
## Read all files.
## </summary>
## <param name="domain">
@@ -344,6 +397,57 @@ interface(`files_dontaudit_getattr_all_symlinks',`
########################################
## <summary>
+## Do not audit attempts to get the attributes
+## of non security symbolic links.
+## </summary>
+## <param name="domain">
+## Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_getattr_non_security_symlinks',`
+ gen_require(`
+ attribute file_type, security_file_type;
+ ')
+
+ dontaudit $1 { file_type -security_file_type }:lnk_file getattr;
+')
+
+########################################
+## <summary>
+## Do not audit attempts to get the attributes
+## of non security block devices.
+## </summary>
+## <param name="domain">
+## Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_getattr_non_security_blk_dev',`
+ gen_require(`
+ attribute file_type, security_file_type;
+ ')
+
+ dontaudit $1 { file_type -security_file_type }:blk_file getattr;
+')
+
+########################################
+## <summary>
+## Do not audit attempts to get the attributes
+## of non security character devices.
+## </summary>
+## <param name="domain">
+## Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_getattr_non_security_chr_dev',`
+ gen_require(`
+ attribute file_type, security_file_type;
+ ')
+
+ dontaudit $1 { file_type -security_file_type }:chr_file getattr;
+')
+
+########################################
+## <summary>
## Read all symbolic links.
## </summary>
## <param name="domain">
@@ -400,6 +504,23 @@ interface(`files_dontaudit_getattr_all_pipes',`
########################################
## <summary>
+## Do not audit attempts to get the attributes
+## of non security named pipes.
+## </summary>
+## <param name="domain">
+## Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_getattr_non_security_pipes',`
+ gen_require(`
+ attribute file_type, security_file_type;
+ ')
+
+ dontaudit $1 { file_type -security_file_type }:fifo_file getattr;
+')
+
+########################################
+## <summary>
## Get the attributes of all named sockets.
## </summary>
## <param name="domain">
@@ -437,6 +558,23 @@ interface(`files_dontaudit_getattr_all_sockets',`
########################################
## <summary>
+## Do not audit attempts to get the attributes
+## of non security named sockets.
+## </summary>
+## <param name="domain">
+## Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_getattr_non_security_sockets',`
+ gen_require(`
+ attribute file_type, security_file_type;
+ ')
+
+ dontaudit $1 { file_type -security_file_type }:sock_file getattr;
+')
+
+########################################
+## <summary>
## Relabel all files on the filesystem, except
## the listed exceptions.
## </summary>
diff --git a/refpolicy/policy/modules/system/files.te b/refpolicy/policy/modules/system/files.te
index 281fac4..3545494 100644
--- a/refpolicy/policy/modules/system/files.te
+++ b/refpolicy/policy/modules/system/files.te
@@ -22,6 +22,10 @@ attribute polyparent;
# And labeling for the member directories
attribute polymember;
+# sensitive security files whose accesses should
+# not be dontaudited for uses
+attribute security_file_type;
+
attribute tmpfile;
attribute tmpfsfile;
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index cdc5495..d23c918 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -13,11 +13,11 @@ type auditctl_exec_t;
init_system_domain(auditctl_t,auditctl_exec_t)
role system_r types auditctl_t;
-type auditd_etc_t; #, secure_file_type;
-files_type(auditd_etc_t)
+type auditd_etc_t;
+files_security_file(auditd_etc_t)
-type auditd_log_t; # secure_file_type;
-files_type(auditd_log_t)
+type auditd_log_t;
+files_security_file(auditd_log_t)
type auditd_t;
type auditd_exec_t;
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 0950c76..8ccac59 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -212,6 +212,14 @@ template(`base_user_template',`
files_exec_etc_files($1_t)
files_read_usr_src_files($1_t)
files_search_locks($1_t)
+ # old broswer_domain():
+ files_dontaudit_list_non_security($1_t)
+ files_dontaudit_getattr_non_security_files($1_t)
+ files_dontaudit_getattr_non_security_symlinks($1_t)
+ files_dontaudit_getattr_non_security_pipes($1_t)
+ files_dontaudit_getattr_non_security_sockets($1_t)
+ files_dontaudit_getattr_non_security_blk_dev($1_t)
+ files_dontaudit_getattr_non_security_chr_dev($1_t)
# Caused by su - init scripts
init_dontaudit_use_script_pty($1_t)
@@ -385,9 +393,7 @@ template(`base_user_template',`
allow $1_t fs_type:dir getattr;
- dontaudit $1 file_type - secure_file_type:dir_file_class_set getattr;
- dontaudit $1 file_type - secure_file_type:dir search;
- dontaudit $1 file_type - secure_file_type:dir read;
+ # old browser_domain():
dontaudit $1 unlabeled_t:dir_file_class_set getattr;
dontaudit $1 unlabeled_t:dir search;
dontaudit $1 unlabeled_t:dir read;
More information about the scm-commits
mailing list