RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/modules/kernel/kernel.if

3719 lines
73 KiB
Plaintext
Raw Normal View History

fix xml
2005-06-01 14:17:43 +00:00
## <summary>
Add kernel patch from Dan Walsh
2009-11-19 14:25:38 +00:00
## Policy for kernel threads, proc filesystem,
fix comments, clean out object classes
2006-01-13 19:10:31 +00:00
## and unlabeled processes and objects.
fix xml
2005-06-01 14:17:43 +00:00
## </summary>
add required tags
2005-07-05 17:47:15 +00:00
## <required val="true">
pile of sediff fixes
2005-11-08 22:00:30 +00:00
## This module has initial SIDs.
add required tags
2005-07-05 17:47:15 +00:00
## </required>
add copyright statement
2005-04-20 19:07:16 +00:00
Implement core systemd policy. Significant contributions from the Tresys CLIP team. Other changes from Laurent Bigonville.
2015-10-23 14:16:59 +00:00
########################################
## <summary>
## Allows the kernel to start userland processes
## by dynamic transitions to the specified domain.
## </summary>
## <param name="domain">
## <summary>
## The process type entered by the kernel.
## </summary>
## </param>
#
interface(`kernel_dyntrans_to',`
gen_require(`
type kernel_t;
')
domain_dyntrans_type(kernel_t)
allow kernel_t self:process setcurrent;
allow kernel_t $1:process dyntransition;
')
move make_{daemon,init,system}_domain to init to fix type_transition'ing
2005-05-13 20:21:50 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allows to start userland processes
## by transitioning to the specified domain.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## The process type entered by kernel.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
## <param name="entrypoint">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## The executable type for the entrypoint.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
move make_{daemon,init,system}_domain to init to fix type_transition'ing
2005-05-13 20:21:50 +00:00
#
from today's interface review meeting: s/kernel_use_unlabeled_blk_dev/kernel_rw_unlabeled_blk_dev/g s/kernel_userland_entry/kernel_domtrans_to/g
2006-01-27 19:55:42 +00:00
interface(`kernel_domtrans_to',`
more work to clean up and complete current modules
2005-06-20 17:41:29 +00:00
gen_require(`
type kernel_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
domtrans_pattern(kernel_t, $2, $1)
move make_{daemon,init,system}_domain to init to fix type_transition'ing
2005-05-13 20:21:50 +00:00
')
- Move range transitions to modules. - Make number of MLS sensitivities, and number of MLS and MCS categories configurable as build options.
2006-10-04 17:25:34 +00:00
########################################
## <summary>
## Allows to start userland processes
## by transitioning to the specified domain,
## with a range transition.
## </summary>
## <param name="domain">
## <summary>
## The process type entered by kernel.
## </summary>
## </param>
## <param name="entrypoint">
## <summary>
## The executable type for the entrypoint.
## </summary>
## </param>
## <param name="range">
## <summary>
## Range for the domain.
## </summary>
## </param>
#
interface(`kernel_ranged_domtrans_to',`
gen_require(`
type kernel_t;
')
Add kernel patch from Dan Walsh
2009-11-19 14:25:38 +00:00
kernel_domtrans_to($1, $2)
- Move range transitions to modules. - Make number of MLS sensitivities, and number of MLS and MCS categories configurable as build options.
2006-10-04 17:25:34 +00:00
ifdef(`enable_mcs',`
range_transition kernel_t $2:process $3;
')
ifdef(`enable_mls',`
range_transition kernel_t $2:process $3;
trunk: several MLS enhancements.
2007-08-20 15:15:03 +00:00
mls_rangetrans_target($1)
- Move range transitions to modules. - Make number of MLS sensitivities, and number of MLS and MCS categories configurable as build options.
2006-10-04 17:25:34 +00:00
')
')
kernel.if renaming
2005-06-09 20:50:17 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allows the kernel to mount filesystems on
## the specified directory type.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="directory_type">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## The type of the directory to use as a mountpoint.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
kernel.if renaming
2005-06-09 20:50:17 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_rootfs_mountpoint',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type kernel_t;
')
kernel.if renaming
2005-06-09 20:50:17 +00:00
allow kernel_t $1:dir mounton;
')
more updates
2005-09-15 21:03:29 +00:00
########################################
## <summary>
## Set the process group of kernel threads.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
more updates
2005-09-15 21:03:29 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
more updates
2005-09-15 21:03:29 +00:00
## </param>
#
interface(`kernel_setpgid',`
gen_require(`
type kernel_t;
')
allow $1 kernel_t:process setpgid;
')
trunk: 3 patches from dan
2007-08-07 17:06:32 +00:00
########################################
## <summary>
## Set the priority of kernel threads.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_setsched',`
gen_require(`
type kernel_t;
')
allow $1 kernel_t:process setsched;
')
more work to clean up and complete current modules
2005-06-20 17:41:29 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Send a SIGCHLD signal to kernel threads.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
more work to clean up and complete current modules
2005-06-20 17:41:29 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_sigchld',`
more work to clean up and complete current modules
2005-06-20 17:41:29 +00:00
gen_require(`
type kernel_t;
')
more updates
2005-09-15 21:03:29 +00:00
allow $1 kernel_t:process sigchld;
more work to clean up and complete current modules
2005-06-20 17:41:29 +00:00
')
Kernel patch from Dan Walsh.
2010-03-17 15:16:25 +00:00
########################################
## <summary>
## Send a kill signal to kernel threads.
## </summary>
## <param name="domain">
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
Kernel patch from Dan Walsh.
2010-03-17 15:16:25 +00:00
## </summary>
## </param>
#
interface(`kernel_kill',`
gen_require(`
type kernel_t;
')
allow $1 kernel_t:process sigkill;
')
more merging of NSA CVS policy
2005-09-13 13:06:07 +00:00
########################################
## <summary>
## Send a generic signal to kernel threads.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
more merging of NSA CVS policy
2005-09-13 13:06:07 +00:00
## </param>
#
interface(`kernel_signal',`
gen_require(`
type kernel_t;
')
trunk: 6 patches from dan.
2009-06-11 15:00:48 +00:00
allow $1 kernel_t:process signal;
more merging of NSA CVS policy
2005-09-13 13:06:07 +00:00
')
initial commit
2005-04-14 20:18:17 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allows the kernel to share state information with
## the caller.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## The type of the process with which to share state information.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
initial commit
2005-04-14 20:18:17 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_share_state',`
more work to clean up and complete current modules
2005-06-20 17:41:29 +00:00
gen_require(`
type kernel_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
allow kernel_t $1:process share;
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Permits caller to use kernel file descriptors.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
initial commit
2005-04-14 20:18:17 +00:00
#
make (almost) all interface parameters required. move boot_t, system_map_t, and modules_object_t to files module. fd use interface renames, udp sendto interface renames.
2006-03-02 23:41:11 +00:00
interface(`kernel_use_fds',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type kernel_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
allow $1 kernel_t:fd use;
initial commit
2005-04-14 20:18:17 +00:00
')
make mountpoints work, plus misc
2005-04-28 21:41:09 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Do not audit attempts to use
## kernel file descriptors.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Docs standardizing on the role portion of run interfaces. Additional docs cleanup.
2010-08-03 13:20:22 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
make mountpoints work, plus misc
2005-04-28 21:41:09 +00:00
#
make (almost) all interface parameters required. move boot_t, system_map_t, and modules_object_t to files module. fd use interface renames, udp sendto interface renames.
2006-03-02 23:41:11 +00:00
interface(`kernel_dontaudit_use_fds',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type kernel_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
dontaudit $1 kernel_t:fd use;
make mountpoints work, plus misc
2005-04-28 21:41:09 +00:00
')
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
########################################
fix xml
2005-07-11 19:15:54 +00:00
## <summary>
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
## Read and write kernel unnamed pipes.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
## </param>
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_pipes',`
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
gen_require(`
type kernel_t;
')
selint: fix S-010 Signed-off-by: bauen1 <j2468h@gmail.com>
2020-08-14 14:33:08 +00:00
allow $1 kernel_t:fifo_file rw_inherited_fifo_file_perms;
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
')
Implement core systemd policy. Significant contributions from the Tresys CLIP team. Other changes from Laurent Bigonville.
2015-10-23 14:16:59 +00:00
########################################
## <summary>
## Read/write to kernel using a unix
## domain stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_rw_stream_sockets',`
gen_require(`
type kernel_t;
')
allow $1 kernel_t:unix_stream_socket rw_socket_perms;
')
Move kernel_stream_connect() declaration.
2012-10-19 13:18:19 +00:00
########################################
## <summary>
## Connect to kernel using a unix
## domain stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_stream_connect',`
gen_require(`
type kernel_t;
')
allow $1 kernel_t:unix_stream_socket connectto;
')
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
########################################
## <summary>
Implement core systemd policy. Significant contributions from the Tresys CLIP team. Other changes from Laurent Bigonville.
2015-10-23 14:16:59 +00:00
## Getattr on kernel unix datagram sockets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_getattr_dgram_sockets',`
gen_require(`
type kernel_t;
')
allow $1 kernel_t:unix_dgram_socket getattr;
')
########################################
## <summary>
Remove deprecated interfaces older than one year old. Additionally one deprecated attribute removed.
2017-08-06 21:03:17 +00:00
## Read and write kernel unix datagram sockets.
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
## </param>
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_unix_dgram_sockets',`
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
gen_require(`
type kernel_t;
')
allow $1 kernel_t:unix_dgram_socket { read write ioctl };
')
########################################
## <summary>
## Send messages to kernel unix datagram sockets.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
## </param>
#
fix sendto
2006-02-06 15:43:46 +00:00
interface(`kernel_dgram_send',`
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
gen_require(`
type kernel_t;
')
allow $1 kernel_t:unix_dgram_socket sendto;
')
more cleanup in system
2005-07-18 18:31:49 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allows caller to load kernel modules
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
initial commit
2005-04-14 20:18:17 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_load_module',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
attribute can_load_kernmodule;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
typeattribute $1 can_load_kernmodule;
initial commit
2005-04-14 20:18:17 +00:00
')
patch from dan Wed, 23 Aug 2006 14:03:49 -0400
2006-08-29 02:41:00 +00:00
########################################
## <summary>
## Allow search the kernel key ring.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_search_key',`
gen_require(`
type kernel_t;
')
allow $1 kernel_t:key search;
')
trunk: 11 patches from dan.
2007-10-29 18:35:32 +00:00
########################################
## <summary>
## dontaudit search the kernel key ring.
## </summary>
## <param name="domain">
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
trunk: 11 patches from dan.
2007-10-29 18:35:32 +00:00
## </summary>
## </param>
#
interface(`kernel_dontaudit_search_key',`
gen_require(`
type kernel_t;
')
dontaudit $1 kernel_t:key search;
')
patch from dan Wed, 23 Aug 2006 14:03:49 -0400
2006-08-29 02:41:00 +00:00
########################################
## <summary>
## Allow link to the kernel key ring.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_link_key',`
gen_require(`
type kernel_t;
')
allow $1 kernel_t:key link;
')
trunk: 11 patches from dan.
2007-10-29 18:35:32 +00:00
########################################
## <summary>
## dontaudit link to the kernel key ring.
## </summary>
## <param name="domain">
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
trunk: 11 patches from dan.
2007-10-29 18:35:32 +00:00
## </summary>
## </param>
#
interface(`kernel_dontaudit_link_key',`
gen_require(`
type kernel_t;
')
dontaudit $1 kernel_t:key link;
')
Add key interfaces and perms Mostly taken from the fedora rawhide policy
2017-11-02 17:30:46 +00:00
########################################
## <summary>
## Allow view the kernel key ring.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_view_key',`
gen_require(`
type kernel_t;
')
allow $1 kernel_t:key view;
')
########################################
## <summary>
## dontaudit view the kernel key ring.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_view_key',`
gen_require(`
type kernel_t;
')
dontaudit $1 kernel_t:key view;
')
Interfaces needed to support IMA/EVM keys I have been working to support IMA/EVM on a system. It requires having keys added to the kernel keyring. Keys added with keyctl and evmctl. I am creating keys in the ima_key_t type. Once the keys are created, many domains then need search permission on the type of the key. The following changes are needed to get things to work. Need to add keys to the kernel keyring (keyctl). type=AVC msg=audit(1585420717.704:1868): avc: denied { write } for pid=8622 comm="keyctl" scontext=system_u:system_r:cleanup_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=key permissive=1 Allow all domains to search key type=AVC msg=audit(1587936822.802:556): avc: denied { search } for pid=5963 comm="kworker/u16:6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:ima_key_t:s0 tclass=key permissive=1 type=AVC msg=audit(1587936822.804:559): avc: denied { search } for pid=5963 comm="systemd-cgroups" scontext=system_u:system_r:systemd_cgroups_t:s0 tcontext=system_u:object_r:ima_key_t:s0 tclass=key permissive=1 type=AVC msg=audit(1587936822.809:560): avc: denied { search } for pid=5964 comm="(sysctl)" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ima_key_t:s0 tclass=key permissive=1 type=AVC msg=audit(1587936822.813:562): avc: denied { search } for pid=5964 comm="sysctl" scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:ima_key_t:s0 tclass=key permissive=1 type=AVC msg=audit(1587936823.149:604): avc: denied { search } for pid=5987 comm="setsebool" scontext=system_u:system_r:semanage_t:s0 tcontext=system_u:object_r:ima_key_t:s0 tclass=key permissive=1 Signed-off-by: Dave Sugar <dsugar@tresys.com>
2020-03-28 18:18:33 +00:00
########################################
## <summary>
## allow write access to the kernel key ring.
## </summary>
## <param name="domain">
## <summary>
## Domain to allow.
## </summary>
## </param>
#
interface(`kernel_write_key',`
gen_require(`
type kernel_t;
')
allow $1 kernel_t:key write;
')
initial commit
2005-04-14 20:18:17 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allows caller to read the ring buffer.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_read_ring_buffer',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type kernel_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
Add syslog capability.
2011-01-19 19:11:00 +00:00
allow $1 self:capability2 syslog;
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
allow $1 kernel_t:system syslog_read;
initial commit
2005-04-14 20:18:17 +00:00
')
start adding user domains. fix ttynode and ptynode handling, as they're more then user terminals (at least ptynode is). start adding XML comments
2005-05-16 21:10:33 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Do not audit attempts to read the ring buffer.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
start adding user domains. fix ttynode and ptynode handling, as they're more then user terminals (at least ptynode is). start adding XML comments
2005-05-16 21:10:33 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_dontaudit_read_ring_buffer',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type kernel_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
dontaudit $1 kernel_t:system syslog_read;
start adding user domains. fix ttynode and ptynode handling, as they're more then user terminals (at least ptynode is). start adding XML comments
2005-05-16 21:10:33 +00:00
')
initial commit
2005-04-14 20:18:17 +00:00
########################################
add fstools, and more cleanup
2005-06-27 20:59:28 +00:00
## <summary>
## Change the level of kernel messages logged to the console.
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_change_ring_buffer_level',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type kernel_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
Add syslog capability.
2011-01-19 19:11:00 +00:00
allow $1 self:capability2 syslog;
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
allow $1 kernel_t:system syslog_console;
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allows the caller to clear the ring buffer.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_clear_ring_buffer',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type kernel_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
Add syslog capability.
2011-01-19 19:11:00 +00:00
allow $1 self:capability2 syslog;
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
allow $1 kernel_t:system syslog_mod;
initial commit
2005-04-14 20:18:17 +00:00
')
Add kernel patch from Dan Walsh
2009-11-19 14:25:38 +00:00
########################################
## <summary>
## Allows caller to request the kernel to load a module
## </summary>
Add additional documentation to kernel_request_load_module().
2010-03-16 19:08:00 +00:00
## <desc>
## <p>
## Allow the specified domain to request that the kernel
## load a kernel module. An example of this is the
## auto-loading of network drivers when doing an
## ioctl() on a network interface.
## </p>
## <p>
## In the specific case of a module loading request
## on a network interface, the domain will also
## need the net_admin capability.
## </p>
## </desc>
Add kernel patch from Dan Walsh
2009-11-19 14:25:38 +00:00
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_request_load_module',`
gen_require(`
type kernel_t;
')
allow $1 kernel_t:system module_request;
')
Kernel patch from Dan Walsh. Add ability to dontaudit requiests to load kernel modules. If you disable ipv6 every confined app that does ip, tries to get the kernel to load the module. Better handling of unlabeled files by the kernel interfaces
2010-06-07 15:08:35 +00:00
########################################
## <summary>
## Do not audit requests to the kernel to load a module.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_request_load_module',`
gen_require(`
type kernel_t;
')
dontaudit $1 kernel_t:system module_request;
')
initial commit
2005-04-14 20:18:17 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Get information on all System V IPC objects.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Add kernel patch from Dan Walsh
2009-11-19 14:25:38 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
initial commit
2005-04-14 20:18:17 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_get_sysvipc_info',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type kernel_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
allow $1 kernel_t:system ipc_info;
initial commit
2005-04-14 20:18:17 +00:00
')
final updates from nsa cvs
2005-09-19 21:17:45 +00:00
########################################
## <summary>
## Get the attributes of a kernel debugging filesystem.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
final updates from nsa cvs
2005-09-19 21:17:45 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
final updates from nsa cvs
2005-09-19 21:17:45 +00:00
## </param>
#
interface(`kernel_getattr_debugfs',`
gen_require(`
type debugfs_t;
')
allow $1 debugfs_t:filesystem getattr;
')
########################################
## <summary>
## Mount a kernel debugging filesystem.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
final updates from nsa cvs
2005-09-19 21:17:45 +00:00
## </param>
#
interface(`kernel_mount_debugfs',`
gen_require(`
type debugfs_t;
')
allow $1 debugfs_t:filesystem mount;
')
########################################
## <summary>
## Unmount a kernel debugging filesystem.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
final updates from nsa cvs
2005-09-19 21:17:45 +00:00
## </param>
#
interface(`kernel_unmount_debugfs',`
gen_require(`
type debugfs_t;
')
allow $1 debugfs_t:filesystem unmount;
')
########################################
## <summary>
## Remount a kernel debugging filesystem.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
final updates from nsa cvs
2005-09-19 21:17:45 +00:00
## </param>
#
interface(`kernel_remount_debugfs',`
gen_require(`
type debugfs_t;
')
allow $1 debugfs_t:filesystem remount;
')
########################################
## <summary>
## Search the contents of a kernel debugging filesystem.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
final updates from nsa cvs
2005-09-19 21:17:45 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
final updates from nsa cvs
2005-09-19 21:17:45 +00:00
## </param>
#
interface(`kernel_search_debugfs',`
gen_require(`
type debugfs_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
search_dirs_pattern($1, debugfs_t, debugfs_t)
final updates from nsa cvs
2005-09-19 21:17:45 +00:00
')
Kernel patch from Dan Walsh.
2010-03-17 15:16:25 +00:00
########################################
## <summary>
## Do not audit attempts to search the kernel debugging filesystem.
## </summary>
## <param name="domain">
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
Kernel patch from Dan Walsh.
2010-03-17 15:16:25 +00:00
## </summary>
## </param>
#
interface(`kernel_dontaudit_search_debugfs',`
gen_require(`
type debugfs_t;
')
dontaudit $1 debugfs_t:dir search_dir_perms;
')
dontaudit mount writes to newly mounted filesystems Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-09 01:25:34 +00:00
########################################
## <summary>
Minor fixes for Chris Richards' mount patchset.
2010-11-11 14:47:37 +00:00
## Read information from the debugging filesystem.
dontaudit mount writes to newly mounted filesystems Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-09 01:25:34 +00:00
## </summary>
## <param name="domain">
## <summary>
Minor fixes for Chris Richards' mount patchset.
2010-11-11 14:47:37 +00:00
## Domain allowed access.
dontaudit mount writes to newly mounted filesystems Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-09 01:25:34 +00:00
## </summary>
## </param>
#
Minor fixes for Chris Richards' mount patchset.
2010-11-11 14:47:37 +00:00
interface(`kernel_read_debugfs',`
dontaudit mount writes to newly mounted filesystems Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-09 01:25:34 +00:00
gen_require(`
type debugfs_t;
')
Minor fixes for Chris Richards' mount patchset.
2010-11-11 14:47:37 +00:00
read_files_pattern($1, debugfs_t, debugfs_t)
read_lnk_files_pattern($1, debugfs_t, debugfs_t)
list_dirs_pattern($1, debugfs_t, debugfs_t)
dontaudit mount writes to newly mounted filesystems Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-09 01:25:34 +00:00
')
more merging from 1.27.1-15
2005-10-14 17:55:40 +00:00
########################################
## <summary>
Minor fixes for Chris Richards' mount patchset.
2010-11-11 14:47:37 +00:00
## Do not audit attempts to write kernel debugging filesystem dirs.
more merging from 1.27.1-15
2005-10-14 17:55:40 +00:00
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Minor fixes for Chris Richards' mount patchset.
2010-11-11 14:47:37 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
more merging from 1.27.1-15
2005-10-14 17:55:40 +00:00
## </param>
#
Minor fixes for Chris Richards' mount patchset.
2010-11-11 14:47:37 +00:00
interface(`kernel_dontaudit_write_debugfs_dirs',`
more merging from 1.27.1-15
2005-10-14 17:55:40 +00:00
gen_require(`
type debugfs_t;
')
Minor fixes for Chris Richards' mount patchset.
2010-11-11 14:47:37 +00:00
dontaudit $1 debugfs_t:dir write;
more merging from 1.27.1-15
2005-10-14 17:55:40 +00:00
')
Pull in additional changes in kernel layer from Fedora.
2011-03-31 13:49:01 +00:00
########################################
## <summary>
## Manage information from the debugging filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_manage_debugfs',`
gen_require(`
type debugfs_t;
')
manage_files_pattern($1, debugfs_t, debugfs_t)
read_lnk_files_pattern($1, debugfs_t, debugfs_t)
list_dirs_pattern($1, debugfs_t, debugfs_t)
')
- Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes to handle usage from userhelper.
2007-05-02 17:31:38 +00:00
########################################
## <summary>
## Mount a kernel VM filesystem.
## </summary>
## <param name="domain">
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
- Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes to handle usage from userhelper.
2007-05-02 17:31:38 +00:00
## </summary>
## </param>
#
interface(`kernel_mount_kvmfs',`
gen_require(`
type kvmfs_t;
')
allow $1 kvmfs_t:filesystem mount;
')
systemd-nspawn again This patch doesn't do everything that is needed to have systemd-nspawn work. But it does everything that is needed and which I have written in a clear and uncontroversial way. I think it's best to get this upstream now and then either have a separate discussion about the more difficult issues, or wait until I devise a way of solving those problems that's not too hacky. Who knows, maybe someone else will devise a brilliant solution to the remaining issues after this is accepted upstream. Also there's a tiny patch for systemd_machined_t that is required by systemd_nspawn_t. Description: systemd-nspawn Author: Russell Coker <russell@coker.com.au> Last-Update: 2017-03-29
2017-04-01 16:08:42 +00:00
########################################
## <summary>
## mount the proc filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_mount_proc',`
gen_require(`
type proc_t;
')
allow $1 proc_t:filesystem mount;
')
########################################
## <summary>
## remount the proc filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_remount_proc',`
gen_require(`
type proc_t;
')
allow $1 proc_t:filesystem remount;
')
add watchdog, bug 1662
2006-04-28 20:20:40 +00:00
########################################
## <summary>
## Unmount the proc filesystem.
## </summary>
## <param name="domain">
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
add watchdog, bug 1662
2006-04-28 20:20:40 +00:00
## </summary>
## </param>
#
interface(`kernel_unmount_proc',`
gen_require(`
type proc_t;
')
allow $1 proc_t:filesystem unmount;
')
initial commit
2005-04-14 20:18:17 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
## Get the attributes of the proc filesystem.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </param>
#
interface(`kernel_getattr_proc',`
gen_require(`
type proc_t;
')
allow $1 proc_t:filesystem getattr;
')
systemd-nspawn again This patch doesn't do everything that is needed to have systemd-nspawn work. But it does everything that is needed and which I have written in a clear and uncontroversial way. I think it's best to get this upstream now and then either have a separate discussion about the more difficult issues, or wait until I devise a way of solving those problems that's not too hacky. Who knows, maybe someone else will devise a brilliant solution to the remaining issues after this is accepted upstream. Also there's a tiny patch for systemd_machined_t that is required by systemd_nspawn_t. Description: systemd-nspawn Author: Russell Coker <russell@coker.com.au> Last-Update: 2017-03-29
2017-04-01 16:08:42 +00:00
########################################
## <summary>
## Mount on proc directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_mounton_proc',`
gen_require(`
type proc_t;
')
allow $1 proc_t:dir mounton;
')
Pull in additional changes in kernel layer from Fedora.
2011-03-31 13:49:01 +00:00
########################################
## <summary>
## Do not audit attempts to set the
## attributes of directories in /proc.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_setattr_proc_dirs',`
gen_require(`
type proc_t;
')
dontaudit $1 proc_t:dir setattr;
')
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
########################################
## <summary>
## Search directories in /proc.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </param>
#
interface(`kernel_search_proc',`
gen_require(`
type proc_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
search_dirs_pattern($1, proc_t, proc_t)
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
')
########################################
## <summary>
## List the contents of directories in /proc.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </param>
#
interface(`kernel_list_proc',`
gen_require(`
type proc_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, proc_t, proc_t)
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
')
pile of sediff fixes
2005-11-08 22:00:30 +00:00
########################################
## <summary>
## Do not audit attempts to list the
## contents of directories in /proc.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
pile of sediff fixes
2005-11-08 22:00:30 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
pile of sediff fixes
2005-11-08 22:00:30 +00:00
## </param>
#
interface(`kernel_dontaudit_list_proc',`
gen_require(`
type proc_t;
')
dontaudit $1 proc_t:dir list_dir_perms;
')
dontaudit mount writes to newly mounted filesystems Signed-off-by: Chris Richards <gizmo@giz-works.com>
2010-11-09 01:25:34 +00:00
########################################
## <summary>
## Do not audit attempts to write the
## directories in /proc.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_write_proc_dirs',`
gen_require(`
type proc_t;
')
dontaudit $1 proc_t:dir write;
')
kernel: missing permissions for confined execution This patch adds missing permissions in the kernel module that prevent to run it without the unconfined module. This second version improves the comment section of new interfaces: "Domain" is replaced by "Domain allowed access". Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
2016-12-18 20:58:44 +00:00
########################################
## <summary>
## Mount the directories in /proc.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_mounton_proc_dirs',`
gen_require(`
type proc_t;
')
allow $1 proc_t:dir mounton;
')
add yppasswdd to nis
2005-11-28 16:44:51 +00:00
########################################
## <summary>
## Get the attributes of files in /proc.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add yppasswdd to nis
2005-11-28 16:44:51 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
add yppasswdd to nis
2005-11-28 16:44:51 +00:00
## </param>
#
interface(`kernel_getattr_proc_files',`
gen_require(`
type proc_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
getattr_files_pattern($1, proc_t, proc_t)
add yppasswdd to nis
2005-11-28 16:44:51 +00:00
')
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
########################################
## <summary>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## Read generic symbolic links in /proc.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## <desc>
## <p>
## Allow the specified domain to read (follow) generic
## symbolic links (symlinks) in the proc filesystem (/proc).
## This interface does not include access to the targets of
## these links. An example symlink is /proc/self.
## </p>
## </desc>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </param>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## <infoflow type="read" weight="10"/>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
#
interface(`kernel_read_proc_symlinks',`
gen_require(`
type proc_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_lnk_files_pattern($1, proc_t, proc_t)
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
')
########################################
## <summary>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## Allows caller to read system state information in /proc.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## <desc>
## <p>
## Allow the specified domain to read general system
## state information from the proc filesystem (/proc).
## </p>
## <p>
## Generally it should be safe to allow this access. Some
## example files that can be read based on this interface:
## </p>
## <ul>
## <li>/proc/cpuinfo</li>
## <li>/proc/meminfo</li>
## <li>/proc/uptime</li>
## </ul>
## <p>
## This does not allow access to sysctl entries (/proc/sys/*)
## nor process state information (/proc/pid).
## </p>
## </desc>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## <infoflow type="read" weight="10"/>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_read_system_state',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, proc_t, proc_t)
read_lnk_files_pattern($1, proc_t, proc_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, proc_t, proc_t)
more merging from 1.27.1-15
2005-10-14 17:55:40 +00:00
')
########################################
## <summary>
## Write to generic proc entries.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
more merging from 1.27.1-15
2005-10-14 17:55:40 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
more merging from 1.27.1-15
2005-10-14 17:55:40 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
more merging from 1.27.1-15
2005-10-14 17:55:40 +00:00
#
# cjp: this should probably go away. any
# file thats writable in proc should really
# have its own label.
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_write_proc_files',`
more merging from 1.27.1-15
2005-10-14 17:55:40 +00:00
gen_require(`
type proc_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
write_files_pattern($1, proc_t, proc_t)
initial commit
2005-04-14 20:18:17 +00:00
')
add ignore read system state
2005-05-02 18:42:33 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Do not audit attempts by caller to
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## read system state information in proc.
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add ignore read system state
2005-05-02 18:42:33 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_dontaudit_read_system_state',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: 6 patches from dan.
2009-06-11 15:00:48 +00:00
dontaudit $1 proc_t:file read_file_perms;
add ignore read system state
2005-05-02 18:42:33 +00:00
')
Reduced the number of differences in amanda between the targeted and the refpolicy
2005-10-24 21:35:50 +00:00
########################################
## <summary>
## Do not audit attempts by caller to
Fix interface descriptions when duplicate ones are found Distinct interfaces should have different comments
2016-01-18 23:01:10 +00:00
## read symbolic links in proc.
Reduced the number of differences in amanda between the targeted and the refpolicy
2005-10-24 21:35:50 +00:00
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
Reduced the number of differences in amanda between the targeted and the refpolicy
2005-10-24 21:35:50 +00:00
## </param>
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_dontaudit_read_proc_symlinks',`
Reduced the number of differences in amanda between the targeted and the refpolicy
2005-10-24 21:35:50 +00:00
gen_require(`
type proc_t;
')
dontaudit $1 proc_t:lnk_file read;
')
trunk: 3 patches from dan.
2007-10-29 22:08:34 +00:00
#######################################
## <summary>
## Allow caller to read and write state information for AFS.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_rw_afs_state',`
gen_require(`
type proc_t, proc_afs_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, proc_t, proc_t)
rw_files_pattern($1, proc_afs_t, proc_afs_t)
trunk: 3 patches from dan.
2007-10-29 22:08:34 +00:00
')
initial commit
2005-04-14 20:18:17 +00:00
#######################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allow caller to read the state information for software raid.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_read_software_raid_state',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, proc_mdstat_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, proc_t, proc_mdstat_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, proc_t, proc_t)
add raid (mdadm)
2005-07-15 20:45:26 +00:00
')
#######################################
## <summary>
## Allow caller to read and set the state information for software raid.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
add raid (mdadm)
2005-07-15 20:45:26 +00:00
## </param>
#
interface(`kernel_rw_software_raid_state',`
gen_require(`
type proc_t, proc_mdstat_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
rw_files_pattern($1, proc_t, proc_mdstat_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, proc_t, proc_t)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
Fix several misspellings Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2020-08-11 13:01:34 +00:00
## Allows caller to get attributes of core kernel interface.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_getattr_core_if',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, proc_kcore_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
getattr_files_pattern($1, proc_t, proc_kcore_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, proc_t, proc_t)
initial commit
2005-04-14 20:18:17 +00:00
')
pile of updates
2005-05-13 14:37:13 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Do not audit attempts to get the attributes of
## core kernel interfaces.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
pile of updates
2005-05-13 14:37:13 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_dontaudit_getattr_core_if',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_kcore_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
dontaudit $1 proc_kcore_t:file getattr;
pile of updates
2005-05-13 14:37:13 +00:00
')
Add kernel patch from Dan Walsh
2009-11-19 14:25:38 +00:00
########################################
## <summary>
## Allows caller to read the core kernel interface.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_read_core_if',`
gen_require(`
type proc_t, proc_kcore_t;
attribute can_dump_kernel;
')
Kdump reads the kernel core.
2009-11-25 15:04:40 +00:00
allow $1 self:capability sys_rawio;
Add kernel patch from Dan Walsh
2009-11-19 14:25:38 +00:00
read_files_pattern($1, proc_t, proc_kcore_t)
list_dirs_pattern($1, proc_t, proc_t)
typeattribute $1 can_dump_kernel;
')
restructure kernel module to be consistent with other module ordering. put in missing rules. fix naming problems
2005-04-25 16:11:21 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allow caller to read kernel messages
## using the /proc/kmsg interface.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
restructure kernel module to be consistent with other module ordering. put in missing rules. fix naming problems
2005-04-25 16:11:21 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_read_messages',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
attribute can_receive_kernel_messages;
type proc_kmsg_t, proc_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, proc_t, proc_kmsg_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
typeattribute $1 can_receive_kernel_messages;
restructure kernel module to be consistent with other module ordering. put in missing rules. fix naming problems
2005-04-25 16:11:21 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allow caller to get the attributes of kernel message
## interface (/proc/kmsg).
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
restructure kernel module to be consistent with other module ordering. put in missing rules. fix naming problems
2005-04-25 16:11:21 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_getattr_message_if',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_kmsg_t, proc_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
getattr_files_pattern($1, proc_t, proc_kmsg_t)
restructure kernel module to be consistent with other module ordering. put in missing rules. fix naming problems
2005-04-25 16:11:21 +00:00
')
initial commit
2005-04-14 20:18:17 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Do not audit attempts by caller to get the attributes of kernel
## message interfaces.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
reorg run_init a little, and add a convert to a few new interfaces
2005-05-02 21:02:14 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_dontaudit_getattr_message_if',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
Fix situations where require blocks in interfaces listed types not actually referenced by that interface Signed-off-by: Daniel Burgener <dburgener@tresys.com>
2020-01-21 19:25:52 +00:00
type proc_kmsg_t;
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
dontaudit $1 proc_kmsg_t:file getattr;
reorg run_init a little, and add a convert to a few new interfaces
2005-05-02 21:02:14 +00:00
')
systemd-nspawn again This patch doesn't do everything that is needed to have systemd-nspawn work. But it does everything that is needed and which I have written in a clear and uncontroversial way. I think it's best to get this upstream now and then either have a separate discussion about the more difficult issues, or wait until I devise a way of solving those problems that's not too hacky. Who knows, maybe someone else will devise a brilliant solution to the remaining issues after this is accepted upstream. Also there's a tiny patch for systemd_machined_t that is required by systemd_nspawn_t. Description: systemd-nspawn Author: Russell Coker <russell@coker.com.au> Last-Update: 2017-03-29
2017-04-01 16:08:42 +00:00
########################################
## <summary>
## Mount on kernel message interfaces files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_mounton_message_if',`
gen_require(`
type proc_t, proc_kmsg_t;
')
allow $1 proc_t:dir list_dir_perms;
allow $1 proc_kmsg_t:file { getattr mounton };
')
fix up most of mta attribute insanity
2005-08-30 20:47:41 +00:00
########################################
## <summary>
## Do not audit attempts to search the network
## state directory.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
fix up most of mta attribute insanity
2005-08-30 20:47:41 +00:00
## </param>
##
#
interface(`kernel_dontaudit_search_network_state',`
gen_require(`
type proc_net_t;
')
fixes to make base module compilable
2005-09-12 15:17:39 +00:00
dontaudit $1 proc_net_t:dir search;
fix up most of mta attribute insanity
2005-08-30 20:47:41 +00:00
')
add rpc
2005-10-24 01:53:13 +00:00
########################################
## <summary>
## Allow searching of network state directory.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
add rpc
2005-10-24 01:53:13 +00:00
## </param>
##
#
interface(`kernel_search_network_state',`
gen_require(`
Add requires to interfaces that reference types or attributes without requiring them Signed-off-by: Daniel Burgener <dburgener@tresys.com>
2020-01-16 13:39:36 +00:00
type proc_t, proc_net_t;
add rpc
2005-10-24 01:53:13 +00:00
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
search_dirs_pattern($1, proc_t, proc_net_t)
add rpc
2005-10-24 01:53:13 +00:00
')
reorg run_init a little, and add a convert to a few new interfaces
2005-05-02 21:02:14 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## Read the network state information.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## <desc>
## <p>
## Allow the specified domain to read the networking
## state information. This includes several pieces
## of networking information, such as network interface
## names, netfilter (iptables) statistics, protocol
## information, routes, and remote procedure call (RPC)
## information.
## </p>
## </desc>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## <infoflow type="read" weight="10"/>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_read_network_state',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, proc_net_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, { proc_t proc_net_t }, proc_net_t)
read_lnk_files_pattern($1, { proc_t proc_net_t }, proc_net_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, proc_t, proc_net_t)
initial commit
2005-04-14 20:18:17 +00:00
')
add rpc
2005-10-24 01:53:13 +00:00
########################################
## <summary>
## Allow caller to read the network state symbolic links.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
add rpc
2005-10-24 01:53:13 +00:00
## </param>
#
interface(`kernel_read_network_state_symlinks',`
gen_require(`
type proc_t, proc_net_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_lnk_files_pattern($1, { proc_t proc_net_t }, proc_net_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, proc_t, proc_net_t)
add rpc
2005-10-24 01:53:13 +00:00
')
patch from dan Fri, 17 Mar 2006 15:22:53 -0500
2006-03-23 19:19:38 +00:00
########################################
## <summary>
## Allow searching of xen state directory.
## </summary>
## <param name="domain">
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
patch from dan Fri, 17 Mar 2006 15:22:53 -0500
2006-03-23 19:19:38 +00:00
## </summary>
## </param>
##
#
interface(`kernel_search_xen_state',`
gen_require(`
type proc_t, proc_xen_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
search_dirs_pattern($1, proc_t, proc_xen_t)
patch from dan Fri, 17 Mar 2006 15:22:53 -0500
2006-03-23 19:19:38 +00:00
')
########################################
## <summary>
## Do not audit attempts to search the xen
## state directory.
## </summary>
## <param name="domain">
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
patch from dan Fri, 17 Mar 2006 15:22:53 -0500
2006-03-23 19:19:38 +00:00
## </summary>
## </param>
##
#
interface(`kernel_dontaudit_search_xen_state',`
gen_require(`
type proc_xen_t;
')
dontaudit $1 proc_xen_t:dir search;
')
########################################
## <summary>
## Allow caller to read the xen state information.
## </summary>
## <param name="domain">
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
patch from dan Fri, 17 Mar 2006 15:22:53 -0500
2006-03-23 19:19:38 +00:00
## </summary>
## </param>
##
#
interface(`kernel_read_xen_state',`
gen_require(`
type proc_t, proc_xen_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
read_lnk_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, proc_t, proc_xen_t)
patch from dan Fri, 17 Mar 2006 15:22:53 -0500
2006-03-23 19:19:38 +00:00
')
########################################
## <summary>
## Allow caller to read the xen state symbolic links.
## </summary>
## <param name="domain">
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
patch from dan Fri, 17 Mar 2006 15:22:53 -0500
2006-03-23 19:19:38 +00:00
## </summary>
## </param>
##
#
interface(`kernel_read_xen_state_symlinks',`
gen_require(`
type proc_t, proc_xen_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_lnk_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, proc_t, proc_xen_t)
patch from dan Fri, 17 Mar 2006 15:22:53 -0500
2006-03-23 19:19:38 +00:00
')
########################################
## <summary>
## Allow caller to write xen state information.
## </summary>
## <param name="domain">
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
patch from dan Fri, 17 Mar 2006 15:22:53 -0500
2006-03-23 19:19:38 +00:00
## </summary>
## </param>
##
#
interface(`kernel_write_xen_state',`
gen_require(`
type proc_t, proc_xen_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
write_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
patch from dan Fri, 17 Mar 2006 15:22:53 -0500
2006-03-23 19:19:38 +00:00
')
trunk: 6 patches from dan.
2009-06-11 15:00:48 +00:00
########################################
## <summary>
## Allow attempts to list all proc directories.
## </summary>
## <param name="domain">
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
trunk: 6 patches from dan.
2009-06-11 15:00:48 +00:00
## </summary>
## </param>
#
interface(`kernel_list_all_proc',`
gen_require(`
attribute proc_type;
')
allow $1 proc_type:dir list_dir_perms;
allow $1 proc_type:file getattr;
')
patch from dan Thu, 31 Aug 2006 15:16:30 -0400
2006-09-01 15:52:05 +00:00
########################################
## <summary>
## Do not audit attempts to list all proc directories.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_list_all_proc',`
gen_require(`
attribute proc_type;
')
dontaudit $1 proc_type:dir list_dir_perms;
trunk: 6 patches from dan.
2009-06-11 15:00:48 +00:00
dontaudit $1 proc_type:file getattr;
patch from dan Thu, 31 Aug 2006 15:16:30 -0400
2006-09-01 15:52:05 +00:00
')
add some file_t interfaces, and console write
2005-05-31 21:25:45 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15
2005-10-13 20:59:36 +00:00
## Do not audit attempts by caller to search
## the base directory of sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add xml
2005-06-07 22:36:07 +00:00
##
add some file_t interfaces, and console write
2005-05-31 21:25:45 +00:00
#
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15
2005-10-13 20:59:36 +00:00
interface(`kernel_dontaudit_search_sysctl',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type sysctl_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
dontaudit $1 sysctl_t:dir search;
add some file_t interfaces, and console write
2005-05-31 21:25:45 +00:00
')
systemd-nspawn again This patch doesn't do everything that is needed to have systemd-nspawn work. But it does everything that is needed and which I have written in a clear and uncontroversial way. I think it's best to get this upstream now and then either have a separate discussion about the more difficult issues, or wait until I devise a way of solving those problems that's not too hacky. Who knows, maybe someone else will devise a brilliant solution to the remaining issues after this is accepted upstream. Also there's a tiny patch for systemd_machined_t that is required by systemd_nspawn_t. Description: systemd-nspawn Author: Russell Coker <russell@coker.com.au> Last-Update: 2017-03-29
2017-04-01 16:08:42 +00:00
########################################
## <summary>
## Mount on sysctl_t dirs.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_mounton_sysctl_dirs',`
gen_require(`
type proc_t, sysctl_t;
')
allow $1 proc_t:dir list_dir_perms;
allow $1 sysctl_t:dir { getattr mounton };
')
add rpc
2005-10-24 01:53:13 +00:00
########################################
## <summary>
## Allow access to read sysctl directories.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
add rpc
2005-10-24 01:53:13 +00:00
## </param>
##
#
interface(`kernel_read_sysctl',`
gen_require(`
trunk: 6 patches from dan.
2009-06-11 15:00:48 +00:00
type sysctl_t, proc_t;
add rpc
2005-10-24 01:53:13 +00:00
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, proc_t, sysctl_t)
trunk: 6 patches from dan.
2009-06-11 15:00:48 +00:00
read_files_pattern($1, sysctl_t, sysctl_t)
add rpc
2005-10-24 01:53:13 +00:00
')
systemd-nspawn again This patch doesn't do everything that is needed to have systemd-nspawn work. But it does everything that is needed and which I have written in a clear and uncontroversial way. I think it's best to get this upstream now and then either have a separate discussion about the more difficult issues, or wait until I devise a way of solving those problems that's not too hacky. Who knows, maybe someone else will devise a brilliant solution to the remaining issues after this is accepted upstream. Also there's a tiny patch for systemd_machined_t that is required by systemd_nspawn_t. Description: systemd-nspawn Author: Russell Coker <russell@coker.com.au> Last-Update: 2017-03-29
2017-04-01 16:08:42 +00:00
########################################
## <summary>
## Mount on sysctl files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_mounton_sysctl_files',`
gen_require(`
type proc_t, sysctl_t;
')
allow $1 { proc_t sysctl_t }:dir list_dir_perms;
allow $1 sysctl_t:file { getattr mounton };
')
initial commit
2005-04-14 20:18:17 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allow caller to read the device sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_read_device_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_dev_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, { proc_t sysctl_t sysctl_dev_t }, sysctl_dev_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_dev_t)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Read and write device sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_device_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_dev_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
rw_files_pattern($1, { proc_t sysctl_t sysctl_dev_t }, sysctl_dev_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_dev_t)
initial commit
2005-04-14 20:18:17 +00:00
')
add pegasus
2005-10-22 21:55:39 +00:00
########################################
## <summary>
## Allow caller to search virtual memory sysctls.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
add pegasus
2005-10-22 21:55:39 +00:00
## </param>
#
interface(`kernel_search_vm_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_vm_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
search_dirs_pattern($1, { proc_t sysctl_t }, sysctl_vm_t)
add pegasus
2005-10-22 21:55:39 +00:00
')
initial commit
2005-04-14 20:18:17 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allow caller to read virtual memory sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_read_vm_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_vm_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, { proc_t sysctl_t sysctl_vm_t }, sysctl_vm_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_vm_t)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Read and write virtual memory sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_vm_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_vm_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
rw_files_pattern($1 ,{ proc_t sysctl_t sysctl_vm_t }, sysctl_vm_t)
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_vm_t)
first part of dans patch Fri, 14 Apr 2006 08:08:43 -0400
2006-04-17 17:32:54 +00:00
# hal needs this
allow $1 sysctl_vm_t:dir write;
initial commit
2005-04-14 20:18:17 +00:00
')
add some file_t interfaces, and console write
2005-05-31 21:25:45 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15
2005-10-13 20:59:36 +00:00
## Search network sysctl directories.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15
2005-10-13 20:59:36 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15
2005-10-13 20:59:36 +00:00
## </param>
#
interface(`kernel_search_network_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_net_t;
')
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
search_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15
2005-10-13 20:59:36 +00:00
')
########################################
## <summary>
## Do not audit attempts by caller to search network sysctl directories.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add some file_t interfaces, and console write
2005-05-31 21:25:45 +00:00
#
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15
2005-10-13 20:59:36 +00:00
interface(`kernel_dontaudit_search_network_sysctl',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type sysctl_net_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
dontaudit $1 sysctl_net_t:dir search;
add some file_t interfaces, and console write
2005-05-31 21:25:45 +00:00
')
initial commit
2005-04-14 20:18:17 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allow caller to read network sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_read_net_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_net_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allow caller to modiry contents of sysctl network files.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_net_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_net_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
rw_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allow caller to read unix domain
## socket sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_read_unix_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_unix_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
kernel.if: Allow listing /proc/sys/net/unix The kernel_read_unix_sysctls() and kernel_rw_unix_sysctls() currenly don't allow listing the /proc/sys/net/unix directory, contrary to the other sysctl interfaces.
2016-12-06 22:49:02 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, { sysctl_net_t sysctl_net_unix_t })
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Read and write unix domain
## socket sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_unix_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
rw_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_unix_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
kernel.if: Allow listing /proc/sys/net/unix The kernel_read_unix_sysctls() and kernel_rw_unix_sysctls() currenly don't allow listing the /proc/sys/net/unix directory, contrary to the other sysctl interfaces.
2016-12-06 22:49:02 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, { sysctl_net_t sysctl_net_unix_t })
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Read the hotplug sysctl.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_read_hotplug_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_hotplug_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Read and write the hotplug sysctl.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_hotplug_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_hotplug_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Read the modprobe sysctl.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_read_modprobe_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_modprobe_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Read and write the modprobe sysctl.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_modprobe_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_modprobe_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
initial commit
2005-04-14 20:18:17 +00:00
')
wrap up almost all of apache
2005-10-17 17:55:38 +00:00
########################################
## <summary>
## Do not audit attempts to search generic kernel sysctls.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
wrap up almost all of apache
2005-10-17 17:55:38 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
wrap up almost all of apache
2005-10-17 17:55:38 +00:00
## </param>
#
interface(`kernel_dontaudit_search_kernel_sysctl',`
gen_require(`
type sysctl_kernel_t;
')
dontaudit $1 sysctl_kernel_t:dir search;
')
kernel: introduce kernel_dontaudit_read_kernel_sysctl Signed-off-by: Jason Zaman <jason@perfinion.com>
2019-01-12 08:03:42 +00:00
#######################################
## <summary>
## Do not audit attempted reading of kernel sysctls
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit accesses from
## </summary>
## </param>
#
interface(`kernel_dontaudit_read_kernel_sysctl',`
gen_require(`
type sysctl_kernel_t;
')
dontaudit $1 sysctl_kernel_t:file read_file_perms;
')
trunk: 6 patches from dan.
2009-06-11 15:00:48 +00:00
########################################
## <summary>
## Read generic crypto sysctls.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_read_crypto_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_crypto_t;
')
read_files_pattern($1, { proc_t sysctl_t sysctl_crypto_t }, sysctl_crypto_t)
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_crypto_t)
')
initial commit
2005-04-14 20:18:17 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## Read general kernel sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## <desc>
## <p>
## Allow the specified domain to read general
## kernel sysctl settings. These settings are typically
## read using the sysctl program. The settings
## that are included by this interface are prefixed
## with "kernel.", for example, kernel.sysrq.
## </p>
## <p>
## This does not include access to the hotplug
## handler setting (kernel.hotplug)
## nor the module installer handler setting
## (kernel.modprobe).
## </p>
## <p>
## Related interfaces:
## </p>
## <ul>
## <li>kernel_rw_kernel_sysctl()</li>
## </ul>
## </desc>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
Improve documentation on kernel_read_system_state(), kernel_read_network_state(), and kernel_read_proc_symlinks().
2010-02-25 17:59:11 +00:00
## <infoflow type="read" weight="10"/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_read_kernel_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_kernel_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
initial commit
2005-04-14 20:18:17 +00:00
')
add updfstab
2005-08-08 15:51:15 +00:00
########################################
## <summary>
## Do not audit attempts to write generic kernel sysctls.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add updfstab
2005-08-08 15:51:15 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
add updfstab
2005-08-08 15:51:15 +00:00
## </param>
#
interface(`kernel_dontaudit_write_kernel_sysctl',`
gen_require(`
type sysctl_kernel_t;
')
dontaudit $1 sysctl_kernel_t:file write;
')
initial commit
2005-04-14 20:18:17 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Read and write generic kernel sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_rw_kernel_sysctl',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_kernel_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
initial commit
2005-04-14 20:18:17 +00:00
')
systemd-nspawn again This patch doesn't do everything that is needed to have systemd-nspawn work. But it does everything that is needed and which I have written in a clear and uncontroversial way. I think it's best to get this upstream now and then either have a separate discussion about the more difficult issues, or wait until I devise a way of solving those problems that's not too hacky. Who knows, maybe someone else will devise a brilliant solution to the remaining issues after this is accepted upstream. Also there's a tiny patch for systemd_machined_t that is required by systemd_nspawn_t. Description: systemd-nspawn Author: Russell Coker <russell@coker.com.au> Last-Update: 2017-03-29
2017-04-01 16:08:42 +00:00
#######################################
## <summary>
## Mount on kernel sysctl files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_mounton_kernel_sysctl_files',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t;
')
allow $1 { proc_t sysctl_t sysctl_kernel_t }:dir list_dir_perms;
allow $1 sysctl_kernel_t:file { getattr mounton };
')
Label /sys/kernel/ns_last_pid as sysctl_kernel_ns_last_pid_t CRIU can influence the PID of the threads it wants to create. CRIU uses /proc/sys/kernel/ns_last_pidto tell the kernel which PID it wants for the next clone(). So it has to write to that file. This feels like a problematic as it opens up the container writing to all sysctl_kernel_t. Using new label container_t will just write to sysctl_kernel_ns_last_pid_t instad writing to more generic sysctl_kernel_t files.
2019-04-10 15:18:32 +00:00
########################################
## <summary>
## Read kernel ns lastpid sysctls.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_read_kernel_ns_lastpid_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_ns_last_pid_t;
')
read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_ns_last_pid_t }, sysctl_kernel_ns_last_pid_t)
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_ns_last_pid_t)
')
########################################
## <summary>
## Do not audit attempts to write kernel ns lastpid sysctls.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_write_kernel_ns_lastpid_sysctl',`
gen_require(`
type sysctl_kernel_ns_last_pid_t;
')
dontaudit $1 sysctl_kernel_ns_last_pid_t:file write;
')
########################################
## <summary>
## Read and write kernel ns lastpid sysctls.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_rw_kernel_ns_lastpid_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_ns_last_pid_t;
')
rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_ns_last_pid_t }, sysctl_kernel_ns_last_pid_t)
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_ns_last_pid_t)
')
Allow searching /proc/sys/fs when using /proc/sys/fs/binfmt_misc Interface fs_register_binary_executable_type allow registering interpreters using a filesystem monted on /proc/sys/fs/binfmt_misc. In order to access this filesystem, the process needs to search every parent directory of the mountpoint. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-12-27 13:56:26 +00:00
########################################
## <summary>
## Search filesystem sysctl directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_search_fs_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_fs_t;
')
search_dirs_pattern($1, { proc_t sysctl_t sysctl_fs_t }, sysctl_fs_t)
')
initial commit
2005-04-14 20:18:17 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Read filesystem sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_read_fs_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_fs_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, { proc_t sysctl_t sysctl_fs_t }, sysctl_fs_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_fs_t)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
Fix several misspellings Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2020-08-11 13:01:34 +00:00
## Read and write filesystem sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_fs_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_t, sysctl_fs_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
rw_files_pattern($1, { proc_t sysctl_t sysctl_fs_t }, sysctl_fs_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_fs_t)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Read IRQ sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_read_irq_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_irq_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, { proc_t sysctl_irq_t }, sysctl_irq_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, proc_t, sysctl_irq_t)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Read and write IRQ sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_irq_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, sysctl_irq_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
rw_files_pattern($1, { proc_t sysctl_irq_t }, sysctl_irq_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, proc_t, sysctl_irq_t)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
document remaining interfaces w/o XML. turn on warnings for missing XML.
2006-05-10 18:09:08 +00:00
## <summary>
## Read RPC sysctls.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_read_rpc_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, proc_net_t, sysctl_rpc_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, { proc_t proc_net_t sysctl_rpc_t }, sysctl_rpc_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t proc_net_t }, sysctl_rpc_t)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
document remaining interfaces w/o XML. turn on warnings for missing XML.
2006-05-10 18:09:08 +00:00
## <summary>
## Read and write RPC sysctls.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_rpc_sysctls',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type proc_t, proc_net_t, sysctl_rpc_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
rw_files_pattern($1, { proc_t proc_net_t sysctl_rpc_t }, sysctl_rpc_t)
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t proc_net_t }, sysctl_rpc_t)
initial commit
2005-04-14 20:18:17 +00:00
')
patch from dan Thu, 31 Aug 2006 15:16:30 -0400
2006-09-01 15:52:05 +00:00
########################################
## <summary>
## Do not audit attempts to list all sysctl directories.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_list_all_sysctls',`
gen_require(`
attribute sysctl_type;
')
dontaudit $1 sysctl_type:dir list_dir_perms;
trunk: 6 patches from dan.
2009-06-11 15:00:48 +00:00
dontaudit $1 sysctl_type:file getattr;
patch from dan Thu, 31 Aug 2006 15:16:30 -0400
2006-09-01 15:52:05 +00:00
')
initial commit
2005-04-14 20:18:17 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Allow caller to read all sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_read_all_sysctls',`
reorder kernel policy, add attributes for sysctl and proc entries. fix unconfined interface
2005-07-20 17:06:10 +00:00
gen_require(`
attribute sysctl_type;
type proc_t, proc_net_t;
')
# proc_net_t for /proc/net/rpc sysctls
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, { proc_t proc_net_t sysctl_type }, sysctl_type)
reorder kernel policy, add attributes for sysctl and proc entries. fix unconfined interface
2005-07-20 17:06:10 +00:00
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
list_dirs_pattern($1, { proc_t proc_net_t }, sysctl_type)
initial commit
2005-04-14 20:18:17 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Read and write all sysctls.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
add main part of role-o-matic
2006-09-06 22:07:25 +00:00
## <rolecap/>
initial commit
2005-04-14 20:18:17 +00:00
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_all_sysctls',`
reorder kernel policy, add attributes for sysctl and proc entries. fix unconfined interface
2005-07-20 17:06:10 +00:00
gen_require(`
attribute sysctl_type;
type proc_t, proc_net_t;
')
# proc_net_t for /proc/net/rpc sysctls
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
rw_files_pattern($1, { proc_t proc_net_t sysctl_type }, sysctl_type)
reorder kernel policy, add attributes for sysctl and proc entries. fix unconfined interface
2005-07-20 17:06:10 +00:00
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
allow $1 sysctl_type:dir list_dir_perms;
# why is setattr needed?
allow $1 sysctl_type:file setattr;
many fixes from cab work
2005-05-30 21:17:20 +00:00
')
more Chrome stuff Patches for some more Chrome stuff Signed-off-by: Russell Coker <russell@coker.com.au>
2021-01-20 09:32:19 +00:00
########################################
## <summary>
## Associate a file to proc_t (/proc)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_associate_proc',`
gen_require(`
type proc_t;
')
allow $1 proc_t:filesystem associate;
')
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Send a kill signal to unlabeled processes.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_kill_unlabeled',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type unlabeled_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
allow $1 unlabeled_t:process sigkill;
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
')
Kernel patch from Dan Walsh.
2010-03-17 15:16:25 +00:00
########################################
## <summary>
## Mount a kernel unlabeled filesystem.
## </summary>
## <param name="domain">
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain allowed access.
Kernel patch from Dan Walsh.
2010-03-17 15:16:25 +00:00
## </summary>
## </param>
#
interface(`kernel_mount_unlabeled',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:filesystem mount;
')
Kernel patch from Dan Walsh. Add ability to dontaudit requiests to load kernel modules. If you disable ipv6 every confined app that does ip, tries to get the kernel to load the module. Better handling of unlabeled files by the kernel interfaces
2010-06-07 15:08:35 +00:00
########################################
## <summary>
## Unmount a kernel unlabeled filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_unmount_unlabeled',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:filesystem unmount;
')
Kernel patch from Dan Walsh.
2010-03-17 15:16:25 +00:00
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Send general signals to unlabeled processes.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_signal_unlabeled',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type unlabeled_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
allow $1 unlabeled_t:process signal;
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Send a null signal to unlabeled processes.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_signull_unlabeled',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type unlabeled_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
allow $1 unlabeled_t:process signull;
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Send a stop signal to unlabeled processes.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_sigstop_unlabeled',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type unlabeled_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
allow $1 unlabeled_t:process sigstop;
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
')
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## Send a child terminated signal to unlabeled processes.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add pegasus
2005-10-22 21:55:39 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
#
move all interfaces over to the interface macro. add traceback debugging info
2005-06-22 19:21:31 +00:00
interface(`kernel_sigchld_unlabeled',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type unlabeled_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
allow $1 unlabeled_t:process sigchld;
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
')
Merge file_t into unlabeled_t, as they are security equivalent.
2014-01-16 16:19:00 +00:00
########################################
## <summary>
## Get the attributes of unlabeled directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_getattr_unlabeled_dirs',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:dir getattr_dir_perms;
')
########################################
## <summary>
## Do not audit attempts to search unlabeled directories.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_search_unlabeled',`
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:dir search_dir_perms;
')
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
## List unlabeled directories.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
#
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
interface(`kernel_list_unlabeled',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type unlabeled_t;
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
')
merge policy patterns to trunk
2006-12-12 20:08:08 +00:00
allow $1 unlabeled_t:dir list_dir_perms;
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
')
trunk: 11 patches from dan.
2007-10-29 18:35:32 +00:00
########################################
## <summary>
## Read the process state (/proc/pid) of all unlabeled_t.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_read_unlabeled_state',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:dir list_dir_perms;
trunk: massive whitespace cleanup from dominick grift.
2008-07-23 21:38:39 +00:00
read_files_pattern($1, unlabeled_t, unlabeled_t)
read_lnk_files_pattern($1, unlabeled_t, unlabeled_t)
trunk: 11 patches from dan.
2007-10-29 18:35:32 +00:00
')
work on users
2005-11-29 15:49:18 +00:00
########################################
## <summary>
## Do not audit attempts to list unlabeled directories.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
work on users
2005-11-29 15:49:18 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
work on users
2005-11-29 15:49:18 +00:00
## </param>
#
interface(`kernel_dontaudit_list_unlabeled',`
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:dir list_dir_perms;
')
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
########################################
## <summary>
## Read and write unlabeled directories.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </param>
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_unlabeled_dirs',`
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:dir rw_dir_perms;
')
Merge file_t into unlabeled_t, as they are security equivalent.
2014-01-16 16:19:00 +00:00
########################################
## <summary>
## Delete unlabeled directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_delete_unlabeled_dirs',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:dir delete_dir_perms;
')
########################################
## <summary>
## Create, read, write, and delete unlabeled directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_manage_unlabeled_dirs',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:dir manage_dir_perms;
')
########################################
## <summary>
## Mount a filesystem on an unlabeled directory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_mounton_unlabeled_dirs',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:dir { search_dir_perms mounton };
')
########################################
## <summary>
## Read unlabeled files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_read_unlabeled_files',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:file read_file_perms;
')
Kernel patch from Dan Walsh. Add ability to dontaudit requiests to load kernel modules. If you disable ipv6 every confined app that does ip, tries to get the kernel to load the module. Better handling of unlabeled files by the kernel interfaces
2010-06-07 15:08:35 +00:00
########################################
## <summary>
## Read and write unlabeled files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_rw_unlabeled_files',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:file rw_file_perms;
')
Merge file_t into unlabeled_t, as they are security equivalent.
2014-01-16 16:19:00 +00:00
########################################
## <summary>
## Delete unlabeled files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_delete_unlabeled_files',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:file delete_file_perms;
')
########################################
## <summary>
## Create, read, write, and delete unlabeled files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_manage_unlabeled_files',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:file manage_file_perms;
')
add amanda
2005-10-22 19:58:58 +00:00
########################################
## <summary>
## Do not audit attempts by caller to get the
## attributes of an unlabeled file.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
add amanda
2005-10-22 19:58:58 +00:00
## </param>
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_dontaudit_getattr_unlabeled_files',`
add amanda
2005-10-22 19:58:58 +00:00
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:file getattr;
')
pile of sediff fixes
2005-11-08 22:00:30 +00:00
########################################
## <summary>
## Do not audit attempts by caller to
## read an unlabeled file.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
pile of sediff fixes
2005-11-08 22:00:30 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
pile of sediff fixes
2005-11-08 22:00:30 +00:00
## </param>
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_dontaudit_read_unlabeled_files',`
pile of sediff fixes
2005-11-08 22:00:30 +00:00
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:file { getattr read };
')
Introduce kernel_delete_unlabeled_symlinks The kernel_delete_unlabeled_symlinks interface is called by the files_delete_isid_type_symlinks interface (in kernel/files.if). This interface is deprecated (and calls kernel_delete_unlabeled_symlinks). Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2014-08-08 12:33:18 +00:00
########################################
## <summary>
## Delete unlabeled symbolic links.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_delete_unlabeled_symlinks',`
gen_require(`
type unlabeled_t;
')
delete_lnk_files_pattern($1, unlabeled_t, unlabeled_t)
')
Merge file_t into unlabeled_t, as they are security equivalent.
2014-01-16 16:19:00 +00:00
########################################
## <summary>
## Create, read, write, and delete unlabeled symbolic links.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_manage_unlabeled_symlinks',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:lnk_file manage_lnk_file_perms;
')
work on users
2005-11-29 15:49:18 +00:00
########################################
## <summary>
## Do not audit attempts by caller to get the
## attributes of unlabeled symbolic links.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
work on users
2005-11-29 15:49:18 +00:00
## </param>
#
interface(`kernel_dontaudit_getattr_unlabeled_symlinks',`
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:lnk_file getattr;
')
########################################
## <summary>
## Do not audit attempts by caller to get the
## attributes of unlabeled named pipes.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
work on users
2005-11-29 15:49:18 +00:00
## </param>
#
interface(`kernel_dontaudit_getattr_unlabeled_pipes',`
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:fifo_file getattr;
')
########################################
## <summary>
## Do not audit attempts by caller to get the
## attributes of unlabeled named sockets.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
work on users
2005-11-29 15:49:18 +00:00
## </param>
#
interface(`kernel_dontaudit_getattr_unlabeled_sockets',`
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:sock_file getattr;
')
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
########################################
## <summary>
## Do not audit attempts by caller to get attributes for
## unlabeled block devices.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
## </param>
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_dontaudit_getattr_unlabeled_blk_files',`
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
gen_require(`
type unlabeled_t;
')
add amanda
2005-10-22 19:58:58 +00:00
dontaudit $1 unlabeled_t:blk_file getattr;
fix more TODOs. fix selinux.te to selinuxutil.te in optionals
2005-07-11 19:02:50 +00:00
')
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
########################################
## <summary>
## Read and write unlabeled block device nodes.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </param>
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_rw_unlabeled_blk_files',`
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
gen_require(`
type unlabeled_t;
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
Merge file_t into unlabeled_t, as they are security equivalent.
2014-01-16 16:19:00 +00:00
allow $1 unlabeled_t:blk_file rw_blk_file_perms;
')
Introduce kernel_delete_unlabeled_blk_files The kernel_delete_unlabeled_blk_files interface is called by the (deprecated) files_delete_isid_type_blk_files in kernel/files.if. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2014-08-08 12:33:21 +00:00
########################################
## <summary>
## Delete unlabeled block device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_delete_unlabeled_blk_files',`
gen_require(`
type unlabeled_t;
')
delete_blk_files_pattern($1, unlabeled_t, unlabeled_t)
')
Merge file_t into unlabeled_t, as they are security equivalent.
2014-01-16 16:19:00 +00:00
########################################
## <summary>
## Create, read, write, and delete unlabeled block device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_manage_unlabeled_blk_files',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:blk_file manage_blk_file_perms;
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
')
work on users
2005-11-29 15:49:18 +00:00
########################################
## <summary>
## Do not audit attempts by caller to get attributes for
## unlabeled character devices.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
Kernel layer xml fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-08-05 12:57:11 +00:00
## Domain to not audit.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
work on users
2005-11-29 15:49:18 +00:00
## </param>
#
renaming from 20060131 interface review, round 2
2006-01-31 16:49:43 +00:00
interface(`kernel_dontaudit_getattr_unlabeled_chr_files',`
work on users
2005-11-29 15:49:18 +00:00
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:chr_file getattr;
')
Merge file_t into unlabeled_t, as they are security equivalent.
2014-01-16 16:19:00 +00:00
########################################
## <summary>
## Do not audit attempts to
## write unlabeled character devices.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_write_unlabeled_chr_files',`
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:file write;
')
Introduce kernel_delete_unlabeled_chr_files The kernel_delete_unlabeled_chr_files interface is called by the (deprecated) files_delete_isid_type_chr_files interface in kernel/files.if. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2014-08-08 12:33:22 +00:00
########################################
## <summary>
## Delete unlabeled character device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_delete_unlabeled_chr_files',`
gen_require(`
type unlabeled_t;
')
delete_chr_files_pattern($1, unlabeled_t, unlabeled_t)
')
Merge file_t into unlabeled_t, as they are security equivalent.
2014-01-16 16:19:00 +00:00
########################################
## <summary>
## Create, read, write, and delete unlabeled character device nodes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_manage_unlabeled_chr_files',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:chr_file manage_chr_file_perms;
')
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
########################################
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## <summary>
fix kernel_relabel_unlabeled()
2006-02-03 17:57:16 +00:00
## Allow caller to relabel unlabeled directories.
another round of TODO cleanup
2005-07-08 20:44:57 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
document remaining interfaces w/o XML. turn on warnings for missing XML.
2006-05-10 18:09:08 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
update for new documentation method
2005-06-23 21:30:57 +00:00
## </param>
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
#
fix kernel_relabel_unlabeled()
2006-02-03 17:57:16 +00:00
interface(`kernel_relabelfrom_unlabeled_dirs',`
gen_require(`
type unlabeled_t;
')
trunk: more open perm fixes.
2008-10-20 16:10:42 +00:00
allow $1 unlabeled_t:dir { list_dir_perms relabelfrom };
fix kernel_relabel_unlabeled()
2006-02-03 17:57:16 +00:00
')
########################################
## <summary>
## Allow caller to relabel unlabeled files.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
document remaining interfaces w/o XML. turn on warnings for missing XML.
2006-05-10 18:09:08 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
fix kernel_relabel_unlabeled()
2006-02-03 17:57:16 +00:00
## </param>
#
interface(`kernel_relabelfrom_unlabeled_files',`
gen_require(`
type unlabeled_t;
')
kernel_list_unlabeled($1)
selint: fix S-010 Signed-off-by: bauen1 <j2468h@gmail.com>
2020-08-14 14:33:08 +00:00
allow $1 unlabeled_t:file relabelfrom_file_perms;
fix kernel_relabel_unlabeled()
2006-02-03 17:57:16 +00:00
')
########################################
## <summary>
## Allow caller to relabel unlabeled symbolic links.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
document remaining interfaces w/o XML. turn on warnings for missing XML.
2006-05-10 18:09:08 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
fix kernel_relabel_unlabeled()
2006-02-03 17:57:16 +00:00
## </param>
#
interface(`kernel_relabelfrom_unlabeled_symlinks',`
gen_require(`
type unlabeled_t;
')
kernel_list_unlabeled($1)
selint: fix S-010 Signed-off-by: bauen1 <j2468h@gmail.com>
2020-08-14 14:33:08 +00:00
allow $1 unlabeled_t:lnk_file relabelfrom_lnk_file_perms;
fix kernel_relabel_unlabeled()
2006-02-03 17:57:16 +00:00
')
########################################
## <summary>
## Allow caller to relabel unlabeled named pipes.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
document remaining interfaces w/o XML. turn on warnings for missing XML.
2006-05-10 18:09:08 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
fix kernel_relabel_unlabeled()
2006-02-03 17:57:16 +00:00
## </param>
#
interface(`kernel_relabelfrom_unlabeled_pipes',`
gen_require(`
type unlabeled_t;
')
kernel_list_unlabeled($1)
selint: fix S-010 Signed-off-by: bauen1 <j2468h@gmail.com>
2020-08-14 14:33:08 +00:00
allow $1 unlabeled_t:fifo_file relabelfrom_fifo_file_perms;
fix kernel_relabel_unlabeled()
2006-02-03 17:57:16 +00:00
')
Introduce kernel_delete_unlabeled_pipes The kernel_delete_unlabeled_pipes interface is called by the (deprecated) files_delete_isid_type_fifo_files interface in kernel/files.if. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2014-08-08 12:33:19 +00:00
########################################
## <summary>
## Delete unlabeled named pipes
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_delete_unlabeled_pipes',`
gen_require(`
type unlabeled_t;
')
delete_fifo_files_pattern($1, unlabeled_t, unlabeled_t)
')
fix kernel_relabel_unlabeled()
2006-02-03 17:57:16 +00:00
########################################
## <summary>
## Allow caller to relabel unlabeled named sockets.
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
document remaining interfaces w/o XML. turn on warnings for missing XML.
2006-05-10 18:09:08 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
fix kernel_relabel_unlabeled()
2006-02-03 17:57:16 +00:00
## </param>
#
interface(`kernel_relabelfrom_unlabeled_sockets',`
remove remaining _depend macros to prep for switchover to interface declaration macro
2005-06-22 16:07:14 +00:00
gen_require(`
type unlabeled_t;
')
change over to some perm set macros. add indentation
2005-06-03 12:25:14 +00:00
part of dan's mega patch
2006-01-06 22:51:40 +00:00
kernel_list_unlabeled($1)
selint: fix S-010 Signed-off-by: bauen1 <j2468h@gmail.com>
2020-08-14 14:33:08 +00:00
allow $1 unlabeled_t:sock_file relabelfrom_sock_file_perms;
restructure users, and add signalling
2005-05-27 20:44:05 +00:00
')
Introduce kernel_delete_unlabeled_sockets The kernel_delete_unlabeled_sockets interface is called by the (deprecated) files_delete_isid_type_sock_files interface in kernel/files.if. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2014-08-08 12:33:20 +00:00
########################################
## <summary>
## Delete unlabeled named sockets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_delete_unlabeled_sockets',`
gen_require(`
type unlabeled_t;
')
delete_sock_files_pattern($1, unlabeled_t, unlabeled_t)
')
selinuxuntil, userdomain: Restore relabelfrom access for unlabeled files. Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
2020-07-28 14:10:59 +00:00
########################################
## <summary>
## Allow caller to relabel from unlabeled block devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_relabelfrom_unlabeled_blk_devs',`
gen_require(`
type unlabeled_t;
')
selint: fix S-010 Signed-off-by: bauen1 <j2468h@gmail.com>
2020-08-14 14:33:08 +00:00
allow $1 unlabeled_t:blk_file relabelfrom_blk_file_perms;
selinuxuntil, userdomain: Restore relabelfrom access for unlabeled files. Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
2020-07-28 14:10:59 +00:00
')
########################################
## <summary>
## Allow caller to relabel from unlabeled character devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_relabelfrom_unlabeled_chr_devs',`
gen_require(`
type unlabeled_t;
')
selint: fix S-010 Signed-off-by: bauen1 <j2468h@gmail.com>
2020-08-14 14:33:08 +00:00
allow $1 unlabeled_t:chr_file relabelfrom_chr_file_perms;
selinuxuntil, userdomain: Restore relabelfrom access for unlabeled files. Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
2020-07-28 14:10:59 +00:00
')
add unlabeled association rules
2005-12-06 19:59:50 +00:00
########################################
## <summary>
## Send and receive messages from an
## unlabeled IPSEC association.
## </summary>
## <desc>
## <p>
## Send and receive messages from an
## unlabeled IPSEC association. Network
## connections that are not protected
## by IPSEC have use an unlabeled
Fix several misspellings Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2020-08-11 13:01:34 +00:00
## association.
add unlabeled association rules
2005-12-06 19:59:50 +00:00
## </p>
## <p>
## The corenetwork interface
fix comments
2006-01-13 16:08:16 +00:00
## corenet_non_ipsec_sendrecv() should
add unlabeled association rules
2005-12-06 19:59:50 +00:00
## be used instead of this one.
## </p>
## </desc>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add unlabeled association rules
2005-12-06 19:59:50 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
add unlabeled association rules
2005-12-06 19:59:50 +00:00
## </param>
#
interface(`kernel_sendrecv_unlabeled_association',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:association { sendto recvfrom };
')
gentoo testing fixes
2006-09-19 17:02:29 +00:00
########################################
## <summary>
## Do not audit attempts to send and receive messages
## from an unlabeled IPSEC association.
## </summary>
## <desc>
## <p>
## Do not audit attempts to send and receive messages
## from an unlabeled IPSEC association. Network
## connections that are not protected
## by IPSEC have use an unlabeled
Fix several misspellings Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2020-08-11 13:01:34 +00:00
## association.
gentoo testing fixes
2006-09-19 17:02:29 +00:00
## </p>
## <p>
## The corenetwork interface
## corenet_dontaudit_non_ipsec_sendrecv() should
## be used instead of this one.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_sendrecv_unlabeled_association',`
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:association { sendto recvfrom };
')
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
########################################
## <summary>
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## Receive TCP packets from an unlabeled connection.
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
## </summary>
## <desc>
## <p>
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## Receive TCP packets from an unlabeled connection.
## </p>
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
## <p>
trunk: Unified labeled networking policy from Paul Moore. The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.
2007-06-27 15:23:21 +00:00
## The corenetwork interface corenet_tcp_recv_unlabeled() should
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
## be used instead of this one.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_tcp_recvfrom_unlabeled',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:tcp_socket recvfrom;
')
########################################
## <summary>
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## Do not audit attempts to receive TCP packets from an unlabeled
trunk: Unified labeled networking policy from Paul Moore. The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.
2007-06-27 15:23:21 +00:00
## connection.
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
## </summary>
## <desc>
## <p>
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## Do not audit attempts to receive TCP packets from an unlabeled
trunk: Unified labeled networking policy from Paul Moore. The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.
2007-06-27 15:23:21 +00:00
## connection.
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## </p>
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
## <p>
trunk: Unified labeled networking policy from Paul Moore. The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.
2007-06-27 15:23:21 +00:00
## The corenetwork interface corenet_dontaudit_tcp_recv_unlabeled()
## should be used instead of this one.
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_tcp_recvfrom_unlabeled',`
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:tcp_socket recvfrom;
')
########################################
## <summary>
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## Receive UDP packets from an unlabeled connection.
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
## </summary>
## <desc>
## <p>
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## Receive UDP packets from an unlabeled connection.
## </p>
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
## <p>
trunk: Unified labeled networking policy from Paul Moore. The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.
2007-06-27 15:23:21 +00:00
## The corenetwork interface corenet_udp_recv_unlabeled() should
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
## be used instead of this one.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_udp_recvfrom_unlabeled',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:udp_socket recvfrom;
')
########################################
## <summary>
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## Do not audit attempts to receive UDP packets from an unlabeled
trunk: Unified labeled networking policy from Paul Moore. The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.
2007-06-27 15:23:21 +00:00
## connection.
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
## </summary>
## <desc>
## <p>
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## Do not audit attempts to receive UDP packets from an unlabeled
trunk: Unified labeled networking policy from Paul Moore. The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.
2007-06-27 15:23:21 +00:00
## connection.
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## </p>
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
## <p>
trunk: Unified labeled networking policy from Paul Moore. The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.
2007-06-27 15:23:21 +00:00
## The corenetwork interface corenet_dontaudit_udp_recv_unlabeled()
## should be used instead of this one.
merge netlabel stuff from labeled-networking branch
2006-10-17 16:58:17 +00:00
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_udp_recvfrom_unlabeled',`
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:udp_socket recvfrom;
')
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
########################################
## <summary>
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## Receive Raw IP packets from an unlabeled connection.
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
## </summary>
## <desc>
## <p>
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## Receive Raw IP packets from an unlabeled connection.
## </p>
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
## <p>
trunk: Unified labeled networking policy from Paul Moore. The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.
2007-06-27 15:23:21 +00:00
## The corenetwork interface corenet_raw_recv_unlabeled() should
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
## be used instead of this one.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_raw_recvfrom_unlabeled',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:rawip_socket recvfrom;
')
########################################
## <summary>
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## Do not audit attempts to receive Raw IP packets from an unlabeled
trunk: Unified labeled networking policy from Paul Moore. The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.
2007-06-27 15:23:21 +00:00
## connection.
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
## </summary>
## <desc>
## <p>
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## Do not audit attempts to receive Raw IP packets from an unlabeled
trunk: Unified labeled networking policy from Paul Moore. The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.
2007-06-27 15:23:21 +00:00
## connection.
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## </p>
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
## <p>
trunk: Unified labeled networking policy from Paul Moore. The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.
2007-06-27 15:23:21 +00:00
## The corenetwork interface corenet_dontaudit_raw_recv_unlabeled()
## should be used instead of this one.
patch from dan, Thu, 2007-01-25 at 08:12 -0500
2007-02-16 23:01:42 +00:00
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_raw_recvfrom_unlabeled',`
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:rawip_socket recvfrom;
')
initial addition of packet policy, allow unconfined to send unlabeled packets.
2006-05-22 20:47:05 +00:00
########################################
## <summary>
## Send and receive unlabeled packets.
## </summary>
## <desc>
## <p>
## Send and receive unlabeled packets.
## These packets do not match any netfilter
## SECMARK rules.
## </p>
## <p>
## The corenetwork interface
## corenet_sendrecv_unlabeled_packets() should
## be used instead of this one.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_sendrecv_unlabeled_packets',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:packet { send recv };
')
trunk: Patch for labeled networking controls in 2.6.25 from Paul Moore.
2008-05-26 18:38:06 +00:00
########################################
## <summary>
## Receive packets from an unlabeled peer.
## </summary>
## <desc>
## <p>
## Receive packets from an unlabeled peer, these packets do not have any
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## peer labeling information present.
trunk: Patch for labeled networking controls in 2.6.25 from Paul Moore.
2008-05-26 18:38:06 +00:00
## </p>
## <p>
## The corenetwork interface corenet_recvfrom_unlabeled_peer() should
## be used instead of this one.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_recvfrom_unlabeled_peer',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:peer recv;
')
########################################
## <summary>
## Do not audit attempts to receive packets from an unlabeled peer.
## </summary>
## <desc>
## <p>
## Do not audit attempts to receive packets from an unlabeled peer,
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## these packets do not have any peer labeling information present.
trunk: Patch for labeled networking controls in 2.6.25 from Paul Moore.
2008-05-26 18:38:06 +00:00
## </p>
## <p>
## The corenetwork interface corenet_dontaudit_*_recvfrom_unlabeled()
## should be used instead of this one.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_recvfrom_unlabeled_peer',`
gen_require(`
type unlabeled_t;
')
dontaudit $1 unlabeled_t:peer recv;
')
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
########################################
## <summary>
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## Relabel from unlabeled database objects.
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
## </summary>
## <param name="domain">
trunk: whitespace fixes in xml blocks.
2008-12-03 19:16:20 +00:00
## <summary>
## Domain allowed access.
## </summary>
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
## </param>
#
interface(`kernel_relabelfrom_unlabeled_database',`
gen_require(`
type unlabeled_t;
class db_database { setattr relabelfrom };
New database object classes The attached patch adds a few database object classes, as follows: * db_schema ------------ A schema object performs as a namespace in database; similar to directories in filesystem. It seems some of (but not all) database objects are stored within a certain schema logically. We can qualify these objects using schema name. For example, a table: "my_tbl" within a schema: "my_scm" is identified by "my_scm.my_tbl". This table is completely different from "your_scm.my_tbl" that it a table within a schema: "your_scm". Its characteristics is similar to a directory in filesystem, so it has similar permissions. The 'search' controls to resolve object name within a schema. The 'add_name' and 'remove_name' controls to add/remove an object to/from a schema. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createschema.html In the past discussion, a rubix folks concerned about no object class definition for schema and catalog which is an upper level namespace. Since I'm not certain whether we have a disadvantage when 'db_schema' class is applied on catalog class, I don't add this definition yet. Default security context of 'db_table' and 'db_procedure' classes get being computed using type_transition with 'db_schema' class, instead of 'db_database' class. It reflects logical hierarchy of database object more correctly. * db_view ---------- A view object performs as a virtual table. We can run SELECT statement on views, although it has no physical entities. The definition of views are expanded in run-time, so it allows us to describe complex queries with keeping readability. This object class uniquely provides 'expand' permission that controls whether user can expand this view, or not. The default security context shall be computed by type transition rule with a schema object that owning the view. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createview.html * db_sequence -------------- A sequence object is a sequential number generator. This object class uniquely provides 'get_value', 'next_value' and 'set_value' permissions. The 'get_value' controls to reference the sequence object. The 'next_value' controls to fetch and increment the value of sequence object. The 'set_value' controls to set an arbitrary value. The default security context shall be computed by type transition rule with a schema object that owning the sequence. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createsequence.html * db_language -------------- A language object is an installed engine to execute procedures. PostgreSQL supports to define SQL procedures using regular script languages; such as Perl, Tcl, not only SQL or binary modules. In addition, v9.0 or later supports DO statement. It allows us to execute a script statement on server side without defining a SQL procedure. It requires to control whether user can execute DO statement on this language, or not. This object class uniquely provides 'implement' and 'execute' permissions. The 'implement' controls whether a procedure can be implemented with this language, or not. So, it takes security context of the procedure as subject. The 'execute' controls to execute code block using DO statement. The default security context shall be computed by type transition rule with a database object, because it is not owned by a certain schema. In the default policy, we provide two types: 'sepgsql_lang_t' and 'sepgsql_safe_lang_t' that allows unpriv users to execute DO statement. The default is 'sepgsql_leng_t'. We assume newly installed language may be harm, so DBA has to relabel it explicitly, if he want user defined procedures using the language. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createlanguage.html http://developer.postgresql.org/pgdocs/postgres/sql-do.html P.S) I found a bug in MCS. It didn't constraint 'relabelfrom' permission of 'db_procedure' class. IIRC, I fixed it before, but it might be only MLS side. Sorry. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com> policy/flask/access_vectors | 29 ++++++++ policy/flask/security_classes | 6 ++ policy/mcs | 16 ++++- policy/mls | 58 ++++++++++++++- policy/modules/kernel/kernel.if | 8 ++ policy/modules/services/postgresql.if | 125 +++++++++++++++++++++++++++++++-- policy/modules/services/postgresql.te | 116 +++++++++++++++++++++++++++++- 7 files changed, 342 insertions(+), 16 deletions(-)
2010-12-10 09:49:24 +00:00
class db_schema { setattr relabelfrom };
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
class db_table { setattr relabelfrom };
New database object classes The attached patch adds a few database object classes, as follows: * db_schema ------------ A schema object performs as a namespace in database; similar to directories in filesystem. It seems some of (but not all) database objects are stored within a certain schema logically. We can qualify these objects using schema name. For example, a table: "my_tbl" within a schema: "my_scm" is identified by "my_scm.my_tbl". This table is completely different from "your_scm.my_tbl" that it a table within a schema: "your_scm". Its characteristics is similar to a directory in filesystem, so it has similar permissions. The 'search' controls to resolve object name within a schema. The 'add_name' and 'remove_name' controls to add/remove an object to/from a schema. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createschema.html In the past discussion, a rubix folks concerned about no object class definition for schema and catalog which is an upper level namespace. Since I'm not certain whether we have a disadvantage when 'db_schema' class is applied on catalog class, I don't add this definition yet. Default security context of 'db_table' and 'db_procedure' classes get being computed using type_transition with 'db_schema' class, instead of 'db_database' class. It reflects logical hierarchy of database object more correctly. * db_view ---------- A view object performs as a virtual table. We can run SELECT statement on views, although it has no physical entities. The definition of views are expanded in run-time, so it allows us to describe complex queries with keeping readability. This object class uniquely provides 'expand' permission that controls whether user can expand this view, or not. The default security context shall be computed by type transition rule with a schema object that owning the view. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createview.html * db_sequence -------------- A sequence object is a sequential number generator. This object class uniquely provides 'get_value', 'next_value' and 'set_value' permissions. The 'get_value' controls to reference the sequence object. The 'next_value' controls to fetch and increment the value of sequence object. The 'set_value' controls to set an arbitrary value. The default security context shall be computed by type transition rule with a schema object that owning the sequence. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createsequence.html * db_language -------------- A language object is an installed engine to execute procedures. PostgreSQL supports to define SQL procedures using regular script languages; such as Perl, Tcl, not only SQL or binary modules. In addition, v9.0 or later supports DO statement. It allows us to execute a script statement on server side without defining a SQL procedure. It requires to control whether user can execute DO statement on this language, or not. This object class uniquely provides 'implement' and 'execute' permissions. The 'implement' controls whether a procedure can be implemented with this language, or not. So, it takes security context of the procedure as subject. The 'execute' controls to execute code block using DO statement. The default security context shall be computed by type transition rule with a database object, because it is not owned by a certain schema. In the default policy, we provide two types: 'sepgsql_lang_t' and 'sepgsql_safe_lang_t' that allows unpriv users to execute DO statement. The default is 'sepgsql_leng_t'. We assume newly installed language may be harm, so DBA has to relabel it explicitly, if he want user defined procedures using the language. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createlanguage.html http://developer.postgresql.org/pgdocs/postgres/sql-do.html P.S) I found a bug in MCS. It didn't constraint 'relabelfrom' permission of 'db_procedure' class. IIRC, I fixed it before, but it might be only MLS side. Sorry. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com> policy/flask/access_vectors | 29 ++++++++ policy/flask/security_classes | 6 ++ policy/mcs | 16 ++++- policy/mls | 58 ++++++++++++++- policy/modules/kernel/kernel.if | 8 ++ policy/modules/services/postgresql.if | 125 +++++++++++++++++++++++++++++++-- policy/modules/services/postgresql.te | 116 +++++++++++++++++++++++++++++- 7 files changed, 342 insertions(+), 16 deletions(-)
2010-12-10 09:49:24 +00:00
class db_sequence { setattr relabelfrom };
class db_view { setattr relabelfrom };
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
class db_procedure { setattr relabelfrom };
New database object classes The attached patch adds a few database object classes, as follows: * db_schema ------------ A schema object performs as a namespace in database; similar to directories in filesystem. It seems some of (but not all) database objects are stored within a certain schema logically. We can qualify these objects using schema name. For example, a table: "my_tbl" within a schema: "my_scm" is identified by "my_scm.my_tbl". This table is completely different from "your_scm.my_tbl" that it a table within a schema: "your_scm". Its characteristics is similar to a directory in filesystem, so it has similar permissions. The 'search' controls to resolve object name within a schema. The 'add_name' and 'remove_name' controls to add/remove an object to/from a schema. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createschema.html In the past discussion, a rubix folks concerned about no object class definition for schema and catalog which is an upper level namespace. Since I'm not certain whether we have a disadvantage when 'db_schema' class is applied on catalog class, I don't add this definition yet. Default security context of 'db_table' and 'db_procedure' classes get being computed using type_transition with 'db_schema' class, instead of 'db_database' class. It reflects logical hierarchy of database object more correctly. * db_view ---------- A view object performs as a virtual table. We can run SELECT statement on views, although it has no physical entities. The definition of views are expanded in run-time, so it allows us to describe complex queries with keeping readability. This object class uniquely provides 'expand' permission that controls whether user can expand this view, or not. The default security context shall be computed by type transition rule with a schema object that owning the view. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createview.html * db_sequence -------------- A sequence object is a sequential number generator. This object class uniquely provides 'get_value', 'next_value' and 'set_value' permissions. The 'get_value' controls to reference the sequence object. The 'next_value' controls to fetch and increment the value of sequence object. The 'set_value' controls to set an arbitrary value. The default security context shall be computed by type transition rule with a schema object that owning the sequence. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createsequence.html * db_language -------------- A language object is an installed engine to execute procedures. PostgreSQL supports to define SQL procedures using regular script languages; such as Perl, Tcl, not only SQL or binary modules. In addition, v9.0 or later supports DO statement. It allows us to execute a script statement on server side without defining a SQL procedure. It requires to control whether user can execute DO statement on this language, or not. This object class uniquely provides 'implement' and 'execute' permissions. The 'implement' controls whether a procedure can be implemented with this language, or not. So, it takes security context of the procedure as subject. The 'execute' controls to execute code block using DO statement. The default security context shall be computed by type transition rule with a database object, because it is not owned by a certain schema. In the default policy, we provide two types: 'sepgsql_lang_t' and 'sepgsql_safe_lang_t' that allows unpriv users to execute DO statement. The default is 'sepgsql_leng_t'. We assume newly installed language may be harm, so DBA has to relabel it explicitly, if he want user defined procedures using the language. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createlanguage.html http://developer.postgresql.org/pgdocs/postgres/sql-do.html P.S) I found a bug in MCS. It didn't constraint 'relabelfrom' permission of 'db_procedure' class. IIRC, I fixed it before, but it might be only MLS side. Sorry. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com> policy/flask/access_vectors | 29 ++++++++ policy/flask/security_classes | 6 ++ policy/mcs | 16 ++++- policy/mls | 58 ++++++++++++++- policy/modules/kernel/kernel.if | 8 ++ policy/modules/services/postgresql.if | 125 +++++++++++++++++++++++++++++++-- policy/modules/services/postgresql.te | 116 +++++++++++++++++++++++++++++- 7 files changed, 342 insertions(+), 16 deletions(-)
2010-12-10 09:49:24 +00:00
class db_language { setattr relabelfrom };
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
class db_column { setattr relabelfrom };
class db_tuple { update relabelfrom };
class db_blob { setattr relabelfrom };
')
allow $1 unlabeled_t:db_database { setattr relabelfrom };
New database object classes The attached patch adds a few database object classes, as follows: * db_schema ------------ A schema object performs as a namespace in database; similar to directories in filesystem. It seems some of (but not all) database objects are stored within a certain schema logically. We can qualify these objects using schema name. For example, a table: "my_tbl" within a schema: "my_scm" is identified by "my_scm.my_tbl". This table is completely different from "your_scm.my_tbl" that it a table within a schema: "your_scm". Its characteristics is similar to a directory in filesystem, so it has similar permissions. The 'search' controls to resolve object name within a schema. The 'add_name' and 'remove_name' controls to add/remove an object to/from a schema. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createschema.html In the past discussion, a rubix folks concerned about no object class definition for schema and catalog which is an upper level namespace. Since I'm not certain whether we have a disadvantage when 'db_schema' class is applied on catalog class, I don't add this definition yet. Default security context of 'db_table' and 'db_procedure' classes get being computed using type_transition with 'db_schema' class, instead of 'db_database' class. It reflects logical hierarchy of database object more correctly. * db_view ---------- A view object performs as a virtual table. We can run SELECT statement on views, although it has no physical entities. The definition of views are expanded in run-time, so it allows us to describe complex queries with keeping readability. This object class uniquely provides 'expand' permission that controls whether user can expand this view, or not. The default security context shall be computed by type transition rule with a schema object that owning the view. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createview.html * db_sequence -------------- A sequence object is a sequential number generator. This object class uniquely provides 'get_value', 'next_value' and 'set_value' permissions. The 'get_value' controls to reference the sequence object. The 'next_value' controls to fetch and increment the value of sequence object. The 'set_value' controls to set an arbitrary value. The default security context shall be computed by type transition rule with a schema object that owning the sequence. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createsequence.html * db_language -------------- A language object is an installed engine to execute procedures. PostgreSQL supports to define SQL procedures using regular script languages; such as Perl, Tcl, not only SQL or binary modules. In addition, v9.0 or later supports DO statement. It allows us to execute a script statement on server side without defining a SQL procedure. It requires to control whether user can execute DO statement on this language, or not. This object class uniquely provides 'implement' and 'execute' permissions. The 'implement' controls whether a procedure can be implemented with this language, or not. So, it takes security context of the procedure as subject. The 'execute' controls to execute code block using DO statement. The default security context shall be computed by type transition rule with a database object, because it is not owned by a certain schema. In the default policy, we provide two types: 'sepgsql_lang_t' and 'sepgsql_safe_lang_t' that allows unpriv users to execute DO statement. The default is 'sepgsql_leng_t'. We assume newly installed language may be harm, so DBA has to relabel it explicitly, if he want user defined procedures using the language. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createlanguage.html http://developer.postgresql.org/pgdocs/postgres/sql-do.html P.S) I found a bug in MCS. It didn't constraint 'relabelfrom' permission of 'db_procedure' class. IIRC, I fixed it before, but it might be only MLS side. Sorry. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com> policy/flask/access_vectors | 29 ++++++++ policy/flask/security_classes | 6 ++ policy/mcs | 16 ++++- policy/mls | 58 ++++++++++++++- policy/modules/kernel/kernel.if | 8 ++ policy/modules/services/postgresql.if | 125 +++++++++++++++++++++++++++++++-- policy/modules/services/postgresql.te | 116 +++++++++++++++++++++++++++++- 7 files changed, 342 insertions(+), 16 deletions(-)
2010-12-10 09:49:24 +00:00
allow $1 unlabeled_t:db_schema { setattr relabelfrom };
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
allow $1 unlabeled_t:db_table { setattr relabelfrom };
New database object classes The attached patch adds a few database object classes, as follows: * db_schema ------------ A schema object performs as a namespace in database; similar to directories in filesystem. It seems some of (but not all) database objects are stored within a certain schema logically. We can qualify these objects using schema name. For example, a table: "my_tbl" within a schema: "my_scm" is identified by "my_scm.my_tbl". This table is completely different from "your_scm.my_tbl" that it a table within a schema: "your_scm". Its characteristics is similar to a directory in filesystem, so it has similar permissions. The 'search' controls to resolve object name within a schema. The 'add_name' and 'remove_name' controls to add/remove an object to/from a schema. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createschema.html In the past discussion, a rubix folks concerned about no object class definition for schema and catalog which is an upper level namespace. Since I'm not certain whether we have a disadvantage when 'db_schema' class is applied on catalog class, I don't add this definition yet. Default security context of 'db_table' and 'db_procedure' classes get being computed using type_transition with 'db_schema' class, instead of 'db_database' class. It reflects logical hierarchy of database object more correctly. * db_view ---------- A view object performs as a virtual table. We can run SELECT statement on views, although it has no physical entities. The definition of views are expanded in run-time, so it allows us to describe complex queries with keeping readability. This object class uniquely provides 'expand' permission that controls whether user can expand this view, or not. The default security context shall be computed by type transition rule with a schema object that owning the view. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createview.html * db_sequence -------------- A sequence object is a sequential number generator. This object class uniquely provides 'get_value', 'next_value' and 'set_value' permissions. The 'get_value' controls to reference the sequence object. The 'next_value' controls to fetch and increment the value of sequence object. The 'set_value' controls to set an arbitrary value. The default security context shall be computed by type transition rule with a schema object that owning the sequence. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createsequence.html * db_language -------------- A language object is an installed engine to execute procedures. PostgreSQL supports to define SQL procedures using regular script languages; such as Perl, Tcl, not only SQL or binary modules. In addition, v9.0 or later supports DO statement. It allows us to execute a script statement on server side without defining a SQL procedure. It requires to control whether user can execute DO statement on this language, or not. This object class uniquely provides 'implement' and 'execute' permissions. The 'implement' controls whether a procedure can be implemented with this language, or not. So, it takes security context of the procedure as subject. The 'execute' controls to execute code block using DO statement. The default security context shall be computed by type transition rule with a database object, because it is not owned by a certain schema. In the default policy, we provide two types: 'sepgsql_lang_t' and 'sepgsql_safe_lang_t' that allows unpriv users to execute DO statement. The default is 'sepgsql_leng_t'. We assume newly installed language may be harm, so DBA has to relabel it explicitly, if he want user defined procedures using the language. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createlanguage.html http://developer.postgresql.org/pgdocs/postgres/sql-do.html P.S) I found a bug in MCS. It didn't constraint 'relabelfrom' permission of 'db_procedure' class. IIRC, I fixed it before, but it might be only MLS side. Sorry. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com> policy/flask/access_vectors | 29 ++++++++ policy/flask/security_classes | 6 ++ policy/mcs | 16 ++++- policy/mls | 58 ++++++++++++++- policy/modules/kernel/kernel.if | 8 ++ policy/modules/services/postgresql.if | 125 +++++++++++++++++++++++++++++++-- policy/modules/services/postgresql.te | 116 +++++++++++++++++++++++++++++- 7 files changed, 342 insertions(+), 16 deletions(-)
2010-12-10 09:49:24 +00:00
allow $1 unlabeled_t:db_sequence { setattr relabelfrom };
allow $1 unlabeled_t:db_view { setattr relabelfrom };
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
allow $1 unlabeled_t:db_procedure { setattr relabelfrom };
New database object classes The attached patch adds a few database object classes, as follows: * db_schema ------------ A schema object performs as a namespace in database; similar to directories in filesystem. It seems some of (but not all) database objects are stored within a certain schema logically. We can qualify these objects using schema name. For example, a table: "my_tbl" within a schema: "my_scm" is identified by "my_scm.my_tbl". This table is completely different from "your_scm.my_tbl" that it a table within a schema: "your_scm". Its characteristics is similar to a directory in filesystem, so it has similar permissions. The 'search' controls to resolve object name within a schema. The 'add_name' and 'remove_name' controls to add/remove an object to/from a schema. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createschema.html In the past discussion, a rubix folks concerned about no object class definition for schema and catalog which is an upper level namespace. Since I'm not certain whether we have a disadvantage when 'db_schema' class is applied on catalog class, I don't add this definition yet. Default security context of 'db_table' and 'db_procedure' classes get being computed using type_transition with 'db_schema' class, instead of 'db_database' class. It reflects logical hierarchy of database object more correctly. * db_view ---------- A view object performs as a virtual table. We can run SELECT statement on views, although it has no physical entities. The definition of views are expanded in run-time, so it allows us to describe complex queries with keeping readability. This object class uniquely provides 'expand' permission that controls whether user can expand this view, or not. The default security context shall be computed by type transition rule with a schema object that owning the view. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createview.html * db_sequence -------------- A sequence object is a sequential number generator. This object class uniquely provides 'get_value', 'next_value' and 'set_value' permissions. The 'get_value' controls to reference the sequence object. The 'next_value' controls to fetch and increment the value of sequence object. The 'set_value' controls to set an arbitrary value. The default security context shall be computed by type transition rule with a schema object that owning the sequence. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createsequence.html * db_language -------------- A language object is an installed engine to execute procedures. PostgreSQL supports to define SQL procedures using regular script languages; such as Perl, Tcl, not only SQL or binary modules. In addition, v9.0 or later supports DO statement. It allows us to execute a script statement on server side without defining a SQL procedure. It requires to control whether user can execute DO statement on this language, or not. This object class uniquely provides 'implement' and 'execute' permissions. The 'implement' controls whether a procedure can be implemented with this language, or not. So, it takes security context of the procedure as subject. The 'execute' controls to execute code block using DO statement. The default security context shall be computed by type transition rule with a database object, because it is not owned by a certain schema. In the default policy, we provide two types: 'sepgsql_lang_t' and 'sepgsql_safe_lang_t' that allows unpriv users to execute DO statement. The default is 'sepgsql_leng_t'. We assume newly installed language may be harm, so DBA has to relabel it explicitly, if he want user defined procedures using the language. See also, http://developer.postgresql.org/pgdocs/postgres/sql-createlanguage.html http://developer.postgresql.org/pgdocs/postgres/sql-do.html P.S) I found a bug in MCS. It didn't constraint 'relabelfrom' permission of 'db_procedure' class. IIRC, I fixed it before, but it might be only MLS side. Sorry. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com> policy/flask/access_vectors | 29 ++++++++ policy/flask/security_classes | 6 ++ policy/mcs | 16 ++++- policy/mls | 58 ++++++++++++++- policy/modules/kernel/kernel.if | 8 ++ policy/modules/services/postgresql.if | 125 +++++++++++++++++++++++++++++++-- policy/modules/services/postgresql.te | 116 +++++++++++++++++++++++++++++- 7 files changed, 342 insertions(+), 16 deletions(-)
2010-12-10 09:49:24 +00:00
allow $1 unlabeled_t:db_language { setattr relabelfrom };
trunk: add sepostgresql policy from kaigai kohei.
2008-06-10 15:33:18 +00:00
allow $1 unlabeled_t:db_column { setattr relabelfrom };
allow $1 unlabeled_t:db_tuple { update relabelfrom };
allow $1 unlabeled_t:db_blob { setattr relabelfrom };
')
add unconfined
2005-07-05 20:59:51 +00:00
########################################
## <summary>
fix comments
2006-01-13 16:08:16 +00:00
## Unconfined access to kernel module resources.
add unconfined
2005-07-05 20:59:51 +00:00
## </summary>
## <param name="domain">
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## <summary>
add unconfined
2005-07-05 20:59:51 +00:00
## Domain allowed access.
xml building changes, add desc tag to booleans, add summary tag to bools
2006-02-10 18:41:53 +00:00
## </summary>
add unconfined
2005-07-05 20:59:51 +00:00
## </param>
#
interface(`kernel_unconfined',`
gen_require(`
reorder kernel policy, add attributes for sysctl and proc entries. fix unconfined interface
2005-07-20 17:06:10 +00:00
attribute kern_unconfined;
add unconfined
2005-07-05 20:59:51 +00:00
')
reorder kernel policy, add attributes for sysctl and proc entries. fix unconfined interface
2005-07-20 17:06:10 +00:00
typeattribute $1 kern_unconfined;
Change secure_mode_insmod to control sys_module capability rather than controlling domain transitions to insmod. Based on a patch from Dan Walsh.
2011-09-13 18:45:14 +00:00
kernel_load_module($1)
add unconfined
2005-07-05 20:59:51 +00:00
')
Add interfaces to read/write /proc/sys/vm/overcommit_memory
2015-12-11 13:03:36 +00:00
########################################
## <summary>
## Read virtual memory overcommit sysctl.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_read_vm_overcommit_sysctl',`
gen_require(`
type sysctl_vm_overcommit_t;
')
kernel_search_vm_sysctl($1)
allow $1 sysctl_vm_overcommit_t:file read_file_perms;
')
########################################
## <summary>
## Read and write virtual memory overcommit sysctl.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_rw_vm_overcommit_sysctl',`
gen_require(`
type sysctl_vm_overcommit_t;
')
kernel_search_vm_sysctl($1)
allow $1 sysctl_vm_overcommit_t:file rw_file_perms;
')
refpolicy: Infiniband pkeys and endports Every Infiniband network will have a default pkey, so that is labeled. The rest of the pkey configuration is network specific. The policy allows access to the default and unlabeled pkeys for sysadm and staff users. kernel_t is allowed access to all pkeys, which it needs to process and route management datagrams. Endports are all unlabeled by default, sysadm users are allowed to manage the subnet on unlabeled endports. kernel_t is allowed to manage the subnet on all ibendports, which is required for configuring the HCA. This patch requires selinux series: "SELinux user space support for Infiniband RDMA", due to the new ipkeycon labeling mechanism. Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
2017-05-24 14:14:59 +00:00
########################################
## <summary>
## Access unlabeled infiniband pkeys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_ib_access_unlabeled_pkeys',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:infiniband_pkey access;
')
########################################
## <summary>
## Manage subnet on unlabeled Infiniband endports.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_ib_manage_subnet_unlabeled_endports',`
gen_require(`
type unlabeled_t;
')
allow $1 unlabeled_t:infiniband_endport manage_subnet;
')