RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/modules/services/tpm2.if

165 lines
3.0 KiB
Plaintext
Raw Normal View History

Module for tpm2 Module for tpm2 v2 - updated to rename module and interface names, different dbus interface Signed-off-by: Dave Sugar <dsugar@tresys.com>
2019-08-05 19:13:02 +00:00
## <summary>Trusted Platform Module 2.0</summary>
Setup domain for tpm2_* binaries The various /bin/tpm2_* binaries use dbus to communicate with tpm2-abrmd and also can directly access /dev/tpmrm0. This seems like a way to help limit access to the TPM by running the tpm_* binaries in their own domain. I setup this domain because I have a process that needs to use tpm2_hmac to encode something, but didn't want that domain to have direct access to the TPM. I did some basic testing to verify that the other tpm2_* binaries have basically the same access needs. But it wasn't through testing of all the tpm2_* binaries. Signed-off-by: Dave Sugar <dsugar@tresys.com>
2020-03-29 00:21:33 +00:00
########################################
## <summary>
## Execute tpm2_* processes
## in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`tpm2_exec',`
gen_require(`
type tpm2_exec_t;
')
corecmd_search_bin($1)
can_exec($1, tpm2_exec_t)
')
########################################
## <summary>
## Execute tpm2_* processes in the tpm2 domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`tpm2_domtrans',`
gen_require(`
type tpm2_t, tpm2_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, tpm2_exec_t, tpm2_t)
')
########################################
## <summary>
## Execute tpm2_* processes in the tpm2
## domain and allow the specified role
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
#
interface(`tpm2_run',`
gen_require(`
type tpm2_t;
')
role $2 types tpm2_t;
tpm2_domtrans($1)
')
########################################
## <summary>
## Send and receive messages from
## tpm2-abrmd over dbus.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`tpm2_dbus_chat_abrmd',`
gen_require(`
type tpm2_abrmd_t;
class dbus send_msg;
')
allow $1 tpm2_abrmd_t:dbus send_msg;
allow tpm2_abrmd_t $1:dbus send_msg;
')
Module for tpm2 Module for tpm2 v2 - updated to rename module and interface names, different dbus interface Signed-off-by: Dave Sugar <dsugar@tresys.com>
2019-08-05 19:13:02 +00:00
########################################
## <summary>
## Allow specified domain to enable/disable tpm2-abrmd unit
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`tpm2_enabledisable_abrmd',`
gen_require(`
type tpm2_abrmd_unit_t;
class service { enable disable };
')
allow $1 tpm2_abrmd_unit_t:service { enable disable };
')
########################################
## <summary>
## Allow specified domain to start/stop tpm2-abrmd unit
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`tpm2_startstop_abrmd',`
gen_require(`
type tpm2_abrmd_unit_t;
class service { start stop };
')
allow $1 tpm2_abrmd_unit_t:service { start stop };
')
########################################
## <summary>
## Allow specified domain to get status of tpm2-abrmd unit
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`tpm2_status_abrmd',`
gen_require(`
type tpm2_abrmd_unit_t;
class service status;
')
allow $1 tpm2_abrmd_unit_t:service status;
')
Setup domain for tpm2_* binaries The various /bin/tpm2_* binaries use dbus to communicate with tpm2-abrmd and also can directly access /dev/tpmrm0. This seems like a way to help limit access to the TPM by running the tpm_* binaries in their own domain. I setup this domain because I have a process that needs to use tpm2_hmac to encode something, but didn't want that domain to have direct access to the TPM. I did some basic testing to verify that the other tpm2_* binaries have basically the same access needs. But it wasn't through testing of all the tpm2_* binaries. Signed-off-by: Dave Sugar <dsugar@tresys.com>
2020-03-29 00:21:33 +00:00
########################################
## <summary>
## access tpm2-abrmd fifos
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`tpm2_rw_abrmd_pipes',`
gen_require(`
type tpm2_abrmd_t;
')
allow $1 tpm2_abrmd_t:fd use;
tpm2: small fixes * Drop permissions implied by domtrans_pattern * Use fifo_file permission macro for fifo_file class Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2020-05-08 17:54:49 +00:00
allow $1 tpm2_abrmd_t:fifo_file rw_fifo_file_perms;
Setup domain for tpm2_* binaries The various /bin/tpm2_* binaries use dbus to communicate with tpm2-abrmd and also can directly access /dev/tpmrm0. This seems like a way to help limit access to the TPM by running the tpm_* binaries in their own domain. I setup this domain because I have a process that needs to use tpm2_hmac to encode something, but didn't want that domain to have direct access to the TPM. I did some basic testing to verify that the other tpm2_* binaries have basically the same access needs. But it wasn't through testing of all the tpm2_* binaries. Signed-off-by: Dave Sugar <dsugar@tresys.com>
2020-03-29 00:21:33 +00:00
')