From 2a94561a89e72558ad6a5ba211352078e773c508 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Thu, 25 Aug 2005 20:27:20 +0000 Subject: [PATCH] start adding in templated interfaces --- refpolicy/Rules.monolithic | 2 +- refpolicy/policy/modules/admin/su.if | 8 +- refpolicy/policy/modules/admin/sudo.if | 7 +- refpolicy/policy/modules/services/cron.if | 21 +- refpolicy/policy/modules/system/authlogin.if | 40 +++ refpolicy/policy/modules/system/userdomain.if | 307 +++++++++++++++++- 6 files changed, 366 insertions(+), 19 deletions(-) diff --git a/refpolicy/Rules.monolithic b/refpolicy/Rules.monolithic index d2a2f1e5e..0833fa3b8 100644 --- a/refpolicy/Rules.monolithic +++ b/refpolicy/Rules.monolithic @@ -96,7 +96,7 @@ tmp/generated_definitions.conf: $(ALL_LAYERS) $(ALL_TE_FILES) @test -d tmp || mkdir -p tmp $(QUIET) echo "define(\`per_userdomain_templates',\`" > $@ $(QUIET) for i in $(patsubst %.te,%,$(notdir $(ALL_MODULES))); do \ - echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$1'")')" \ + echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \ >> $@ ;\ done $(QUIET) echo "')" >> $@ diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if index d86b4c133..992493c46 100644 --- a/refpolicy/policy/modules/admin/su.if +++ b/refpolicy/policy/modules/admin/su.if @@ -75,6 +75,7 @@ template(`su_per_userdomain_template',` term_use_all_user_ttys($1_su_t) term_use_all_user_ptys($1_su_t) + auth_domtrans_user_chk_passwd($1_su_t,$1) auth_dontaudit_read_shadow($1_su_t) domain_wide_inherit_fd($1_su_t) @@ -96,6 +97,8 @@ template(`su_per_userdomain_template',` seutil_read_config($1_su_t) seutil_read_default_contexts($1_su_t) + userdom_use_user_terminals($1_su_t,$1) + if(secure_mode) { # Only allow transitions to unprivileged user domains. @@ -130,17 +133,12 @@ template(`su_per_userdomain_template',` ') ifdef(`TODO',` - domain_auto_trans($1_su_t, chkpwd_exec_t, $1_chkpwd_t) - # Caused by su - init scripts dontaudit $1_su_t initrc_devpts_t:chr_file { getattr ioctl }; # Inherit and use descriptors from gnome-pty-helper. ifdef(`gnome-pty-helper.te', `allow $1_su_t $1_gph_t:fd use;') - # Write to the user domain tty. - access_terminal($1_su_t, $1) - allow $1_su_t { home_root_t $1_home_dir_t }:dir search; allow $1_su_t $1_home_t:file create_file_perms; diff --git a/refpolicy/policy/modules/admin/sudo.if b/refpolicy/policy/modules/admin/sudo.if index d1373aed1..4ff3ed5db 100644 --- a/refpolicy/policy/modules/admin/sudo.if +++ b/refpolicy/policy/modules/admin/sudo.if @@ -121,6 +121,10 @@ template(`sudo_per_userdomain_template',` seutil_read_config($1_sudo_t) seutil_read_default_contexts($1_sudo_t) + userdom_manage_user_home_subdir_files($1_sudo_t,$1) + userdom_manage_user_home_subdir_symlinks($1_sudo_t,$1) + userdom_manage_user_tmp_files($1_sudo_t,$1) + userdom_manage_user_tmp_symlinks($1_sudo_t,$1) userdom_use_unpriv_users_fd($1_sudo_t) # for some PAM modules and for cwd userdom_dontaudit_search_all_users_home($1_sudo_t) @@ -156,8 +160,5 @@ template(`sudo_per_userdomain_template',` allow $1_sudo_t pam_var_run_t:dir create_dir_perms; allow $1_sudo_t pam_var_run_t:file create_file_perms; ') - - rw_dir_create_file($1_sudo_t, $1_tmp_t) - rw_dir_create_file($1_sudo_t, $1_home_t) ') dnl end TODO ') diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if index f69bd700a..ac380e131 100644 --- a/refpolicy/policy/modules/services/cron.if +++ b/refpolicy/policy/modules/services/cron.if @@ -112,6 +112,13 @@ template(`cron_per_userdomain_template',` miscfiles_read_localization($1_crond_t) + userdom_manage_user_tmp_files($1_crond_t,$1) + userdom_manage_user_tmp_symlinks($1_crond_t,$1) + userdom_manage_user_tmp_pipes($1_crond_t,$1) + userdom_manage_user_tmp_sockets($1_crond_t,$1) + # Run scripts in user home directory and access shared libs. + userdom_exec_user_home_files($1_crond_t,$1) + tunable_policy(`fcron_crond', ` allow crond_t $1_cron_spool_t:file create_file_perms; ') @@ -122,13 +129,10 @@ template(`cron_per_userdomain_template',` ifdef(`TODO',` # Access user files and dirs. - allow $1_crond_t home_root_t:dir search; file_type_auto_trans($1_crond_t, $1_home_dir_t, $1_home_t) - # Run scripts in user home directory and access shared libs. - can_exec($1_crond_t, $1_home_t) - - file_type_auto_trans($1_crond_t, tmp_t, $1_tmp_t) + allow $1_crond_t tmp_t:dir rw_dir_perms; + type_transition $1_crond_t $1_tmp_t:{ file lnk_file sock_file fifo_file } $1_tmp_t; ifdef(`mta.te', ` domain_auto_trans($1_crond_t, sendmail_exec_t, $1_mail_t) @@ -198,6 +202,9 @@ template(`cron_per_userdomain_template',` seutil_dontaudit_search_config($1_crontab_t) + userdom_manage_user_tmp_dirs($1_crontab_t,$1) + userdom_manage_user_tmp_files($1_crontab_t,$1) + tunable_policy(`fcron_crond', ` # fcron wants an instant update of a crontab change for the administrator # also crontab does a security check for crontab -u @@ -210,8 +217,8 @@ template(`cron_per_userdomain_template',` dontaudit $1_crontab_t proc_t:dir search; - # Type for temporary files. - file_type_auto_trans($1_crontab_t, tmp_t, $1_tmp_t, { dir file }) + allow $1_crond_t tmp_t:dir rw_dir_perms; + type_transition $1_crond_t $1_tmp_t:{ file dir } $1_tmp_t; # Run helper programs as $1_t domain_auto_trans($1_crontab_t, { bin_t sbin_t shell_exec_t }, $1_t) diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if index 7037a4047..c4ada7006 100644 --- a/refpolicy/policy/modules/system/authlogin.if +++ b/refpolicy/policy/modules/system/authlogin.if @@ -113,6 +113,46 @@ template(`authlogin_per_userdomain_template',` ') +######################################## +## +## Run unix_chkpwd to check a password +## for a user domain. +## +## +##

+## Run unix_chkpwd to check a password +## for a user domain. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## The type of the process performing this action. +## +# +template(`auth_domtrans_user_chk_passwd',` + gen_require(` + type chkpwd_exec_t; + class process sigchld; + class fd use; + class fifo_file rw_file_perms; + ') + + corecmd_search_bin($1) + domain_auto_trans($1,chkpwd_exec_t,$2_chkpwd_t) + + allow $1 $2_chkpwd_t:fd use; + allow $2_chkpwd_t $1:fd use; + allow $2_chkpwd_t $1:fifo_file rw_file_perms; + allow $2_chkpwd_t $1:process sigchld; +') + ######################################## ## ## Use the login program as an entry point program. diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if index 19969fc7b..7668c0331 100644 --- a/refpolicy/policy/modules/system/userdomain.if +++ b/refpolicy/policy/modules/system/userdomain.if @@ -81,7 +81,7 @@ template(`base_user_template',` dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write }; # execute files in the home directory - allow $1_t $1_home_t:file { rx_file_perms execute_no_trans }; + can_exec($1_t,$1_home_t) # full control of the home directory allow $1_t $1_home_t:file { create_file_perms relabelfrom relabelto }; @@ -92,7 +92,7 @@ template(`base_user_template',` allow $1_t $1_home_dir_t:dir create_dir_perms; type_transition $1_t $1_home_dir_t:{ dir notdevfile_class_set } $1_home_t; - allow $1_t $1_tmp_t:file { rx_file_perms execute_no_trans }; + can_exec($1_t,$1_tmp_t) # Bind to a Unix domain socket in /tmp. # cjp: this is combination is not checked and should be removed @@ -114,7 +114,7 @@ template(`base_user_template',` # user domain and the program, and allow us to maintain separation # between different instances of the program being run by different # user domains. - per_userdomain_templates($1) + per_userdomain_templates($1,$1_t) kernel_read_kernel_sysctl($1_t) selinux_get_fs_mount($1_t) @@ -865,6 +865,307 @@ template(`admin_user_template',` ') dnl endif TODO ') +######################################## +## +## Execute user home files. +## +## +##

+## Execute user home files. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The type of the process performing this action. +## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +# +template(`userdom_exec_user_home_files',` + gen_require(` + class dir search; + ') + + files_search_home($1) + allow $1 $2_home_dir_t:dir search; + allow $1 $2_home_t:dir search; + can_exec($1,$2_home_t) +') + +######################################## +## +## Create, read, write, and delete files +## in a user home subdirectory. +## +## +##

+## Create, read, write, and delete files +## in a user home subdirectory. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The type of the process performing this action. +## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +# +template(`userdom_manage_user_home_subdir_files',` + gen_require(` + class dir rw_dir_perms; + class file create_file_perms; + ') + + files_search_home($1) + allow $1 $2_home_dir_t:dir search; + allow $1 $2_home_t:dir rw_dir_perms; + allow $1 $2_home_t:file create_file_perms; +') + +######################################## +## +## Create, read, write, and delete symbolic links +## in a user home subdirectory. +## +## +##

+## Create, read, write, and delete symbolic links +## in a user home subdirectory. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The type of the process performing this action. +## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +# +template(`userdom_manage_user_home_subdir_symlinks',` + gen_require(` + class dir rw_dir_perms; + class lnk_file create_lnk_perms; + ') + + files_search_home($1) + allow $1 $2_home_dir_t:dir search; + allow $1 $2_home_t:dir rw_dir_perms; + allow $1 $2_home_t:lnk_file create_lnk_perms; +') + +######################################## +## +## Create, read, write, and delete user +## temporary directories. +## +## +##

+## Create, read, write, and delete user +## temporary directories. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The type of the process performing this action. +## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +# +template(`userdom_manage_user_tmp_dirs',` + gen_require(` + class dir create_dir_perms; + ') + + files_search_tmp($1) + allow $1 $2_tmp_t:dir create_dir_perms; +') + +######################################## +## +## Create, read, write, and delete user +## temporary files. +## +## +##

+## Create, read, write, and delete user +## temporary files. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The type of the process performing this action. +## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +# +template(`userdom_manage_user_tmp_files',` + gen_require(` + class dir rw_dir_perms; + class file create_file_perms; + ') + + files_search_tmp($1) + allow $1 $2_tmp_t:dir rw_dir_perms; + allow $1 $2_tmp_t:file create_file_perms; +') + +######################################## +## +## Create, read, write, and delete user +## temporary symbolic links. +## +## +##

+## Create, read, write, and delete user +## temporary symbolic links. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The type of the process performing this action. +## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +# +template(`userdom_manage_user_tmp_symlinks',` + gen_require(` + class dir rw_dir_perms; + class lnk_file create_lnk_perms; + ') + + files_search_tmp($1) + allow $1 $2_tmp_t:dir rw_dir_perms; + allow $1 $2_tmp_t:lnk_file create_lnk_perms; +') + +######################################## +## +## Create, read, write, and delete user +## temporary named pipes. +## +## +##

+## Create, read, write, and delete user +## temporary named pipes. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The type of the process performing this action. +## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +# +template(`userdom_manage_user_tmp_pipes',` + gen_require(` + class dir rw_dir_perms; + class fifo_file create_file_perms; + ') + + files_search_tmp($1) + allow $1 $2_tmp_t:dir rw_dir_perms; + allow $1 $2_tmp_t:fifo_file create_file_perms; +') + +######################################## +## +## Create, read, write, and delete user +## temporary named sockets. +## +## +##

+## Create, read, write, and delete user +## temporary named sockets. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The type of the process performing this action. +## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +# +template(`userdom_manage_user_tmp_sockets',` + gen_require(` + class dir rw_dir_perms; + class sock_file create_file_perms; + ') + + files_search_tmp($1) + allow $1 $2_tmp_t:dir rw_dir_perms; + allow $1 $2_tmp_t:sock_file create_file_perms; +') + +######################################## +## +## Read and write a user domain tty and pty. +## +## +##

+## Read and write a user domain tty and pty. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The type of the process performing this action. +## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +# +template(`userdom_use_user_terminals',` + gen_require(` + class chr_file rw_term_perms; + ') + + allow $1 $2_tty_device_t:chr_file rw_term_perms; + allow $1 $2_devpts_t:chr_file rw_term_perms; + term_list_ptys($1) +') + ######################################## ## ## Execute a shell in all user domains. This