RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,144 Commits 3 Branches 49 Tags 18 MiB
Commit Graph

4 Commits

Author SHA1 Message Date
Jason Zaman 5b85f31124 xdg: Introduce xdg_search_cache_dirs 2018-06-24 19:11:14 -04:00
Jason Zaman 49a5d06120 xdg: filetrans should not add filetrans from user_home_dir 
SELinux 2.8 is stricter with duplicate filetrans and these rules cause
problems if a domain needs more than one xdg dir.

Domains should call xdg_generic_user_home_dir_filetrans_data directly if
needed.
 2018-06-24 19:11:14 -04:00
Jason Zaman b9bbe78f9e xdg: Add map perms, also make lnk_file, dirs consistent 2018-06-24 19:11:14 -04:00
Sven Vermeulen 0a4d55da7a freedesktop location support 
Introduce various freedesktop locations, based on the base directory
specification [1]. The new locations are introduced as a separate module
to keep the rules related to these specifications isolated from the main
user domain (which is already one of the biggest modules code-wise).

Right now, two distinct location groups are provided, one being the set
of locations that will have domain-specific types, and one that remains
generic for end users.

The first set of types are:
- XDG Cache location, meant for non-essential cached data. The base type
  here is xdg_cache_t, which is generally at $HOME/.cache
- XDG Data location, for user-specific data. The base type here is
  xdg_data_t, which is generally at $HOME/.local
- XDG Config location, for user-specific configuration files. The base
  type here is xdg_config_t, which is generally at $HOME/.config

The idea here is to provide support for domain-specific files as well.
For instance, Chromium has its user-specific configuration files in
~/.config/chromium, which is then marked as chromium_xdg_config_t.

This allows for isolation of potentially sensitive information from
regular user application domains. Firefox for instance should not be
able to read user configuration data from unrelated applications.

The second set of types are:
- User documents, with xdg_documents_t as the type. This is
  generally for the ~/Documents location.
- User downloads, with xdg_downloads_t as the type. This is
  generally for the ~/Downloads location.
- User music, with xdg_music_t as the type. This is generally for
  the ~/Music location.
- User pictures, with xdg_pictures_t as the type. This is generally
  for the ~/Pictures location.
- User videos, with xdg_videos_t as the type. This is generally for
  the ~/Videos location.

Alongside the type definitions, a number of access interfaces are
defined to support the use of these types, and for the first set to
enable the necessary file transitions.

[1] https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2018-06-10 13:23:01 -04:00