# # Macros for X client programs ($2 etc) # # # Author: Russell Coker # Based on the work of Stephen Smalley # and Timothy Fraser # define(`xsession_domain', ` # Connect to xserver can_unix_connect($1_t, $2_xserver_t) # /tmp/.ICE_unix allow $1_t $2_xserver_tmp_t:dir search; allow $1_t $2_xserver_tmp_t:sock_file rw_file_perms; # Stat /tmp/.X0-lock allow $1_t $2_xserver_tmp_t:file getattr; # Signal Xserver allow $1_t $2_xserver_t:process signal; # Use file descriptors created by each other. allow $1_t $2_xserver_t:fd use; allow $2_xserver_t $1_t:fd use; # Xserver read/write parent shm allow $2_xserver_t $1_t:shm rw_shm_perms; allow $2_xserver_t $1_tmpfs_t:file rw_file_perms; # Parent read xserver shm allow $1_t $2_xserver_t:shm r_shm_perms; allow $1_t $2_xserver_tmpfs_t:file r_file_perms; ') # # x_client_domain(domain_prefix) # # Define a derived domain for an X program when executed by # a user domain. # # The type declaration for the executable type for this program ($2_exec_t) # must be provided separately! # # The first parameter is the base name for the domain/role (EG user or sysadm) # The second parameter is the program name (EG $2) # The third parameter is the attributes for the domain (if any) # define(`x_client_domain',` # Derived domain based on the calling user domain and the program. type $1_$2_t, domain, nscd_client_domain $3; ifelse(index(`$3', `transitionbool'), -1, ` domain_auto_trans($1_t, $2_exec_t, $1_$2_t) can_exec($1_$2_t, $2_exec_t) ', ` # Only do it once ifelse($1, user, ` bool disable_$2 false; ') # Transition from the user domain to the derived domain. if (! disable_$2) { domain_auto_trans($1_t, $2_exec_t, $1_$2_t) can_exec($1_$2_t, $2_exec_t) } ') # The user role is authorized for this domain. role $1_r types $1_$2_t; # This domain is granted permissions common to most domains (including can_net) can_network($1_$2_t) can_ypbind($1_$2_t) allow $1_$2_t self:process { fork signal_perms getsched }; allow $1_$2_t self:unix_dgram_socket create_socket_perms; allow $1_$2_t self:unix_stream_socket { connectto create_stream_socket_perms }; allow $1_$2_t self:fifo_file rw_file_perms; allow $1_$2_t etc_runtime_t:file { getattr read }; allow $1_$2_t etc_t:lnk_file read; allow $1_$2_t fs_t:filesystem getattr; access_terminal($1_$2_t, $1) read_locale($1_$2_t) r_dir_file($1_$2_t, readable_t) allow $1_$2_t proc_t:dir search; allow $1_$2_t proc_t:lnk_file read; allow $1_$2_t self:dir search; allow $1_$2_t self:lnk_file read; read_sysctl($1_$2_t) ifdef(`xauth.te',` allow $1_$2_t $1_xauth_home_t:file { getattr read }; ') # Allow the user domain to send any signal to the $2 process. allow $1_t $1_$2_t:process signal_perms; # Allow the user domain to read the /proc/PID directory for # the $2 process. allow $1_t $1_$2_t:dir r_dir_perms; allow $1_t $1_$2_t:notdevfile_class_set r_file_perms; # Allow use of /dev/zero by ld.so. allow $1_$2_t device_t:dir search; allow $1_$2_t zero_device_t:chr_file rw_file_perms; allow $1_$2_t zero_device_t:chr_file x_file_perms; # allow using shared libraries and running programs uses_shlib($1_$2_t) allow $1_$2_t { bin_t sbin_t }:dir search; allow $1_$2_t bin_t:lnk_file read; can_exec($1_$2_t, { shell_exec_t bin_t }) allow $1_$2_t etc_t:file { getattr read }; # Inherit and use descriptors from gnome-pty-helper. ifdef(`gnome-pty-helper.te', `allow $1_$2_t $1_gph_t:fd use;') allow $1_$2_t privfd:fd use; # for .xsession-errors dontaudit $1_$2_t $1_home_t:file write; # for X over a ssh tunnel ifdef(`ssh.te', ` can_tcp_connect($1_$2_t, sshd_t) ') # Read the home directory, e.g. for .Xauthority and to get to config files allow $1_$2_t home_root_t:dir { search getattr }; # Use a separate type for tmpfs/shm pseudo files. tmpfs_domain($1_$2) allow $1_$2_t self:shm create_shm_perms; # allow X client to read all font files r_dir_file($1_$2_t, fonts_t) # Allow connections to X server. ifdef(`xserver.te', ` allow $1_$2_t tmp_t:dir search; ifdef(`xdm.te', ` xsession_domain($1_$2, xdm) # for when /tmp/.X11-unix is created by the system allow $1_$2_t xdm_t:fifo_file rw_file_perms; allow $1_$2_t xdm_tmp_t:dir search; allow $1_$2_t xdm_tmp_t:sock_file { read write }; allow $1_$2_t xdm_t:fd use; dontaudit $1_$2_t xdm_t:tcp_socket { read write }; ') ifdef(`startx.te', ` xsession_domain($1_$2, $1) ')dnl end startx ')dnl end xserver ')dnl end x_client macro