## A wrapper that helps users run system programs. ####################################### ## ## The role template for the userhelper module. ## ## ## ## The prefix of the user role (e.g., user ## is the prefix for user_r). ## ## ## ## ## The user role. ## ## ## ## ## The user domain associated with the role. ## ## # template(`userhelper_role_template',` gen_require(` attribute userhelper_type, consolehelper_type; attribute_role userhelper_roles, consolehelper_roles; type userhelper_exec_t, consolehelper_exec_t; ') ######################################## # # Declarations # type $1_consolehelper_t, consolehelper_type; userdom_user_application_domain($1_consolehelper_t, consolehelper_exec_t) role consolehelper_roles types $1_consolehelper_t; roleattribute $2 consolehelper_roles; type $1_userhelper_t, userhelper_type; userdom_user_application_domain($1_userhelper_t, userhelper_exec_t) domain_role_change_exemption($1_userhelper_t) domain_obj_id_change_exemption($1_userhelper_t) domain_interactive_fd($1_userhelper_t) domain_subj_id_change_exemption($1_userhelper_t) role userhelper_roles types $1_userhelper_t; roleattribute $2 userhelper_roles; ######################################## # # Consolehelper local policy # allow $1_consolehelper_t $3:unix_stream_socket connectto; domtrans_pattern($3, consolehelper_exec_t, $1_consolehelper_t) allow $3 $1_consolehelper_t:process { ptrace signal_perms }; ps_process_pattern($3, $1_consolehelper_t) auth_use_pam($1_consolehelper_t) optional_policy(` dbus_connect_all_session_bus($1_consolehelper_t) optional_policy(` userhelper_dbus_chat_all_consolehelper($3) ') ') ######################################## # # Userhelper local policy # domtrans_pattern($3, userhelper_exec_t, $1_userhelper_t) dontaudit $3 $1_userhelper_t:process signal; corecmd_bin_domtrans($1_userhelper_t, $3) auth_domtrans_chk_passwd($1_userhelper_t) auth_use_nsswitch($1_userhelper_t) userdom_bin_spec_domtrans_unpriv_users($1_userhelper_t) userdom_entry_spec_domtrans_unpriv_users($1_userhelper_t) optional_policy(` tunable_policy(`! secure_mode',` sysadm_bin_spec_domtrans($1_userhelper_t) sysadm_entry_spec_domtrans($1_userhelper_t) ') ') ') ######################################## ## ## Search userhelper configuration directories. ## ## ## ## Domain allowed access. ## ## # interface(`userhelper_search_config',` gen_require(` type userhelper_conf_t; ') allow $1 userhelper_conf_t:dir search_dir_perms; ') ######################################## ## ## Do not audit attempts to search ## userhelper configuration directories. ## ## ## ## Domain to not audit. ## ## # interface(`userhelper_dontaudit_search_config',` gen_require(` type userhelper_conf_t; ') dontaudit $1 userhelper_conf_t:dir search_dir_perms; ') ######################################## ## ## Send and receive messages from ## consolehelper over dbus. ## ## ## ## Domain allowed access. ## ## # interface(`userhelper_dbus_chat_all_consolehelper',` gen_require(` attribute consolehelper_type; class dbus send_msg; ') allow $1 consolehelper_type:dbus send_msg; allow consolehelper_type $1:dbus send_msg; ') ######################################## ## ## Use userhelper all userhelper file descriptors. ## ## ## ## Domain allowed access. ## ## # interface(`userhelper_use_fd',` gen_require(` attribute userhelper_type; ') allow $1 userhelper_type:fd use; ') ######################################## ## ## Send child terminated signals to all userhelper. ## ## ## ## Domain allowed access. ## ## # interface(`userhelper_sigchld',` gen_require(` attribute userhelper_type; ') allow $1 userhelper_type:process sigchld; ') ######################################## ## ## Execute the userhelper program in the caller domain. ## ## ## ## Domain allowed access. ## ## # interface(`userhelper_exec',` gen_require(` type userhelper_exec_t; ') corecmd_search_bin($1) can_exec($1, userhelper_exec_t) ') ######################################## ## ## Execute the consolehelper program ## in the caller domain. ## ## ## ## Domain allowed access. ## ## # interface(`userhelper_exec_consolehelper',` gen_require(` type consolehelper_exec_t; ') corecmd_search_bin($1) can_exec($1, consolehelper_exec_t) ')