selinux-refpolicy/targeted/macros/content_macros.te
2005-10-21 18:05:21 +00:00

189 lines
5.9 KiB
Plaintext

# Content access macros
# FIXME: After nested booleans are supported, replace NFS/CIFS
# w/ read_network_home, and write_network_home macros from global
# FIXME: If true/false constant booleans are supported, replace
# ugly $3 ifdefs with if(true), if(false)...
# FIXME: Do we want write to imply read?
############################################################
# read_content(domain, role_prefix, bool_prefix)
#
# Allow the given domain to read content.
# Content may be trusted or untrusted,
# Reading anything is subject to a controlling boolean based on bool_prefix.
# Reading untrusted content is additionally subject to read_untrusted_content
# Reading default_t is additionally subject to read_default_t
define(`read_content', `
# Declare controlling boolean
ifelse($3, `', `', `
ifdef(`$3_read_content_defined', `', `
define(`$3_read_content_defined')
bool $3_read_content false;
') dnl ifdef
') dnl ifelse
# Handle nfs home dirs
ifelse($3, `',
`if (use_nfs_home_dirs) { ',
`if ($3_read_content && use_nfs_home_dirs) {')
allow $1 { autofs_t home_root_t }:dir { read search getattr };
r_dir_file($1, nfs_t)
} else {
dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };
dontaudit $1 nfs_t:file r_file_perms;
dontaudit $1 nfs_t:dir r_dir_perms;
}
# Handle samba home dirs
ifelse($3, `',
`if (use_samba_home_dirs) { ',
`if ($3_read_content && use_samba_home_dirs) {')
allow $1 { autofs_t home_root_t }:dir { read search getattr };
r_dir_file($1, cifs_t)
} else {
dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };
dontaudit $1 cifs_t:file r_file_perms;
dontaudit $1 cifs_t:dir r_dir_perms;
}
# Handle removable media, /tmp, and /home
ifelse($3, `', `',
`if ($3_read_content) {')
allow $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };
r_dir_file($1, { $2_tmp_t $2_home_t } )
ifdef(`mls_policy', `', `
r_dir_file($1, removable_t)
')
ifelse($3, `', `',
`} else {
dontaudit $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };
dontaudit $1 { removable_t $2_tmp_t $2_home_t }:dir r_dir_perms;
dontaudit $1 { removable_t $2_tmp_t $2_home_t }:file r_file_perms;
}')
# Handle default_t content
ifelse($3, `',
`if (read_default_t) { ',
`if ($3_read_content && read_default_t) {')
r_dir_file($1, default_t)
} else {
dontaudit $1 default_t:file r_file_perms;
dontaudit $1 default_t:dir r_dir_perms;
}
# Handle untrusted content
ifelse($3, `',
`if (read_untrusted_content) { ',
`if ($3_read_content && read_untrusted_content) {')
allow $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };
r_dir_file($1, { $2_untrusted_content_t $2_untrusted_content_tmp_t })
} else {
dontaudit $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };
dontaudit $1 { $2_untrusted_content_t $2_untrusted_content_tmp_t }:dir r_dir_perms;
dontaudit $1 { $2_untrusted_content_t $2_untrusted_content_tmp_t }:file r_file_perms;
}
') dnl read_content
#################################################
# write_trusted(domain, role_prefix, bool_prefix)
#
# Allow the given domain to write trusted content.
# This is subject to a controlling boolean based
# on bool_prefix.
define(`write_trusted', `
# Declare controlling boolean
ifelse($3, `', `', `
ifdef(`$3_write_content_defined', `', `
define(`$3_write_content_defined')
bool $3_write_content false;
') dnl ifdef
') dnl ifelse
# Handle nfs homedirs
ifelse($3, `',
`if (use_nfs_home_dirs) { ',
`if ($3_write_content && use_nfs_home_dirs) {')
allow $1 { autofs_t home_root_t }:dir { read search getattr };
create_dir_file($1, nfs_t)
} else {
dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };
dontaudit $1 nfs_t:file create_file_perms;
dontaudit $1 nfs_t:dir create_dir_perms;
}
# Handle samba homedirs
ifelse($3, `',
`if (use_samba_home_dirs) { ',
`if ($3_write_content && use_samba_home_dirs) {')
allow $1 { autofs_t home_root_t }:dir { read search getattr };
create_dir_file($1, cifs_t)
} else {
dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };
dontaudit $1 cifs_t:file create_file_perms;
dontaudit $1 cifs_t:dir create_dir_perms;
}
# Handle /tmp and /home
ifelse($3, `', `',
`if ($3_write_content) {')
allow $1 home_root_t:dir { read getattr search };
file_type_auto_trans($1, tmp_t, $2_tmp_t, { dir file });
file_type_auto_trans($1, $2_home_dir_t, $2_home_t, { dir file });
ifelse($3, `', `',
`} else {
dontaudit $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };
dontaudit $1 { $2_tmp_t $2_home_t }:file create_file_perms;
dontaudit $1 { $2_tmp_t $2_home_t }:dir create_dir_perms;
}')
') dnl write_trusted
#########################################
# write_untrusted(domain, role_prefix)
#
# Allow the given domain to write untrusted content.
# This is subject to the global boolean write_untrusted.
define(`write_untrusted', `
# Handle nfs homedirs
if (write_untrusted_content && use_nfs_home_dirs) {
allow $1 { autofs_t home_root_t }:dir { read search getattr };
create_dir_file($1, nfs_t)
} else {
dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };
dontaudit $1 nfs_t:file create_file_perms;
dontaudit $1 nfs_t:dir create_dir_perms;
}
# Handle samba homedirs
if (write_untrusted_content && use_samba_home_dirs) {
allow $1 { autofs_t home_root_t }:dir { read search getattr };
create_dir_file($1, cifs_t)
} else {
dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };
dontaudit $1 cifs_t:file create_file_perms;
dontaudit $1 cifs_t:dir create_dir_perms;
}
# Handle /tmp and /home
if (write_untrusted_content) {
allow $1 home_root_t:dir { read getattr search };
file_type_auto_trans($1, { tmp_t $2_tmp_t }, $2_untrusted_content_tmp_t, { dir file })
file_type_auto_trans($1, { $2_home_dir_t $2_home_t }, $2_untrusted_content_t, { dir file })
} else {
dontaudit $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };
dontaudit $1 { $2_tmp_t $2_home_t }:file create_file_perms;
dontaudit $1 { $2_tmp_t $2_home_t }:dir create_dir_perms;
}
') dnl write_untrusted