00219064d7
This policy is much tighter than the GConf policy from the old example policy. It only allows gconfd to access configuration data stored by GConf. Users can modify configuration data using gconftool-2 or gconf-editor, both of which use gconfd. GConf manages multiple configuration sources, so gconfd should be used to make any changes anyway. Normal users who aren't trying to directly edit the configuration data of GConf won't notice anything different. There is also a difference between this policy and the old example policy in handling directories in /tmp. The old example policy labeled /tmp/gconfd-USER with ROLE_gconfd_tmp_t, but, since there was no use of the file_type_auto_trans macro, if that directory was deleted gconfd would create one labeled as tmp_t. This policy uses the files_tmp-filetrans macro to cause a directory in /tmp created by gconfd to be labeled as $1_tmp_t. It is not labeled with $1_gconf_tmp_t, because if /tmp/orbit-USER is deleted, gconfd will create it (through use of ORBit) and it would get the $1_gconf_tmp_t label. By having gconfd create $1_tmp_t directories in /tmp and $1_gconf_tmp_t files and directories in directories labeled with $1_tmp_t, it can control its data without requiring any future bonobo or Gnome policies to have access to $1_gconf_tmp_t. This patch is related to work that I am doing in making gconfd an userspace object manager. If any user program can modify the configuration data that GConf stores, than making gconfd an userspace object manager would be useless. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
5434 lines
118 KiB
Plaintext
5434 lines
118 KiB
Plaintext
## <summary>Policy for user domains</summary>
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template containing the most basic rules common to all users.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## The template containing the most basic rules common to all users.
|
|
## </p>
|
|
## <p>
|
|
## This template creates a user domain, types, and
|
|
## rules for the user's tty and pty.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_base_user_template',`
|
|
attribute $1_file_type;
|
|
|
|
type $1_t, userdomain;
|
|
domain_type($1_t)
|
|
corecmd_shell_entry_type($1_t)
|
|
corecmd_bin_entry_type($1_t)
|
|
corecmd_sbin_entry_type($1_t)
|
|
domain_user_exemption_target($1_t)
|
|
role $1_r types $1_t;
|
|
allow system_r $1_r;
|
|
|
|
type $1_devpts_t;
|
|
term_user_pty($1_t,$1_devpts_t)
|
|
files_type($1_devpts_t)
|
|
|
|
type $1_tty_device_t;
|
|
term_tty($1_t,$1_tty_device_t)
|
|
|
|
allow $1_t self:process { signal_perms getsched setsched share getpgid setpgid setcap getsession };
|
|
allow $1_t self:fd use;
|
|
allow $1_t self:fifo_file rw_file_perms;
|
|
allow $1_t self:unix_dgram_socket { create_socket_perms sendto };
|
|
allow $1_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
|
allow $1_t self:shm create_shm_perms;
|
|
allow $1_t self:sem create_sem_perms;
|
|
allow $1_t self:msgq create_msgq_perms;
|
|
allow $1_t self:msg { send receive };
|
|
dontaudit $1_t self:socket create;
|
|
|
|
allow $1_t $1_devpts_t:chr_file { setattr ioctl read getattr lock write append };
|
|
term_create_pty($1_t,$1_devpts_t)
|
|
|
|
allow $1_t $1_tty_device_t:chr_file { setattr rw_file_perms };
|
|
|
|
kernel_read_kernel_sysctls($1_t)
|
|
kernel_dontaudit_list_unlabeled($1_t)
|
|
kernel_dontaudit_getattr_unlabeled_files($1_t)
|
|
kernel_dontaudit_getattr_unlabeled_symlinks($1_t)
|
|
kernel_dontaudit_getattr_unlabeled_pipes($1_t)
|
|
kernel_dontaudit_getattr_unlabeled_sockets($1_t)
|
|
kernel_dontaudit_getattr_unlabeled_blk_files($1_t)
|
|
kernel_dontaudit_getattr_unlabeled_chr_files($1_t)
|
|
|
|
# When the user domain runs ps, there will be a number of access
|
|
# denials when ps tries to search /proc. Do not audit these denials.
|
|
domain_dontaudit_read_all_domains_state($1_t)
|
|
domain_dontaudit_getattr_all_domains($1_t)
|
|
domain_dontaudit_getsession_all_domains($1_t)
|
|
|
|
files_read_etc_files($1_t)
|
|
files_read_etc_runtime_files($1_t)
|
|
files_read_usr_files($1_t)
|
|
# Read directories and files with the readable_t type.
|
|
# This type is a general type for "world"-readable files.
|
|
files_list_world_readable($1_t)
|
|
files_read_world_readable_files($1_t)
|
|
files_read_world_readable_symlinks($1_t)
|
|
files_read_world_readable_pipes($1_t)
|
|
files_read_world_readable_sockets($1_t)
|
|
# old broswer_domain():
|
|
files_dontaudit_list_non_security($1_t)
|
|
files_dontaudit_getattr_non_security_files($1_t)
|
|
files_dontaudit_getattr_non_security_symlinks($1_t)
|
|
files_dontaudit_getattr_non_security_pipes($1_t)
|
|
files_dontaudit_getattr_non_security_sockets($1_t)
|
|
files_dontaudit_getattr_non_security_blk_files($1_t)
|
|
files_dontaudit_getattr_non_security_chr_files($1_t)
|
|
|
|
libs_use_ld_so($1_t)
|
|
libs_use_shared_libs($1_t)
|
|
libs_exec_ld_so($1_t)
|
|
|
|
miscfiles_read_localization($1_t)
|
|
|
|
tunable_policy(`allow_execmem',`
|
|
# Allow loading DSOs that require executable stack.
|
|
allow $1_t self:process execmem;
|
|
')
|
|
|
|
tunable_policy(`allow_execmem && allow_execstack',`
|
|
# Allow making the stack executable via mprotect.
|
|
allow $1_t self:process execstack;
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating a home directory
|
|
## that the user has read-only access.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## The template for creating a home directory
|
|
## that the user has read-only access.
|
|
## </p>
|
|
## <p>
|
|
## This does not allow execute access.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_ro_home_template',`
|
|
# type for contents of home directory
|
|
type $1_home_t, $1_file_type, home_type;
|
|
files_type($1_home_t)
|
|
files_associate_tmp($1_home_t)
|
|
fs_associate_tmpfs($1_home_t)
|
|
|
|
# type of home directory
|
|
type $1_home_dir_t, home_dir_type, home_type;
|
|
files_type($1_home_dir_t)
|
|
files_associate_tmp($1_home_dir_t)
|
|
fs_associate_tmpfs($1_home_dir_t)
|
|
|
|
##############################
|
|
#
|
|
# User home directory file rules
|
|
#
|
|
|
|
allow $1_file_type $1_home_t:filesystem associate;
|
|
|
|
# Rules used to associate a homedir as a mountpoint
|
|
allow $1_home_t self:filesystem associate;
|
|
|
|
##############################
|
|
#
|
|
# Domain access to home dir
|
|
#
|
|
|
|
# read-only home directory
|
|
allow $1_t $1_home_t:file { read_file_perms entrypoint };
|
|
allow $1_t $1_home_t:lnk_file read_file_perms;
|
|
allow $1_t $1_home_t:dir list_dir_perms;
|
|
allow $1_t $1_home_t:sock_file read_file_perms;
|
|
allow $1_t $1_home_t:fifo_file read_file_perms;
|
|
allow $1_t $1_home_dir_t:dir list_dir_perms;
|
|
files_list_home($1_t)
|
|
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_list_nfs_dirs($1_t)
|
|
fs_read_nfs_files($1_t)
|
|
fs_read_nfs_symlinks($1_t)
|
|
fs_read_nfs_named_sockets($1_t)
|
|
fs_read_nfs_named_pipes($1_t)
|
|
',`
|
|
fs_dontaudit_read_nfs_dirs($1_t)
|
|
fs_dontaudit_read_nfs_files($1_t)
|
|
')
|
|
|
|
tunable_policy(`use_samba_home_dirs',`
|
|
fs_list_cifs_dirs($1_t)
|
|
fs_read_cifs_files($1_t)
|
|
fs_read_cifs_symlinks($1_t)
|
|
fs_read_cifs_named_sockets($1_t)
|
|
fs_read_cifs_named_pipes($1_t)
|
|
',`
|
|
fs_dontaudit_list_cifs_dirs($1_t)
|
|
fs_dontaudit_read_cifs_files($1_t)
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating a home directory
|
|
## that the user has full access.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## The template for creating a home directory
|
|
## that the user has full access.
|
|
## </p>
|
|
## <p>
|
|
## This does not allow execute access.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_manage_home_template',`
|
|
# type for contents of home directory
|
|
type $1_home_t, $1_file_type, home_type;
|
|
files_type($1_home_t)
|
|
files_associate_tmp($1_home_t)
|
|
fs_associate_tmpfs($1_home_t)
|
|
|
|
# type of home directory
|
|
type $1_home_dir_t, home_dir_type, home_type;
|
|
files_type($1_home_dir_t)
|
|
files_associate_tmp($1_home_dir_t)
|
|
fs_associate_tmpfs($1_home_dir_t)
|
|
|
|
##############################
|
|
#
|
|
# User home directory file rules
|
|
#
|
|
|
|
allow $1_file_type $1_home_t:filesystem associate;
|
|
|
|
# Rules used to associate a homedir as a mountpoint
|
|
allow $1_home_t self:filesystem associate;
|
|
|
|
##############################
|
|
#
|
|
# Domain access to home dir
|
|
#
|
|
|
|
# full control of the home directory
|
|
allow $1_t $1_home_t:file { manage_file_perms relabelfrom relabelto entrypoint };
|
|
allow $1_t $1_home_t:lnk_file { create_lnk_perms relabelfrom relabelto };
|
|
allow $1_t $1_home_t:dir { manage_dir_perms relabelfrom relabelto };
|
|
allow $1_t $1_home_t:sock_file { manage_file_perms relabelfrom relabelto };
|
|
allow $1_t $1_home_t:fifo_file { manage_file_perms relabelfrom relabelto };
|
|
allow $1_t $1_home_dir_t:dir { manage_dir_perms relabelfrom relabelto };
|
|
type_transition $1_t $1_home_dir_t:{ dir file lnk_file sock_file fifo_file } $1_home_t;
|
|
files_list_home($1_t)
|
|
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_manage_nfs_dirs($1_t)
|
|
fs_manage_nfs_files($1_t)
|
|
fs_manage_nfs_symlinks($1_t)
|
|
fs_manage_nfs_named_sockets($1_t)
|
|
fs_manage_nfs_named_pipes($1_t)
|
|
',`
|
|
fs_dontaudit_manage_nfs_dirs($1_t)
|
|
fs_dontaudit_manage_nfs_files($1_t)
|
|
')
|
|
|
|
tunable_policy(`use_samba_home_dirs',`
|
|
fs_manage_cifs_dirs($1_t)
|
|
fs_manage_cifs_files($1_t)
|
|
fs_manage_cifs_symlinks($1_t)
|
|
fs_manage_cifs_named_sockets($1_t)
|
|
fs_manage_cifs_named_pipes($1_t)
|
|
',`
|
|
fs_dontaudit_manage_cifs_dirs($1_t)
|
|
fs_dontaudit_manage_cifs_files($1_t)
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for allowing the user
|
|
## to execute files in their home directory.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_exec_home_template',`
|
|
can_exec($1_t,$1_home_t)
|
|
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_exec_nfs_files($1_t)
|
|
')
|
|
|
|
tunable_policy(`use_samba_home_dirs',`
|
|
fs_exec_cifs_files($1_t)
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for polyinstantiating
|
|
## a user home directory.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_poly_home_template',`
|
|
ifdef(`enable_polyinstantiation',`
|
|
type_member $1_t $1_home_dir_t:dir $1_home_t;
|
|
|
|
files_poly($1_home_dir_t)
|
|
files_poly_member($1_home_t)
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for full access to the temporary directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## The template for full access to the temporary directories.
|
|
## This creates a derived type for the user
|
|
## temporary type. Execute access is not given.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_manage_tmp_template',`
|
|
type $1_tmp_t, $1_file_type;
|
|
files_tmp_file($1_tmp_t)
|
|
|
|
allow $1_t $1_tmp_t:dir manage_dir_perms;
|
|
allow $1_t $1_tmp_t:file manage_file_perms;
|
|
allow $1_t $1_tmp_t:lnk_file create_lnk_perms;
|
|
allow $1_t $1_tmp_t:sock_file manage_file_perms;
|
|
allow $1_t $1_tmp_t:fifo_file manage_file_perms;
|
|
files_tmp_filetrans($1_t, $1_tmp_t, { dir file lnk_file sock_file fifo_file })
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for execute access to the user temporary files.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_exec_tmp_template',`
|
|
can_exec($1_t,$1_tmp_t)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for a polyinstantiated temporary directory.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_poly_tmp_template',`
|
|
ifdef(`enable_polyinstantiation',`
|
|
files_poly_member_tmp($1_t,$1_tmp_t)
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating a tmpfs type
|
|
## that the user has full access.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## The template for creating a tmpfs type
|
|
## that the user has full access.
|
|
## </p>
|
|
## <p>
|
|
## This does not allow execute access.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_manage_tmpfs_template',`
|
|
type $1_tmpfs_t, $1_file_type;
|
|
files_tmpfs_file($1_tmpfs_t)
|
|
|
|
allow $1_t $1_tmpfs_t:dir rw_dir_perms;
|
|
allow $1_t $1_tmpfs_t:file manage_file_perms;
|
|
allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms;
|
|
allow $1_t $1_tmpfs_t:sock_file manage_file_perms;
|
|
allow $1_t $1_tmpfs_t:fifo_file manage_file_perms;
|
|
fs_tmpfs_filetrans($1_t,$1_tmpfs_t, { dir file lnk_file sock_file fifo_file })
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating a set of types
|
|
## for untrusted content.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_untrusted_content_template',`
|
|
gen_require(`
|
|
attribute $1_file_type;
|
|
attribute untrusted_content_type, untrusted_content_tmp_type;
|
|
type $1_t;
|
|
')
|
|
|
|
# types for network-obtained content
|
|
type $1_untrusted_content_t, $1_file_type, untrusted_content_type; #, customizable
|
|
files_type($1_untrusted_content_t)
|
|
files_poly_member($1_untrusted_content_t)
|
|
|
|
type $1_untrusted_content_tmp_t, $1_file_type, untrusted_content_tmp_type; # customizable
|
|
files_tmp_file($1_untrusted_content_tmp_t)
|
|
|
|
# Allow user to relabel untrusted content
|
|
allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:dir { manage_dir_perms relabelto relabelfrom };
|
|
allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:file { getattr unlink relabelto relabelfrom rename };
|
|
|
|
tunable_policy(`read_untrusted_content',`
|
|
allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:dir list_dir_perms;
|
|
allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:file read_file_perms;
|
|
allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:lnk_file { getattr read };
|
|
',`
|
|
dontaudit $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:dir list_dir_perms;
|
|
dontaudit $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:file read_file_perms;
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template allowing the user to execute
|
|
## generic programs, such as those found in /bin,
|
|
## /sbin, /usr/bin, and /usr/sbin.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_exec_generic_pgms_template',`
|
|
gen_require(`
|
|
type $1_t;
|
|
')
|
|
|
|
corecmd_exec_bin($1_t)
|
|
corecmd_exec_sbin($1_t)
|
|
corecmd_exec_ls($1_t)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template allowing the user basic
|
|
## network permissions
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_basic_networking_template',`
|
|
gen_require(`
|
|
type $1_t;
|
|
')
|
|
|
|
allow $1_t self:tcp_socket create_stream_socket_perms;
|
|
allow $1_t self:udp_socket create_socket_perms;
|
|
|
|
corenet_non_ipsec_sendrecv($1_t)
|
|
corenet_tcp_sendrecv_all_if($1_t)
|
|
corenet_udp_sendrecv_all_if($1_t)
|
|
corenet_tcp_sendrecv_all_nodes($1_t)
|
|
corenet_udp_sendrecv_all_nodes($1_t)
|
|
corenet_tcp_sendrecv_all_ports($1_t)
|
|
corenet_udp_sendrecv_all_ports($1_t)
|
|
corenet_tcp_connect_all_ports($1_t)
|
|
corenet_sendrecv_all_client_packets($1_t)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating a user xwindows client.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_xwindows_client_template',`
|
|
gen_require(`
|
|
type $1_t, $1_tmpfs_t;
|
|
')
|
|
|
|
optional_policy(`
|
|
dev_rw_xserver_misc($1_t)
|
|
dev_rw_power_management($1_t)
|
|
dev_read_input($1_t)
|
|
dev_read_misc($1_t)
|
|
dev_write_misc($1_t)
|
|
# open office is looking for the following
|
|
dev_getattr_agp_dev($1_t)
|
|
dev_dontaudit_rw_dri($1_t)
|
|
# GNOME checks for usb and other devices:
|
|
dev_rw_usbfs($1_t)
|
|
|
|
xserver_user_client_template($1,$1_t,$1_tmpfs_t)
|
|
xserver_xsession_entry_type($1_t)
|
|
xserver_dontaudit_write_log($1_t)
|
|
xserver_stream_connect_xdm($1_t)
|
|
# certain apps want to read xdm.pid file
|
|
xserver_read_xdm_pid($1_t)
|
|
# gnome-session creates socket under /tmp/.ICE-unix/
|
|
xserver_create_xdm_tmp_sockets($1_t)
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for allowing the user to change passwords.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_change_password_template',`
|
|
gen_require(`
|
|
type $1_t, $1_devpts_t, $1_tty_device_t;
|
|
role $1_r;
|
|
')
|
|
|
|
optional_policy(`
|
|
usermanage_run_chfn($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
|
|
usermanage_run_passwd($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for allowing the user to change roles.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_role_change_template',`
|
|
gen_require(`
|
|
role $1_r, $2_r;
|
|
type $1_t, $2_t;
|
|
type $1_devpts_t, $2_devpts_t;
|
|
type $1_tty_device_t, $2_tty_device_t;
|
|
')
|
|
|
|
allow $1_r $2_r;
|
|
type_change $2_t $1_devpts_t:chr_file $2_devpts_t;
|
|
type_change $2_t $1_tty_device_t:chr_file $2_tty_device_t;
|
|
# avoid annoying messages on terminal hangup
|
|
dontaudit $1_t { $2_devpts_t $2_tty_device_t }:chr_file ioctl;
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template containing rules common to unprivileged
|
|
## users and administrative users.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## This template creates a user domain, types, and
|
|
## rules for the user's tty, pty, tmp, and tmpfs files.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_common_user_template',`
|
|
|
|
userdom_base_user_template($1)
|
|
|
|
userdom_manage_home_template($1)
|
|
userdom_exec_home_template($1)
|
|
|
|
userdom_manage_tmp_template($1)
|
|
userdom_exec_tmp_template($1)
|
|
|
|
userdom_manage_tmpfs_template($1)
|
|
|
|
userdom_untrusted_content_template($1)
|
|
|
|
userdom_basic_networking_template($1)
|
|
|
|
userdom_exec_generic_pgms_template($1)
|
|
|
|
userdom_xwindows_client_template($1)
|
|
|
|
userdom_change_password_template($1)
|
|
|
|
##############################
|
|
#
|
|
# User domain Local policy
|
|
#
|
|
|
|
allow $1_t self:capability { setgid chown fowner };
|
|
dontaudit $1_t self:capability { sys_nice fsetid };
|
|
allow $1_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
|
allow $1_t self:process { ptrace setfscreate };
|
|
|
|
# evolution and gnome-session try to create a netlink socket
|
|
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
|
|
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
|
|
|
|
allow $1_t unpriv_userdomain:fd use;
|
|
|
|
kernel_read_system_state($1_t)
|
|
kernel_read_network_state($1_t)
|
|
kernel_read_net_sysctls($1_t)
|
|
# Very permissive allowing every domain to see every type:
|
|
kernel_get_sysvipc_info($1_t)
|
|
# Find CDROM devices:
|
|
kernel_read_device_sysctls($1_t)
|
|
|
|
corenet_udp_bind_all_nodes($1_t)
|
|
corenet_udp_bind_generic_port($1_t)
|
|
|
|
dev_read_sysfs($1_t)
|
|
dev_read_rand($1_t)
|
|
dev_read_urand($1_t)
|
|
dev_write_sound($1_t)
|
|
dev_read_sound($1_t)
|
|
dev_read_sound_mixer($1_t)
|
|
dev_write_sound_mixer($1_t)
|
|
|
|
domain_use_interactive_fds($1_t)
|
|
|
|
files_exec_etc_files($1_t)
|
|
files_search_locks($1_t)
|
|
# Check to see if cdrom is mounted
|
|
files_search_mnt($1_t)
|
|
# cjp: perhaps should cut back on file reads:
|
|
files_read_var_files($1_t)
|
|
files_read_var_symlinks($1_t)
|
|
files_read_generic_spool($1_t)
|
|
files_read_var_lib_files($1_t)
|
|
# Stat lost+found.
|
|
files_getattr_lost_found_dirs($1_t)
|
|
|
|
fs_get_all_fs_quotas($1_t)
|
|
fs_getattr_all_fs($1_t)
|
|
fs_getattr_all_dirs($1_t)
|
|
fs_search_auto_mountpoints($1_t)
|
|
fs_list_inotifyfs($1_t)
|
|
|
|
# cjp: some of this probably can be removed
|
|
selinux_get_fs_mount($1_t)
|
|
selinux_validate_context($1_t)
|
|
selinux_compute_access_vector($1_t)
|
|
selinux_compute_create_context($1_t)
|
|
selinux_compute_relabel_context($1_t)
|
|
selinux_compute_user_contexts($1_t)
|
|
|
|
# for eject
|
|
storage_getattr_fixed_disk_dev($1_t)
|
|
|
|
auth_read_login_records($1_t)
|
|
auth_dontaudit_write_login_records($1_t)
|
|
auth_search_pam_console_data($1_t)
|
|
auth_run_pam($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
|
|
auth_run_utempter($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
|
|
|
|
init_read_utmp($1_t)
|
|
# The library functions always try to open read-write first,
|
|
# then fall back to read-only if it fails.
|
|
init_dontaudit_write_utmp($1_t)
|
|
# Stop warnings about access to /dev/console
|
|
init_dontaudit_use_fds($1_t)
|
|
init_dontaudit_use_script_fds($1_t)
|
|
|
|
libs_exec_lib_files($1_t)
|
|
|
|
logging_dontaudit_getattr_all_logs($1_t)
|
|
|
|
miscfiles_read_man_pages($1_t)
|
|
# for running TeX programs
|
|
miscfiles_read_tetex_data($1_t)
|
|
miscfiles_exec_tetex_data($1_t)
|
|
|
|
seutil_read_file_contexts($1_t)
|
|
seutil_read_default_contexts($1_t)
|
|
seutil_read_config($1_t)
|
|
seutil_run_newrole($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
|
|
# for when the network connection is killed
|
|
# this is needed when a login role can change
|
|
# to this one.
|
|
seutil_dontaudit_signal_newrole($1_t)
|
|
|
|
tunable_policy(`read_default_t',`
|
|
files_list_default($1_t)
|
|
files_read_default_files($1_t)
|
|
files_read_default_symlinks($1_t)
|
|
files_read_default_sockets($1_t)
|
|
files_read_default_pipes($1_t)
|
|
',`
|
|
files_dontaudit_list_default($1_t)
|
|
files_dontaudit_read_default_files($1_t)
|
|
')
|
|
|
|
tunable_policy(`user_direct_mouse',`
|
|
dev_read_mouse($1_t)
|
|
')
|
|
|
|
tunable_policy(`user_ttyfile_stat',`
|
|
term_getattr_all_user_ttys($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
# Allow graphical boot to check battery lifespan
|
|
apm_stream_connect($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
canna_stream_connect($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
cups_stream_connect_ptal($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
dbus_system_bus_client_template($1,$1_t)
|
|
|
|
optional_policy(`
|
|
bluetooth_dbus_chat($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
cups_dbus_chat_config($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
hal_dbus_chat($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
networkmanager_dbus_chat($1_t)
|
|
')
|
|
')
|
|
|
|
optional_policy(`
|
|
inetd_use_fds($1_t)
|
|
inetd_rw_tcp_sockets($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
inn_read_config($1_t)
|
|
inn_read_news_lib($1_t)
|
|
inn_read_news_spool($1_t)
|
|
')
|
|
|
|
# for running depmod as part of the kernel packaging process
|
|
optional_policy(`
|
|
modutils_read_module_config($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
mta_rw_spool($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
nis_use_ypbind($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
tunable_policy(`allow_user_mysql_connect',`
|
|
mysql_stream_connect($1_t)
|
|
')
|
|
')
|
|
|
|
optional_policy(`
|
|
nscd_socket_use($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
# to allow monitoring of pcmcia status
|
|
pcmcia_read_pid($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
quota_dontaudit_getattr_db($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
resmgr_stream_connect($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
rpc_dontaudit_getattr_exports($1_t)
|
|
rpc_manage_nfs_rw_content($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
rpm_read_db($1_t)
|
|
rpm_dontaudit_manage_db($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
samba_stream_connect_winbind($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
slrnpull_search_spool($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
usernetctl_run($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating a unprivileged user.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## This template creates a user domain, types, and
|
|
## rules for the user's tty, pty, home directories,
|
|
## tmp, and tmpfs files.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_unpriv_user_template', `
|
|
##############################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
# Inherit rules for ordinary users.
|
|
userdom_common_user_template($1)
|
|
|
|
typeattribute $1_t unpriv_userdomain;
|
|
domain_interactive_fd($1_t)
|
|
|
|
typeattribute $1_devpts_t user_ptynode;
|
|
typeattribute $1_home_dir_t user_home_dir_type;
|
|
typeattribute $1_home_t user_home_type;
|
|
typeattribute $1_tmp_t user_tmpfile;
|
|
typeattribute $1_tty_device_t user_ttynode;
|
|
|
|
userdom_poly_home_template($1)
|
|
userdom_poly_tmp_template($1)
|
|
|
|
##############################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
# privileged home directory writers
|
|
allow privhome $1_home_t:file manage_file_perms;
|
|
allow privhome $1_home_t:lnk_file create_lnk_perms;
|
|
allow privhome $1_home_t:dir manage_dir_perms;
|
|
allow privhome $1_home_t:sock_file manage_file_perms;
|
|
allow privhome $1_home_t:fifo_file manage_file_perms;
|
|
type_transition privhome $1_home_dir_t:{ dir file lnk_file sock_file fifo_file } $1_home_t;
|
|
|
|
corecmd_exec_all_executables($1_t)
|
|
|
|
# port access is audited even if dac would not have allowed it, so dontaudit it here
|
|
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
|
|
# Need the following rule to allow users to run vpnc
|
|
corenet_tcp_bind_xserver_port($1_t)
|
|
|
|
files_exec_usr_files($1_t)
|
|
# cjp: why?
|
|
files_read_kernel_symbol_table($1_t)
|
|
|
|
ifndef(`enable_mls',`
|
|
fs_exec_noxattr($1_t)
|
|
|
|
tunable_policy(`user_rw_noexattrfile',`
|
|
fs_manage_noxattr_fs_files($1_t)
|
|
fs_manage_noxattr_fs_dirs($1_t)
|
|
# Write floppies
|
|
storage_raw_read_removable_device($1_t)
|
|
storage_raw_write_removable_device($1_t)
|
|
',`
|
|
storage_raw_read_removable_device($1_t)
|
|
')
|
|
')
|
|
|
|
tunable_policy(`user_dmesg',`
|
|
kernel_read_ring_buffer($1_t)
|
|
',`
|
|
kernel_dontaudit_read_ring_buffer($1_t)
|
|
')
|
|
|
|
# Allow users to run TCP servers (bind to ports and accept connection from
|
|
# the same domain and outside users) disabling this forces FTP passive mode
|
|
# and may change other protocols
|
|
tunable_policy(`user_tcp_server',`
|
|
corenet_tcp_bind_all_nodes($1_t)
|
|
corenet_tcp_bind_generic_port($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
kerberos_use($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
loadkeys_run($1_t,$1_r,$1_tty_device_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
netutils_run_ping_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
|
|
netutils_run_traceroute_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
|
|
')
|
|
|
|
# Run pppd in pppd_t by default for user
|
|
optional_policy(`
|
|
ppp_run_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
|
|
')
|
|
|
|
ifdef(`TODO',`
|
|
ifdef(`xdm.te', `
|
|
# this should cause the .xsession-errors file to be written to /tmp
|
|
dontaudit xdm_t $1_home_t:file rw_file_perms;
|
|
')
|
|
|
|
# Do not audit write denials to /etc/ld.so.cache.
|
|
dontaudit $1_t ld_so_cache_t:file write;
|
|
|
|
dontaudit $1_t sysadm_home_t:file { read append };
|
|
') dnl end TODO
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating an administrative user.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## This template creates a user domain, types, and
|
|
## rules for the user's tty, pty, home directories,
|
|
## tmp, and tmpfs files.
|
|
## </p>
|
|
## <p>
|
|
## The privileges given to administrative users are:
|
|
## <ul>
|
|
## <li>Raw disk access</li>
|
|
## <li>Set all sysctls</li>
|
|
## <li>All kernel ring buffer controls</li>
|
|
## <li>Create, read, write, and delete all files but shadow</li>
|
|
## <li>Manage source and binary format SELinux policy</li>
|
|
## <li>Run insmod</li>
|
|
## </ul>
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., sysadm
|
|
## is the prefix for sysadm_t).
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_admin_user_template',`
|
|
gen_require(`
|
|
class passwd { passwd chfn chsh rootok crontab };
|
|
')
|
|
|
|
##############################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
# Inherit rules for ordinary users.
|
|
userdom_common_user_template($1)
|
|
|
|
typeattribute $1_t privhome;
|
|
domain_obj_id_change_exemption($1_t)
|
|
role system_r types $1_t;
|
|
|
|
ifdef(`direct_sysadm_daemon',`
|
|
domain_system_change_exemption($1_t)
|
|
')
|
|
|
|
typeattribute $1_devpts_t admin_terminal;
|
|
|
|
typeattribute $1_tty_device_t admin_terminal;
|
|
|
|
##############################
|
|
#
|
|
# $1_t local policy
|
|
#
|
|
|
|
allow $1_t self:capability ~sys_module;
|
|
allow $1_t self:process { setexec setfscreate };
|
|
|
|
# Set password information for other users.
|
|
allow $1_t self:passwd { passwd chfn chsh };
|
|
|
|
# Skip authentication when pam_rootok is specified.
|
|
allow $1_t self:passwd rootok;
|
|
|
|
# Manipulate other users crontab.
|
|
allow $1_t self:passwd crontab;
|
|
|
|
allow $1_t self:netlink_audit_socket nlmsg_readpriv;
|
|
|
|
kernel_read_software_raid_state($1_t)
|
|
kernel_getattr_core_if($1_t)
|
|
kernel_getattr_message_if($1_t)
|
|
kernel_change_ring_buffer_level($1_t)
|
|
kernel_clear_ring_buffer($1_t)
|
|
kernel_read_ring_buffer($1_t)
|
|
kernel_get_sysvipc_info($1_t)
|
|
kernel_rw_all_sysctls($1_t)
|
|
# signal unlabeled processes:
|
|
kernel_kill_unlabeled($1_t)
|
|
kernel_signal_unlabeled($1_t)
|
|
kernel_sigstop_unlabeled($1_t)
|
|
kernel_signull_unlabeled($1_t)
|
|
kernel_sigchld_unlabeled($1_t)
|
|
|
|
corenet_tcp_bind_generic_port($1_t)
|
|
# allow setting up tunnels
|
|
corenet_rw_tun_tap_dev($1_t)
|
|
|
|
dev_getattr_generic_blk_files($1_t)
|
|
dev_getattr_generic_chr_files($1_t)
|
|
# for lsof
|
|
dev_getattr_mtrr_dev($1_t)
|
|
# Allow MAKEDEV to work
|
|
dev_create_all_blk_files($1_t)
|
|
dev_create_all_chr_files($1_t)
|
|
dev_delete_all_blk_files($1_t)
|
|
dev_delete_all_chr_files($1_t)
|
|
dev_rename_all_blk_files($1_t)
|
|
dev_rename_all_chr_files($1_t)
|
|
dev_create_generic_symlinks($1_t)
|
|
|
|
domain_setpriority_all_domains($1_t)
|
|
domain_read_all_domains_state($1_t)
|
|
domain_getattr_all_domains($1_t)
|
|
domain_dontaudit_ptrace_all_domains($1_t)
|
|
# signal all domains:
|
|
domain_kill_all_domains($1_t)
|
|
domain_signal_all_domains($1_t)
|
|
domain_signull_all_domains($1_t)
|
|
domain_sigstop_all_domains($1_t)
|
|
domain_sigstop_all_domains($1_t)
|
|
domain_sigchld_all_domains($1_t)
|
|
# for lsof
|
|
domain_getattr_all_sockets($1_t)
|
|
|
|
files_exec_usr_src_files($1_t)
|
|
|
|
fs_getattr_all_fs($1_t)
|
|
fs_set_all_quotas($1_t)
|
|
fs_exec_noxattr($1_t)
|
|
|
|
storage_raw_read_removable_device($1_t)
|
|
storage_raw_write_removable_device($1_t)
|
|
|
|
term_use_all_terms($1_t)
|
|
|
|
auth_getattr_shadow($1_t)
|
|
# Manage almost all files
|
|
auth_manage_all_files_except_shadow($1_t)
|
|
# Relabel almost all files
|
|
auth_relabel_all_files_except_shadow($1_t)
|
|
|
|
init_telinit($1_t)
|
|
|
|
logging_send_syslog_msg($1_t)
|
|
|
|
modutils_domtrans_insmod($1_t)
|
|
|
|
# The following rule is temporary until such time that a complete
|
|
# policy management infrastructure is in place so that an administrator
|
|
# cannot directly manipulate policy files with arbitrary programs.
|
|
seutil_manage_src_policy($1_t)
|
|
# Violates the goal of limiting write access to checkpolicy.
|
|
# But presently necessary for installing the file_contexts file.
|
|
seutil_manage_bin_policy($1_t)
|
|
|
|
tunable_policy(`user_rw_noexattrfile',`
|
|
fs_manage_noxattr_fs_files($1_t)
|
|
fs_manage_noxattr_fs_dirs($1_t)
|
|
',`
|
|
fs_read_noxattr_fs_files($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
cron_admin_template($1,$1_t,$1_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
ethereal_admin_template($1,$1_t,$1_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
lpr_admin_template($1,$1_t,$1_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
mta_admin_template($1,$1_t,$1_r)
|
|
')
|
|
|
|
ifdef(`TODO',`
|
|
ifdef(`xserver.te', `
|
|
tunable_policy(`xdm_sysadm_login',`
|
|
allow xdm_t $1_home_t:lnk_file read;
|
|
allow xdm_t $1_home_t:dir search;
|
|
')
|
|
')
|
|
') dnl endif TODO
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change to the generic user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change to the generic user role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_generic_user',`
|
|
ifdef(`strict_policy',`
|
|
userdom_role_change_template($1,user)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in targeted policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change from the generic user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change from the generic user role to
|
|
## the specified role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_from_generic_user',`
|
|
ifdef(`strict_policy',`
|
|
userdom_role_change_template(user,$1)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in targeted policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change to the staff user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change to the staff user role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_staff',`
|
|
ifdef(`strict_policy',`
|
|
userdom_role_change_template($1,staff)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in targeted policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change from the staff user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change from the staff user role to
|
|
## the specified role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_from_staff',`
|
|
ifdef(`strict_policy',`
|
|
userdom_role_change_template(staff,$1)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in targeted policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change to the sysadm user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change to the sysadm user role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_sysadm',`
|
|
ifdef(`strict_policy',`
|
|
userdom_role_change_template($1,sysadm)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in targeted policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change from the sysadm user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change from the sysadm user role to
|
|
## the specified role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_from_sysadm',`
|
|
ifdef(`strict_policy',`
|
|
userdom_role_change_template(sysadm,$1)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in targeted policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change to the secadm user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change to the secadm user role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_secadm',`
|
|
ifdef(`enable_mls',`
|
|
userdom_role_change_template($1,secadm)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in non-MLS policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change from the secadm user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change from the secadm user role to
|
|
## the specified role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_from_secadm',`
|
|
ifdef(`enable_mls',`
|
|
userdom_role_change_template(secadm,$1)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in non-MLS policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change to the auditadm user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change to the auditadm user role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the auditadm role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_auditadm',`
|
|
ifdef(`enable_mls',`
|
|
userdom_role_change_template($1,auditadm)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in non-MLS policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change from the auditadm user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change from the auditadm user role to
|
|
## the specified role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_from_auditadm',`
|
|
ifdef(`enable_mls',`
|
|
userdom_role_change_template(auditadm,$1)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in non-MLS policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make the specified type usable in a
|
|
## user home directory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Make the specified type usable in a
|
|
## user home directory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="type">
|
|
## <summary>
|
|
## Type to be used as a file in the
|
|
## user home directory.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_user_home_content',`
|
|
gen_require(`
|
|
attribute $1_file_type;
|
|
')
|
|
|
|
typeattribute $2 $1_file_type;
|
|
files_type($2)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Set the attributes of a user pty.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Set the attributes of a user pty.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_setattr_user_ptys',`
|
|
ifdef(`strict_policy',`
|
|
gen_require(`
|
|
type $1_devpts_t;
|
|
')
|
|
|
|
allow $2 $1_devpts_t:chr_file setattr;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create a user pty.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create a user pty.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_create_user_pty',`
|
|
ifdef(`strict_policy',`
|
|
gen_require(`
|
|
type $1_devpts_t;
|
|
')
|
|
|
|
term_create_pty($2,$1_devpts_t)
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search user home directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Search user home directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_search_user_home_dirs',`
|
|
gen_require(`
|
|
type $1_home_dir_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir { getattr search };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List user home directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## List user home directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_list_user_home_dirs',`
|
|
gen_require(`
|
|
type $1_home_dir_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do a domain transition to the specified
|
|
## domain when executing a program in the
|
|
## user home directory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do a domain transition to the specified
|
|
## domain when executing a program in the
|
|
## user home directory.
|
|
## </p>
|
|
## <p>
|
|
## No interprocess communication (signals, pipes,
|
|
## etc.) is provided by this interface since
|
|
## the domains are not owned by this module.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="source_domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="target_domain">
|
|
## <summary>
|
|
## Domain to transition to.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_user_home_domtrans',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search_dir_perms;
|
|
domain_auto_trans($2,$1_home_t,$3)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to list user home subdirectories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to list user home subdirectories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_list_user_home_dirs',`
|
|
gen_require(`
|
|
type $1_home_dir_t;
|
|
')
|
|
|
|
dontaudit $2 $1_home_dir_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete directories
|
|
## in a user home subdirectory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete directories
|
|
## in a user home subdirectory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_home_content_dirs',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir rw_dir_perms;
|
|
allow $2 $1_home_t:dir manage_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to set the
|
|
## attributes of user home files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to set the
|
|
## attributes of user home files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_setattr_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
dontaudit $2 $1_home_t:file setattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user home files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user home files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir search_dir_perms;
|
|
allow $2 $1_home_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read user home files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to read user home files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_read_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_t;
|
|
')
|
|
|
|
dontaudit $2 $1_home_t:dir r_dir_perms;
|
|
dontaudit $2 $1_home_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to write user home files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to write user home files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_write_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_t;
|
|
')
|
|
|
|
dontaudit $2 $1_home_t:file write;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user home subdirectory symbolic links.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user home subdirectory symbolic links.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_home_content_symlinks',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir search;
|
|
allow $2 $1_home_t:lnk_file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute user home files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Execute user home files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_exec_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir search;
|
|
can_exec($2,$1_home_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to execute user home files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to execute user home files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_exec_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_t;
|
|
')
|
|
|
|
dontaudit $2 $1_home_t:file execute;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete files
|
|
## in a user home subdirectory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete files
|
|
## in a user home subdirectory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir rw_dir_perms;
|
|
allow $2 $1_home_t:file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to create, read, write, and delete directories
|
|
## in a user home subdirectory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to create, read, write, and delete directories
|
|
## in a user home subdirectory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_manage_user_home_content_dirs',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
dontaudit $2 $1_home_t:dir manage_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete symbolic links
|
|
## in a user home subdirectory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete symbolic links
|
|
## in a user home subdirectory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_home_content_symlinks',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir rw_dir_perms;
|
|
allow $2 $1_home_t:lnk_file create_lnk_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete named pipes
|
|
## in a user home subdirectory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete named pipes
|
|
## in a user home subdirectory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_home_content_pipes',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir rw_dir_perms;
|
|
allow $2 $1_home_t:fifo_file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete named sockets
|
|
## in a user home subdirectory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete named sockets
|
|
## in a user home subdirectory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_home_content_sockets',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir rw_dir_perms;
|
|
allow $2 $1_home_t:sock_file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create objects in a user home directory
|
|
## with an automatic type transition to
|
|
## a specified private type.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create objects in a user home directory
|
|
## with an automatic type transition to
|
|
## a specified private type.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="private_type">
|
|
## <summary>
|
|
## The type of the object to create.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="object_class">
|
|
## <summary>
|
|
## The class of the object to be created. If not
|
|
## specified, file is used.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_user_home_dir_filetrans',`
|
|
gen_require(`
|
|
type $1_home_dir_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir rw_dir_perms;
|
|
type_transition $2 $1_home_dir_t:$4 $3;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create objects in a user home directory
|
|
## with an automatic type transition to
|
|
## the user home file type.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create objects in a user home directory
|
|
## with an automatic type transition to
|
|
## the user home file type.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="object_class">
|
|
## <summary>
|
|
## The class of the object to be created. If not
|
|
## specified, file is used.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_user_home_dir_filetrans_user_home_content',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir rw_dir_perms;
|
|
type_transition $2 $1_home_dir_t:$3 $1_home_t;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Write to user temporary named sockets.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Write to user temporary named sockets.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_write_user_tmp_sockets',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:sock_file write;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List user temporary directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## List user temporary directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_list_user_tmp',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to list user
|
|
## temporary directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to list user
|
|
## temporary directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_list_user_tmp',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_tmp_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to manage users
|
|
## temporary directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to manage users
|
|
## temporary directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_manage_user_tmp_dirs',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_tmp_t:dir manage_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user temporary files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user temporary files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_tmp_files',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir r_dir_perms;
|
|
allow $2 $1_tmp_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read users
|
|
## temporary files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to read users
|
|
## temporary files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_read_user_tmp_files',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_tmp_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to append users
|
|
## temporary files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to append users
|
|
## temporary files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_append_user_tmp_files',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_tmp_t:file append;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write user temporary files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read and write user temporary files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_rw_user_tmp_files',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir r_dir_perms;
|
|
allow $2 $1_tmp_t:file rw_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to manage users
|
|
## temporary files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to manage users
|
|
## temporary files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_manage_user_tmp_files',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_tmp_t:file manage_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user
|
|
## temporary symbolic links.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user
|
|
## temporary symbolic links.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_tmp_symlinks',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir r_dir_perms;
|
|
allow $2 $1_tmp_t:lnk_file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete user
|
|
## temporary directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete user
|
|
## temporary directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_tmp_dirs',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir manage_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete user
|
|
## temporary files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete user
|
|
## temporary files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_tmp_files',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir rw_dir_perms;
|
|
allow $2 $1_tmp_t:file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete user
|
|
## temporary symbolic links.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete user
|
|
## temporary symbolic links.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_tmp_symlinks',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir rw_dir_perms;
|
|
allow $2 $1_tmp_t:lnk_file create_lnk_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete user
|
|
## temporary named pipes.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete user
|
|
## temporary named pipes.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_tmp_pipes',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir rw_dir_perms;
|
|
allow $2 $1_tmp_t:fifo_file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete user
|
|
## temporary named sockets.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete user
|
|
## temporary named sockets.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_tmp_sockets',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir rw_dir_perms;
|
|
allow $2 $1_tmp_t:sock_file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create objects in a user temporary directory
|
|
## with an automatic type transition to
|
|
## a specified private type.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create objects in a user temporary directory
|
|
## with an automatic type transition to
|
|
## a specified private type.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="private_type">
|
|
## <summary>
|
|
## The type of the object to create.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="object_class">
|
|
## <summary>
|
|
## The class of the object to be created. If not
|
|
## specified, file is used.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_user_tmp_filetrans',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
allow $2 $1_tmp_t:dir rw_dir_perms;
|
|
type_transition $2 $1_tmp_t:$4 $3;
|
|
files_search_tmp($2)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create objects in the temporary directory
|
|
## with an automatic type transition to
|
|
## the user temporary type.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create objects in the temporary directory
|
|
## with an automatic type transition to
|
|
## the user temporary type.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="object_class">
|
|
## <summary>
|
|
## The class of the object to be created. If not
|
|
## specified, file is used.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_tmp_filetrans_user_tmp',`
|
|
gen_require(`
|
|
type $1_home_dir_t;
|
|
')
|
|
|
|
files_tmp_filetrans($2,$1_tmp_t,$3)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user tmpfs files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user tmpfs files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_rw_user_tmpfs_files',`
|
|
gen_require(`
|
|
type $1_tmpfs_t;
|
|
')
|
|
|
|
fs_search_tmpfs($2)
|
|
allow $2 $1_tmpfs_t:dir list_dir_perms;
|
|
allow $2 $1_tmpfs_t:file rw_file_perms;
|
|
allow $2 $1_tmpfs_t:lnk_file { getattr read };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List users untrusted directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## List users untrusted directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_list_user_untrusted_content',`
|
|
gen_require(`
|
|
type $1_untrusted_content_t;
|
|
')
|
|
|
|
allow $2 $1_untrusted_content_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to list user
|
|
## untrusted directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to read user
|
|
## untrusted directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_list_user_untrusted_content',`
|
|
gen_require(`
|
|
type $1_untrusted_content_t;
|
|
')
|
|
|
|
dontaudit $2 $1_untrusted_content_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user untrusted files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user untrusted files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_untrusted_content_files',`
|
|
gen_require(`
|
|
type $1_untrusted_content_t;
|
|
')
|
|
|
|
allow $2 $1_untrusted_content_t:dir r_dir_perms;
|
|
allow $2 $1_untrusted_content_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Manage user untrusted files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete untrusted files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_untrusted_content_files',`
|
|
gen_require(`
|
|
type $1_untrusted_content_t;
|
|
')
|
|
|
|
allow $2 $1_tmp_t:dir rw_dir_perms;
|
|
allow $2 $1_untrusted_content_tmp_t:file manage_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read users
|
|
## untrusted files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to read users
|
|
## untrusted files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_read_user_untrusted_content_files',`
|
|
gen_require(`
|
|
type $1_untrusted_content_t;
|
|
')
|
|
|
|
dontaudit $2 $1_untrusted_content_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user untrusted symbolic links.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user untrusted symbolic links.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_untrusted_content_symlinks',`
|
|
gen_require(`
|
|
type $1_untrusted_content_t;
|
|
')
|
|
|
|
allow $2 $1_untrusted_content_t:dir r_dir_perms;
|
|
allow $2 $1_untrusted_content_t:lnk_file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List users temporary untrusted directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## List users temporary untrusted directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_list_user_tmp_untrusted_content',`
|
|
gen_require(`
|
|
type $1_untrusted_content_tmp_t;
|
|
')
|
|
|
|
allow $2 $1_untrusted_content_tmp_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to list user
|
|
## temporary untrusted directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to list user
|
|
## temporary directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_list_user_tmp_untrusted_content',`
|
|
gen_require(`
|
|
type $1_untrusted_content_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_untrusted_content_tmp_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user temporary untrusted files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user temporary untrusted files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_tmp_untrusted_content_files',`
|
|
gen_require(`
|
|
type $1_untrusted_content_tmp_t;
|
|
')
|
|
|
|
allow $2 $1_untrusted_content_tmp_t:dir r_dir_perms;
|
|
allow $2 $1_untrusted_content_tmp_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read users
|
|
## temporary untrusted files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to read users
|
|
## temporary untrusted files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_read_user_tmp_untrusted_content_files',`
|
|
gen_require(`
|
|
type $1_untrusted_content_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_untrusted_content_tmp_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user temporary untrusted symbolic links.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user temporary untrusted symbolic links.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_tmp_untrusted_content_symlinks',`
|
|
gen_require(`
|
|
type $1_untrusted_content_tmp_t;
|
|
')
|
|
|
|
allow $2 $1_untrusted_content_tmp_t:dir r_dir_perms;
|
|
allow $2 $1_untrusted_content_tmp_t:lnk_file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all user untrusted content files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_all_untrusted_content',`
|
|
gen_require(`
|
|
attribute untrusted_content_type;
|
|
')
|
|
|
|
allow $1 untrusted_content_type:dir r_dir_perms;
|
|
allow $1 untrusted_content_type:{ file lnk_file } r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all user temporary untrusted content files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_all_tmp_untrusted_content',`
|
|
gen_require(`
|
|
attribute untrusted_content_tmp_type;
|
|
')
|
|
|
|
allow $1 untrusted_content_tmp_type:dir r_dir_perms;
|
|
allow $1 untrusted_content_tmp_type:{ file lnk_file } r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Set the attributes of a user domain tty.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Set the attributes of a user domain tty.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_setattr_user_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_setattr_unallocated_ttys($2)
|
|
',`
|
|
gen_require(`
|
|
type $1_tty_device_t;
|
|
')
|
|
|
|
allow $2 $1_tty_device_t:chr_file setattr;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write a user domain tty.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read and write a user domain tty.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_use_user_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_use_unallocated_ttys($2)
|
|
',`
|
|
gen_require(`
|
|
type $1_tty_device_t;
|
|
')
|
|
|
|
allow $2 $1_tty_device_t:chr_file rw_term_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write a user domain tty and pty.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read and write a user domain tty and pty.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_use_user_terminals',`
|
|
ifdef(`targeted_policy',`
|
|
term_use_unallocated_ttys($2)
|
|
term_use_generic_ptys($2)
|
|
',`
|
|
gen_require(`
|
|
type $1_tty_device_t, $1_devpts_t;
|
|
')
|
|
|
|
allow $2 $1_tty_device_t:chr_file rw_term_perms;
|
|
allow $2 $1_devpts_t:chr_file rw_term_perms;
|
|
term_list_ptys($2)
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read and write
|
|
## a user domain tty and pty.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to read and write
|
|
## a user domain tty and pty.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_use_user_terminals',`
|
|
gen_require(`
|
|
type $1_tty_device_t, $1_devpts_t;
|
|
')
|
|
|
|
dontaudit $2 $1_tty_device_t:chr_file rw_term_perms;
|
|
dontaudit $2 $1_devpts_t:chr_file rw_term_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a shell in all user domains. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_spec_domtrans_all_users',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
corecmd_shell_spec_domtrans($1,userdomain)
|
|
allow $1 userdomain:fd use;
|
|
allow userdomain $1:fd use;
|
|
allow userdomain $1:fifo_file rw_file_perms;
|
|
allow userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute an Xserver session in all unprivileged user domains. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_xsession_spec_domtrans_all_users',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
xserver_xsession_spec_domtrans($1,userdomain)
|
|
allow $1 userdomain:fd use;
|
|
allow userdomain $1:fd use;
|
|
allow userdomain $1:fifo_file rw_file_perms;
|
|
allow userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a shell in all unprivileged user domains. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_spec_domtrans_unpriv_users',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
corecmd_shell_spec_domtrans($1,unpriv_userdomain)
|
|
allow $1 unpriv_userdomain:fd use;
|
|
allow unpriv_userdomain $1:fd use;
|
|
allow unpriv_userdomain $1:fifo_file rw_file_perms;
|
|
allow unpriv_userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute an Xserver session in all unprivileged user domains. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_xsession_spec_domtrans_unpriv_users',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
xserver_xsession_spec_domtrans($1,unpriv_userdomain)
|
|
allow $1 unpriv_userdomain:fd use;
|
|
allow unpriv_userdomain $1:fd use;
|
|
allow unpriv_userdomain $1:fifo_file rw_file_perms;
|
|
allow unpriv_userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Manage unpriviledged user SysV sempaphores.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_unpriv_user_semaphores',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
allow $1 unpriv_userdomain:sem create_sem_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Manage unpriviledged user SysV shared
|
|
## memory segments.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_unpriv_user_shared_mem',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
allow $1 unpriv_userdomain:shm create_shm_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute bin_t in the unprivileged user domains. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_bin_spec_domtrans_unpriv_users',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
corecmd_bin_spec_domtrans($1,unpriv_userdomain)
|
|
|
|
allow $1 unpriv_userdomain:fd use;
|
|
allow unpriv_userdomain $1:fd use;
|
|
allow unpriv_userdomain $1:fifo_file rw_file_perms;
|
|
allow unpriv_userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute generic sbin programs in all unprivileged user
|
|
## domains. This is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sbin_spec_domtrans_unpriv_users',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
corecmd_sbin_spec_domtrans($1,unpriv_userdomain)
|
|
|
|
allow $1 unpriv_userdomain:fd use;
|
|
allow unpriv_userdomain $1:fd use;
|
|
allow unpriv_userdomain $1:fifo_file rw_file_perms;
|
|
allow unpriv_userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute all entrypoint files in unprivileged user
|
|
## domains. This is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_entry_spec_domtrans_unpriv_users',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
domain_entry_file_spec_domtrans($1,unpriv_userdomain)
|
|
|
|
allow $1 unpriv_userdomain:fd use;
|
|
allow unpriv_userdomain $1:fd use;
|
|
allow unpriv_userdomain $1:fifo_file rw_file_perms;
|
|
allow unpriv_userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a shell in the sysadm domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_shell_domtrans_sysadm',`
|
|
ifdef(`targeted_policy',`
|
|
#cjp: need to doublecheck this one
|
|
unconfined_shell_domtrans($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
corecmd_shell_domtrans($1,sysadm_t)
|
|
|
|
allow $1 sysadm_t:fd use;
|
|
allow sysadm_t $1:fd use;
|
|
allow sysadm_t $1:fifo_file rw_file_perms;
|
|
allow sysadm_t $1:process sigchld;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a generic bin program in the sysadm domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_bin_spec_domtrans_sysadm',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
corecmd_bin_spec_domtrans($1,sysadm_t)
|
|
|
|
allow $1 sysadm_t:fd use;
|
|
allow sysadm_t $1:fd use;
|
|
allow sysadm_t $1:fifo_file rw_file_perms;
|
|
allow sysadm_t $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a generic sbin program in the sysadm domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sbin_spec_domtrans_sysadm',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
corecmd_sbin_spec_domtrans($1,sysadm_t)
|
|
|
|
allow $1 sysadm_t:fd use;
|
|
allow sysadm_t $1:fd use;
|
|
allow sysadm_t $1:fifo_file rw_file_perms;
|
|
allow sysadm_t $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute all entrypoint files in the sysadm domain. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_entry_spec_domtrans_sysadm',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
domain_entry_file_spec_domtrans($1,sysadm_t)
|
|
|
|
allow $1 sysadm_t:fd use;
|
|
allow sysadm_t $1:fd use;
|
|
allow sysadm_t $1:fifo_file rw_file_perms;
|
|
allow sysadm_t $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow sysadm to execute a generic bin program in
|
|
## a specified domain. This is an explicit transition,
|
|
## requiring the caller to use setexeccon().
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Allow sysadm to execute a generic bin program in
|
|
## a specified domain.
|
|
## </p>
|
|
## <p>
|
|
## This is a interface to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to execute in.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sysadm_bin_spec_domtrans_to',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
corecmd_bin_spec_domtrans(sysadm_t,$1)
|
|
|
|
allow sysadm_t $1:fd use;
|
|
allow $1 sysadm_t:fd use;
|
|
allow $1 sysadm_t:fifo_file rw_file_perms;
|
|
allow $1 sysadm_t:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow sysadm to execute a generic sbin program in
|
|
## a specified domain. This is an explicit transition,
|
|
## requiring the caller to use setexeccon().
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Allow sysadm to execute a generic sbin program in
|
|
## a specified domain.
|
|
## </p>
|
|
## <p>
|
|
## This is a interface to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to execute in.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sysadm_sbin_spec_domtrans_to',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
corecmd_sbin_spec_domtrans(sysadm_t, $1)
|
|
|
|
allow sysadm_t $1:fd use;
|
|
allow $1 sysadm_t:fd use;
|
|
allow $1 sysadm_t:fifo_file rw_file_perms;
|
|
allow $1 sysadm_t:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow sysadm to execute all entrypoint files
|
|
## in the specified domain. This is an explicit
|
|
## transition, requiring the caller to use setexeccon().
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Allow sysadm to execute all entrypoint files
|
|
## in the specified domain. This is an explicit
|
|
## transition, requiring the caller to use setexeccon().
|
|
## </p>
|
|
## <p>
|
|
## This is a interface to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to execute in.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sysadm_entry_spec_domtrans_to',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
domain_entry_file_spec_domtrans(sysadm_t, $1)
|
|
|
|
allow sysadm_t $1:fd use;
|
|
allow $1 sysadm_t:fd use;
|
|
allow $1 sysadm_t:fifo_file rw_file_perms;
|
|
allow $1 sysadm_t:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search the staff users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_staff_home_dirs',`
|
|
gen_require(`
|
|
type staff_home_dir_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 staff_home_dir_t:dir search;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to search the staff
|
|
## users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_search_staff_home_dirs',`
|
|
gen_require(`
|
|
type staff_home_dir_t;
|
|
')
|
|
|
|
dontaudit $1 staff_home_dir_t:dir search;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete staff
|
|
## home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_staff_home_dirs',`
|
|
ifdef(`targeted_policy',`
|
|
gen_require(`
|
|
type user_home_dir_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir manage_dir_perms;
|
|
',`
|
|
gen_require(`
|
|
type staff_home_dir_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 staff_home_dir_t:dir manage_dir_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to append to the staff
|
|
## users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_append_staff_home_content_files',`
|
|
gen_require(`
|
|
type staff_home_t;
|
|
')
|
|
|
|
dontaudit $1 staff_home_t:file append;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read files in the staff users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_staff_home_content_files',`
|
|
gen_require(`
|
|
type staff_home_dir_t, staff_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 { staff_home_dir_t staff_home_t }:dir r_dir_perms;
|
|
allow $1 staff_home_t:{ file lnk_file } r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send a SIGCHLD signal to sysadm users.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sigchld_sysadm',`
|
|
ifdef(`targeted_policy',`
|
|
unconfined_sigchld($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
allow $1 sysadm_t:process sigchld;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attepts to get the attributes
|
|
## of sysadm ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_getattr_sysadm_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_dontaudit_getattr_unallocated_ttys($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_tty_device_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_tty_device_t:chr_file getattr;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write sysadm ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_sysadm_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_use_unallocated_ttys($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_tty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
term_list_ptys($1)
|
|
allow $1 sysadm_tty_device_t:chr_file rw_term_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to use sysadm ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_sysadm_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_dontaudit_use_unallocated_ttys($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_tty_device_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_tty_device_t:chr_file { read write };
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write sysadm ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_sysadm_ptys',`
|
|
ifdef(`targeted_policy',`
|
|
term_use_generic_ptys($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_devpts_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
term_list_ptys($1)
|
|
allow $1 sysadm_devpts_t:chr_file rw_term_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Dont audit attempts to read and write sysadm ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_sysadm_ptys',`
|
|
ifdef(`targeted_policy',`
|
|
term_dontaudit_use_generic_ptys($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_devpts_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_devpts_t:chr_file { read write };
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write sysadm ttys and ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_sysadm_terms',`
|
|
userdom_use_sysadm_ttys($1)
|
|
userdom_use_sysadm_ptys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to use sysadm ttys and ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_sysadm_terms',`
|
|
ifdef(`targeted_policy',`
|
|
term_dontaudit_use_generic_ptys($1)
|
|
',`
|
|
gen_require(`
|
|
attribute admin_terminal;
|
|
')
|
|
|
|
dontaudit $1 admin_terminal:chr_file { read write };
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Inherit and use sysadm file descriptors
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_sysadm_fds',`
|
|
ifdef(`targeted_policy',`
|
|
unconfined_use_fds($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
allow $1 sysadm_t:fd use;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write sysadm user unnamed pipes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_rw_sysadm_pipes',`
|
|
ifdef(`targeted_policy',`
|
|
#cjp: need to doublecheck this one
|
|
unconfined_rw_pipes($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
allow $1 sysadm_t:fifo_file rw_file_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of the sysadm users
|
|
## home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_getattr_sysadm_home_dirs',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
allow $1 sysadm_home_dir_t:dir getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to get the
|
|
## attributes of the sysadm users
|
|
## home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
|
|
ifdef(`targeted_policy',`
|
|
gen_require(`
|
|
type user_home_dir_t;
|
|
')
|
|
|
|
dontaudit $1 user_home_dir_t:dir getattr;
|
|
', `
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_home_dir_t:dir getattr;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search the sysadm users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_sysadm_home_dirs',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
allow $1 sysadm_home_dir_t:dir search;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to search the sysadm
|
|
## users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_search_sysadm_home_dirs',`
|
|
ifdef(`targeted_policy',`
|
|
gen_require(`
|
|
type user_home_dir_t;
|
|
')
|
|
|
|
dontaudit $1 user_home_dir_t:dir search_dir_perms;
|
|
',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_home_dir_t:dir search_dir_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List the sysadm users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_list_sysadm_home_dirs',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
allow $1 sysadm_home_dir_t:dir list_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to list the sysadm
|
|
## users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_list_sysadm_home_dirs',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_home_dir_t:dir list_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to search the sysadm
|
|
## users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_read_sysadm_home_content_files',`
|
|
ifdef(`targeted_policy',`
|
|
gen_require(`
|
|
type user_home_dir_t, user_home_t;
|
|
')
|
|
|
|
dontaudit $1 user_home_dir_t:dir search_dir_perms;
|
|
dontaudit $1 user_home_t:dir search_dir_perms;
|
|
dontaudit $1 user_home_t:file r_file_perms;
|
|
',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t, sysadm_home_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_home_dir_t:dir search_dir_perms;
|
|
dontaudit $1 sysadm_home_t:dir search_dir_perms;
|
|
dontaudit $1 sysadm_home_t:file r_file_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create objects in sysadm home directories
|
|
## with automatic file type transition.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="private type">
|
|
## <summary>
|
|
## The type of the object to be created.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="object_class">
|
|
## <summary>
|
|
## The class of the object to be created.
|
|
## If not specified, file is used.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sysadm_home_dir_filetrans',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
allow $1 sysadm_home_dir_t:dir rw_dir_perms;
|
|
type_transition $1 sysadm_home_dir_t:$3 $2;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search the sysadm users home sub directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_sysadm_home_content_dirs',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t, sysadm_home_t;
|
|
')
|
|
|
|
allow $1 { sysadm_home_dir_t sysadm_home_t }:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read files in the sysadm users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_sysadm_home_content_files',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t, sysadm_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 { sysadm_home_dir_t sysadm_home_t }:dir r_dir_perms;
|
|
allow $1 sysadm_home_t:{ file lnk_file } r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_all_users_home_dirs',`
|
|
gen_require(`
|
|
attribute home_dir_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 home_dir_type:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_list_all_users_home_dirs',`
|
|
gen_require(`
|
|
attribute home_dir_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 home_dir_type:dir list_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_all_users_home_content',`
|
|
gen_require(`
|
|
attribute home_dir_type, home_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 { home_dir_type home_type }:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to search all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_search_all_users_home_content',`
|
|
gen_require(`
|
|
attribute home_dir_type, home_type;
|
|
')
|
|
|
|
dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all files in all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_all_users_home_content_files',`
|
|
gen_require(`
|
|
attribute home_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 home_type:dir r_dir_perms;
|
|
allow $1 home_type:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete all directories
|
|
## in all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_all_users_home_content_dirs',`
|
|
gen_require(`
|
|
attribute home_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 home_type:dir create_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete all files
|
|
## in all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_all_users_home_content_files',`
|
|
gen_require(`
|
|
attribute home_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 home_type:dir rw_dir_perms;
|
|
allow $1 home_type:file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete all symlinks
|
|
## in all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_all_users_home_content_symlinks',`
|
|
gen_require(`
|
|
attribute home_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 home_type:dir rw_dir_perms;
|
|
allow $1 home_type:lnk_file create_lnk_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make the specified domain a privileged
|
|
## home directory manager.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Make the specified domain a privileged
|
|
## home directory manager. This domain will be
|
|
## able to manage the contents of all users
|
|
## general home directory content, and create
|
|
## files with the correct context.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_priveleged_home_dir_manager',`
|
|
gen_require(`
|
|
attribute privhome;
|
|
')
|
|
|
|
files_list_home($1)
|
|
typeattribute $1 privhome;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send general signals to unprivileged user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_signal_unpriv_users',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
allow $1 unpriv_userdomain:process signal;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Inherit the file descriptors from unprivileged user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_unpriv_users_fds',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
allow $1 unpriv_userdomain:fd use;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to inherit the
|
|
## file descriptors from all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_unpriv_user_fds',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
dontaudit $1 unpriv_userdomain:fd use;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create generic user home directories
|
|
## with automatic file type transition.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_home_filetrans_generic_user_home_dir',`
|
|
gen_require(`
|
|
type user_home_dir_t;
|
|
')
|
|
|
|
files_home_filetrans($1,user_home_dir_t,dir)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search generic user home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_generic_user_home_dirs',`
|
|
gen_require(`
|
|
type user_home_dir_t;
|
|
')
|
|
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create objects in generic user home directories
|
|
## with automatic file type transition.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="object_class">
|
|
## <summary>
|
|
## The class of the object to be created.
|
|
## If not specified, file is used.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_generic_user_home_dir_filetrans_generic_user_home_content',`
|
|
gen_require(`
|
|
type user_home_dir_t, user_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir rw_dir_perms;
|
|
type_transition $1 user_home_dir_t:$2 user_home_t;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Don't audit search on the user home subdirectory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_search_generic_user_home_dirs',`
|
|
gen_require(`
|
|
type user_home_t;
|
|
')
|
|
|
|
dontaudit $1 user_home_t:dir search;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete
|
|
## subdirectories of generic user
|
|
## home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_generic_user_home_content_dirs',`
|
|
gen_require(`
|
|
type user_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
allow $1 user_home_t:dir create_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read files in generic user home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_generic_user_home_content_files',`
|
|
gen_require(`
|
|
type user_home_t, user_home_dir_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
allow $1 user_home_t:dir r_dir_perms;
|
|
allow $1 user_home_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete files
|
|
## in generic user home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_generic_user_home_content_files',`
|
|
gen_require(`
|
|
type user_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
allow $1 user_home_t:dir rw_dir_perms;
|
|
allow $1 user_home_t:file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete symbolic
|
|
## links in generic user home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_generic_user_home_content_symlinks',`
|
|
gen_require(`
|
|
type user_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
allow $1 user_home_t:dir rw_dir_perms;
|
|
allow $1 user_home_t:lnk_file create_lnk_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete named
|
|
## pipes in generic user home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_generic_user_home_content_pipes',`
|
|
gen_require(`
|
|
type user_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
allow $1 user_home_t:dir rw_dir_perms;
|
|
allow $1 user_home_t:fifo_file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete named
|
|
## sockets in generic user home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_generic_user_home_content_sockets',`
|
|
gen_require(`
|
|
type user_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
allow $1 user_home_t:dir rw_dir_perms;
|
|
allow $1 user_home_t:sock_file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search all unprivileged users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_unpriv_users_home_dirs',`
|
|
gen_require(`
|
|
attribute user_home_dir_type;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_type:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all unprivileged users home directory
|
|
## files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_unpriv_users_home_content_files',`
|
|
gen_require(`
|
|
attribute user_home_dir_type, user_home_type;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_type:dir search_dir_perms;
|
|
allow $1 user_home_type:dir r_dir_perms;
|
|
allow $1 user_home_type:lnk_file { getattr read };
|
|
allow $1 user_home_type:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete directories in
|
|
## unprivileged users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_unpriv_users_home_content_dirs',`
|
|
gen_require(`
|
|
attribute user_home_dir_type, user_home_type;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_type:dir search_dir_perms;
|
|
allow $1 user_home_type:dir manage_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete files in
|
|
## unprivileged users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_unpriv_users_home_content_files',`
|
|
gen_require(`
|
|
attribute user_home_dir_type, user_home_type;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_type:dir search_dir_perms;
|
|
allow $1 user_home_type:dir rw_dir_perms;
|
|
allow $1 user_home_type:file manage_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Set the attributes of user ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_setattr_unpriv_users_ptys',`
|
|
gen_require(`
|
|
attribute user_ptynode;
|
|
')
|
|
|
|
allow $1 user_ptynode:chr_file setattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write unprivileged user ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_unpriv_users_ptys',`
|
|
ifdef(`targeted_policy',`
|
|
term_use_generic_ptys($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_ptynode;
|
|
')
|
|
|
|
term_search_ptys($1)
|
|
allow $1 user_ptynode:chr_file rw_file_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to use unprivileged
|
|
## user ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_unpriv_users_ptys',`
|
|
ifdef(`targeted_policy',`
|
|
term_dontaudit_use_generic_ptys($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_ptynode;
|
|
')
|
|
|
|
dontaudit $1 user_ptynode:chr_file rw_file_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel files to unprivileged user pty types.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_relabelto_unpriv_users_ptys',`
|
|
gen_require(`
|
|
attribute user_ptynode;
|
|
')
|
|
|
|
allow $1 user_ptynode:chr_file relabelto;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to relabel files from
|
|
## unprivileged user pty types.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_relabelfrom_unpriv_users_ptys',`
|
|
gen_require(`
|
|
attribute user_ptynode;
|
|
')
|
|
|
|
dontaudit $1 user_ptynode:chr_file relabelfrom;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all unprivileged users temporary directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_list_unpriv_users_tmp',`
|
|
ifdef(`targeted_policy',`
|
|
files_list_tmp($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_tmpfile;
|
|
')
|
|
|
|
allow $1 user_tmpfile:dir list_dir_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all unprivileged users temporary files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_unpriv_users_tmp_files',`
|
|
ifdef(`targeted_policy',`
|
|
files_read_generic_tmp_files($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_tmpfile;
|
|
')
|
|
|
|
allow $1 user_tmpfile:file { read getattr };
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all unprivileged users temporary symbolic links.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_unpriv_users_tmp_symlinks',`
|
|
ifdef(`targeted_policy',`
|
|
files_read_generic_tmp_symlinks($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_tmpfile;
|
|
')
|
|
|
|
allow $1 user_tmpfile:lnk_file { getattr read };
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Write all unprivileged users files in /tmp
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_write_unpriv_users_tmp_files',`
|
|
gen_require(`
|
|
attribute user_tmpfile;
|
|
')
|
|
|
|
allow $1 user_tmpfile:file { getattr write append };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write unprivileged user ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_unpriv_users_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_use_unallocated_ttys($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_ttynode;
|
|
')
|
|
|
|
allow $1 user_ttynode:chr_file rw_file_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to use unprivileged
|
|
## user ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_unpriv_users_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_dontaudit_use_unallocated_ttys($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_ttynode;
|
|
')
|
|
|
|
dontaudit $1 user_ttynode:chr_file rw_file_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read the process state of all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_all_users_state',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
allow $1 userdomain:dir search_dir_perms;
|
|
allow $1 userdomain:file r_file_perms;
|
|
kernel_search_proc($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_getattr_all_users',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
allow $1 userdomain:process getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Inherit the file descriptors from all user domains
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_all_users_fds',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
allow $1 userdomain:fd use;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to inherit the file
|
|
## descriptors from any user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_all_users_fds',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
dontaudit $1 userdomain:fd use;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send general signals to all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_signal_all_users',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
allow $1 userdomain:process signal;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send a SIGCHLD signal to all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sigchld_all_users',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
allow $1 userdomain:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create keys for all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_create_all_users_keys',`
|
|
ifdef(`strict_policy',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
allow $1 userdomain:key create;
|
|
',`
|
|
unconfined_create_keys($1)
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send a dbus message to all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dbus_send_all_users',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
class dbus send_msg;
|
|
')
|
|
|
|
allow $1 userdomain:dbus send_msg;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Unconfined access to user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_unconfined',`
|
|
gen_require(`
|
|
type user_home_dir_t;
|
|
')
|
|
|
|
allow $1 user_home_dir_t:dir create_dir_perms;
|
|
files_home_filetrans($1,user_home_dir_t,dir)
|
|
')
|