nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b91c6062ac
selinux-refpolicy/policy/modules/apps/qemu.if
Christian Göttsche 6c5928d65a Use correct interface or template declaration 
Following the guideline of interfaces not allowed to declare anything
and not use prefix parameters, declare interfaces doing so as templates.

Also declare templates not using those features and not calling
templates themselves as interfaces.

These changes originate from the discussion in
https://github.com/TresysTechnology/selint/issues/205 and are found by
new proposed SELint checks at
https://github.com/TresysTechnology/selint/pull/206.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2021-05-13 17:22:59 +02:00

428 lines
8.1 KiB
Plaintext
Raw Blame History

## <summary>QEMU machine emulator and virtualizer.</summary>
#######################################
## <summary>
## The template to define a qemu domain.
## </summary>
## <param name="domain_prefix">
## <summary>
## Domain prefix to be used.
## </summary>
## </param>
#
template(`qemu_domain_template',`
##############################
#
# Declarations
#
type $1_t;
domain_type($1_t)
type $1_tmp_t;
files_tmp_file($1_tmp_t)
##############################
#
# Policy
#
allow $1_t self:capability { dac_override dac_read_search };
allow $1_t self:process { execstack execmem signal getsched };
allow $1_t self:fifo_file rw_fifo_file_perms;
allow $1_t self:shm create_shm_perms;
allow $1_t self:unix_stream_socket create_stream_socket_perms;
allow $1_t self:tcp_socket create_stream_socket_perms;
allow $1_t self:tun_socket create;
manage_dirs_pattern($1_t, $1_tmp_t, $1_tmp_t)
manage_files_pattern($1_t, $1_tmp_t, $1_tmp_t)
files_tmp_filetrans($1_t, $1_tmp_t, { file dir })
kernel_read_system_state($1_t)
corenet_all_recvfrom_netlabel($1_t)
corenet_tcp_sendrecv_generic_if($1_t)
corenet_tcp_sendrecv_generic_node($1_t)
corenet_tcp_bind_generic_node($1_t)
corenet_tcp_bind_vnc_port($1_t)
corenet_rw_tun_tap_dev($1_t)
# dev_rw_kvm($1_t)
domain_use_interactive_fds($1_t)
files_read_etc_files($1_t)
files_read_usr_files($1_t)
files_read_var_files($1_t)
files_search_all($1_t)
fs_list_inotifyfs($1_t)
fs_rw_anon_inodefs_files($1_t)
fs_rw_tmpfs_files($1_t)
storage_raw_write_removable_device($1_t)
storage_raw_read_removable_device($1_t)
term_use_ptmx($1_t)
term_getattr_pty_fs($1_t)
term_use_generic_ptys($1_t)
miscfiles_read_localization($1_t)
sysnet_read_config($1_t)
userdom_use_user_terminals($1_t)
userdom_attach_admin_tun_iface($1_t)
optional_policy(`
samba_domtrans_smbd($1_t)
')
optional_policy(`
virt_manage_images($1_t)
virt_read_config($1_t)
virt_read_lib_files($1_t)
virt_attach_tun_iface($1_t)
')
optional_policy(`
xserver_stream_connect($1_t)
xserver_read_xdm_tmp_files($1_t)
xserver_read_xdm_pid($1_t)
# xserver_xdm_rw_shm($1_t)
')
')
########################################
## <summary>
## Role access for qemu.
## </summary>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <param name="domain">
## <summary>
## User domain for the role.
## </summary>
## </param>
#
interface(`qemu_role',`
gen_require(`
type qemu_t;
')
qemu_run($2, $1)
allow $2 qemu_t:process { ptrace signal_perms };
ps_process_pattern($2, qemu_t)
')
########################################
## <summary>
## Execute a domain transition to run qemu.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`qemu_domtrans',`
gen_require(`
type qemu_t, qemu_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, qemu_exec_t, qemu_t)
')
########################################
## <summary>
## Execute a qemu in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`qemu_exec',`
gen_require(`
type qemu_exec_t;
')
corecmd_search_bin($1)
can_exec($1, qemu_exec_t)
')
########################################
## <summary>
## Execute qemu in the qemu domain,
## and allow the specified role the
## qemu domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`qemu_run',`
gen_require(`
attribute_role qemu_roles;
')
qemu_domtrans($1)
roleattribute $2 qemu_roles;
')
########################################
## <summary>
## Read qemu process state files.
## </summary>
## <param name="domain">
## <summary>
## Domain to allow access.
## </summary>
## </param>
#
interface(`qemu_read_state',`
gen_require(`
type qemu_t;
')
kernel_search_proc($1)
allow $1 qemu_t:dir list_dir_perms;
allow $1 qemu_t:file read_file_perms;
allow $1 qemu_t:lnk_file read_lnk_file_perms;
')
########################################
## <summary>
## Set qemu scheduler.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`qemu_setsched',`
gen_require(`
type qemu_t;
')
allow $1 qemu_t:process setsched;
')
########################################
## <summary>
## Send generic signals to qemu.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`qemu_signal',`
gen_require(`
type qemu_t;
')
allow $1 qemu_t:process signal;
')
########################################
## <summary>
## Send kill signals to qemu.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`qemu_kill',`
gen_require(`
type qemu_t;
')
allow $1 qemu_t:process sigkill;
')
########################################
## <summary>
## Connect to qemu with a unix
## domain stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`qemu_stream_connect',`
gen_require(`
type qemu_t, qemu_runtime_t;
')
files_search_runtime($1)
stream_connect_pattern($1, qemu_runtime_t, qemu_runtime_t, qemu_t)
')
########################################
## <summary>
## Unlink qemu socket (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`qemu_delete_pid_sock_file',`
refpolicywarn(`$0($*) has been deprecated, please use qemu_delete_runtime_sock_files() instead.')
qemu_delete_runtime_sock_files($1)
')
########################################
## <summary>
## Unlink qemu runtime sockets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`qemu_delete_runtime_sock_files',`
gen_require(`
type qemu_runtime_t;
')
allow $1 qemu_runtime_t:sock_file unlink;
')
########################################
## <summary>
## Execute a domain transition to
## run qemu unconfined.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`qemu_domtrans_unconfined',`
gen_require(`
type unconfined_qemu_t, qemu_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, qemu_exec_t, unconfined_qemu_t)
')
########################################
## <summary>
## Create, read, write, and delete
## qemu temporary directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`qemu_manage_tmp_dirs',`
gen_require(`
type qemu_tmp_t;
')
files_search_tmp($1)
manage_dirs_pattern($1, qemu_tmp_t, qemu_tmp_t)
')
########################################
## <summary>
## Create, read, write, and delete
## qemu temporary files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`qemu_manage_tmp_files',`
gen_require(`
type qemu_tmp_t;
')
files_search_tmp($1)
manage_files_pattern($1, qemu_tmp_t, qemu_tmp_t)
')
########################################
## <summary>
## Execute qemu in a specified domain.
## </summary>
## <desc>
## <p>
## Execute qemu in a specified domain.
## </p>
## <p>
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
## </p>
## </desc>
## <param name="source_domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
## <param name="target_domain">
## <summary>
## Domain to transition to.
## </summary>
## </param>
#
interface(`qemu_spec_domtrans',`
gen_require(`
type qemu_exec_t;
')
corecmd_search_bin($1)
domain_auto_transition_pattern($1, qemu_exec_t, $2)
')
######################################
## <summary>
## Make qemu executable files an
## entrypoint for the specified domain.
## </summary>
## <param name="domain">
## <summary>
## The domain for which qemu_exec_t is an entrypoint.
## </summary>
## </param>
#
interface(`qemu_entry_type',`
gen_require(`
type qemu_exec_t;
')
domain_entry_file($1, qemu_exec_t)
')
Reference in New Issue View Git Blame Copy Permalink