36c3a7903c
Signed-off-by: Daniel Burgener <dburgener@tresys.com>
769 lines
15 KiB
Plaintext
769 lines
15 KiB
Plaintext
## <summary>
|
|
## Core policy for shells, and generic programs
|
|
## in /bin, /sbin, /usr/bin, and /usr/sbin.
|
|
## </summary>
|
|
## <required val="true">
|
|
## Contains the base bin and sbin directory types
|
|
## which need to be searched for the kernel to
|
|
## run init.
|
|
## </required>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make the specified type usable for files
|
|
## that are exectuables, such as binary programs.
|
|
## This does not include shared libraries.
|
|
## </summary>
|
|
## <param name="type">
|
|
## <summary>
|
|
## Type to be used for files.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_executable_file',`
|
|
gen_require(`
|
|
attribute exec_type;
|
|
')
|
|
|
|
typeattribute $1 exec_type;
|
|
|
|
files_type($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make general progams in bin an entrypoint for
|
|
## the specified domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## The domain for which bin_t is an entrypoint.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_bin_entry_type',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
domain_entry_file($1, bin_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make the shell an entrypoint for the specified domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## The domain for which the shell is an entrypoint.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_shell_entry_type',`
|
|
gen_require(`
|
|
type shell_exec_t;
|
|
')
|
|
|
|
domain_entry_file($1, shell_exec_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search the contents of bin directories.
|
|
## Also allow to read a possible /bin->/usr/bin symlink.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_search_bin',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
read_lnk_files_pattern($1, bin_t, bin_t)
|
|
files_search_usr($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to search the contents of bin directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_dontaudit_search_bin',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
dontaudit $1 bin_t:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List the contents of bin directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_list_bin',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
list_dirs_pattern($1, bin_t, bin_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to write bin directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_dontaudit_write_bin_dirs',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
dontaudit $1 bin_t:dir write;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of files in bin directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_getattr_bin_files',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
getattr_files_pattern($1, bin_t, bin_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to get the attributes of files in bin directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_dontaudit_getattr_bin_files',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
dontaudit $1 bin_t:dir search_dir_perms;
|
|
dontaudit $1 bin_t:file getattr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Check if files in bin directories are executable (DAC-wise)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_check_exec_bin_files',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
allow $1 bin_t:dir search_dir_perms;
|
|
allow $1 bin_t:file { execute getattr };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read files in bin directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_read_bin_files',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
read_files_pattern($1, bin_t, bin_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to write bin files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_dontaudit_write_bin_files',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
dontaudit $1 bin_t:file write;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read symbolic links in bin directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_read_bin_symlinks',`
|
|
refpolicywarn(`$0() has been deprecated, please use corecmd_search_bin() instead.')
|
|
|
|
corecmd_search_bin($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read pipes in bin directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_read_bin_pipes',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
read_fifo_files_pattern($1, bin_t, bin_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read named sockets in bin directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_read_bin_sockets',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
read_sock_files_pattern($1, bin_t, bin_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute generic programs in bin directories,
|
|
## in the caller domain.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Allow the specified domain to execute generic programs
|
|
## in system bin directories (/bin, /sbin, /usr/bin,
|
|
## /usr/sbin) a without domain transition.
|
|
## </p>
|
|
## <p>
|
|
## Typically, this interface should be used when the domain
|
|
## executes general system progams within the privileges
|
|
## of the source domain. Some examples of these programs
|
|
## are ls, cp, sed, python, and tar. This does not include
|
|
## shells, such as bash.
|
|
## </p>
|
|
## <p>
|
|
## Related interface:
|
|
## </p>
|
|
## <ul>
|
|
## <li>corecmd_exec_shell()</li>
|
|
## </ul>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_exec_bin',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_list_bin($1)
|
|
can_exec($1, bin_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete bin files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_manage_bin_files',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
manage_files_pattern($1, bin_t, bin_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel to and from the bin type.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_relabel_bin_files',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
relabel_files_pattern($1, bin_t, bin_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Mmap a bin file as executable.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_mmap_bin_files',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
mmap_exec_files_pattern($1, bin_t, bin_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a file in a bin directory
|
|
## in the specified domain but do not
|
|
## do it automatically. This is an explicit
|
|
## transition, requiring the caller to use setexeccon().
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Execute a file in a bin directory
|
|
## in the specified domain. This allows
|
|
## the specified domain to execute any file
|
|
## on these filesystems in the specified
|
|
## domain. This is not suggested.
|
|
## </p>
|
|
## <p>
|
|
## No interprocess communication (signals, pipes,
|
|
## etc.) is provided by this interface since
|
|
## the domains are not owned by this module.
|
|
## </p>
|
|
## <p>
|
|
## This interface was added to handle
|
|
## the userhelper policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="target_domain">
|
|
## <summary>
|
|
## The type of the new process.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_bin_spec_domtrans',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
domain_transition_pattern($1, bin_t, $2)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a file in a bin directory
|
|
## in the specified domain.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Execute a file in a bin directory
|
|
## in the specified domain. This allows
|
|
## the specified domain to execute any file
|
|
## on these filesystems in the specified
|
|
## domain. This is not suggested.
|
|
## </p>
|
|
## <p>
|
|
## No interprocess communication (signals, pipes,
|
|
## etc.) is provided by this interface since
|
|
## the domains are not owned by this module.
|
|
## </p>
|
|
## <p>
|
|
## This interface was added to handle
|
|
## the ssh-agent policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="target_domain">
|
|
## <summary>
|
|
## The type of the new process.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_bin_domtrans',`
|
|
gen_require(`
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_bin_spec_domtrans($1, $2)
|
|
type_transition $1 bin_t:process $2;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Check if a shell is executable (DAC-wise).
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_check_exec_shell',`
|
|
gen_require(`
|
|
type shell_exec_t;
|
|
')
|
|
|
|
corecmd_list_bin($1)
|
|
allow $1 shell_exec_t:file execute;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute shells in the caller domain.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Allow the specified domain to execute shells without
|
|
## a domain transition.
|
|
## </p>
|
|
## <p>
|
|
## Typically, this interface should be used when the domain
|
|
## executes shells within the privileges
|
|
## of the source domain. Some examples of these programs
|
|
## are bash, tcsh, and zsh.
|
|
## </p>
|
|
## <p>
|
|
## Related interface:
|
|
## </p>
|
|
## <ul>
|
|
## <li>corecmd_exec_bin()</li>
|
|
## </ul>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_exec_shell',`
|
|
gen_require(`
|
|
type shell_exec_t;
|
|
')
|
|
|
|
corecmd_list_bin($1)
|
|
can_exec($1, shell_exec_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a shell in the target domain. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Execute a shell in the target domain. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </p>
|
|
## <p>
|
|
## No interprocess communication (signals, pipes,
|
|
## etc.) is provided by this interface since
|
|
## the domains are not owned by this module.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="target_domain">
|
|
## <summary>
|
|
## The type of the shell process.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_shell_spec_domtrans',`
|
|
gen_require(`
|
|
type shell_exec_t;
|
|
')
|
|
|
|
corecmd_list_bin($1)
|
|
domain_transition_pattern($1, shell_exec_t, $2)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a shell in the specified domain.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Execute a shell in the specified domain.
|
|
## </p>
|
|
## <p>
|
|
## No interprocess communication (signals, pipes,
|
|
## etc.) is provided by this interface since
|
|
## the domains are not owned by this module.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="target_domain">
|
|
## <summary>
|
|
## The type of the shell process.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_shell_domtrans',`
|
|
gen_require(`
|
|
type shell_exec_t;
|
|
')
|
|
|
|
corecmd_shell_spec_domtrans($1, $2)
|
|
type_transition $1 shell_exec_t:process $2;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute chroot in the caller domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_exec_chroot',`
|
|
gen_require(`
|
|
type chroot_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
can_exec($1, chroot_exec_t)
|
|
allow $1 self:capability sys_chroot;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of all executable files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`corecmd_getattr_all_executables',`
|
|
gen_require(`
|
|
attribute exec_type;
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_list_bin($1)
|
|
getattr_files_pattern($1, bin_t, exec_type)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all executable files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`corecmd_read_all_executables',`
|
|
gen_require(`
|
|
attribute exec_type;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
read_files_pattern($1, exec_type, exec_type)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute all executable files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`corecmd_exec_all_executables',`
|
|
gen_require(`
|
|
attribute exec_type;
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_list_bin($1)
|
|
can_exec($1, exec_type)
|
|
read_lnk_files_pattern($1, bin_t, exec_type)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to execute all executables.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_dontaudit_exec_all_executables',`
|
|
gen_require(`
|
|
attribute exec_type;
|
|
')
|
|
|
|
dontaudit $1 exec_type:file { execute execute_no_trans };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and all executable files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`corecmd_manage_all_executables',`
|
|
gen_require(`
|
|
attribute exec_type;
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
manage_files_pattern($1, bin_t, exec_type)
|
|
manage_lnk_files_pattern($1, bin_t, bin_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel to and from the bin type.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`corecmd_relabel_all_executables',`
|
|
gen_require(`
|
|
attribute exec_type;
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
relabel_files_pattern($1, bin_t, exec_type)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Mmap all executables as executable.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`corecmd_mmap_all_executables',`
|
|
gen_require(`
|
|
attribute exec_type;
|
|
type bin_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
mmap_exec_files_pattern($1, bin_t, exec_type)
|
|
')
|