diff -urN orig/macros/admin_macros.te mod/macros/admin_macros.te --- orig/macros/admin_macros.te 2004-10-11 10:03:26.000000000 +0200 +++ mod/macros/admin_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -14,9 +14,12 @@ # undefine(`admin_domain') define(`admin_domain',` +# define an attribute for all files created by this role +attribute $1_domain_file_type; + # Type for home directory. -type $1_home_dir_t, file_type, sysadmfile, home_dir_type, home_type; -type $1_home_t, file_type, sysadmfile, home_type; +type $1_home_dir_t, file_type, sysadmfile, home_dir_type, home_type, $1_domain_file_type; +type $1_home_t, file_type, sysadmfile, home_type, $1_domain_file_type; # Type and access for pty devices. can_create_pty($1) diff -urN orig/macros/program/apache_macros.te mod/macros/program/apache_macros.te --- orig/macros/program/apache_macros.te 2004-10-17 13:07:14.000000000 +0200 +++ mod/macros/program/apache_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -18,18 +18,23 @@ file_type_auto_trans(httpd_$1_script_t, tmp_t, $1_tmp_t) ', ` +ifelse($1, sys, ` #This type is for webpages # type httpd_$1_content_t, file_type, homedirfile, sysadmfile; -ifelse($1, sys, ` typealias httpd_sys_content_t alias httpd_sysadm_content_t; -') # This type is used for .htaccess files # type httpd_$1_htaccess_t, file_type, sysadmfile; type httpd_$1_script_exec_t, file_type, sysadmfile; +', ` +# same as above, add $1_domain_file_type attribute +type httpd_$1_content_t, file_type, homedirfile, sysadmfile, $1_domain_file_type; +type httpd_$1_htaccess_t, file_type, sysadmfile, $1_domain_file_type; +type httpd_$1_script_exec_t, file_type, sysadmfile, $1_domain_file_type; +') # Type that CGI scripts run as type httpd_$1_script_t, domain, privmail; @@ -69,13 +74,20 @@ uncond_can_ypbind(httpd_$1_script_t) } ') + +ifelse($1, `sys', ` # The following are the only areas that # scripts can read, read/write, or append to # type httpd_$1_script_ro_t, file_type, sysadmfile; type httpd_$1_script_rw_t, file_type, sysadmfile; -file_type_auto_trans(httpd_$1_script_t, tmp_t, httpd_$1_script_rw_t) type httpd_$1_script_ra_t, file_type, sysadmfile; +', ` +type httpd_$1_script_ro_t, file_type, sysadmfile, $1_domain_file_type; +type httpd_$1_script_rw_t, file_type, sysadmfile, $1_domain_file_type; +type httpd_$1_script_ra_t, file_type, sysadmfile, $1_domain_file_type; +') +file_type_auto_trans(httpd_$1_script_t, tmp_t, httpd_$1_script_rw_t) ifdef(`slocate.te', ` ifelse($1, `sys', `', ` diff -urN orig/macros/program/crond_macros.te mod/macros/program/crond_macros.te --- orig/macros/program/crond_macros.te 2004-09-11 14:31:47.000000000 +0200 +++ mod/macros/program/crond_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -36,7 +36,7 @@ r_dir_file($1_crond_t, selinux_config_t) # Type of user crontabs once moved to cron spool. -type $1_cron_spool_t, file_type, sysadmfile; +type $1_cron_spool_t, file_type, sysadmfile ifelse($1, `system', `', `, $1_domain_file_type'); ifdef(`fcron.te', ` allow crond_t $1_cron_spool_t:file create_file_perms; diff -urN orig/macros/program/fingerd_macros.te mod/macros/program/fingerd_macros.te --- orig/macros/program/fingerd_macros.te 2003-08-14 14:37:36.000000000 +0200 +++ mod/macros/program/fingerd_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -10,6 +10,6 @@ # allow fingerd to create a fingerlog file in the user home dir # define(`fingerd_macro', ` -type $1_home_fingerlog_t, file_type, sysadmfile; +type $1_home_fingerlog_t, file_type, sysadmfile, $1_domain_file_type; file_type_auto_trans(fingerd_t, $1_home_dir_t, $1_home_fingerlog_t) ') diff -urN orig/macros/program/gpg_agent_macros.te mod/macros/program/gpg_agent_macros.te --- orig/macros/program/gpg_agent_macros.te 2004-09-21 22:24:44.000000000 +0200 +++ mod/macros/program/gpg_agent_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -58,7 +58,7 @@ allow $1_gpg_agent_t self:fifo_file { getattr read write }; # create /tmp files -tmp_domain($1_gpg_agent) +tmp_domain($1_gpg_agent, `, $1_domain_file_type') # gpg connect allow $1_gpg_t $1_gpg_agent_tmp_t:dir { search }; diff -urN orig/macros/program/gpg_macros.te mod/macros/program/gpg_macros.te --- orig/macros/program/gpg_macros.te 2004-09-11 14:31:47.000000000 +0200 +++ mod/macros/program/gpg_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -25,7 +25,7 @@ allow $1_t self:capability { setuid }; ', ` type $1_gpg_t, domain, privlog; -type $1_gpg_secret_t, file_type, homedirfile, sysadmfile; +type $1_gpg_secret_t, file_type, homedirfile, sysadmfile, $1_domain_file_type; ')dnl end ifdef single_userdomain # Transition from the user domain to the derived domain. diff -urN orig/macros/program/irc_macros.te mod/macros/program/irc_macros.te --- orig/macros/program/irc_macros.te 2004-03-23 21:58:10.000000000 +0100 +++ mod/macros/program/irc_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -24,8 +24,8 @@ ', ` # Derived domain based on the calling user domain and the program. type $1_irc_t, domain; -type $1_home_irc_t, file_type, homedirfile, sysadmfile; -type $1_irc_exec_t, file_type, sysadmfile; +type $1_home_irc_t, file_type, homedirfile, sysadmfile, $1_domain_file_type; +type $1_irc_exec_t, file_type, sysadmfile, $1_domain_file_type; ifdef(`slocate.te', ` allow $1_locate_t { $1_home_irc_t $1_irc_exec_t }:dir { getattr search }; diff -urN orig/macros/program/lpr_macros.te mod/macros/program/lpr_macros.te --- orig/macros/program/lpr_macros.te 2004-09-11 14:31:47.000000000 +0200 +++ mod/macros/program/lpr_macros.te 2004-10-25 23:28:02.000000000 +0200 @@ -54,11 +54,11 @@ r_dir_file($1_lpr_t, printconf_t) ') -tmp_domain($1_lpr) +tmp_domain($1_lpr, `, $1_domain_file_type') r_dir_file($1_lpr_t, $1_tmp_t) # Type for spool files. -type $1_print_spool_t, file_type, sysadmfile; +type $1_print_spool_t, file_type, sysadmfile, $1_domain_file_type; # Use this type when creating files in /var/spool/lpd and /var/spool/cups. file_type_auto_trans($1_lpr_t, print_spool_t, $1_print_spool_t, file) allow $1_lpr_t var_spool_t:dir { search }; diff -urN orig/macros/program/restorecon_macros.te mod/macros/program/restorecon_macros.te --- orig/macros/program/restorecon_macros.te 1970-01-01 01:00:00.000000000 +0100 +++ mod/macros/program/restorecon_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -0,0 +1,34 @@ +# Macro for the user restorecon domain +# +# Allow the user to call restorecon and to relabel all his files +# +# Author: Thomas Bleher +# + +define(`restorecon_domain', ` + +type $1_restorecon_t, domain; +role $1_r types $1_restorecon_t; + +domain_auto_trans($1_t, restorecon_exec_t, $1_restorecon_t) + +base_file_read_access($1_restorecon_t) +uses_shlib($1_restorecon_t) + +allow $1_restorecon_t $1_devpts_t:chr_file { read write }; + +allow $1_restorecon_t privfd:fd use; + +r_dir_file($1_restorecon_t, selinux_config_t) +r_dir_file($1_restorecon_t, default_context_t) +r_dir_file($1_restorecon_t, file_context_t) +r_dir_file($1_restorecon_t, policy_config_t) + +allow $1_restorecon_t proc_t:dir search; +allow $1_restorecon_t proc_t:file { getattr read }; +dontaudit $1_restorecon_t proc_t:lnk_file { getattr read }; + +allow $1_restorecon_t { tmp_t $1_domain_file_type }:dir { getattr search }; +allow $1_restorecon_t $1_domain_file_type:{ notdevfile_class_set dir } { getattr relabelfrom relabelto }; + +') diff -urN orig/macros/program/rssh_macros.te mod/macros/program/rssh_macros.te --- orig/macros/program/rssh_macros.te 2004-09-23 11:38:30.000000000 +0200 +++ mod/macros/program/rssh_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -19,8 +19,8 @@ role rssh_$1_r types rssh_$1_t; allow system_r rssh_$1_r; -type rssh_$1_rw_t, file_type, sysadmfile; -type rssh_$1_ro_t, file_type, sysadmfile; +type rssh_$1_rw_t, file_type, sysadmfile, $1_domain_file_type; +type rssh_$1_ro_t, file_type, sysadmfile, $1_domain_file_type; general_domain_access(rssh_$1_t); uses_shlib(rssh_$1_t); diff -urN orig/macros/program/screen_macros.te mod/macros/program/screen_macros.te --- orig/macros/program/screen_macros.te 2004-10-11 10:03:26.000000000 +0200 +++ mod/macros/program/screen_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -26,12 +26,12 @@ typealias $1_home_t alias $1_home_screen_t; ', ` type $1_screen_t, domain, privlog, privfd; -type $1_home_screen_t, file_type, homedirfile, sysadmfile; +type $1_home_screen_t, file_type, homedirfile, sysadmfile, $1_domain_file_type; # Transition from the user domain to this domain. domain_auto_trans($1_t, screen_exec_t, $1_screen_t) -tmp_domain($1_screen) +tmp_domain($1_screen, `, $1_domain_file_type') base_file_read_access($1_screen_t) # The user role is authorized for this domain. role $1_r types $1_screen_t; @@ -72,7 +72,7 @@ # Create fifo allow $1_screen_t var_t:dir search; file_type_auto_trans($1_screen_t, var_run_t, screen_dir_t, dir) -type $1_screen_var_run_t, file_type, sysadmfile, pidfile; +type $1_screen_var_run_t, file_type, sysadmfile, pidfile, $1_domain_file_type; file_type_auto_trans($1_screen_t, screen_dir_t, $1_screen_var_run_t, fifo_file) allow $1_screen_t self:process { fork signal_perms }; diff -urN orig/macros/program/spamassassin_macros.te mod/macros/program/spamassassin_macros.te --- orig/macros/program/spamassassin_macros.te 2004-10-14 13:09:56.000000000 +0200 +++ mod/macros/program/spamassassin_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -80,7 +80,7 @@ dontaudit $1_spamassassin_t { sysctl_t sysctl_kernel_t }:dir search; # The type of ~/.spamassassin -type $1_home_spamassassin_t, file_type, homedirfile, sysadmfile; +type $1_home_spamassassin_t, file_type, homedirfile, sysadmfile, $1_domain_file_type; create_dir_file($1_t, $1_home_spamassassin_t) allow $1_t $1_home_spamassassin_t:notdevfile_class_set { relabelfrom relabelto }; allow $1_t $1_home_spamassassin_t:dir { relabelfrom relabelto }; diff -urN orig/macros/program/ssh_macros.te mod/macros/program/ssh_macros.te --- orig/macros/program/ssh_macros.te 2004-10-17 13:07:15.000000000 +0200 +++ mod/macros/program/ssh_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -26,7 +26,7 @@ ', ` # Derived domain based on the calling user domain and the program. type $1_ssh_t, domain, privlog; -type $1_home_ssh_t, file_type, homedirfile, sysadmfile; +type $1_home_ssh_t, file_type, homedirfile, sysadmfile, $1_domain_file_type; ifdef(`automount.te', ` allow $1_ssh_t autofs_t:dir { search getattr }; diff -urN orig/macros/program/tvtime_macros.te mod/macros/program/tvtime_macros.te --- orig/macros/program/tvtime_macros.te 2004-10-05 20:52:36.000000000 +0200 +++ mod/macros/program/tvtime_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -19,7 +19,7 @@ ifdef(`tvtime.te', ` define(`tvtime_domain',` # Derived domain based on the calling user domain and the program. -type $1_home_tvtime_t, file_type, homedirfile, sysadmfile; +type $1_home_tvtime_t, file_type, homedirfile, sysadmfile, $1_domain_file_type; x_client_domain($1, tvtime) diff -urN orig/macros/program/uml_macros.te mod/macros/program/uml_macros.te --- orig/macros/program/uml_macros.te 2004-07-12 23:41:25.000000000 +0200 +++ mod/macros/program/uml_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -25,9 +25,9 @@ ', ` # Derived domain based on the calling user domain and the program. type $1_uml_t, domain; -type $1_uml_exec_t, file_type, sysadmfile; -type $1_uml_ro_t, file_type, sysadmfile; -type $1_uml_rw_t, file_type, sysadmfile; +type $1_uml_exec_t, file_type, sysadmfile, $1_domain_file_type; +type $1_uml_ro_t, file_type, sysadmfile, $1_domain_file_type; +type $1_uml_rw_t, file_type, sysadmfile, $1_domain_file_type; ifdef(`slocate.te', ` allow $1_locate_t { $1_uml_exec_t $1_uml_ro_t $1_uml_rw_t }:dir { getattr search }; diff -urN orig/macros/program/vmware_macros.te mod/macros/program/vmware_macros.te --- orig/macros/program/vmware_macros.te 2004-09-24 17:42:14.000000000 +0200 +++ mod/macros/program/vmware_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -23,10 +23,10 @@ role $1_r types $1_vmware_t; # The user file type is for files created when the user is running VMWare -type $1_vmware_file_t, homedirfile, file_type, sysadmfile; +type $1_vmware_file_t, homedirfile, file_type, sysadmfile, $1_domain_file_type; # The user file type for the VMWare configuration files -type $1_vmware_conf_t, homedirfile, file_type, sysadmfile; +type $1_vmware_conf_t, homedirfile, file_type, sysadmfile, $1_domain_file_type; # for compatibility with older policy versions typealias $1_vmware_t alias vmware_$1_t; diff -urN orig/macros/program/xauth_macros.te mod/macros/program/xauth_macros.te --- orig/macros/program/xauth_macros.te 2004-06-19 10:31:44.000000000 +0200 +++ mod/macros/program/xauth_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -24,7 +24,7 @@ ', ` # Derived domain based on the calling user domain and the program. type $1_xauth_t, domain; -type $1_home_xauth_t, file_type, homedirfile, sysadmfile; +type $1_home_xauth_t, file_type, homedirfile, sysadmfile, $1_domain_file_type; ifdef(`slocate.te', ` allow $1_locate_t $1_home_xauth_t:file { getattr read }; @@ -84,7 +84,7 @@ allow $1_xauth_t home_root_t:dir search; file_type_auto_trans($1_xauth_t, $1_home_dir_t, $1_home_xauth_t, file) -tmp_domain($1_xauth) +tmp_domain($1_xauth, `, $1_domain_file_type') allow $1_xauth_t $1_tmp_t:file { getattr ioctl read }; ifdef(`nfs_home_dirs', ` diff -urN orig/macros/program/x_client_macros.te mod/macros/program/x_client_macros.te --- orig/macros/program/x_client_macros.te 2004-09-11 14:31:47.000000000 +0200 +++ mod/macros/program/x_client_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -30,9 +30,9 @@ ', ` type $1_$2_t, domain $3; # Type for files that are writeable by this domain. -type $1_$2_rw_t, file_type, homedirfile, sysadmfile, tmpfile; +type $1_$2_rw_t, file_type, homedirfile, sysadmfile, tmpfile, $1_domain_file_type; # Type for files that are read-only for this domain -type $1_$2_ro_t, file_type, homedirfile, sysadmfile; +type $1_$2_ro_t, file_type, homedirfile, sysadmfile, $1_domain_file_type; ') # Transition from the user domain to the derived domain. diff -urN orig/macros/user_macros.te mod/macros/user_macros.te --- orig/macros/user_macros.te 2004-10-19 21:15:26.000000000 +0200 +++ mod/macros/user_macros.te 2004-10-25 23:26:44.000000000 +0200 @@ -23,16 +23,16 @@ ')dnl end single_userdomain # Type for home directory. -type $1_home_dir_t, file_type, sysadmfile, home_dir_type, home_type, user_home_dir_type; -type $1_home_t, file_type, sysadmfile, home_type, user_home_type; +type $1_home_dir_t, file_type, sysadmfile, home_dir_type, home_type, user_home_dir_type, $1_domain_file_type; +type $1_home_t, file_type, sysadmfile, home_type, user_home_type, $1_domain_file_type; -tmp_domain($1, `, user_tmpfile') +tmp_domain($1, `, user_tmpfile, $1_domain_file_type') # Type and access for pty devices. -can_create_pty($1, `, userpty_type, user_tty_type') +can_create_pty($1, `, userpty_type, user_tty_type, $1_domain_file_type') #Type for tty devices. -type $1_tty_device_t, file_type, sysadmfile, ttyfile, user_tty_type, dev_fs; +type $1_tty_device_t, file_type, sysadmfile, ttyfile, user_tty_type, dev_fs, $1_domain_file_type; base_user_domain($1) @@ -61,6 +61,7 @@ # user domains. ifdef(`apache.te', `apache_domain($1)') ifdef(`slocate.te', `locate_domain($1)') +ifdef(`restorecon.te', `restorecon_domain($1)') allow $1_t krb5_conf_t:file { getattr read }; # allow port_t name binding for UDP because it is not very usable otherwise @@ -135,6 +136,9 @@ # user_t/$1_t is an unprivileged users domain. type $1_t, domain, userdomain, unpriv_userdomain, web_client_domain, nscd_client_domain, privfd; +# define an attribute for all files created by this role +attribute $1_domain_file_type; + # Grant read/search permissions to some of /proc. allow $1_t proc_t:dir r_dir_perms; allow $1_t proc_t:{ file lnk_file } r_file_perms;