* [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part
@ 2017-05-22 16:11 Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 01/19] Enhance evolution domain with XDG privilege sets Sven Vermeulen
` (19 more replies)
0 siblings, 20 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
This is the patch set that implements the more granular approach to user
resources (files, directories) in the users' home directory. It requires
the first patch set (which introduces the support for this more granular
approach) which has been submitted earlier on.
To recap, the first patch set introduces a number of additional types
and attributes to support the XDG related resource locations, divided in
two sets:
- The main XDG locations used for user-specific application data (in
~/.local, marked as xdg_data_home_t), user-specific cache data (in
~/.cache, marked as xdg_cache_hone_t), and user-specific application
configuration data (in ~/.config, marked as xdg_config_home_t).
It also enables support for application/domain-specific types within
(such as mozilla_xdg_config_home_t).
- End user resource locations tailored to the common resource types. It
enables the "Documents/" location to be marked with xdg_documents_t,
"Downloads/" with xdg_downloads_t, "Pictures/" with xdg_pictures_t,
"Music/" with xdg_music_t and "Videos/" with xdg_videos_t.
This patchset updates a number of application domains to support
these locations. Note that not all of Guido's work (who retriggered
the upstreaming of this patch set) is included here, as some of the
suggested changes were harder for me to review or confirm. However,
these can be easily reapplied if needed.
Sven Vermeulen (19):
Enhance evolution domain with XDG privilege sets
Enhance gnome domains with XDG privilege sets
Enhance minidlna domain with XDG privilege sets
Enhance mozilla domain with XDG privilege sets
Enhance mplayer domains with XDG privilege sets
Enhance pulseaudio domain with XDG privilege sets
Enhance telepathy domains with XDG privilege sets
Enhance thunderbird domain with XDG privilege sets
Make cron user content access optional
Make firstboot user content access optional
Make gpg user content access optional
Make i18n_input user content access optional
Make irc user content access optional
Make java user content access optional
Make openoffice user content access optional
Make postfix user content access optional
Make wireshark user content access optional
Make xscreensever user content access optional
Switch syncthing to XDG config types and make user content access
optional
cron.te | 49 +++++++++++++++++++++++++++++++---------
evolution.fc | 3 +++
evolution.te | 61 +++++++++++++++++++++++++++++++++++++++++++------
firstboot.te | 42 +++++++++++++++++++++++++++++-----
gnome.fc | 5 +++++
gnome.te | 34 ++++++++++++++++++++++++++++
gpg.te | 34 ++++++++++++++++++++++++++--
i18n_input.te | 24 +++++++++++++++++++-
irc.te | 34 +++++++++++++++++++++++++---
java.te | 41 ++++++++++++++++++++++++++++-----
minidlna.te | 4 ++++
mozilla.fc | 1 +
mozilla.te | 46 +++++++++++++++++++++++++++++++++----
mplayer.te | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
openoffice.te | 37 +++++++++++++++++++++++++-----
postfix.te | 34 +++++++++++++++++++++++-----
pulseaudio.fc | 2 +-
pulseaudio.te | 11 +++++++++
syncthing.fc | 2 +-
syncthing.if | 8 +++----
syncthing.te | 47 +++++++++++++++++++++++++++++---------
telepathy.fc | 18 +++++++--------
telepathy.if | 24 ++++++++++----------
telepathy.te | 70 ++++++++++++++++++++++++++++-----------------------------
thunderbird.te | 43 +++++++++++++++++++++++++++++++----
wireshark.te | 33 +++++++++++++++++++++++++--
xscreensaver.te | 26 ++++++++++++++++++++-
27 files changed, 667 insertions(+), 136 deletions(-)
--
2.13.0
^ permalink raw reply [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 01/19] Enhance evolution domain with XDG privilege sets
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 02/19] Enhance gnome domains " Sven Vermeulen
` (18 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The Evolution e-mail client uses all XDG locations, which have been
switched from the regular end user type (user_home_t) toward the XDG
related ones. In this patch, the evolution_t domain now supports
accessing the newly defined types.
Next to the XDG changes, the user content accesses are now also made
optional through the evolution_{read,manage}_{generic,all}_user_content
booleans.
The mail client does have manage rights on the Downloads location.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
evolution.fc | 3 +++
evolution.te | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++-------
2 files changed, 57 insertions(+), 7 deletions(-)
diff --git a/evolution.fc b/evolution.fc
index efe7e1f..834c6e2 100644
--- a/evolution.fc
+++ b/evolution.fc
@@ -1,5 +1,8 @@
HOME_DIR/\.camel_certs(/.*)? gen_context(system_u:object_r:evolution_home_t,s0)
+HOME_DIR/\.config/evolution(/.*)? gen_context(system_u:object_r:evolution_xdg_config_home_t,s0)
HOME_DIR/\.evolution(/.*)? gen_context(system_u:object_r:evolution_home_t,s0)
+HOME_DIR/\.local/share/evolution(/.*)? gen_context(system_u:object_r:evolution_xdg_config_home_t,s0)
+HOME_DIR/\.local/share/camel_certs(/.*)? gen_context(system_u:object_r:evolution_xdg_config_home_t,s0)
/tmp/\.exchange-%{USERNAME}(/.*)? gen_context(system_u:object_r:evolution_exchange_tmp_t,s0)
diff --git a/evolution.te b/evolution.te
index f97985e..de75d39 100644
--- a/evolution.te
+++ b/evolution.te
@@ -14,6 +14,34 @@ policy_module(evolution, 2.6.3)
## </desc>
gen_tunable(evolution_manage_user_certs, false)
+## <desc>
+## <p>
+## Grant the evolution domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`evolution_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the evolution domains read access to all user content
+## </p>
+## </desc>
+gen_tunable(`evolution_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the evolution domains manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`evolution_manage_generic_user_content', false)
+
+## <desc>
+## <p>
+## Grant the evolution domains manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`evolution_manage_all_user_content', false)
+
attribute_role evolution_roles;
type evolution_t;
@@ -105,6 +133,15 @@ typealias evolution_webcal_tmpfs_t alias { user_evolution_webcal_tmpfs_t staff_e
typealias evolution_webcal_tmpfs_t alias { auditadm_evolution_webcal_tmpfs_t secadm_evolution_webcal_tmpfs_t };
userdom_user_tmpfs_file(evolution_webcal_tmpfs_t)
+type evolution_xdg_cache_home_t;
+xdg_cache_home_content(evolution_xdg_cache_home_t)
+
+type evolution_xdg_config_home_t;
+xdg_config_home_content(evolution_xdg_config_home_t)
+
+type evolution_xdg_data_home_t;
+xdg_data_home_content(evolution_xdg_data_home_t)
+
########################################
#
# Local policy
@@ -142,6 +179,18 @@ stream_connect_pattern(evolution_t, evolution_alarm_orbit_tmp_t, evolution_alarm
stream_connect_pattern(evolution_t, evolution_exchange_orbit_tmp_t, evolution_exchange_orbit_tmp_t, evolution_exchange_t)
stream_connect_pattern(evolution_t, evolution_server_orbit_tmp_t, evolution_server_orbit_tmp_t, evolution_server_t)
+manage_files_pattern(evolution_t, evolution_xdg_cache_home_t, evolution_xdg_cache_home_t)
+manage_dirs_pattern(evolution_t, evolution_xdg_cache_home_t, evolution_xdg_cache_home_t)
+xdg_cache_home_filetrans(evolution_t, evolution_xdg_cache_home_t, { dir file } )
+
+manage_files_pattern(evolution_t, evolution_xdg_config_home_t, evolution_xdg_config_home_t)
+manage_dirs_pattern(evolution_t, evolution_xdg_config_home_t, evolution_xdg_config_home_t)
+xdg_config_home_filetrans(evolution_t, evolution_xdg_config_home_t, { dir file } )
+
+manage_files_pattern(evolution_t, evolution_xdg_data_home_t, evolution_xdg_data_home_t)
+manage_dirs_pattern(evolution_t, evolution_xdg_data_home_t, evolution_xdg_data_home_t)
+xdg_data_home_filetrans(evolution_t, evolution_xdg_data_home_t, { dir file } )
+
can_exec(evolution_t, { evolution_alarm_exec_t evolution_server_exec_t })
kernel_read_kernel_sysctls(evolution_t)
@@ -200,6 +249,7 @@ udev_read_state(evolution_t)
userdom_use_user_terminals(evolution_t)
+
tunable_policy(`evolution_manage_user_certs',`
userdom_manage_user_certs(evolution_t)
',`
@@ -207,17 +257,14 @@ tunable_policy(`evolution_manage_user_certs',`
userdom_read_user_certs(evolution_t)
')
-userdom_manage_user_tmp_dirs(evolution_t)
-userdom_manage_user_tmp_files(evolution_t)
-
-userdom_manage_user_home_content_dirs(evolution_t)
-userdom_manage_user_home_content_files(evolution_t)
-userdom_user_home_dir_filetrans_user_home_content(evolution_t, { dir file })
-
userdom_write_user_tmp_sockets(evolution_t)
+userdom_user_content_access_template(evolution, evolution_t)
+
mta_read_config(evolution_t)
+xdg_manage_downloads(evolution_t)
+
xserver_user_x_domain_template(evolution, evolution_t, evolution_tmpfs_t)
xserver_read_xdm_tmp_files(evolution_t)
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 02/19] Enhance gnome domains with XDG privilege sets
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 01/19] Enhance evolution domain with XDG privilege sets Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 03/19] Enhance minidlna domain " Sven Vermeulen
` (17 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
Many of the GNOME domains make full use of all the basic XDG locations.
With the introduction of support for these (~/.cache, ~/.local and
~/.config) the appropriate GNOME XDG type definitions are added, together
with the necessary privileges for accessing these types.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
gnome.fc | 5 +++++
gnome.te | 34 ++++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+)
diff --git a/gnome.fc b/gnome.fc
index 744ff68..bc2a5ef 100644
--- a/gnome.fc
+++ b/gnome.fc
@@ -1,9 +1,14 @@
+HOME_DIR/\.cache/dconf(/.*)? gen_context(system_u:object_r:gnome_xdg_cache_home_t,s0)
+HOME_DIR/\.cache/keyring-.* gen_context(system_u:object_r:gnome_xdg_cache_home_t,s0)
+HOME_DIR/\.config/dconf(/.*)? gen_context(system_u:object_r:gnome_xdg_config_home_t,s0)
+HOME_DIR/\.config/gtk-.* gen_context(system_u:object_r:gnome_xdg_config_home_t,s0)
HOME_DIR/\.gconf(/.*)? gen_context(system_u:object_r:gconf_home_t,s0)
HOME_DIR/\.gconfd(/.*)? gen_context(system_u:object_r:gconf_home_t,s0)
HOME_DIR/\.gnome(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gnome_keyring_home_t,s0)
HOME_DIR/\.gnome2_private(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/\.local/share/keyrings(/.*)? gen_context(system_u:object_r:gnome_xdg_data_home_t,s0)
HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
diff --git a/gnome.te b/gnome.te
index ae78d7d..0b538ce 100644
--- a/gnome.te
+++ b/gnome.te
@@ -46,6 +46,15 @@ userdom_user_home_content(gnome_keyring_home_t)
type gnome_keyring_tmp_t;
userdom_user_tmp_file(gnome_keyring_tmp_t)
+type gnome_xdg_cache_home_t;
+xdg_cache_home_content(gnome_xdg_cache_home_t)
+
+type gnome_xdg_config_home_t;
+xdg_config_home_content(gnome_xdg_config_home_t)
+
+type gnome_xdg_data_home_t;
+xdg_data_home_content(gnome_xdg_data_home_t)
+
type gstreamer_orcexec_t;
application_executable_file(gstreamer_orcexec_t)
@@ -91,6 +100,18 @@ manage_dirs_pattern(gconfd_t, gconf_tmp_t, gconf_tmp_t)
manage_files_pattern(gconfd_t, gconf_tmp_t, gconf_tmp_t)
userdom_user_tmp_filetrans(gconfd_t, gconf_tmp_t, { dir file })
+manage_dirs_pattern(gconfd_t, gnome_xdg_cache_home_t, gnome_xdg_cache_home_t)
+manage_files_pattern(gconfd_t, gnome_xdg_cache_home_t, gnome_xdg_cache_home_t)
+xdg_cache_home_filetrans(gconfd_t, gnome_xdg_cache_home_t, dir)
+
+manage_dirs_pattern(gconfd_t, gnome_xdg_config_home_t, gnome_xdg_config_home_t)
+manage_files_pattern(gconfd_t, gnome_xdg_config_home_t, gnome_xdg_config_home_t)
+xdg_config_home_filetrans(gconfd_t, gnome_xdg_config_home_t, dir)
+
+manage_dirs_pattern(gconfd_t, gnome_xdg_data_home_t, gnome_xdg_data_home_t)
+manage_files_pattern(gconfd_t, gnome_xdg_data_home_t, gnome_xdg_data_home_t)
+xdg_data_home_filetrans(gconfd_t, gnome_xdg_data_home_t, dir)
+
# for /proc/filesystems
kernel_read_system_state(gconfd_t)
@@ -132,6 +153,19 @@ manage_sock_files_pattern(gkeyringd_domain, gnome_keyring_tmp_t, gnome_keyring_t
files_tmp_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, dir)
userdom_user_runtime_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, dir)
+manage_dirs_pattern(gkeyringd_domain, gnome_xdg_cache_home_t, gnome_xdg_cache_home_t)
+manage_files_pattern(gkeyringd_domain, gnome_xdg_cache_home_t, gnome_xdg_cache_home_t)
+manage_sock_files_pattern(gkeyringd_domain, gnome_xdg_cache_home_t, gnome_xdg_cache_home_t)
+xdg_cache_home_filetrans(gkeyringd_domain, gnome_xdg_cache_home_t, dir)
+
+manage_dirs_pattern(gkeyringd_domain, gnome_xdg_config_home_t, gnome_xdg_config_home_t)
+manage_files_pattern(gkeyringd_domain, gnome_xdg_config_home_t, gnome_xdg_config_home_t)
+xdg_config_home_filetrans(gkeyringd_domain, gnome_xdg_config_home_t, dir)
+
+manage_dirs_pattern(gkeyringd_domain, gnome_xdg_data_home_t, gnome_xdg_data_home_t)
+manage_files_pattern(gkeyringd_domain, gnome_xdg_data_home_t, gnome_xdg_data_home_t)
+xdg_data_home_filetrans(gkeyringd_domain, gnome_xdg_data_home_t, dir)
+
kernel_read_crypto_sysctls(gkeyringd_domain)
kernel_read_kernel_sysctls(gkeyringd_domain)
kernel_read_system_state(gkeyringd_domain)
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 03/19] Enhance minidlna domain with XDG privilege sets
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 01/19] Enhance evolution domain with XDG privilege sets Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 02/19] Enhance gnome domains " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 04/19] Enhance mozilla " Sven Vermeulen
` (16 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The minidlna domain is meant for the minidlna media server. Hence, its
primary duties is to present pictures, videos and music. With these
types of data in the user home directory now being marked as
xdg_pictures_t, xdg_videos_t and xdg_music_t, the minidlna_t domain is
granted read access to these resources.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
minidlna.te | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/minidlna.te b/minidlna.te
index fc4d80a..941f727 100644
--- a/minidlna.te
+++ b/minidlna.te
@@ -85,6 +85,10 @@ logging_search_logs(minidlna_t)
miscfiles_read_localization(minidlna_t)
miscfiles_read_public_files(minidlna_t)
+xdg_read_music(minidlna_t)
+xdg_read_pictures(minidlna_t)
+xdg_read_videos(minidlna_t)
+
tunable_policy(`minidlna_read_generic_user_content',`
userdom_list_user_tmp(minidlna_t)
userdom_read_user_home_content_files(minidlna_t)
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 04/19] Enhance mozilla domain with XDG privilege sets
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (2 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 03/19] Enhance minidlna domain " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 05/19] Enhance mplayer domains " Sven Vermeulen
` (15 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The mozilla-style browsers, such as Firefox, should not by default have
manage rights on end user content. These privileges are now moved under
the support of the booleans
(mozilla_{read,manage}_{generic,all}_user_content), with read access
being enabled by default on the generic user content.
The browsers are granted manage rights on the Downloads/ location
through the xdg_manage_downloads() privileges.
Additionally, these browsers do use the ~/.cache/mozilla location for
their user-specific application cache data. Hence, the
mozilla_xdg_cache_home_t type is introduced and the necessary privileges
are provided for the mozilla- and mozilla plugin domains.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
mozilla.fc | 1 +
mozilla.te | 46 ++++++++++++++++++++++++++++++++++++++++++----
2 files changed, 43 insertions(+), 4 deletions(-)
diff --git a/mozilla.fc b/mozilla.fc
index 21974b8..195f924 100644
--- a/mozilla.fc
+++ b/mozilla.fc
@@ -1,3 +1,4 @@
+HOME_DIR/\.cache/mozilla(/.*)? gen_context(system_u:object_r:mozilla_xdg_cache_home_t,s0)
HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
HOME_DIR/\.mozilla/plugins(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
diff --git a/mozilla.te b/mozilla.te
index 7ada83a..e194e79 100644
--- a/mozilla.te
+++ b/mozilla.te
@@ -13,6 +13,34 @@ policy_module(mozilla, 2.11.3)
## </desc>
gen_tunable(mozilla_execstack, false)
+## <desc>
+## <p>
+## Grant the mozilla domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`mozilla_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the mozilla domains read access to all user content
+## </p>
+## </desc>
+gen_tunable(`mozilla_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the mozilla domains manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`mozilla_manage_generic_user_content', false)
+
+## <desc>
+## <p>
+## Grant the mozilla domains manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`mozilla_manage_all_user_content', false)
+
attribute_role mozilla_roles;
attribute_role mozilla_plugin_roles;
attribute_role mozilla_plugin_config_roles;
@@ -71,6 +99,9 @@ optional_policy(`
pulseaudio_tmpfs_content(mozilla_tmpfs_t)
')
+type mozilla_xdg_cache_home_t;
+xdg_cache_home_content(mozilla_xdg_cache_home_t)
+
########################################
#
# Local policy
@@ -114,6 +145,10 @@ allow mozilla_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
stream_connect_pattern(mozilla_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t)
+manage_files_pattern(mozilla_t, mozilla_xdg_cache_home_t, mozilla_xdg_cache_home_t)
+manage_dirs_pattern(mozilla_t, mozilla_xdg_cache_home_t, mozilla_xdg_cache_home_t)
+xdg_cache_home_filetrans(mozilla_t, mozilla_xdg_cache_home_t, dir, "mozilla")
+
can_exec(mozilla_t, { mozilla_exec_t mozilla_plugin_rw_t mozilla_plugin_home_t })
kernel_read_kernel_sysctls(mozilla_t)
@@ -196,8 +231,7 @@ userdom_use_user_ptys(mozilla_t)
userdom_manage_user_tmp_dirs(mozilla_t)
userdom_manage_user_tmp_files(mozilla_t)
-userdom_manage_user_home_content_dirs(mozilla_t)
-userdom_manage_user_home_content_files(mozilla_t)
+userdom_user_content_access_template(mozilla, { mozilla_t mozilla_plugin_t })
userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file })
userdom_write_user_tmp_sockets(mozilla_t)
@@ -205,6 +239,10 @@ userdom_write_user_tmp_sockets(mozilla_t)
mozilla_run_plugin(mozilla_t, mozilla_roles)
mozilla_run_plugin_config(mozilla_t, mozilla_roles)
+xdg_read_config_home_files(mozilla_t)
+xdg_read_data_home_files(mozilla_t)
+xdg_manage_downloads(mozilla_t)
+
xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
xserver_dontaudit_getattr_xdm_tmp_sockets(mozilla_t)
@@ -501,14 +539,14 @@ miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_plugin_t)
userdom_manage_user_tmp_dirs(mozilla_plugin_t)
userdom_manage_user_tmp_files(mozilla_plugin_t)
-userdom_manage_user_home_content_dirs(mozilla_plugin_t)
-userdom_manage_user_home_content_files(mozilla_plugin_t)
userdom_user_home_dir_filetrans_user_home_content(mozilla_plugin_t, { dir file })
userdom_write_user_tmp_sockets(mozilla_plugin_t)
userdom_dontaudit_use_user_terminals(mozilla_plugin_t)
+xdg_read_config_home_files(mozilla_plugin_t)
+
ifndef(`enable_mls',`
fs_list_dos(mozilla_plugin_t)
fs_read_dos_files(mozilla_plugin_t)
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 05/19] Enhance mplayer domains with XDG privilege sets
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (3 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 04/19] Enhance mozilla " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 06/19] Enhance pulseaudio domain " Sven Vermeulen
` (14 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The mplayer application, and its accompanying mencoder application,
should not by default hold manage rights on the end user data. Instead,
the mplayer_t domain gets read access on music and videos, while
mencoder_t gets manage access on music and videos.
The manage rights on the user content is then moved under the support of
the booleans (*_read_generic_user_content, *_read_all_user_content,
*_manage_generic_user_content and *_manage_all_user_content). The
booleans are made available for both domains (so one set for mplayer and
one set for mencoder).
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
mplayer.te | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 64 insertions(+), 6 deletions(-)
diff --git a/mplayer.te b/mplayer.te
index 50b313e..93cef61 100644
--- a/mplayer.te
+++ b/mplayer.te
@@ -13,6 +13,62 @@ policy_module(mplayer, 2.7.0)
## </desc>
gen_tunable(allow_mplayer_execstack, false)
+## <desc>
+## <p>
+## Grant the mplayer domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`mplayer_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the mplayer domain read access to all user content
+## </p>
+## </desc>
+gen_tunable(`mplayer_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the mplayer domain manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`mplayer_manage_generic_user_content', false)
+
+## <desc>
+## <p>
+## Grant the mplayer domain manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`mplayer_manage_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the mencoder domain read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`mplayer_mencoder_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the mencoder domain read access to all user content
+## </p>
+## </desc>
+gen_tunable(`mplayer_mencoder_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the mencoder domain manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`mplayer_mencoder_manage_generic_user_content', false)
+
+## <desc>
+## <p>
+## Grant the mencoder domain manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`mplayer_mencoder_manage_all_user_content', false)
+
attribute_role mencoder_roles;
attribute_role mplayer_roles;
@@ -84,9 +140,10 @@ userdom_use_user_terminals(mencoder_t)
userdom_manage_user_tmp_dirs(mencoder_t)
userdom_manage_user_tmp_files(mencoder_t)
-userdom_manage_user_home_content_dirs(mencoder_t)
-userdom_manage_user_home_content_files(mencoder_t)
-userdom_user_home_dir_filetrans_user_home_content(mencoder_t, { dir file })
+userdom_user_content_access_template(mplayer_mencoder, mencoder_t)
+
+xdg_manage_music(mencoder_t)
+xdg_manage_videos(mencoder_t)
ifndef(`enable_mls',`
fs_list_dos(mencoder_t)
@@ -207,12 +264,13 @@ userdom_manage_user_tmp_files(mplayer_t)
userdom_tmp_filetrans_user_tmp(mplayer_t, { dir file })
userdom_user_runtime_filetrans_user_tmp(mplayer_t, { dir file })
-userdom_manage_user_home_content_dirs(mplayer_t)
-userdom_manage_user_home_content_files(mplayer_t)
-userdom_user_home_dir_filetrans_user_home_content(mplayer_t, { dir file })
+userdom_user_content_access_template(mplayer, mplayer_t)
userdom_write_user_tmp_sockets(mplayer_t)
+xdg_read_music(mplayer_t)
+xdg_read_videos(mplayer_t)
+
xserver_user_x_domain_template(mplayer, mplayer_t, mplayer_tmpfs_t)
ifndef(`enable_mls',`
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 06/19] Enhance pulseaudio domain with XDG privilege sets
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (4 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 05/19] Enhance mplayer domains " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 07/19] Enhance telepathy domains " Sven Vermeulen
` (13 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The pulseaudio domain was configured to use the ~/.config/pulse/
location as pulseaudio_home_t. With the introduction of the XDG-based
types, this can now be switched to pulseaudio_xdg_config_home_t.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
pulseaudio.fc | 2 +-
pulseaudio.te | 11 +++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/pulseaudio.fc b/pulseaudio.fc
index 146b5a7..fb861b7 100644
--- a/pulseaudio.fc
+++ b/pulseaudio.fc
@@ -1,7 +1,7 @@
HOME_DIR/\.esd_auth -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
HOME_DIR/\.pulse(/.*)? gen_context(system_u:object_r:pulseaudio_home_t,s0)
HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
-HOME_DIR/\.config/pulse(/.*)? -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
+HOME_DIR/\.config/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_xdg_config_home_t,s0)
/usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0)
diff --git a/pulseaudio.te b/pulseaudio.te
index 0c4945b..ff43d55 100644
--- a/pulseaudio.te
+++ b/pulseaudio.te
@@ -39,6 +39,9 @@ files_type(pulseaudio_var_lib_t)
type pulseaudio_var_run_t;
files_pid_file(pulseaudio_var_run_t)
+type pulseaudio_xdg_config_home_t;
+xdg_config_home_content(pulseaudio_xdg_config_home_t)
+
########################################
#
# Local policy
@@ -85,6 +88,10 @@ manage_files_pattern(pulseaudio_t, pulseaudio_var_run_t, pulseaudio_var_run_t)
manage_sock_files_pattern(pulseaudio_t, pulseaudio_var_run_t, pulseaudio_var_run_t)
files_pid_filetrans(pulseaudio_t, pulseaudio_var_run_t, { dir file })
+manage_dirs_pattern(pulseaudio_t, pulseaudio_xdg_config_home_t, pulseaudio_xdg_config_home_t)
+manage_files_pattern(pulseaudio_t, pulseaudio_xdg_config_home_t, pulseaudio_xdg_config_home_t)
+xdg_config_home_filetrans(pulseaudio_t, pulseaudio_xdg_config_home_t, dir, "pulse")
+
allow pulseaudio_t pulseaudio_client:process signull;
ps_process_pattern(pulseaudio_t, pulseaudio_client)
@@ -240,6 +247,10 @@ allow pulseaudio_client pulseaudio_tmp_t:sock_file manage_sock_file_perms;
rw_files_pattern(pulseaudio_client, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t }, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t })
delete_files_pattern(pulseaudio_client, pulseaudio_tmpfsfile, pulseaudio_tmpfsfile)
+manage_dirs_pattern(pulseaudio_client, pulseaudio_xdg_config_home_t, pulseaudio_xdg_config_home_t)
+manage_files_pattern(pulseaudio_client, pulseaudio_xdg_config_home_t, pulseaudio_xdg_config_home_t)
+xdg_config_home_filetrans(pulseaudio_client, pulseaudio_xdg_config_home_t, dir, "pulse")
+
fs_getattr_tmpfs(pulseaudio_client)
corenet_all_recvfrom_unlabeled(pulseaudio_client)
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 07/19] Enhance telepathy domains with XDG privilege sets
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (5 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 06/19] Enhance pulseaudio domain " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 08/19] Enhance thunderbird domain " Sven Vermeulen
` (12 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The telepathy domain already had some support for the XDG-style
locations (cache, config and data). In this patch the rules are updated
to use the XDG-style approach (naming) as well as include the necessary
file transitions.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
telepathy.fc | 18 ++++++++--------
telepathy.if | 24 ++++++++++-----------
telepathy.te | 70 ++++++++++++++++++++++++++++++------------------------------
3 files changed, 56 insertions(+), 56 deletions(-)
diff --git a/telepathy.fc b/telepathy.fc
index 6c7f8f8..4f94bad 100644
--- a/telepathy.fc
+++ b/telepathy.fc
@@ -1,14 +1,14 @@
-HOME_DIR/\.cache/\.mc_connections -- gen_context(system_u:object_r:telepathy_mission_control_cache_home_t,s0)
-HOME_DIR/\.cache/telepathy(/.*)? gen_context(system_u:object_r:telepathy_cache_home_t, s0)
-HOME_DIR/\.cache/telepathy/avatars/gabble(/.*)? gen_context(system_u:object_r:telepathy_gabble_cache_home_t, s0)
-HOME_DIR/\.cache/telepathy/logger(/.*)? gen_context(system_u:object_r:telepathy_logger_cache_home_t,s0)
-HOME_DIR/\.cache/telepathy/gabble(/.*)? gen_context(system_u:object_r:telepathy_gabble_cache_home_t,s0)
-HOME_DIR/\.cache/wocky(/.*)? gen_context(system_u:object_r:telepathy_gabble_cache_home_t,s0)
+HOME_DIR/\.cache/\.mc_connections -- gen_context(system_u:object_r:telepathy_mission_control_xdg_cache_home_t,s0)
+HOME_DIR/\.cache/telepathy(/.*)? gen_context(system_u:object_r:telepathy_xdg_cache_home_t, s0)
+HOME_DIR/\.cache/telepathy/avatars/gabble(/.*)? gen_context(system_u:object_r:telepathy_gabble_xdg_cache_home_t, s0)
+HOME_DIR/\.cache/telepathy/logger(/.*)? gen_context(system_u:object_r:telepathy_logger_xdg_cache_home_t,s0)
+HOME_DIR/\.cache/telepathy/gabble(/.*)? gen_context(system_u:object_r:telepathy_gabble_xdg_cache_home_t,s0)
+HOME_DIR/\.cache/wocky(/.*)? gen_context(system_u:object_r:telepathy_gabble_xdg_cache_home_t,s0)
HOME_DIR/\.mission-control(/.*)? gen_context(system_u:object_r:telepathy_mission_control_home_t,s0)
-HOME_DIR/\.local/share/telepathy(/.*)? gen_context(system_u:object_r:telepathy_data_home_t,s0)
-HOME_DIR/\.local/share/telepathy/mission-control(/.*)? gen_context(system_u:object_r:telepathy_mission_control_data_home_t,s0)
+HOME_DIR/\.local/share/telepathy(/.*)? gen_context(system_u:object_r:telepathy_xdg_data_home_t,s0)
+HOME_DIR/\.local/share/telepathy/mission-control(/.*)? gen_context(system_u:object_r:telepathy_mission_control_xdg_data_home_t,s0)
HOME_DIR/\.telepathy-sunshine(/.*)? gen_context(system_u:object_r:telepathy_sunshine_home_t,s0)
-HOME_DIR/\.local/share/TpLogger(/.*)? gen_context(system_u:object_r:telepathy_logger_data_home_t,s0)
+HOME_DIR/\.local/share/TpLogger(/.*)? gen_context(system_u:object_r:telepathy_logger_xdg_data_home_t,s0)
/usr/lib/telepathy/mission-control-5 -- gen_context(system_u:object_r:telepathy_mission_control_exec_t,s0)
/usr/lib/telepathy/telepathy-butterfly -- gen_context(system_u:object_r:telepathy_msn_exec_t,s0)
diff --git a/telepathy.if b/telepathy.if
index 2a11a70..9c33173 100644
--- a/telepathy.if
+++ b/telepathy.if
@@ -68,9 +68,9 @@ template(`telepathy_role_template',`
type telepathy_sunshine_exec_t, telepathy_stream_engine_exec_t;
type telepathy_msn_exec_t;
- type telepathy_mission_control_cache_home_t, telepathy_cache_home_t, telepathy_logger_cache_home_t;
- type telepathy_gabble_cache_home_t, telepathy_mission_control_home_t, telepathy_data_home_t;
- type telepathy_mission_control_data_home_t, telepathy_sunshine_home_t, telepathy_logger_data_home_t;
+ type telepathy_mission_control_xdg_cache_home_t, telepathy_xdg_cache_home_t, telepathy_logger_xdg_cache_home_t;
+ type telepathy_gabble_xdg_cache_home_t, telepathy_mission_control_home_t, telepathy_xdg_data_home_t;
+ type telepathy_mission_control_xdg_data_home_t, telepathy_sunshine_home_t, telepathy_logger_xdg_data_home_t;
')
role $2 types telepathy_domain;
@@ -92,22 +92,22 @@ template(`telepathy_role_template',`
dbus_spec_session_domain($1, telepathy_stream_engine_t, telepathy_stream_engine_exec_t)
dbus_spec_session_domain($1, telepathy_msn_t, telepathy_msn_exec_t)
- allow $3 { telepathy_mission_control_cache_home_t telepathy_cache_home_t telepathy_logger_cache_home_t }:dir { manage_dir_perms relabel_dir_perms };
- allow $3 { telepathy_gabble_cache_home_t telepathy_mission_control_home_t telepathy_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
- allow $3 { telepathy_mission_control_data_home_t telepathy_sunshine_home_t telepathy_logger_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
+ allow $3 { telepathy_mission_control_xdg_cache_home_t telepathy_xdg_cache_home_t telepathy_logger_xdg_cache_home_t }:dir { manage_dir_perms relabel_dir_perms };
+ allow $3 { telepathy_gabble_xdg_cache_home_t telepathy_mission_control_home_t telepathy_xdg_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
+ allow $3 { telepathy_mission_control_xdg_data_home_t telepathy_sunshine_home_t telepathy_logger_xdg_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
- allow $3 { telepathy_mission_control_cache_home_t telepathy_cache_home_t telepathy_logger_cache_home_t }:file { manage_file_perms relabel_file_perms };
- allow $3 { telepathy_gabble_cache_home_t telepathy_mission_control_home_t telepathy_data_home_t }:file { manage_file_perms relabel_file_perms };
- allow $3 { telepathy_mission_control_data_home_t telepathy_sunshine_home_t telepathy_logger_data_home_t }:file { manage_file_perms relabel_file_perms };
+ allow $3 { telepathy_mission_control_xdg_cache_home_t telepathy_xdg_cache_home_t telepathy_logger_xdg_cache_home_t }:file { manage_file_perms relabel_file_perms };
+ allow $3 { telepathy_gabble_xdg_cache_home_t telepathy_mission_control_home_t telepathy_xdg_data_home_t }:file { manage_file_perms relabel_file_perms };
+ allow $3 { telepathy_mission_control_xdg_data_home_t telepathy_sunshine_home_t telepathy_logger_xdg_data_home_t }:file { manage_file_perms relabel_file_perms };
- filetrans_pattern($3, telepathy_cache_home_t, telepathy_gabble_cache_home_t, dir, "gabble")
+ filetrans_pattern($3, telepathy_xdg_cache_home_t, telepathy_gabble_xdg_cache_home_t, dir, "gabble")
# gnome_cache_filetrans($3, telepathy_gabble_cache_home_t, dir, "wocky")
- filetrans_pattern($3, telepathy_cache_home_t, telepathy_logger_cache_home_t, dir, "logger")
+ filetrans_pattern($3, telepathy_xdg_cache_home_t, telepathy_logger_xdg_cache_home_t, dir, "logger")
# gnome_data_filetrans($3, telepathy_logger_data_home_t, dir, "TpLogger")
userdom_user_home_dir_filetrans($3, telepathy_mission_control_home_t, dir, ".mission-control")
- filetrans_pattern($3, telepathy_data_home_t, telepathy_mission_control_data_home_t, dir, "mission-control")
+ filetrans_pattern($3, telepathy_xdg_data_home_t, telepathy_mission_control_xdg_data_home_t, dir, "mission-control")
# gnome_cache_filetrans($3, telepathy_mission_control_cache_home_t, file, ".mc_connections")
userdom_user_home_dir_filetrans($3, telepathy_sunshine_home_t, dir, ".telepathy-sunshine")
diff --git a/telepathy.te b/telepathy.te
index f1bee7f..556bb8d 100644
--- a/telepathy.te
+++ b/telepathy.te
@@ -27,34 +27,34 @@ attribute telepathy_tmp_content;
telepathy_domain_template(gabble)
-type telepathy_cache_home_t;
-userdom_user_home_content(telepathy_cache_home_t)
+type telepathy_xdg_cache_home_t alias telepathy_cache_home_t;
+xdg_cache_home_content(telepathy_xdg_cache_home_t)
-type telepathy_gabble_cache_home_t;
-userdom_user_home_content(telepathy_gabble_cache_home_t)
+type telepathy_gabble_xdg_cache_home_t alias telepathy_gabble_cache_home_t;
+xdg_cache_home_content(telepathy_gabble_xdg_cache_home_t)
telepathy_domain_template(idle)
telepathy_domain_template(logger)
-type telepathy_data_home_t;
-userdom_user_home_content(telepathy_data_home_t)
+type telepathy_xdg_data_home_t alias telepathy_data_home_t;
+xdg_data_home_content(telepathy_xdg_data_home_t)
-type telepathy_logger_cache_home_t;
-userdom_user_home_content(telepathy_logger_cache_home_t)
+type telepathy_logger_xdg_cache_home_t alias telepathy_logger_cache_home_t;
+xdg_cache_home_content(telepathy_logger_xdg_cache_home_t)
-type telepathy_logger_data_home_t;
-userdom_user_home_content(telepathy_logger_data_home_t)
+type telepathy_logger_xdg_data_home_t alias telepathy_logger_data_home_t;
+xdg_data_home_content(telepathy_logger_xdg_data_home_t)
telepathy_domain_template(mission_control)
type telepathy_mission_control_home_t;
userdom_user_home_content(telepathy_mission_control_home_t)
-type telepathy_mission_control_data_home_t;
-userdom_user_home_content(telepathy_mission_control_data_home_t)
+type telepathy_mission_control_xdg_data_home_t alias telepathy_mission_control_data_home_t;
+xdg_data_home_content(telepathy_mission_control_xdg_data_home_t)
-type telepathy_mission_control_cache_home_t;
-userdom_user_home_content(telepathy_mission_control_cache_home_t)
+type telepathy_mission_control_xdg_cache_home_t alias telepathy_mission_control_cache_home_t;
+xdg_cache_home_content(telepathy_mission_control_xdg_cache_home_t)
telepathy_domain_template(msn)
telepathy_domain_template(salut)
@@ -74,10 +74,10 @@ allow telepathy_gabble_t self:tcp_socket { accept listen };
allow telepathy_gabble_t self:unix_dgram_socket { create_socket_perms sendto };
# ~/.cache/telepathy/gabble/caps-cache.db-journal
-manage_dirs_pattern(telepathy_gabble_t, telepathy_gabble_cache_home_t, telepathy_gabble_cache_home_t)
-manage_files_pattern(telepathy_gabble_t, telepathy_gabble_cache_home_t, telepathy_gabble_cache_home_t)
-filetrans_pattern(telepathy_gabble_t, telepathy_cache_home_t, telepathy_gabble_cache_home_t, dir, "gabble")
-# gnome_cache_filetrans(telepathy_gabble_t, telepathy_gabble_cache_home_t, dir, "wocky")
+manage_dirs_pattern(telepathy_gabble_t, telepathy_gabble_xdg_cache_home_t, telepathy_gabble_xdg_cache_home_t)
+manage_files_pattern(telepathy_gabble_t, telepathy_gabble_xdg_cache_home_t, telepathy_gabble_xdg_cache_home_t)
+filetrans_pattern(telepathy_gabble_t, telepathy_xdg_cache_home_t, telepathy_gabble_xdg_cache_home_t, dir, "gabble")
+# gnome_cache_filetrans(telepathy_gabble_t, telepathy_gabble_xdg_cache_home_t, dir, "wocky")
manage_dirs_pattern(telepathy_gabble_t, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t)
manage_sock_files_pattern(telepathy_gabble_t, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t)
@@ -179,13 +179,13 @@ tunable_policy(`telepathy_tcp_connect_generic_network_ports',`
allow telepathy_logger_t self:unix_stream_socket create_socket_perms;
-manage_dirs_pattern(telepathy_logger_t, telepathy_logger_cache_home_t, telepathy_logger_cache_home_t)
-manage_files_pattern(telepathy_logger_t, telepathy_logger_cache_home_t, telepathy_logger_cache_home_t)
-filetrans_pattern(telepathy_logger_t, telepathy_cache_home_t, telepathy_logger_cache_home_t, dir, "logger")
+manage_dirs_pattern(telepathy_logger_t, telepathy_logger_xdg_cache_home_t, telepathy_logger_xdg_cache_home_t)
+manage_files_pattern(telepathy_logger_t, telepathy_logger_xdg_cache_home_t, telepathy_logger_xdg_cache_home_t)
+filetrans_pattern(telepathy_logger_t, telepathy_xdg_cache_home_t, telepathy_logger_xdg_cache_home_t, dir, "logger")
-manage_dirs_pattern(telepathy_logger_t, telepathy_logger_data_home_t, telepathy_logger_data_home_t)
-manage_files_pattern(telepathy_logger_t, telepathy_logger_data_home_t, telepathy_logger_data_home_t)
-# gnome_data_filetrans(telepathy_logger_t, telepathy_logger_data_home_t, dir, "TpLogger")
+manage_dirs_pattern(telepathy_logger_t, telepathy_logger_xdg_data_home_t, telepathy_logger_xdg_data_home_t)
+manage_files_pattern(telepathy_logger_t, telepathy_logger_xdg_data_home_t, telepathy_logger_xdg_data_home_t)
+# gnome_data_filetrans(telepathy_logger_t, telepathy_logger_xdg_data_home_t, dir, "TpLogger")
files_read_usr_files(telepathy_logger_t)
files_search_pids(telepathy_logger_t)
@@ -216,15 +216,15 @@ manage_dirs_pattern(telepathy_mission_control_t, telepathy_mission_control_home_
manage_files_pattern(telepathy_mission_control_t, telepathy_mission_control_home_t, telepathy_mission_control_home_t)
userdom_user_home_dir_filetrans(telepathy_mission_control_t, telepathy_mission_control_home_t, dir, ".mission-control")
-manage_dirs_pattern(telepathy_mission_control_t, telepathy_mission_control_data_home_t, telepathy_mission_control_data_home_t)
-manage_files_pattern(telepathy_mission_control_t, telepathy_mission_control_data_home_t, telepathy_mission_control_data_home_t)
-filetrans_pattern(telepathy_mission_control_t, telepathy_data_home_t, telepathy_mission_control_data_home_t, dir, "mission-control")
+manage_dirs_pattern(telepathy_mission_control_t, telepathy_mission_control_xdg_data_home_t, telepathy_mission_control_xdg_data_home_t)
+manage_files_pattern(telepathy_mission_control_t, telepathy_mission_control_xdg_data_home_t, telepathy_mission_control_xdg_data_home_t)
+filetrans_pattern(telepathy_mission_control_t, telepathy_xdg_data_home_t, telepathy_mission_control_xdg_data_home_t, dir, "mission-control")
-manage_files_pattern(telepathy_mission_control_t, telepathy_mission_control_cache_home_t, telepathy_mission_control_cache_home_t)
-# gnome_cache_filetrans(telepathy_mission_control_t, telepathy_mission_control_cache_home_t, file, ".mc_connections")
+manage_files_pattern(telepathy_mission_control_t, telepathy_mission_control_xdg_cache_home_t, telepathy_mission_control_xdg_cache_home_t)
+# gnome_cache_filetrans(telepathy_mission_control_t, telepathy_mission_control_xdg_cache_home_t, file, ".mc_connections")
-manage_dirs_pattern(telepathy_mission_control_t, telepathy_gabble_cache_home_t, telepathy_gabble_cache_home_t)
-manage_files_pattern(telepathy_mission_control_t, telepathy_gabble_cache_home_t, telepathy_gabble_cache_home_t)
+manage_dirs_pattern(telepathy_mission_control_t, telepathy_gabble_xdg_cache_home_t, telepathy_gabble_xdg_cache_home_t)
+manage_files_pattern(telepathy_mission_control_t, telepathy_gabble_xdg_cache_home_t, telepathy_gabble_xdg_cache_home_t)
dev_read_rand(telepathy_mission_control_t)
@@ -461,11 +461,11 @@ optional_policy(`
allow telepathy_domain self:process { getsched signal sigkill };
allow telepathy_domain self:fifo_file rw_fifo_file_perms;
-manage_dirs_pattern(telepathy_domain, telepathy_cache_home_t, telepathy_cache_home_t)
-# gnome_cache_filetrans(telepathy_domain, telepathy_cache_home_t, dir, "telepathy")
+manage_dirs_pattern(telepathy_domain, telepathy_xdg_cache_home_t, telepathy_xdg_cache_home_t)
+xdg_cache_home_filetrans(telepathy_domain, telepathy_xdg_cache_home_t, dir, "telepathy")
-manage_dirs_pattern(telepathy_domain, telepathy_data_home_t, telepathy_data_home_t)
-# gnome_data_filetrans(telepathy_domain, telepathy_data_home_t, dir, "telepathy")
+manage_dirs_pattern(telepathy_domain, telepathy_xdg_data_home_t, telepathy_xdg_data_home_t)
+xdg_data_home_filetrans(telepathy_domain, telepathy_xdg_data_home_t, dir, "telepathy")
dev_read_urand(telepathy_domain)
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 08/19] Enhance thunderbird domain with XDG privilege sets
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (6 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 07/19] Enhance telepathy domains " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 09/19] Make cron user content access optional Sven Vermeulen
` (11 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
Thunderbird makes use of the ~/.cache/thunderbird location for its
application cache data. The other XDG main locations do not seem to be
used actively, although it does require read access on the
~/.local/share location.
The standard manage rights on the user content are removed and replaced
with the tunable blocks. Manage rights on the temporary user files is
retained as it is used for drafting e-mails.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
thunderbird.te | 43 +++++++++++++++++++++++++++++++++++++++----
1 file changed, 39 insertions(+), 4 deletions(-)
diff --git a/thunderbird.te b/thunderbird.te
index 9e75bdf..bae9add 100644
--- a/thunderbird.te
+++ b/thunderbird.te
@@ -5,6 +5,35 @@ policy_module(thunderbird, 2.5.1)
# Declarations
#
+## <desc>
+## <p>
+## Grant the thunderbird domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`thunderbird_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the thunderbird domains read access to all user content
+## </p>
+## </desc>
+gen_tunable(`thunderbird_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the thunderbird domains manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`thunderbird_manage_generic_user_content', false)
+
+## <desc>
+## <p>
+## Grant the thunderbird domains manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`thunderbird_manage_all_user_content', false)
+
+
attribute_role thunderbird_roles;
type thunderbird_t;
@@ -24,6 +53,9 @@ typealias thunderbird_tmpfs_t alias { user_thunderbird_tmpfs_t staff_thunderbird
typealias thunderbird_tmpfs_t alias { auditadm_thunderbird_tmpfs_t secadm_thunderbird_tmpfs_t };
userdom_user_tmpfs_file(thunderbird_tmpfs_t)
+type thunderbird_xdg_cache_home_t;
+xdg_cache_home_content(thunderbird_xdg_cache_home_t)
+
optional_policy(`
wm_application_domain(thunderbird_t, thunderbird_exec_t)
')
@@ -51,6 +83,10 @@ manage_fifo_files_pattern(thunderbird_t, thunderbird_tmpfs_t, thunderbird_tmpfs_
manage_sock_files_pattern(thunderbird_t, thunderbird_tmpfs_t, thunderbird_tmpfs_t)
fs_tmpfs_filetrans(thunderbird_t, thunderbird_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+manage_files_pattern(thunderbird_t, thunderbird_xdg_cache_home_t, thunderbird_xdg_cache_home_t)
+manage_dirs_pattern(thunderbird_t, thunderbird_xdg_cache_home_t, thunderbird_xdg_cache_home_t)
+xdg_cache_home_filetrans(thunderbird_t, thunderbird_xdg_cache_home_t, dir, "thunderbird")
+
kernel_read_network_state(thunderbird_t)
kernel_read_net_sysctls(thunderbird_t)
kernel_read_system_state(thunderbird_t)
@@ -105,13 +141,12 @@ miscfiles_read_fonts(thunderbird_t)
miscfiles_read_localization(thunderbird_t)
userdom_write_user_tmp_sockets(thunderbird_t)
-
userdom_manage_user_tmp_dirs(thunderbird_t)
userdom_manage_user_tmp_files(thunderbird_t)
+userdom_user_content_access_template(thunderbird, thunderbird_t)
-userdom_manage_user_home_content_dirs(thunderbird_t)
-userdom_manage_user_home_content_files(thunderbird_t)
-userdom_user_home_dir_filetrans_user_home_content(thunderbird_t, { dir file })
+xdg_read_data_home_files(thunderbird_t)
+xdg_manage_downloads(thunderbird_t)
xserver_user_x_domain_template(thunderbird, thunderbird_t, thunderbird_tmpfs_t)
xserver_read_xdm_tmp_files(thunderbird_t)
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 09/19] Make cron user content access optional
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (7 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 08/19] Enhance thunderbird domain " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 10/19] Make firstboot " Sven Vermeulen
` (10 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
Cron has two modus operandi for handling cron jobs: either the cron jobs
run in the generic cronjob_t domain, or they run in the users' main
domain.
The generic cronjob_t domain had manage rights on the user content. With
this change, this is made optional under support of the necessary
booleans (cron_{read,manage}_{generic,all}_user_content).
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
cron.te | 49 ++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 38 insertions(+), 11 deletions(-)
diff --git a/cron.te b/cron.te
index c9cc3f4..57c3f3e 100644
--- a/cron.te
+++ b/cron.te
@@ -35,6 +35,35 @@ gen_tunable(cron_userdomain_transition, false)
## </desc>
gen_tunable(fcron_crond, false)
+## <desc>
+## <p>
+## Grant the cronjob domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`cron_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the cronjob domains read access to all user content
+## </p>
+## </desc>
+gen_tunable(`cron_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the cronjob domains manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`cron_manage_generic_user_content', false)
+
+## <desc>
+## <p>
+## Grant the cronjob domains manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`cron_manage_all_user_content', false)
+
+
attribute cron_spool_type;
attribute crontab_domain;
@@ -184,8 +213,6 @@ seutil_read_config(crontab_domain)
userdom_manage_user_tmp_dirs(crontab_domain)
userdom_manage_user_tmp_files(crontab_domain)
userdom_use_user_terminals(crontab_domain)
-userdom_read_user_home_content_files(crontab_domain)
-userdom_read_user_home_content_symlinks(crontab_domain)
tunable_policy(`fcron_crond',`
dontaudit crontab_domain crond_t:process signal;
@@ -708,15 +735,15 @@ seutil_read_config(cronjob_t)
miscfiles_read_localization(cronjob_t)
-userdom_manage_user_tmp_files(cronjob_t)
-userdom_manage_user_tmp_symlinks(cronjob_t)
-userdom_manage_user_tmp_pipes(cronjob_t)
-userdom_manage_user_tmp_sockets(cronjob_t)
-userdom_exec_user_home_content_files(cronjob_t)
-userdom_manage_user_home_content_files(cronjob_t)
-userdom_manage_user_home_content_symlinks(cronjob_t)
-userdom_manage_user_home_content_pipes(cronjob_t)
-userdom_manage_user_home_content_sockets(cronjob_t)
+userdom_user_content_access_template(cron, { cronjob_t crontab_domain })
+
+tunable_policy(`cron_manage_generic_user_content',`
+ userdom_manage_user_tmp_pipes(cronjob_t)
+ userdom_manage_user_tmp_sockets(cronjob_t)
+ userdom_exec_user_home_content_files(cronjob_t)
+ userdom_manage_user_home_content_pipes(cronjob_t)
+ userdom_manage_user_home_content_sockets(cronjob_t)
+')
tunable_policy(`cron_userdomain_transition',`
dontaudit cronjob_t crond_t:fd use;
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 10/19] Make firstboot user content access optional
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (8 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 09/19] Make cron user content access optional Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 11/19] Make gpg " Sven Vermeulen
` (9 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The firstboot service does not really need user content access in the
majority of cases. It is meant to initialize the system after first
boot, which is primarily a non-user-related service approach.
To still support the off cases where user content access is needed, the
necessarily privileges are made optional through support of the
firstboot_{read,manage}_{generic,all}_user_content booleans.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
firstboot.te | 42 ++++++++++++++++++++++++++++++++++++------
1 file changed, 36 insertions(+), 6 deletions(-)
diff --git a/firstboot.te b/firstboot.te
index a1afc1b..aa600c6 100644
--- a/firstboot.te
+++ b/firstboot.te
@@ -9,6 +9,34 @@ gen_require(`
# Declarations
#
+## <desc>
+## <p>
+## Grant the firstboot domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`firstboot_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the firstboot domains read access to all user content
+## </p>
+## </desc>
+gen_tunable(`firstboot_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the firstboot domains manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`firstboot_manage_generic_user_content', false)
+
+## <desc>
+## <p>
+## Grant the firstboot domains manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`firstboot_manage_all_user_content', false)
+
attribute_role firstboot_roles;
type firstboot_t;
@@ -78,13 +106,15 @@ miscfiles_read_localization(firstboot_t)
sysnet_dns_name_resolve(firstboot_t)
userdom_use_user_terminals(firstboot_t)
-userdom_manage_user_home_content_dirs(firstboot_t)
-userdom_manage_user_home_content_files(firstboot_t)
-userdom_manage_user_home_content_symlinks(firstboot_t)
-userdom_manage_user_home_content_pipes(firstboot_t)
-userdom_manage_user_home_content_sockets(firstboot_t)
userdom_home_filetrans_user_home_dir(firstboot_t)
-userdom_user_home_dir_filetrans_user_home_content(firstboot_t, { dir file lnk_file fifo_file sock_file })
+
+userdom_user_content_access_template(firstboot, firstboot_t)
+
+tunable_policy(`firstboot_manage_generic_user_content',`
+ userdom_manage_user_home_content_pipes(firstboot_t)
+ userdom_manage_user_home_content_sockets(firstboot_t)
+ userdom_user_home_dir_filetrans_user_home_content(firstboot_t, { dir file lnk_file fifo_file sock_file })
+')
optional_policy(`
dbus_system_bus_client(firstboot_t)
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 11/19] Make gpg user content access optional
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (9 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 10/19] Make firstboot " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 12/19] Make i18n_input " Sven Vermeulen
` (8 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The GnuPG application does not require access to users data in all
situations. When used through plugins it only accesses user temporary
data for instance. However, in most cases, access to end user data is
still preferred.
Hence, the read- and manage rights on the generic user content is moved
under support of the right booleans, but with a default value allowing
these privileges.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
gpg.te | 34 ++++++++++++++++++++++++++++++++--
1 file changed, 32 insertions(+), 2 deletions(-)
diff --git a/gpg.te b/gpg.te
index 5e87028..fd84bbd 100644
--- a/gpg.te
+++ b/gpg.te
@@ -14,6 +14,34 @@ policy_module(gpg, 2.11.1)
## </desc>
gen_tunable(gpg_agent_env_file, false)
+## <desc>
+## <p>
+## Grant the gpg domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`gpg_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the gpg domains read access to all user content
+## </p>
+## </desc>
+gen_tunable(`gpg_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the gpg domains manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`gpg_manage_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the gpg domains manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`gpg_manage_all_user_content', false)
+
attribute_role gpg_roles;
roleattribute system_r gpg_roles;
@@ -125,8 +153,8 @@ miscfiles_read_localization(gpg_t)
userdom_use_user_terminals(gpg_t)
userdom_manage_user_tmp_files(gpg_t)
-userdom_manage_user_home_content_files(gpg_t)
-userdom_user_home_dir_filetrans_user_home_content(gpg_t, file)
+
+userdom_user_content_access_template(gpg, gpg_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(gpg_t)
@@ -338,6 +366,8 @@ miscfiles_read_localization(gpg_pinentry_t)
userdom_use_user_terminals(gpg_pinentry_t)
+xdg_read_data_home_files(gpg_pinentry_t)
+
tunable_policy(`use_nfs_home_dirs',`
fs_read_nfs_files(gpg_pinentry_t)
')
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 12/19] Make i18n_input user content access optional
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (10 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 11/19] Make gpg " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 13/19] Make irc " Sven Vermeulen
` (7 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
the i18n_input domains (be it iiimd or htt_server) do not always need
read access on user domains. Make these privileges optional under the
i18n_input_read_generic_user_content boolean.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
i18n_input.te | 24 +++++++++++++++++++++++-
1 file changed, 23 insertions(+), 1 deletion(-)
diff --git a/i18n_input.te b/i18n_input.te
index 6cb963c..6168042 100644
--- a/i18n_input.te
+++ b/i18n_input.te
@@ -5,6 +5,13 @@ policy_module(i18n_input, 1.11.1)
# Declarations
#
+## <desc>
+## <p>
+## Grant the i18n_input domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`i18n_input_read_generic_user_content', true)
+
type i18n_input_t;
type i18n_input_exec_t;
init_daemon_domain(i18n_input_t, i18n_input_exec_t)
@@ -79,7 +86,22 @@ logging_send_syslog_msg(i18n_input_t)
miscfiles_read_localization(i18n_input_t)
userdom_dontaudit_use_unpriv_user_fds(i18n_input_t)
-userdom_read_user_home_content_files(i18n_input_t)
+
+tunable_policy(`i18n_input_read_generic_user_content',`
+ userdom_list_user_tmp(i18n_input_t)
+ userdom_list_user_home_content(i18n_input_t)
+ userdom_read_user_home_content_files(i18n_input_t)
+ userdom_read_user_home_content_symlinks(i18n_input_t)
+ userdom_read_user_tmp_files(i18n_input_t)
+',`
+ files_dontaudit_list_home(i18n_input_t)
+ files_dontaudit_list_tmp(i18n_input_t)
+
+ userdom_dontaudit_list_user_home_dirs(i18n_input_t)
+ userdom_dontaudit_list_user_tmp(i18n_input_t)
+ userdom_dontaudit_read_user_home_content_files(i18n_input_t)
+ userdom_dontaudit_read_user_tmp_files(i18n_input_t)
+')
tunable_policy(`use_nfs_home_dirs',`
fs_read_nfs_files(i18n_input_t)
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 13/19] Make irc user content access optional
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (11 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 12/19] Make i18n_input " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 14/19] Make java " Sven Vermeulen
` (6 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
IRC clients do not need to have manage rights on user content at all
times. We make this optional, under the support of the
irc_{read,manage}_{generic,all}_user_content booleans.
To enable simple IRC-based upload/downloads, the irc_t domain does get
manage rights on the xdg_downloads_t type (~/Downloads).
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
irc.te | 34 +++++++++++++++++++++++++++++++---
1 file changed, 31 insertions(+), 3 deletions(-)
diff --git a/irc.te b/irc.te
index d07bfb8..ad810c8 100644
--- a/irc.te
+++ b/irc.te
@@ -14,6 +14,34 @@ policy_module(irc, 2.5.0)
## </desc>
gen_tunable(irc_use_any_tcp_ports, false)
+## <desc>
+## <p>
+## Grant the irc domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`irc_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the irc domains read access to all user content
+## </p>
+## </desc>
+gen_tunable(`irc_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the irc domains manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`irc_manage_generic_user_content', false)
+
+## <desc>
+## <p>
+## Grant the irc domains manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`irc_manage_all_user_content', false)
+
attribute_role irc_roles;
type irc_t;
@@ -114,9 +142,9 @@ miscfiles_read_localization(irc_t)
userdom_use_user_terminals(irc_t)
-userdom_manage_user_home_content_dirs(irc_t)
-userdom_manage_user_home_content_files(irc_t)
-userdom_user_home_dir_filetrans_user_home_content(irc_t, { dir file })
+userdom_user_content_access_template(irc, irc_t)
+
+xdg_manage_downloads(irc_t)
tunable_policy(`irc_use_any_tcp_ports',`
allow irc_t self:tcp_socket { accept listen };
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 14/19] Make java user content access optional
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (12 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 13/19] Make irc " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 15/19] Make openoffice " Sven Vermeulen
` (5 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The java_domain attribute covers many java related domains.
Historically, the privileges on the java domain have been quite open,
including the access to the users' personal files. However, this should
not be the case at all times - some administrators might want to reduce
this scope, and only grant specific domains (rather than the generic
java ones) the necessary accesses.
In this patch, the manage rights on the user content is moved under
support of specific java-related booleans.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
java.te | 41 +++++++++++++++++++++++++++++++++++------
1 file changed, 35 insertions(+), 6 deletions(-)
diff --git a/java.te b/java.te
index dbac587..3755b94 100644
--- a/java.te
+++ b/java.te
@@ -13,6 +13,34 @@ policy_module(java, 2.9.3)
## </desc>
gen_tunable(allow_java_execstack, false)
+## <desc>
+## <p>
+## Grant the java domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`java_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the java domains read access to all user content
+## </p>
+## </desc>
+gen_tunable(`java_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the java domains manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`java_manage_generic_user_content', false)
+
+## <desc>
+## <p>
+## Grant the java domains manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`java_manage_all_user_content', false)
+
attribute java_domain;
attribute_role java_roles;
@@ -107,15 +135,16 @@ miscfiles_read_fonts(java_domain)
userdom_dontaudit_use_user_terminals(java_domain)
userdom_dontaudit_exec_user_home_content_files(java_domain)
-userdom_manage_user_home_content_dirs(java_domain)
-userdom_manage_user_home_content_files(java_domain)
-userdom_manage_user_home_content_symlinks(java_domain)
-userdom_manage_user_home_content_pipes(java_domain)
-userdom_manage_user_home_content_sockets(java_domain)
-userdom_user_home_dir_filetrans_user_home_content(java_domain, { file lnk_file sock_file fifo_file })
+userdom_user_content_access_template(java, java_domain)
userdom_write_user_tmp_sockets(java_domain)
+tunable_policy(`java_manage_generic_user_content',`
+ userdom_manage_user_home_content_pipes(java_domain)
+ userdom_manage_user_home_content_sockets(java_domain)
+ userdom_user_home_dir_filetrans_user_home_content(java_domain, { file lnk_file sock_file fifo_file })
+')
+
tunable_policy(`allow_java_execstack',`
allow java_domain self:process { execmem execstack };
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 15/19] Make openoffice user content access optional
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (13 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 14/19] Make java " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 16/19] Make postfix " Sven Vermeulen
` (4 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The openoffice domain should not have full manage rights on all user
content. Instead, it is granted manage rights on the documents
(xdg_documents_t) while the other privileges are made optional through
the openoffice_{read,manage}_{generic,all}_user_content booleans.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
openoffice.te | 37 ++++++++++++++++++++++++++++++++-----
1 file changed, 32 insertions(+), 5 deletions(-)
diff --git a/openoffice.te b/openoffice.te
index fe24142..7bc80b1 100644
--- a/openoffice.te
+++ b/openoffice.te
@@ -27,6 +27,34 @@ gen_tunable(openoffice_allow_update, true)
## </desc>
gen_tunable(openoffice_allow_email, false)
+## <desc>
+## <p>
+## Grant the openoffice domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`openoffice_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the openoffice domains read access to all user content
+## </p>
+## </desc>
+gen_tunable(`openoffice_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the openoffice domains manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`openoffice_manage_generic_user_content', false)
+
+## <desc>
+## <p>
+## Grant the openoffice domains manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`openoffice_manage_all_user_content', false)
+
attribute_role ooffice_roles;
type ooffice_t;
@@ -88,11 +116,10 @@ ooffice_dontaudit_exec_tmp_files(ooffice_t)
sysnet_dns_name_resolve(ooffice_t)
userdom_dontaudit_exec_user_home_content_files(ooffice_t)
-userdom_read_user_tmp_files(ooffice_t)
-userdom_manage_user_home_content_dirs(ooffice_t)
-userdom_manage_user_home_content_files(ooffice_t)
-userdom_manage_user_home_content_symlinks(ooffice_t)
-userdom_user_home_dir_filetrans_user_home_content(ooffice_t, { dir file lnk_file fifo_file sock_file })
+
+userdom_user_content_access_template(openoffice, ooffice_t)
+
+xdg_manage_documents(ooffice_t)
tunable_policy(`openoffice_allow_update',`
corenet_tcp_connect_http_port(ooffice_t)
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 16/19] Make postfix user content access optional
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (14 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 15/19] Make openoffice " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 17/19] Make wireshark " Sven Vermeulen
` (3 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The postfix virtual domain does not always need full manage rights on
the users' home directories and content. We make these rights optional
through the postfix_{read,manage}_{generic,all}_user_content booleans.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
postfix.te | 34 +++++++++++++++++++++++++++++-----
1 file changed, 29 insertions(+), 5 deletions(-)
diff --git a/postfix.te b/postfix.te
index b60eaad..8000c09 100644
--- a/postfix.te
+++ b/postfix.te
@@ -13,6 +13,34 @@ policy_module(postfix, 1.17.3)
## </desc>
gen_tunable(postfix_local_write_mail_spool, true)
+## <desc>
+## <p>
+## Grant the postfix domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`postfix_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the postfix domains read access to all user content
+## </p>
+## </desc>
+gen_tunable(`postfix_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the postfix domains manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`postfix_manage_generic_user_content', false)
+
+## <desc>
+## <p>
+## Grant the postfix domains manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`postfix_manage_all_user_content', false)
+
attribute postfix_domain;
attribute postfix_server_domain;
attribute postfix_server_tmp_content;
@@ -821,8 +849,4 @@ mta_delete_spool(postfix_virtual_t)
mta_read_config(postfix_virtual_t)
mta_manage_spool(postfix_virtual_t)
-userdom_manage_user_home_dirs(postfix_virtual_t)
-userdom_manage_user_home_content_dirs(postfix_virtual_t)
-userdom_manage_user_home_content_files(postfix_virtual_t)
-userdom_home_filetrans_user_home_dir(postfix_virtual_t)
-userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, { file dir })
+userdom_user_content_access_template(postfix, postfix_virtual_t)
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 17/19] Make wireshark user content access optional
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (15 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 16/19] Make postfix " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 18/19] Make xscreensever " Sven Vermeulen
` (2 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The wireshark application does not need full manage rights on user
content. Hence, we make these privileges optional through support of the
wireshark_*_user_content booleans.
To allow wireshark to read recorded network traffic, wireshark is
granted read access on the downloads location.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
wireshark.te | 33 +++++++++++++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/wireshark.te b/wireshark.te
index a398fd7..b10d3fa 100644
--- a/wireshark.te
+++ b/wireshark.te
@@ -5,6 +5,34 @@ policy_module(wireshark, 2.5.0)
# Declarations
#
+## <desc>
+## <p>
+## Grant the wireshark domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`wireshark_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the wireshark domains read access to all user content
+## </p>
+## </desc>
+gen_tunable(`wireshark_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the wireshark domains manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`wireshark_manage_generic_user_content', false)
+
+## <desc>
+## <p>
+## Grant the wireshark domains manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`wireshark_manage_all_user_content', false)
+
attribute_role wireshark_roles;
type wireshark_t;
@@ -101,8 +129,9 @@ miscfiles_read_localization(wireshark_t)
userdom_use_user_terminals(wireshark_t)
-userdom_manage_user_home_content_files(wireshark_t)
-userdom_user_home_dir_filetrans_user_home_content(wireshark_t, file)
+userdom_user_content_access_template(wireshark, wireshark_t)
+
+xdg_read_downloads(wireshark_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(wireshark_t)
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 18/19] Make xscreensever user content access optional
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (16 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 17/19] Make wireshark " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 19/19] Switch syncthing to XDG config types and make " Sven Vermeulen
2017-05-23 0:02 ` [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Chris PeBenito
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The xscreensaver application currently has the privileges to read user
content, to display images stored in the users' home directory. We now
grant this through xdg_pictures_t access, and make the generic user
content access optional.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
xscreensaver.te | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/xscreensaver.te b/xscreensaver.te
index 1f58110..e6f5e64 100644
--- a/xscreensaver.te
+++ b/xscreensaver.te
@@ -5,6 +5,13 @@ policy_module(xscreensaver, 1.3.0)
# Declarations
#
+## <desc>
+## <p>
+## Grant the xscreensaver domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`xscreensaver_read_generic_user_content', true)
+
attribute_role xscreensaver_roles;
attribute_role xscreensaver_helper_roles;
@@ -56,11 +63,28 @@ logging_send_syslog_msg(xscreensaver_t)
miscfiles_read_localization(xscreensaver_t)
userdom_use_user_terminals(xscreensaver_t)
-userdom_read_user_home_content_files(xscreensaver_t)
+
+xdg_read_pictures(xscreensaver_t)
xserver_rw_xsession_log(xscreensaver_t)
xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t)
+tunable_policy(`xscreensaver_read_generic_user_content',`
+ userdom_list_user_tmp(xscreensaver_t)
+ userdom_list_user_home_content(xscreensaver_t)
+ userdom_read_user_home_content_files(xscreensaver_t)
+ userdom_read_user_home_content_symlinks(xscreensaver_t)
+ userdom_read_user_tmp_files(xscreensaver_t)
+',`
+ files_dontaudit_list_home(xscreensaver_t)
+ files_dontaudit_list_tmp(xscreensaver_t)
+
+ userdom_dontaudit_list_user_home_dirs(xscreensaver_t)
+ userdom_dontaudit_list_user_tmp(xscreensaver_t)
+ userdom_dontaudit_read_user_home_content_files(xscreensaver_t)
+ userdom_dontaudit_read_user_tmp_files(xscreensaver_t)
+')
+
########################################
#
# Helper local policy
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 19/19] Switch syncthing to XDG config types and make user content access optional
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (17 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 18/19] Make xscreensever " Sven Vermeulen
@ 2017-05-22 16:11 ` Sven Vermeulen
2017-05-23 0:02 ` [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Chris PeBenito
19 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2017-05-22 16:11 UTC (permalink / raw)
To: refpolicy
The syncthing application can, but does not have to, be used for
synchronizing end user data. Hence, the user data access is made
optional through the support of the syncthing_*_user_content booleans.
Also, the syncthing_config_home_t type is renamed to
syncthing_xdg_config_home_t to be aligned with the XDG setup. An alias
is put in place to allow for a transitional period before
syncthing_config_home_t is completely phaded out.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
syncthing.fc | 2 +-
syncthing.if | 8 ++++----
syncthing.te | 47 ++++++++++++++++++++++++++++++++++++-----------
3 files changed, 41 insertions(+), 16 deletions(-)
diff --git a/syncthing.fc b/syncthing.fc
index 4f7f53e..68819e5 100644
--- a/syncthing.fc
+++ b/syncthing.fc
@@ -1,3 +1,3 @@
/usr/bin/syncthing -- gen_context(system_u:object_r:syncthing_exec_t,s0)
-HOME_DIR/\.config/syncthing(/.*)? gen_context(system_u:object_r:syncthing_config_home_t,s0)
+HOME_DIR/\.config/syncthing(/.*)? gen_context(system_u:object_r:syncthing_xdg_config_home_t,s0)
diff --git a/syncthing.if b/syncthing.if
index 065800a..1cc2fba 100644
--- a/syncthing.if
+++ b/syncthing.if
@@ -18,14 +18,14 @@
interface(`syncthing_role', `
gen_require(`
attribute_role syncthing_roles;
- type syncthing_t, syncthing_exec_t, syncthing_config_home_t;
+ type syncthing_t, syncthing_exec_t, syncthing_xdg_config_home_t;
')
roleattribute $1 syncthing_roles;
domtrans_pattern($2, syncthing_exec_t, syncthing_t)
- allow $2 syncthing_config_home_t:file { manage_file_perms relabel_file_perms };
- allow $2 syncthing_config_home_t:dir { manage_dir_perms relabel_dir_perms };
- allow $2 syncthing_config_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+ allow $2 syncthing_xdg_config_home_t:file { manage_file_perms relabel_file_perms };
+ allow $2 syncthing_xdg_config_home_t:dir { manage_dir_perms relabel_dir_perms };
+ allow $2 syncthing_xdg_config_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
')
diff --git a/syncthing.te b/syncthing.te
index 92d0bf5..ee610df 100644
--- a/syncthing.te
+++ b/syncthing.te
@@ -5,6 +5,34 @@ policy_module(syncthing, 1.0.0)
# Declarations
#
+## <desc>
+## <p>
+## Grant the syncthing domains read access to generic user content
+## </p>
+## </desc>
+gen_tunable(`syncthing_read_generic_user_content', true)
+
+## <desc>
+## <p>
+## Grant the syncthing domains read access to all user content
+## </p>
+## </desc>
+gen_tunable(`syncthing_read_all_user_content', false)
+
+## <desc>
+## <p>
+## Grant the syncthing domains manage rights on generic user content
+## </p>
+## </desc>
+gen_tunable(`syncthing_manage_generic_user_content', false)
+
+## <desc>
+## <p>
+## Grant the syncthing domains manage rights on all user content
+## </p>
+## </desc>
+gen_tunable(`syncthing_manage_all_user_content', false)
+
attribute_role syncthing_roles;
role syncthing_roles types syncthing_t;
@@ -13,8 +41,8 @@ type syncthing_exec_t;
init_daemon_domain(syncthing_t, syncthing_exec_t)
userdom_user_application_domain(syncthing_t, syncthing_exec_t)
-type syncthing_config_home_t;
-userdom_user_home_content(syncthing_config_home_t)
+type syncthing_xdg_config_home_t alias syncthing_config_home_t;
+xdg_config_home_content(syncthing_xdg_config_home_t)
########################################
#
@@ -27,9 +55,10 @@ allow syncthing_t self:tcp_socket { listen accept };
can_exec(syncthing_t, syncthing_exec_t)
-manage_dirs_pattern(syncthing_t, syncthing_config_home_t, syncthing_config_home_t)
-manage_files_pattern(syncthing_t, syncthing_config_home_t, syncthing_config_home_t)
-manage_lnk_files_pattern(syncthing_t, syncthing_config_home_t, syncthing_config_home_t)
+manage_dirs_pattern(syncthing_t, syncthing_xdg_config_home_t, syncthing_xdg_config_home_t)
+manage_files_pattern(syncthing_t, syncthing_xdg_config_home_t, syncthing_xdg_config_home_t)
+manage_lnk_files_pattern(syncthing_t, syncthing_xdg_config_home_t, syncthing_xdg_config_home_t)
+xdg_config_home_filetrans(syncthing_t, syncthing_xdg_config_home_t, dir)
kernel_read_kernel_sysctls(syncthing_t)
kernel_read_net_sysctls(syncthing_t)
@@ -58,13 +87,9 @@ auth_use_nsswitch(syncthing_t)
miscfiles_read_generic_certs(syncthing_t)
miscfiles_read_localization(syncthing_t)
-userdom_manage_user_home_content_files(syncthing_t)
-userdom_manage_user_home_content_dirs(syncthing_t)
-userdom_manage_user_home_content_symlinks(syncthing_t)
-userdom_user_home_dir_filetrans_user_home_content(syncthing_t, dir)
+userdom_user_content_access_template(syncthing_t)
+
userdom_use_user_terminals(syncthing_t)
-# newly created files in ~/.config/syncthing/ will transition to syncthing_config_home_t
-userdom_user_home_content_filetrans(syncthing_t, syncthing_config_home_t, dir, "syncthing")
optional_policy(`
# temporary hack for /run/NetworkManager/resolv.conf until we make this part of sysnet_dns_name_resolve()
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
` (18 preceding siblings ...)
2017-05-22 16:11 ` [refpolicy] [PATCH 19/19] Switch syncthing to XDG config types and make " Sven Vermeulen
@ 2017-05-23 0:02 ` Chris PeBenito
19 siblings, 0 replies; 21+ messages in thread
From: Chris PeBenito @ 2017-05-23 0:02 UTC (permalink / raw)
To: refpolicy
On 05/22/2017 12:11 PM, Sven Vermeulen via refpolicy wrote:
> This is the patch set that implements the more granular approach to user
> resources (files, directories) in the users' home directory. It requires
> the first patch set (which introduces the support for this more granular
> approach) which has been submitted earlier on.
>
> To recap, the first patch set introduces a number of additional types
> and attributes to support the XDG related resource locations, divided in
> two sets:
> - The main XDG locations used for user-specific application data (in
> ~/.local, marked as xdg_data_home_t), user-specific cache data (in
> ~/.cache, marked as xdg_cache_hone_t), and user-specific application
> configuration data (in ~/.config, marked as xdg_config_home_t).
> It also enables support for application/domain-specific types within
> (such as mozilla_xdg_config_home_t).
> - End user resource locations tailored to the common resource types. It
> enables the "Documents/" location to be marked with xdg_documents_t,
> "Downloads/" with xdg_downloads_t, "Pictures/" with xdg_pictures_t,
> "Music/" with xdg_music_t and "Videos/" with xdg_videos_t.
>
> This patchset updates a number of application domains to support
> these locations. Note that not all of Guido's work (who retriggered
> the upstreaming of this patch set) is included here, as some of the
> suggested changes were harder for me to review or confirm. However,
> these can be easily reapplied if needed.
I looked through only some of these, because of the comments on the main
XDG patch set. I didn't notice anything that jumped out at me except
for what seemed to be unnecessary type renaming in the telepathy module.
> Sven Vermeulen (19):
> Enhance evolution domain with XDG privilege sets
> Enhance gnome domains with XDG privilege sets
> Enhance minidlna domain with XDG privilege sets
> Enhance mozilla domain with XDG privilege sets
> Enhance mplayer domains with XDG privilege sets
> Enhance pulseaudio domain with XDG privilege sets
> Enhance telepathy domains with XDG privilege sets
> Enhance thunderbird domain with XDG privilege sets
> Make cron user content access optional
> Make firstboot user content access optional
> Make gpg user content access optional
> Make i18n_input user content access optional
> Make irc user content access optional
> Make java user content access optional
> Make openoffice user content access optional
> Make postfix user content access optional
> Make wireshark user content access optional
> Make xscreensever user content access optional
> Switch syncthing to XDG config types and make user content access
> optional
>
> cron.te | 49 +++++++++++++++++++++++++++++++---------
> evolution.fc | 3 +++
> evolution.te | 61 +++++++++++++++++++++++++++++++++++++++++++------
> firstboot.te | 42 +++++++++++++++++++++++++++++-----
> gnome.fc | 5 +++++
> gnome.te | 34 ++++++++++++++++++++++++++++
> gpg.te | 34 ++++++++++++++++++++++++++--
> i18n_input.te | 24 +++++++++++++++++++-
> irc.te | 34 +++++++++++++++++++++++++---
> java.te | 41 ++++++++++++++++++++++++++++-----
> minidlna.te | 4 ++++
> mozilla.fc | 1 +
> mozilla.te | 46 +++++++++++++++++++++++++++++++++----
> mplayer.te | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
> openoffice.te | 37 +++++++++++++++++++++++++-----
> postfix.te | 34 +++++++++++++++++++++++-----
> pulseaudio.fc | 2 +-
> pulseaudio.te | 11 +++++++++
> syncthing.fc | 2 +-
> syncthing.if | 8 +++----
> syncthing.te | 47 +++++++++++++++++++++++++++++---------
> telepathy.fc | 18 +++++++--------
> telepathy.if | 24 ++++++++++----------
> telepathy.te | 70 ++++++++++++++++++++++++++++-----------------------------
> thunderbird.te | 43 +++++++++++++++++++++++++++++++----
> wireshark.te | 33 +++++++++++++++++++++++++--
> xscreensaver.te | 26 ++++++++++++++++++++-
> 27 files changed, 667 insertions(+), 136 deletions(-)
>
--
Chris PeBenito
^ permalink raw reply [flat|nested] 21+ messages in thread
end of thread, other threads:[~2017-05-23 0:02 UTC | newest]
Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-22 16:11 [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 01/19] Enhance evolution domain with XDG privilege sets Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 02/19] Enhance gnome domains " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 03/19] Enhance minidlna domain " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 04/19] Enhance mozilla " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 05/19] Enhance mplayer domains " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 06/19] Enhance pulseaudio domain " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 07/19] Enhance telepathy domains " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 08/19] Enhance thunderbird domain " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 09/19] Make cron user content access optional Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 10/19] Make firstboot " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 11/19] Make gpg " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 12/19] Make i18n_input " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 13/19] Make irc " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 14/19] Make java " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 15/19] Make openoffice " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 16/19] Make postfix " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 17/19] Make wireshark " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 18/19] Make xscreensever " Sven Vermeulen
2017-05-22 16:11 ` [refpolicy] [PATCH 19/19] Switch syncthing to XDG config types and make " Sven Vermeulen
2017-05-23 0:02 ` [refpolicy] [PATCH 00/19] X Desktop Group location support and reduced user content access privileges, contrib part Chris PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.