From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7269AC43381 for ; Tue, 12 Mar 2019 00:51:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3A8112084F for ; Tue, 12 Mar 2019 00:51:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=ieee.org header.i=@ieee.org header.b="Vuho1R1d" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726209AbfCLAvx (ORCPT ); Mon, 11 Mar 2019 20:51:53 -0400 Received: from mail-qt1-f196.google.com ([209.85.160.196]:39416 "EHLO mail-qt1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725861AbfCLAvw (ORCPT ); Mon, 11 Mar 2019 20:51:52 -0400 Received: by mail-qt1-f196.google.com with SMTP id t28so757235qte.6 for ; Mon, 11 Mar 2019 17:51:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=rZgWgzTQEUrSSvOnUhXfiYcw7mAiQEIwnDaKe69wIKQ=; b=Vuho1R1doX7j9dpCf/H/9ceGm8FQTf7fV4GkRd9Y/1qUI8g1M6kKfHC7iKGI/ykOpa MffFYMsmUyhvM/Qh5OiBXQRfx2G4uY6U736tObd8yDF5OYQGNBULjJr4+RwdteRqIpJI bZRte2bExLGe6j2UZQNavJJk2SdyDRe8wJEwY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=rZgWgzTQEUrSSvOnUhXfiYcw7mAiQEIwnDaKe69wIKQ=; b=BFWq6qr3tToHWU8rvEJlelW7A5kY+tD33AsEalIZwhdkbciViKbTjRAhoC0udpbbbB M5XEf8YPZUN2UEsRRtXnCfOc3VbOYSmzsAa98wSGnAXTdG45agPtFlO+kPQly+qblAGJ YDQTTilVhg/CNrI8bK+YAIsUKmBAOc5MQ2SifOFmNvIYIEDnf502XBkIU0D6I1mcQNAn ceOCNyB/pkY7eoBXEsAZmc0S+ZlkTzbNUrJSt0mY2lmcx73KEi34XOCCK0BrG+LyCcoN A+yVjEfONGO7rCb/QXqevdbBpCQbozxe2YwSJ3udTc7T62UIcvyJfMy4oyti66VI+vgr cw5A== X-Gm-Message-State: APjAAAVLTAmXgMsnyENdxc/Ocr16w0pwDerJUikdcv+jxozeyd8wln7g kEq4EJhfOtWTR91CZHjzZ2DwK0pJhWI= X-Google-Smtp-Source: APXvYqxwjibY2mZCJj8WkN77cE1Y8mjiiK7ceT8ZQPa/U0V8kuxqT/EB+ZwMDHDv/90DHTh8IPjRgQ== X-Received: by 2002:a0c:c781:: with SMTP id k1mr4918750qvj.180.1552351911879; Mon, 11 Mar 2019 17:51:51 -0700 (PDT) Received: from [192.168.1.190] (pool-108-15-23-247.bltmmd.fios.verizon.net. [108.15.23.247]) by smtp.gmail.com with ESMTPSA id t55sm4844752qtt.57.2019.03.11.17.51.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Mar 2019 17:51:50 -0700 (PDT) Subject: Re: [PATCH v2] Add interface udev_run To: "Sugar, David" , "selinux-refpolicy@vger.kernel.org" References: <20190306190618.9089-1-dsugar@tresys.com> <2589f039-e841-127a-2238-cc672bd3786e@tresys.com> From: Chris PeBenito Message-ID: Date: Mon, 11 Mar 2019 20:51:50 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 In-Reply-To: <2589f039-e841-127a-2238-cc672bd3786e@tresys.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 3/7/19 10:01 PM, Sugar, David wrote: > > > On 3/7/19 6:55 PM, Chris PeBenito wrote: >> On 3/6/19 2:07 PM, Sugar, David wrote: >>> Altered to use roleattribute based on suggestion >>> >>> Signed-off-by: Dave Sugar >>> --- >>>   policy/modules/system/udev.if | 26 ++++++++++++++++++++++++++ >>>   policy/modules/system/udev.te |  2 ++ >>>   2 files changed, 28 insertions(+) >>> >>> diff --git a/policy/modules/system/udev.if >>> b/policy/modules/system/udev.if >>> index fee55852..90dfb17d 100644 >>> --- a/policy/modules/system/udev.if >>> +++ b/policy/modules/system/udev.if >>> @@ -36,6 +36,32 @@ interface(`udev_domtrans',` >>>       domtrans_pattern($1, udev_exec_t, udev_t) >>>   ') >>> +######################################## >>> +## >>> +##    Execute udev in the udev domain, and >>> +##    allow the specified role the udev domain. >>> +## >>> +## >>> +##    >>> +##    Domain allowed to transition. >>> +##    >>> +## >>> +## >>> +##    >>> +##    Role allowed access. >>> +##    >>> +## >>> +## >>> +# >>> +interface(`udev_run',` >>> +    gen_require(` >>> +        attribute_role udev_roles; >>> +    ') >>> + >>> +    udev_domtrans($1) >>> +    roleattribute $2 udev_roles; >>> +') >> >> Why is a user be starting this? >> > In this case it isn't a user starting udev, rather calling > "/usr/bin/udevadm info" to gather all the specific information about a > USB device. udevadm is labeled udev_exec_t. In that case I'd be more interested in seeing what it would take for a separate udevadm domain. If that proves to be too much like udev_t, then I'd accept the above patch. -- Chris PeBenito