commit: ec078ec960bf0bdade1b2f7d5438e30344c21956
Author: David Sugar <dsugar <AT> tresys <DOT> com>
AuthorDate: Tue Dec 12 02:15:18 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Wed Dec 13 12:03:31 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ec078ec9
Make an attribute for objects in /run/user/%{USERID}/*
Setup attribute user_runtime_content_type in userdomain for files in
/run/user/%{USERID}/* interfaces to associate this attribute with types and
interfaces to delete types with this attribute.
Signed-off-by: Dave Sugar <dsugar <AT> tresys.com>
policy/modules/system/userdomain.if | 156 +++++++++++++++++++++++++++++++++++-
policy/modules/system/userdomain.te | 4 +
2 files changed, 159 insertions(+), 1 deletion(-)
diff --git a/policy/modules/system/userdomain.if
b/policy/modules/system/userdomain.if
index 68e0ee8b..696983f1 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -2978,6 +2978,28 @@ interface(`userdom_relabel_user_tmpfs_files',`
########################################
## <summary>
+## Make the specified type usable in
+## the directory /run/user/%{USERID}/.
+## </summary>
+## <param name="type">
+## <summary>
+## Type to be used as a file in the
+## user_runtime_content_dir_t.
+## </summary>
+## </param>
+#
+interface(`userdom_user_runtime_content',`
+ gen_require(`
+ attribute user_runtime_content_type;
+ ')
+
+ typeattribute $1 user_runtime_content_type;
+ files_type($1)
+ ubac_constrained($1)
+')
+
+########################################
+## <summary>
## Search users runtime directories.
## </summary>
## <param name="domain">
@@ -3143,7 +3165,139 @@ interface(`userdom_delete_user_runtime_files',`
')
allow $1 user_runtime_t:dir list_dir_perms;
- allow $1 user_runtime_t:file unlink;
+ allow $1 user_runtime_t:file delete_file_perms;
+')
+
+########################################
+## <summary>
+## Search users runtime directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_search_all_user_runtime',`
+ gen_require(`
+ attribute user_runtime_content_type;
+ ')
+
+ allow $1 user_runtime_content_type:dir search_dir_perms;
+ userdom_search_user_runtime_root($1)
+')
+
+########################################
+## <summary>
+## List user runtime directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_list_all_user_runtime',`
+ gen_require(`
+ attribute user_runtime_content_type;
+ ')
+
+ allow $1 user_runtime_content_type:dir list_dir_perms;
+ userdom_search_user_runtime($1)
+')
+
+########################################
+## <summary>
+## delete user runtime directories
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_delete_all_user_runtime_dirs',`
+ gen_require(`
+ attribute user_runtime_content_type;
+ ')
+
+ allow $1 user_runtime_content_type:dir { delete_dir_perms
del_entry_dir_perms list_dir_perms };
+')
+
+########################################
+## <summary>
+## delete user runtime files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_delete_all_user_runtime_files',`
+ gen_require(`
+ attribute user_runtime_content_type;
+ ')
+
+ allow $1 user_runtime_content_type:dir list_dir_perms;
+ allow $1 user_runtime_content_type:file delete_file_perms;
+')
+
+########################################
+## <summary>
+## delete user runtime symlink files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_delete_all_user_runtime_symlinks',`
+ gen_require(`
+ attribute user_runtime_content_type;
+ ')
+
+ allow $1 user_runtime_content_type:dir list_dir_perms;
+ allow $1 user_runtime_content_type:fifo_file delete_lnk_file_perms;
+')
+
+########################################
+## <summary>
+## delete user runtime fifo files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_delete_all_user_runtime_named_pipes',`
+ gen_require(`
+ attribute user_runtime_content_type;
+ ')
+
+ allow $1 user_runtime_content_type:dir list_dir_perms;
+ allow $1 user_runtime_content_type:fifo_file delete_fifo_file_perms;
+')
+
+########################################
+## <summary>
+## delete user runtime socket files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_delete_all_user_runtime_named_sockets',`
+ gen_require(`
+ attribute user_runtime_content_type;
+ ')
+
+ allow $1 user_runtime_content_type:dir list_dir_perms;
+ allow $1 user_runtime_content_type:file delete_sock_file_perms;
')
########################################
diff --git a/policy/modules/system/userdomain.te
b/policy/modules/system/userdomain.te
index 0e8aa374..a130215b 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -75,6 +75,9 @@ attribute unpriv_userdomain;
attribute user_home_content_type;
+# dirs/files/etc created in /run/user/%{USERID}/
+attribute user_runtime_content_type;
+
type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t
secadm_home_dir_t auditadm_home_dir_t unconfined_home_dir_t };
fs_associate_tmpfs(user_home_dir_t)
files_type(user_home_dir_t)
@@ -128,6 +131,7 @@ files_poly(user_runtime_t)
files_poly_member(user_runtime_t)
files_poly_parent(user_runtime_t)
ubac_constrained(user_runtime_t)
+userdom_user_runtime_content(user_runtime_t)
ifdef(`distro_gentoo',`
# We used to use cert_home_t but an upstream commit introduced the same
