[refpolicy] [PATCH 0/3] Implement X Desktop Group and relevant dependencies

[refpolicy] [PATCH 0/3] Implement X Desktop Group and relevant dependencies

[Dominick Grift]

This creates the user cache, config and data home content types and user cache, config and data home content attributes plus relevant dependencies. 

Dominick Grift (3):
  Create a attribute user_home_content_type and assign it to all types 
       that are classified userdom_user_home_content()
  These two attribute are unused
  Implement X Desktop Group

 policy/modules/services/xserver.fc  |   4 +
 policy/modules/services/xserver.if  | 533 ++++++++++++++++++++++++++++++++++++
 policy/modules/services/xserver.te  |  14 +
 policy/modules/system/userdomain.if | 101 +++++++
 policy/modules/system/userdomain.te |   3 +-
 5 files changed, 653 insertions(+), 2 deletions(-)

-- 
1.7.11.7

[refpolicy] [PATCH 1/3] Create a attribute user_home_content_type and assign it to all types that are classified userdom_user_home_content()

[Dominick Grift]

Create various interfaces using the user_home_content_type attribute for
tmpreaper

user_home_t, user_tmp_t and user_tmpfs_t are user_home_content_type
(why?) We should probably also create user_tmp_content_type and
user_tmpfs_content_type attributes and assign to userdom_tmp_file and
userdom_tmpfs_file respectively

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
---
 policy/modules/system/userdomain.if | 101 ++++++++++++++++++++++++++++++++++++
 policy/modules/system/userdomain.te |   2 +
 2 files changed, 103 insertions(+)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index b15630a..6d4424b 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1350,9 +1350,12 @@ interface(`userdom_user_application_domain',`
 #
 interface(`userdom_user_home_content',`
 	gen_require(`
+		attribute user_home_content_type;
 		type user_home_t;
 	')
 
+	typeattribute $1 user_home_content_type;
+
 	allow $1 user_home_t:filesystem associate;
 	files_type($1)
 	files_poly_member($1)
@@ -1704,6 +1707,25 @@ interface(`userdom_dontaudit_search_user_home_content',`
 
 ########################################
 ## <summary>
+##	List all users home content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`userdom_list_all_user_home_content',`
+	gen_require(`
+		attribute user_home_content_type;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 user_home_content_type:dir list_dir_perms;
+')
+
+########################################
+## <summary>
 ##	List contents of users home directory.
 ## </summary>
 ## <param name="domain">
@@ -1742,6 +1764,26 @@ interface(`userdom_manage_user_home_content_dirs',`
 
 ########################################
 ## <summary>
+##	Delete all user home content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`userdom_delete_all_user_home_content_dirs',`
+	gen_require(`
+		attribute user_home_content_type;
+		type user_home_dir_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	delete_files_pattern($1, { user_home_dir_t user_home_content_type }, user_home_content_type)
+')
+
+########################################
+## <summary>
 ##	Delete directories in a user home subdirectory.
 ## </summary>
 ## <param name="domain">
@@ -1760,6 +1802,25 @@ interface(`userdom_delete_user_home_content_dirs',`
 
 ########################################
 ## <summary>
+##	Set attributes of all user home content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`userdom_setattr_all_user_home_content_dirs',`
+	gen_require(`
+		attribute user_home_content_type;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 user_home_content_type:dir setattr_dir_perms;
+')
+
+########################################
+## <summary>
 ##	Do not audit attempts to set the
 ##	attributes of user home files.
 ## </summary>
@@ -1872,6 +1933,26 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
 
 ########################################
 ## <summary>
+##	Delete all user home content files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`userdom_delete_all_user_home_content_files',`
+	gen_require(`
+		attribute user_home_content_type;
+		type user_home_dir_t;
+	')
+
+	userdom_search_user_home_content($1)
+	delete_files_pattern($1 { user_home_dir_t user_home_content_type }, user_home_content_type)
+')
+
+########################################
+## <summary>
 ##	Delete files in a user home subdirectory.
 ## </summary>
 ## <param name="domain">
@@ -2034,6 +2115,26 @@ interface(`userdom_manage_user_home_content_symlinks',`
 
 ########################################
 ## <summary>
+##	Delete all user home content symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`userdom_delete_all_user_home_content_symlinks',`
+	gen_require(`
+		attribute user_home_content_type;
+		type user_home_dir_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	delete_lnk_files_pattern($1, { user_home_dir_t user_home_content_type }, user_home_content_type)
+')
+
+########################################
+## <summary>
 ##	Delete symbolic links in a user home directory.
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 460d96f..1f2a519 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -59,6 +59,8 @@ attribute unpriv_userdomain;
 attribute untrusted_content_type;
 attribute untrusted_content_tmp_type;
 
+attribute user_home_content_type;
+
 type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t secadm_home_dir_t auditadm_home_dir_t unconfined_home_dir_t };
 fs_associate_tmpfs(user_home_dir_t)
 files_type(user_home_dir_t)
-- 
1.7.11.7

[refpolicy] [PATCH 2/3] These two attribute are unused

[Dominick Grift]

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
---
 policy/modules/system/userdomain.te | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 1f2a519..5cd5f28 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -56,9 +56,6 @@ attribute userdomain;
 # unprivileged user domains
 attribute unpriv_userdomain;
 
-attribute untrusted_content_type;
-attribute untrusted_content_tmp_type;
-
 attribute user_home_content_type;
 
 type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t secadm_home_dir_t auditadm_home_dir_t unconfined_home_dir_t };
-- 
1.7.11.7

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[Dominick Grift]

Creates 3 type attributes for xdg cache (~/.cache), config (~/.config)
and data (~/.local/share user home content and assigns to
xserver_user_cache_home_content(), xserver_user_config_home_content()
and xserver_user_data_home_content() respectively

Creates 3 types for generic xdg user cache, config and data home
content, assigns to them their respective type attributes and
classifieds them user_home_content_type by calling xserver_user_cache,
config, data_home_content

Create the various basic interfaces that will be needed:

1. xserver_create_generic_user_cache, config, data, home_dirs:
   This will be used together with
   xserver_user_home_(content|dir)_filetrans_cache, config,
   data_home_content and allows the caller to create ~/.cache, ~/.config
   and ~/.local/share directories. Each XDG aware program needs to be
   able to create these.

2. xserver_read|manage_generic_user_cache, config, data_home_content:
   By default content is created with a generic type and these broad
   interfaces allow the caller to read of manage content with these
   generic types

3. xserver_user_cache, config, data_home_content_filetrans:
   Allows callers to create specified objects in these location with a
   private type

Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
(user_data_home_t)

There is a little issue with user_data_home, this is content for
~/.local/share and as per xdg specification "share" is the user data
root dir instead of ~/.local, that means that the type transition
happens on user home content instead of user home dir. this makes it a
bit more prone to error since all directories named share created by
xserver_restricted_role callers in generic user home content
directories will be created with user_data_home_t. We could consider
using ~/.local instead

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
---
 policy/modules/services/xserver.fc |   4 +
 policy/modules/services/xserver.if | 533 +++++++++++++++++++++++++++++++++++++
 policy/modules/services/xserver.te |  14 +
 3 files changed, 551 insertions(+)

diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
index 9393f65..e64ecb2 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -1,6 +1,10 @@
 #
 # HOME_DIR
 #
+
+HOME_DIR/\.cache(/.*)?	gen_context(system_u:object_r:user_cache_home_t,s0)
+HOME_DIR/\.config(/.*)?	gen_context(system_u:object_r:user_config_home_t,s0)
+HOME_DIR/\.local/share(/.*)?	gen_context(system_u:object_r:user_data_home_t,s0)
 HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
 HOME_DIR/\.fonts(/.*)?		gen_context(system_u:object_r:user_fonts_t,s0)
 HOME_DIR/\.fonts/auto(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 6bf0ecc..c4f7cb4 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -22,6 +22,7 @@ interface(`xserver_restricted_role',`
 		type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
 		type iceauth_t, iceauth_exec_t, iceauth_home_t;
 		type xauth_t, xauth_exec_t, xauth_home_t;
+		type user_cache_home_t, user_config_home_t, user_data_home_t;
 	')
 
 	role $1 types { xserver_t xauth_t iceauth_t };
@@ -34,6 +35,16 @@ interface(`xserver_restricted_role',`
 
 	allow xserver_t $2:shm rw_shm_perms;
 
+	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	userdom_user_home_dir_filetrans($2, user_cache_home_t, dir, ".cache")
+	userdom_user_home_dir_filetrans($2, user_config_home_t, dir, ".config")
+	userdom_user_home_content_filetrans($2, user_data_home_t, dir, "share")
+
 	allow $2 user_fonts_t:dir list_dir_perms;
 	allow $2 user_fonts_t:file read_file_perms;
 
@@ -531,6 +542,72 @@ interface(`xserver_use_user_fonts',`
 
 ########################################
 ## <summary>
+##	Make the specified type usable in a
+##	user cache home directory.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a file in the
+##	user cache home directory.
+##	</summary>
+## </param>
+#
+interface(`xserver_user_cache_home_content',`
+	gen_require(`
+		attribute xserver_user_cache_home_content_type;
+	')
+
+	typeattribute $1 xserver_user_cache_home_content_type;
+
+	userdom_user_home_content($1)
+')
+
+########################################
+## <summary>
+##	Make the specified type usable in a
+##	user config home directory.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a file in the
+##	user config home directory.
+##	</summary>
+## </param>
+#
+interface(`xserver_user_config_home_content',`
+	gen_require(`
+		attribute xserver_user_config_home_content_type;
+	')
+
+	typeattribute $1 xserver_user_config_home_content_type;
+
+	userdom_user_home_content($1)
+')
+
+########################################
+## <summary>
+##	Make the specified type usable in a
+##	user data home directory.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a file in the
+##	user data home directory.
+##	</summary>
+## </param>
+#
+interface(`xserver_user_data_home_content',`
+	gen_require(`
+		attribute xserver_user_data_home_content_type;
+	')
+
+	typeattribute $1 xserver_user_data_home_content_type;
+
+	userdom_user_home_content($1)
+')
+
+########################################
+## <summary>
 ##	Transition to the Xauthority domain.
 ## </summary>
 ## <param name="domain">
@@ -1272,6 +1349,462 @@ interface(`xserver_manage_core_devices',`
 
 ########################################
 ## <summary>
+##	Create generic user cache home
+##	content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_create_generic_user_cache_home_content_dirs',`
+	gen_require(`
+		type user_cache_home_t;
+	')
+
+	allow $1 user_cache_home_t:dir create_dir_perms;
+')
+
+########################################
+## <summary>
+##	Read generic user cache home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_read_generic_user_cache_home_content',`
+	gen_require(`
+		type user_cache_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 user_cache_home_t:dir list_dir_perms;
+	allow $1 user_cache_home_t:file read_file_perms;
+	allow $1 user_cache_home_t:fifo_file read_fifo_file_perms;
+	allow $1 user_cache_home_t:lnk_file read_lnk_file_perms;
+	allow $1 user_cache_home_t:sock_file read_sock_file_perms;
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	generic user cache home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_manage_generic_user_cache_home_content',`
+	gen_require(`
+		type user_cache_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 user_cache_home_t:dir manage_dir_perms;
+	allow $1 user_cache_home_t:file manage_file_perms;
+	allow $1 user_cache_home_t:fifo_file manage_fifo_file_perms;
+	allow $1 user_cache_home_t:lnk_file manage_lnk_file_perms;
+	allow $1 user_cache_home_t:sock_file manage_sock_file_perms;
+')
+
+########################################
+## <summary>
+##	Search generic user cache home
+##	content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_search_generic_user_cache_home_content',`
+	gen_require(`
+		type user_cache_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 user_cache_home_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+##	Create specified objects in generic
+##	user cache home content directories
+##	with a private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	Private file type.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+interface(`xserver_user_cache_home_content_filetrans',`
+	gen_require(`
+		type user_cache_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	filetrans_pattern($1, user_cache_home_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+##	Create specified objects in user home
+##	directories with the generic user
+##	cache home content type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+interface(`xserver_user_home_dir_filetrans_user_cache_home_content',`
+	gen_require(`
+		type user_cache_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, user_cache_home_t, $2, $3)
+')
+
+########################################
+## <summary>
+##	Create generic user config home
+##	content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_create_generic_user_config_home_content_dirs',`
+	gen_require(`
+		type user_config_home_t;
+	')
+
+	allow $1 user_config_home_t:dir create_dir_perms;
+')
+
+########################################
+## <summary>
+##	Read generic user config home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_read_generic_user_config_home_content',`
+	gen_require(`
+		type user_config_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 user_config_home_t:dir list_dir_perms;
+	allow $1 user_config_home_t:file read_file_perms;
+	allow $1 user_config_home_t:fifo_file read_fifo_file_perms;
+	allow $1 user_config_home_t:lnk_file read_lnk_file_perms;
+	allow $1 user_config_home_t:sock_file read_sock_file_perms;
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	generic user config home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_manage_generic_user_config_home_content',`
+	gen_require(`
+		type user_config_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 user_config_home_t:dir manage_dir_perms;
+	allow $1 user_config_home_t:file manage_file_perms;
+	allow $1 user_config_home_t:fifo_file manage_fifo_file_perms;
+	allow $1 user_config_home_t:lnk_file manage_lnk_file_perms;
+	allow $1 user_config_home_t:sock_file manage_sock_file_perms;
+')
+
+########################################
+## <summary>
+##	Search generic user config home
+##	content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_search_generic_user_config_home_content',`
+	gen_require(`
+		type user_config_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 user_config_home_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+##	Create specified objects in generic
+##	user config home content directories
+##	with a private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	Private file type.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+interface(`xserver_user_config_home_content_filetrans',`
+	gen_require(`
+		type user_config_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	filetrans_pattern($1, user_config_home_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+##	Create specified objects in user home
+##	directories with the generic user
+##	config home content type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+interface(`xserver_user_home_dir_filetrans_user_config_home_content',`
+	gen_require(`
+		type user_config_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, user_config_home_t, $2, $3)
+')
+
+########################################
+## <summary>
+##	Create generic user data home
+##	content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_create_generic_user_data_home_content_dirs',`
+	gen_require(`
+		type user_data_home_t;
+	')
+
+	allow $1 user_data_home_t:dir create_dir_perms;
+')
+
+########################################
+## <summary>
+##	Read generic user data home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_read_generic_user_data_home_content',`
+	gen_require(`
+		type user_data_home_t;
+	')
+
+	userdom_search_user_home_content($1)
+	allow $1 user_data_home_t:dir list_dir_perms;
+	allow $1 user_data_home_t:file read_file_perms;
+	allow $1 user_data_home_t:fifo_file read_fifo_file_perms;
+	allow $1 user_data_home_t:lnk_file read_lnk_file_perms;
+	allow $1 user_data_home_t:sock_file read_sock_file_perms;
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	generic user data home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_manage_generic_user_data_home_content',`
+	gen_require(`
+		type user_data_home_t;
+	')
+
+	userdom_search_user_home_content($1)
+	allow $1 user_data_home_t:dir manage_dir_perms;
+	allow $1 user_data_home_t:file manage_file_perms;
+	allow $1 user_data_home_t:fifo_file manage_fifo_file_perms;
+	allow $1 user_data_home_t:lnk_file manage_lnk_file_perms;
+	allow $1 user_data_home_t:sock_file manage_sock_file_perms;
+')
+
+########################################
+## <summary>
+##	Search generic user data home
+##	content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_search_generic_user_data_home_content',`
+	gen_require(`
+		type user_data_home_t;
+	')
+
+	userdom_search_user_home_content($1)
+	allow $1 user_data_home_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+##	Create specified objects in generic
+##	user data home content directories
+##	with a private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	Private file type.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+interface(`xserver_user_data_home_content_filetrans',`
+	gen_require(`
+		type user_data_home_t;
+	')
+
+	userdom_search_user_home_content($1)
+	filetrans_pattern($1, user_data_home_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+##	Create specified objects in user home
+##	content directories with the generic
+##	user data home content type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+interface(`xserver_user_home_content_filetrans_user_data_home_content',`
+	gen_require(`
+		type user_data_home_t;
+	')
+
+	userdom_user_home_content_filetrans($1, user_data_home_t, $2, $3)
+')
+
+########################################
+## <summary>
 ##	Interface to provide X object permissions on a given X server to
 ##	an X client domain.  Gives the domain complete control over the
 ##	display.
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 9bc86a0..a42f9bc 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
 
 attribute x_domain;
 
+# X Desktop Group
+attribute xserver_user_cache_home_content_type;
+attribute xserver_user_config_home_content_type;
+attribute xserver_user_data_home_content_type;
+
 # X Events
 attribute xevent_type;
 attribute input_xevent_type;
@@ -106,6 +111,15 @@ type remote_t;
 xserver_object_types_template(remote)
 xserver_common_x_domain_template(remote, remote_t)
 
+type user_cache_home_t;
+xserver_user_cache_home_content(user_cache_home_t)
+
+type user_config_home_t;
+xserver_user_config_home_content(user_config_home_t)
+
+type user_data_home_t;
+xserver_user_data_home_content(user_data_home_t)
+
 type user_fonts_t;
 typealias user_fonts_t alias { staff_fonts_t sysadm_fonts_t };
 typealias user_fonts_t alias { auditadm_fonts_t secadm_fonts_t };
-- 
1.7.11.7

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[Christopher J. PeBenito]

Overall, I'm ok with this, but have a couple questions:

On 11/05/12 06:55, Dominick Grift wrote:
> Creates 3 type attributes for xdg cache (~/.cache), config (~/.config)
> and data (~/.local/share user home content and assigns to
> xserver_user_cache_home_content(), xserver_user_config_home_content()
> and xserver_user_data_home_content() respectively
> 
> Creates 3 types for generic xdg user cache, config and data home
> content, assigns to them their respective type attributes and
> classifieds them user_home_content_type by calling xserver_user_cache,
> config, data_home_content
> 
> Create the various basic interfaces that will be needed:
> 
> 1. xserver_create_generic_user_cache, config, data, home_dirs:
>    This will be used together with
>    xserver_user_home_(content|dir)_filetrans_cache, config,
>    data_home_content and allows the caller to create ~/.cache, ~/.config
>    and ~/.local/share directories. Each XDG aware program needs to be
>    able to create these.
> 
> 2. xserver_read|manage_generic_user_cache, config, data_home_content:
>    By default content is created with a generic type and these broad
>    interfaces allow the caller to read of manage content with these
>    generic types
> 
> 3. xserver_user_cache, config, data_home_content_filetrans:
>    Allows callers to create specified objects in these location with a
>    private type
> 
> Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
> ~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
> (user_data_home_t)

I'm not sure that user_data_home_t is the best name.  I thought about user_local_home_t, but thats vague too.  Sven has been putting forward a patch for this stuff for a while too, and I'm thinking the it might make sense to have xdg in the type names.  

> There is a little issue with user_data_home, this is content for
> ~/.local/share and as per xdg specification "share" is the user data
> root dir instead of ~/.local, that means that the type transition
> happens on user home content instead of user home dir. this makes it a
> bit more prone to error since all directories named share created by
> xserver_restricted_role callers in generic user home content
> directories will be created with user_data_home_t. We could consider
> using ~/.local instead

It seems that .local would probably be a better idea, since it keeps errors down.  I looked on my system, and all I have in ~/.local is share anyway.

[cut]
> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> index 9bc86a0..a42f9bc 100644
> --- a/policy/modules/services/xserver.te
> +++ b/policy/modules/services/xserver.te
> @@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
>  
>  attribute x_domain;
>  
> +# X Desktop Group
> +attribute xserver_user_cache_home_content_type;
> +attribute xserver_user_config_home_content_type;
> +attribute xserver_user_data_home_content_type;
> +
>  # X Events
>  attribute xevent_type;
>  attribute input_xevent_type;

I'm unclear what the purpose of these attributes will be.  Do you expect to have interfaces that work on these?

I've merged the other two patches.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[Dominick Grift]

On Tue, 2012-11-27 at 08:19 -0500, Christopher J. PeBenito wrote:
> On 11/26/12 12:23, Dominick Grift wrote:
> > On Mon, 2012-11-26 at 11:35 -0500, Christopher J. PeBenito wrote:
> >> Overall, I'm ok with this, but have a couple questions:
> 
> Is there a particular reason you took this off list, or did you forget to reply-all?

Nope, i guess i did not hit reply-to-all. I have Cc'd refpolicy list
this time

> >> On 11/05/12 06:55, Dominick Grift wrote:
> >>> Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
> >>> ~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
> >>> (user_data_home_t)
> >>
> >> I'm not sure that user_data_home_t is the best name.  I thought about user_local_home_t, but thats vague too.  Sven has been putting forward a patch for this stuff for a while too, and I'm thinking the it might make sense to have xdg in the type names.  
> > 
> > i dont mind the name just ell me which one you want. i personally like
> > this best but i have no problem with changing it
> 
> I don't have a specific idea, I was hoping for some feedback on-list.
> 

Ok i have Cc'd the list this time so that others can chime in.
I am fine with whatever we can get consensus on

> >>> There is a little issue with user_data_home, this is content for
> >>> ~/.local/share and as per xdg specification "share" is the user data
> >>> root dir instead of ~/.local, that means that the type transition
> >>> happens on user home content instead of user home dir. this makes it a
> >>> bit more prone to error since all directories named share created by
> >>> xserver_restricted_role callers in generic user home content
> >>> directories will be created with user_data_home_t. We could consider
> >>> using ~/.local instead
> >>
> >> It seems that .local would probably be a better idea, since it keeps errors down.  I looked on my system, and all I have in ~/.local is share anyway.
> >>
> > 
> > well i have for example ~/.local/bin
> > 
> > Again i am fine with both let me know what you want
> 
> Do you have any other examples?  Its unclear what is best.
> 

No, not currently. Its just that xdg spec is pretty clear about the
location of the data dir:  .local/share, so i assume that if they
meant .local, that they would have specified that instead

> >> [cut]
> >>> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> >>> index 9bc86a0..a42f9bc 100644
> >>> --- a/policy/modules/services/xserver.te
> >>> +++ b/policy/modules/services/xserver.te
> >>> @@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
> >>>  
> >>>  attribute x_domain;
> >>>  
> >>> +# X Desktop Group
> >>> +attribute xserver_user_cache_home_content_type;
> >>> +attribute xserver_user_config_home_content_type;
> >>> +attribute xserver_user_data_home_content_type;
> >>> +
> >>>  # X Events
> >>>  attribute xevent_type;
> >>>  attribute input_xevent_type;
> >>
> >> I'm unclear what the purpose of these attributes will be.  Do you expect to have interfaces that work on these?
> > 
> > 
> > we could leave those out for now but i think at some point some domains
> > will probably need access to all cache, config and data content types
> > rather then just the generic or a single private type
> 
> I'd prefer to leave it out.  Its easy enough to add.
> 

True, ok will remove that in a new patch when we figure out how to deal
with the other issues

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[Sven Vermeulen]

On Nov 26, 2012 5:35 PM, "Christopher J. PeBenito" <cpebenito@tresys.com>
wrote:
> I'm not sure that user_data_home_t is the best name.  I thought about
user_local_home_t, but thats vague too.  Sven has been putting forward a
patch for this stuff for a while too, and I'm thinking the it might make
sense to have xdg in the type names.

We currently use xdg_<type>_home_t where type refers to the xdg content
type. But prior to the name, a first question would be if we should make
the type declarations part of an existing domain or not.

I currently use a separate module to ease the management.

> It seems that .local would probably be a better idea, since it keeps
errors down.  I looked on my system, and all I have in ~/.local is share
anyway.

True, but as Dominick saud, XDG currently defines it as such.

Wkr,

  Sven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20121127/6a8eddb0/attachment.html 

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[grift]

Are we ready to make a decision yet with regard to the two outstanding
issues?

- best type names? (my preference user_data_home_t, user_config_home_t,
user_cache_home_t)
- should be label ~/.local/share with the xdg data home type or ~/.local
( my preference ~/.local/share)

But i will go with whatever in the end

On Mon, 2012-11-05 at 12:55 +0100, Dominick Grift wrote:
> Creates 3 type attributes for xdg cache (~/.cache), config (~/.config)
> and data (~/.local/share user home content and assigns to
> xserver_user_cache_home_content(), xserver_user_config_home_content()
> and xserver_user_data_home_content() respectively
> 
> Creates 3 types for generic xdg user cache, config and data home
> content, assigns to them their respective type attributes and
> classifieds them user_home_content_type by calling xserver_user_cache,
> config, data_home_content
> 
> Create the various basic interfaces that will be needed:
> 
> 1. xserver_create_generic_user_cache, config, data, home_dirs:
>    This will be used together with
>    xserver_user_home_(content|dir)_filetrans_cache, config,
>    data_home_content and allows the caller to create ~/.cache, ~/.config
>    and ~/.local/share directories. Each XDG aware program needs to be
>    able to create these.
> 
> 2. xserver_read|manage_generic_user_cache, config, data_home_content:
>    By default content is created with a generic type and these broad
>    interfaces allow the caller to read of manage content with these
>    generic types
> 
> 3. xserver_user_cache, config, data_home_content_filetrans:
>    Allows callers to create specified objects in these location with a
>    private type
> 
> Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
> ~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
> (user_data_home_t)
> 
> There is a little issue with user_data_home, this is content for
> ~/.local/share and as per xdg specification "share" is the user data
> root dir instead of ~/.local, that means that the type transition
> happens on user home content instead of user home dir. this makes it a
> bit more prone to error since all directories named share created by
> xserver_restricted_role callers in generic user home content
> directories will be created with user_data_home_t. We could consider
> using ~/.local instead
> 
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> ---
>  policy/modules/services/xserver.fc |   4 +
>  policy/modules/services/xserver.if | 533 +++++++++++++++++++++++++++++++++++++
>  policy/modules/services/xserver.te |  14 +
>  3 files changed, 551 insertions(+)
> 
> diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
> index 9393f65..e64ecb2 100644
> --- a/policy/modules/services/xserver.fc
> +++ b/policy/modules/services/xserver.fc
> @@ -1,6 +1,10 @@
>  #
>  # HOME_DIR
>  #
> +
> +HOME_DIR/\.cache(/.*)?	gen_context(system_u:object_r:user_cache_home_t,s0)
> +HOME_DIR/\.config(/.*)?	gen_context(system_u:object_r:user_config_home_t,s0)
> +HOME_DIR/\.local/share(/.*)?	gen_context(system_u:object_r:user_data_home_t,s0)
>  HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
>  HOME_DIR/\.fonts(/.*)?		gen_context(system_u:object_r:user_fonts_t,s0)
>  HOME_DIR/\.fonts/auto(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
> diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
> index 6bf0ecc..c4f7cb4 100644
> --- a/policy/modules/services/xserver.if
> +++ b/policy/modules/services/xserver.if
> @@ -22,6 +22,7 @@ interface(`xserver_restricted_role',`
>  		type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
>  		type iceauth_t, iceauth_exec_t, iceauth_home_t;
>  		type xauth_t, xauth_exec_t, xauth_home_t;
> +		type user_cache_home_t, user_config_home_t, user_data_home_t;
>  	')
>  
>  	role $1 types { xserver_t xauth_t iceauth_t };
> @@ -34,6 +35,16 @@ interface(`xserver_restricted_role',`
>  
>  	allow xserver_t $2:shm rw_shm_perms;
>  
> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:file { manage_file_perms relabel_file_perms };
> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
> +
> +	userdom_user_home_dir_filetrans($2, user_cache_home_t, dir, ".cache")
> +	userdom_user_home_dir_filetrans($2, user_config_home_t, dir, ".config")
> +	userdom_user_home_content_filetrans($2, user_data_home_t, dir, "share")
> +
>  	allow $2 user_fonts_t:dir list_dir_perms;
>  	allow $2 user_fonts_t:file read_file_perms;
>  
> @@ -531,6 +542,72 @@ interface(`xserver_use_user_fonts',`
>  
>  ########################################
>  ## <summary>
> +##	Make the specified type usable in a
> +##	user cache home directory.
> +## </summary>
> +## <param name="type">
> +##	<summary>
> +##	Type to be used as a file in the
> +##	user cache home directory.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_user_cache_home_content',`
> +	gen_require(`
> +		attribute xserver_user_cache_home_content_type;
> +	')
> +
> +	typeattribute $1 xserver_user_cache_home_content_type;
> +
> +	userdom_user_home_content($1)
> +')
> +
> +########################################
> +## <summary>
> +##	Make the specified type usable in a
> +##	user config home directory.
> +## </summary>
> +## <param name="type">
> +##	<summary>
> +##	Type to be used as a file in the
> +##	user config home directory.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_user_config_home_content',`
> +	gen_require(`
> +		attribute xserver_user_config_home_content_type;
> +	')
> +
> +	typeattribute $1 xserver_user_config_home_content_type;
> +
> +	userdom_user_home_content($1)
> +')
> +
> +########################################
> +## <summary>
> +##	Make the specified type usable in a
> +##	user data home directory.
> +## </summary>
> +## <param name="type">
> +##	<summary>
> +##	Type to be used as a file in the
> +##	user data home directory.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_user_data_home_content',`
> +	gen_require(`
> +		attribute xserver_user_data_home_content_type;
> +	')
> +
> +	typeattribute $1 xserver_user_data_home_content_type;
> +
> +	userdom_user_home_content($1)
> +')
> +
> +########################################
> +## <summary>
>  ##	Transition to the Xauthority domain.
>  ## </summary>
>  ## <param name="domain">
> @@ -1272,6 +1349,462 @@ interface(`xserver_manage_core_devices',`
>  
>  ########################################
>  ## <summary>
> +##	Create generic user cache home
> +##	content directories.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_create_generic_user_cache_home_content_dirs',`
> +	gen_require(`
> +		type user_cache_home_t;
> +	')
> +
> +	allow $1 user_cache_home_t:dir create_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> +##	Read generic user cache home content.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_read_generic_user_cache_home_content',`
> +	gen_require(`
> +		type user_cache_home_t;
> +	')
> +
> +	userdom_search_user_home_dirs($1)
> +	allow $1 user_cache_home_t:dir list_dir_perms;
> +	allow $1 user_cache_home_t:file read_file_perms;
> +	allow $1 user_cache_home_t:fifo_file read_fifo_file_perms;
> +	allow $1 user_cache_home_t:lnk_file read_lnk_file_perms;
> +	allow $1 user_cache_home_t:sock_file read_sock_file_perms;
> +')
> +
> +########################################
> +## <summary>
> +##	Create, read, write, and delete
> +##	generic user cache home content.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_manage_generic_user_cache_home_content',`
> +	gen_require(`
> +		type user_cache_home_t;
> +	')
> +
> +	userdom_search_user_home_dirs($1)
> +	allow $1 user_cache_home_t:dir manage_dir_perms;
> +	allow $1 user_cache_home_t:file manage_file_perms;
> +	allow $1 user_cache_home_t:fifo_file manage_fifo_file_perms;
> +	allow $1 user_cache_home_t:lnk_file manage_lnk_file_perms;
> +	allow $1 user_cache_home_t:sock_file manage_sock_file_perms;
> +')
> +
> +########################################
> +## <summary>
> +##	Search generic user cache home
> +##	content directories.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_search_generic_user_cache_home_content',`
> +	gen_require(`
> +		type user_cache_home_t;
> +	')
> +
> +	userdom_search_user_home_dirs($1)
> +	allow $1 user_cache_home_t:dir search_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> +##	Create specified objects in generic
> +##	user cache home content directories
> +##	with a private type.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +## <param name="private_type">
> +##	<summary>
> +##	Private file type.
> +##	</summary>
> +## </param>
> +## <param name="object_class">
> +##	<summary>
> +##	Class of the object being created.
> +##	</summary>
> +## </param>
> +## <param name="name" optional="true">
> +##	<summary>
> +##	The name of the object being created.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_user_cache_home_content_filetrans',`
> +	gen_require(`
> +		type user_cache_home_t;
> +	')
> +
> +	userdom_search_user_home_dirs($1)
> +	filetrans_pattern($1, user_cache_home_t, $2, $3, $4)
> +')
> +
> +########################################
> +## <summary>
> +##	Create specified objects in user home
> +##	directories with the generic user
> +##	cache home content type.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +## <param name="object_class">
> +##	<summary>
> +##	Class of the object being created.
> +##	</summary>
> +## </param>
> +## <param name="name" optional="true">
> +##	<summary>
> +##	The name of the object being created.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_user_home_dir_filetrans_user_cache_home_content',`
> +	gen_require(`
> +		type user_cache_home_t;
> +	')
> +
> +	userdom_user_home_dir_filetrans($1, user_cache_home_t, $2, $3)
> +')
> +
> +########################################
> +## <summary>
> +##	Create generic user config home
> +##	content directories.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_create_generic_user_config_home_content_dirs',`
> +	gen_require(`
> +		type user_config_home_t;
> +	')
> +
> +	allow $1 user_config_home_t:dir create_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> +##	Read generic user config home content.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_read_generic_user_config_home_content',`
> +	gen_require(`
> +		type user_config_home_t;
> +	')
> +
> +	userdom_search_user_home_dirs($1)
> +	allow $1 user_config_home_t:dir list_dir_perms;
> +	allow $1 user_config_home_t:file read_file_perms;
> +	allow $1 user_config_home_t:fifo_file read_fifo_file_perms;
> +	allow $1 user_config_home_t:lnk_file read_lnk_file_perms;
> +	allow $1 user_config_home_t:sock_file read_sock_file_perms;
> +')
> +
> +########################################
> +## <summary>
> +##	Create, read, write, and delete
> +##	generic user config home content.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_manage_generic_user_config_home_content',`
> +	gen_require(`
> +		type user_config_home_t;
> +	')
> +
> +	userdom_search_user_home_dirs($1)
> +	allow $1 user_config_home_t:dir manage_dir_perms;
> +	allow $1 user_config_home_t:file manage_file_perms;
> +	allow $1 user_config_home_t:fifo_file manage_fifo_file_perms;
> +	allow $1 user_config_home_t:lnk_file manage_lnk_file_perms;
> +	allow $1 user_config_home_t:sock_file manage_sock_file_perms;
> +')
> +
> +########################################
> +## <summary>
> +##	Search generic user config home
> +##	content directories.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_search_generic_user_config_home_content',`
> +	gen_require(`
> +		type user_config_home_t;
> +	')
> +
> +	userdom_search_user_home_dirs($1)
> +	allow $1 user_config_home_t:dir search_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> +##	Create specified objects in generic
> +##	user config home content directories
> +##	with a private type.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +## <param name="private_type">
> +##	<summary>
> +##	Private file type.
> +##	</summary>
> +## </param>
> +## <param name="object_class">
> +##	<summary>
> +##	Class of the object being created.
> +##	</summary>
> +## </param>
> +## <param name="name" optional="true">
> +##	<summary>
> +##	The name of the object being created.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_user_config_home_content_filetrans',`
> +	gen_require(`
> +		type user_config_home_t;
> +	')
> +
> +	userdom_search_user_home_dirs($1)
> +	filetrans_pattern($1, user_config_home_t, $2, $3, $4)
> +')
> +
> +########################################
> +## <summary>
> +##	Create specified objects in user home
> +##	directories with the generic user
> +##	config home content type.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +## <param name="object_class">
> +##	<summary>
> +##	Class of the object being created.
> +##	</summary>
> +## </param>
> +## <param name="name" optional="true">
> +##	<summary>
> +##	The name of the object being created.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_user_home_dir_filetrans_user_config_home_content',`
> +	gen_require(`
> +		type user_config_home_t;
> +	')
> +
> +	userdom_user_home_dir_filetrans($1, user_config_home_t, $2, $3)
> +')
> +
> +########################################
> +## <summary>
> +##	Create generic user data home
> +##	content directories.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_create_generic_user_data_home_content_dirs',`
> +	gen_require(`
> +		type user_data_home_t;
> +	')
> +
> +	allow $1 user_data_home_t:dir create_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> +##	Read generic user data home content.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_read_generic_user_data_home_content',`
> +	gen_require(`
> +		type user_data_home_t;
> +	')
> +
> +	userdom_search_user_home_content($1)
> +	allow $1 user_data_home_t:dir list_dir_perms;
> +	allow $1 user_data_home_t:file read_file_perms;
> +	allow $1 user_data_home_t:fifo_file read_fifo_file_perms;
> +	allow $1 user_data_home_t:lnk_file read_lnk_file_perms;
> +	allow $1 user_data_home_t:sock_file read_sock_file_perms;
> +')
> +
> +########################################
> +## <summary>
> +##	Create, read, write, and delete
> +##	generic user data home content.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_manage_generic_user_data_home_content',`
> +	gen_require(`
> +		type user_data_home_t;
> +	')
> +
> +	userdom_search_user_home_content($1)
> +	allow $1 user_data_home_t:dir manage_dir_perms;
> +	allow $1 user_data_home_t:file manage_file_perms;
> +	allow $1 user_data_home_t:fifo_file manage_fifo_file_perms;
> +	allow $1 user_data_home_t:lnk_file manage_lnk_file_perms;
> +	allow $1 user_data_home_t:sock_file manage_sock_file_perms;
> +')
> +
> +########################################
> +## <summary>
> +##	Search generic user data home
> +##	content directories.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_search_generic_user_data_home_content',`
> +	gen_require(`
> +		type user_data_home_t;
> +	')
> +
> +	userdom_search_user_home_content($1)
> +	allow $1 user_data_home_t:dir search_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> +##	Create specified objects in generic
> +##	user data home content directories
> +##	with a private type.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +## <param name="private_type">
> +##	<summary>
> +##	Private file type.
> +##	</summary>
> +## </param>
> +## <param name="object_class">
> +##	<summary>
> +##	Class of the object being created.
> +##	</summary>
> +## </param>
> +## <param name="name" optional="true">
> +##	<summary>
> +##	The name of the object being created.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_user_data_home_content_filetrans',`
> +	gen_require(`
> +		type user_data_home_t;
> +	')
> +
> +	userdom_search_user_home_content($1)
> +	filetrans_pattern($1, user_data_home_t, $2, $3, $4)
> +')
> +
> +########################################
> +## <summary>
> +##	Create specified objects in user home
> +##	content directories with the generic
> +##	user data home content type.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +## <param name="object_class">
> +##	<summary>
> +##	Class of the object being created.
> +##	</summary>
> +## </param>
> +## <param name="name" optional="true">
> +##	<summary>
> +##	The name of the object being created.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_user_home_content_filetrans_user_data_home_content',`
> +	gen_require(`
> +		type user_data_home_t;
> +	')
> +
> +	userdom_user_home_content_filetrans($1, user_data_home_t, $2, $3)
> +')
> +
> +########################################
> +## <summary>
>  ##	Interface to provide X object permissions on a given X server to
>  ##	an X client domain.  Gives the domain complete control over the
>  ##	display.
> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> index 9bc86a0..a42f9bc 100644
> --- a/policy/modules/services/xserver.te
> +++ b/policy/modules/services/xserver.te
> @@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
>  
>  attribute x_domain;
>  
> +# X Desktop Group
> +attribute xserver_user_cache_home_content_type;
> +attribute xserver_user_config_home_content_type;
> +attribute xserver_user_data_home_content_type;
> +
>  # X Events
>  attribute xevent_type;
>  attribute input_xevent_type;
> @@ -106,6 +111,15 @@ type remote_t;
>  xserver_object_types_template(remote)
>  xserver_common_x_domain_template(remote, remote_t)
>  
> +type user_cache_home_t;
> +xserver_user_cache_home_content(user_cache_home_t)
> +
> +type user_config_home_t;
> +xserver_user_config_home_content(user_config_home_t)
> +
> +type user_data_home_t;
> +xserver_user_data_home_content(user_data_home_t)
> +
>  type user_fonts_t;
>  typealias user_fonts_t alias { staff_fonts_t sysadm_fonts_t };
>  typealias user_fonts_t alias { auditadm_fonts_t secadm_fonts_t };

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[Christopher J. PeBenito]

On 11/29/12 08:09, grift wrote:
> Are we ready to make a decision yet with regard to the two outstanding
> issues?
> 
> - best type names? (my preference user_data_home_t, user_config_home_t,
> user_cache_home_t)

replace user with xdg, e.g. xdg_config_home_t.

> - should be label ~/.local/share with the xdg data home type or ~/.local
> ( my preference ~/.local/share)
> 
> But i will go with whatever in the end

Here's another option to consider:

$HOME/.local  -d  gen_context(system_u:object_r:xdg_local_home_t,s0)
$HOME/.local/share(/.*)?    gen_context(system_u:object_r:xdg_data_home_t,s0)

and then treat xdg_local_home_t similar to user_home_dir_t and filetrans everything under it.  Then the named filetrans for ~/.local/share will work right on top of any of the other random dirs that pop up under there.

> On Mon, 2012-11-05 at 12:55 +0100, Dominick Grift wrote:
>> Creates 3 type attributes for xdg cache (~/.cache), config (~/.config)
>> and data (~/.local/share user home content and assigns to
>> xserver_user_cache_home_content(), xserver_user_config_home_content()
>> and xserver_user_data_home_content() respectively
>>
>> Creates 3 types for generic xdg user cache, config and data home
>> content, assigns to them their respective type attributes and
>> classifieds them user_home_content_type by calling xserver_user_cache,
>> config, data_home_content
>>
>> Create the various basic interfaces that will be needed:
>>
>> 1. xserver_create_generic_user_cache, config, data, home_dirs:
>>    This will be used together with
>>    xserver_user_home_(content|dir)_filetrans_cache, config,
>>    data_home_content and allows the caller to create ~/.cache, ~/.config
>>    and ~/.local/share directories. Each XDG aware program needs to be
>>    able to create these.
>>
>> 2. xserver_read|manage_generic_user_cache, config, data_home_content:
>>    By default content is created with a generic type and these broad
>>    interfaces allow the caller to read of manage content with these
>>    generic types
>>
>> 3. xserver_user_cache, config, data_home_content_filetrans:
>>    Allows callers to create specified objects in these location with a
>>    private type
>>
>> Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
>> ~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
>> (user_data_home_t)
>>
>> There is a little issue with user_data_home, this is content for
>> ~/.local/share and as per xdg specification "share" is the user data
>> root dir instead of ~/.local, that means that the type transition
>> happens on user home content instead of user home dir. this makes it a
>> bit more prone to error since all directories named share created by
>> xserver_restricted_role callers in generic user home content
>> directories will be created with user_data_home_t. We could consider
>> using ~/.local instead
>>
>> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
>> ---
>>  policy/modules/services/xserver.fc |   4 +
>>  policy/modules/services/xserver.if | 533 +++++++++++++++++++++++++++++++++++++
>>  policy/modules/services/xserver.te |  14 +
>>  3 files changed, 551 insertions(+)
>>
>> diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
>> index 9393f65..e64ecb2 100644
>> --- a/policy/modules/services/xserver.fc
>> +++ b/policy/modules/services/xserver.fc
>> @@ -1,6 +1,10 @@
>>  #
>>  # HOME_DIR
>>  #
>> +
>> +HOME_DIR/\.cache(/.*)?	gen_context(system_u:object_r:user_cache_home_t,s0)
>> +HOME_DIR/\.config(/.*)?	gen_context(system_u:object_r:user_config_home_t,s0)
>> +HOME_DIR/\.local/share(/.*)?	gen_context(system_u:object_r:user_data_home_t,s0)
>>  HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
>>  HOME_DIR/\.fonts(/.*)?		gen_context(system_u:object_r:user_fonts_t,s0)
>>  HOME_DIR/\.fonts/auto(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
>> diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
>> index 6bf0ecc..c4f7cb4 100644
>> --- a/policy/modules/services/xserver.if
>> +++ b/policy/modules/services/xserver.if
>> @@ -22,6 +22,7 @@ interface(`xserver_restricted_role',`
>>  		type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
>>  		type iceauth_t, iceauth_exec_t, iceauth_home_t;
>>  		type xauth_t, xauth_exec_t, xauth_home_t;
>> +		type user_cache_home_t, user_config_home_t, user_data_home_t;
>>  	')
>>  
>>  	role $1 types { xserver_t xauth_t iceauth_t };
>> @@ -34,6 +35,16 @@ interface(`xserver_restricted_role',`
>>  
>>  	allow xserver_t $2:shm rw_shm_perms;
>>  
>> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
>> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:file { manage_file_perms relabel_file_perms };
>> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
>> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
>> +
>> +	userdom_user_home_dir_filetrans($2, user_cache_home_t, dir, ".cache")
>> +	userdom_user_home_dir_filetrans($2, user_config_home_t, dir, ".config")
>> +	userdom_user_home_content_filetrans($2, user_data_home_t, dir, "share")
>> +
>>  	allow $2 user_fonts_t:dir list_dir_perms;
>>  	allow $2 user_fonts_t:file read_file_perms;
>>  
>> @@ -531,6 +542,72 @@ interface(`xserver_use_user_fonts',`
>>  
>>  ########################################
>>  ## <summary>
>> +##	Make the specified type usable in a
>> +##	user cache home directory.
>> +## </summary>
>> +## <param name="type">
>> +##	<summary>
>> +##	Type to be used as a file in the
>> +##	user cache home directory.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_cache_home_content',`
>> +	gen_require(`
>> +		attribute xserver_user_cache_home_content_type;
>> +	')
>> +
>> +	typeattribute $1 xserver_user_cache_home_content_type;
>> +
>> +	userdom_user_home_content($1)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Make the specified type usable in a
>> +##	user config home directory.
>> +## </summary>
>> +## <param name="type">
>> +##	<summary>
>> +##	Type to be used as a file in the
>> +##	user config home directory.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_config_home_content',`
>> +	gen_require(`
>> +		attribute xserver_user_config_home_content_type;
>> +	')
>> +
>> +	typeattribute $1 xserver_user_config_home_content_type;
>> +
>> +	userdom_user_home_content($1)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Make the specified type usable in a
>> +##	user data home directory.
>> +## </summary>
>> +## <param name="type">
>> +##	<summary>
>> +##	Type to be used as a file in the
>> +##	user data home directory.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_data_home_content',`
>> +	gen_require(`
>> +		attribute xserver_user_data_home_content_type;
>> +	')
>> +
>> +	typeattribute $1 xserver_user_data_home_content_type;
>> +
>> +	userdom_user_home_content($1)
>> +')
>> +
>> +########################################
>> +## <summary>
>>  ##	Transition to the Xauthority domain.
>>  ## </summary>
>>  ## <param name="domain">
>> @@ -1272,6 +1349,462 @@ interface(`xserver_manage_core_devices',`
>>  
>>  ########################################
>>  ## <summary>
>> +##	Create generic user cache home
>> +##	content directories.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_create_generic_user_cache_home_content_dirs',`
>> +	gen_require(`
>> +		type user_cache_home_t;
>> +	')
>> +
>> +	allow $1 user_cache_home_t:dir create_dir_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Read generic user cache home content.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_read_generic_user_cache_home_content',`
>> +	gen_require(`
>> +		type user_cache_home_t;
>> +	')
>> +
>> +	userdom_search_user_home_dirs($1)
>> +	allow $1 user_cache_home_t:dir list_dir_perms;
>> +	allow $1 user_cache_home_t:file read_file_perms;
>> +	allow $1 user_cache_home_t:fifo_file read_fifo_file_perms;
>> +	allow $1 user_cache_home_t:lnk_file read_lnk_file_perms;
>> +	allow $1 user_cache_home_t:sock_file read_sock_file_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Create, read, write, and delete
>> +##	generic user cache home content.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_manage_generic_user_cache_home_content',`
>> +	gen_require(`
>> +		type user_cache_home_t;
>> +	')
>> +
>> +	userdom_search_user_home_dirs($1)
>> +	allow $1 user_cache_home_t:dir manage_dir_perms;
>> +	allow $1 user_cache_home_t:file manage_file_perms;
>> +	allow $1 user_cache_home_t:fifo_file manage_fifo_file_perms;
>> +	allow $1 user_cache_home_t:lnk_file manage_lnk_file_perms;
>> +	allow $1 user_cache_home_t:sock_file manage_sock_file_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Search generic user cache home
>> +##	content directories.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_search_generic_user_cache_home_content',`
>> +	gen_require(`
>> +		type user_cache_home_t;
>> +	')
>> +
>> +	userdom_search_user_home_dirs($1)
>> +	allow $1 user_cache_home_t:dir search_dir_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Create specified objects in generic
>> +##	user cache home content directories
>> +##	with a private type.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +## <param name="private_type">
>> +##	<summary>
>> +##	Private file type.
>> +##	</summary>
>> +## </param>
>> +## <param name="object_class">
>> +##	<summary>
>> +##	Class of the object being created.
>> +##	</summary>
>> +## </param>
>> +## <param name="name" optional="true">
>> +##	<summary>
>> +##	The name of the object being created.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_cache_home_content_filetrans',`
>> +	gen_require(`
>> +		type user_cache_home_t;
>> +	')
>> +
>> +	userdom_search_user_home_dirs($1)
>> +	filetrans_pattern($1, user_cache_home_t, $2, $3, $4)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Create specified objects in user home
>> +##	directories with the generic user
>> +##	cache home content type.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +## <param name="object_class">
>> +##	<summary>
>> +##	Class of the object being created.
>> +##	</summary>
>> +## </param>
>> +## <param name="name" optional="true">
>> +##	<summary>
>> +##	The name of the object being created.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_home_dir_filetrans_user_cache_home_content',`
>> +	gen_require(`
>> +		type user_cache_home_t;
>> +	')
>> +
>> +	userdom_user_home_dir_filetrans($1, user_cache_home_t, $2, $3)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Create generic user config home
>> +##	content directories.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_create_generic_user_config_home_content_dirs',`
>> +	gen_require(`
>> +		type user_config_home_t;
>> +	')
>> +
>> +	allow $1 user_config_home_t:dir create_dir_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Read generic user config home content.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_read_generic_user_config_home_content',`
>> +	gen_require(`
>> +		type user_config_home_t;
>> +	')
>> +
>> +	userdom_search_user_home_dirs($1)
>> +	allow $1 user_config_home_t:dir list_dir_perms;
>> +	allow $1 user_config_home_t:file read_file_perms;
>> +	allow $1 user_config_home_t:fifo_file read_fifo_file_perms;
>> +	allow $1 user_config_home_t:lnk_file read_lnk_file_perms;
>> +	allow $1 user_config_home_t:sock_file read_sock_file_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Create, read, write, and delete
>> +##	generic user config home content.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_manage_generic_user_config_home_content',`
>> +	gen_require(`
>> +		type user_config_home_t;
>> +	')
>> +
>> +	userdom_search_user_home_dirs($1)
>> +	allow $1 user_config_home_t:dir manage_dir_perms;
>> +	allow $1 user_config_home_t:file manage_file_perms;
>> +	allow $1 user_config_home_t:fifo_file manage_fifo_file_perms;
>> +	allow $1 user_config_home_t:lnk_file manage_lnk_file_perms;
>> +	allow $1 user_config_home_t:sock_file manage_sock_file_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Search generic user config home
>> +##	content directories.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_search_generic_user_config_home_content',`
>> +	gen_require(`
>> +		type user_config_home_t;
>> +	')
>> +
>> +	userdom_search_user_home_dirs($1)
>> +	allow $1 user_config_home_t:dir search_dir_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Create specified objects in generic
>> +##	user config home content directories
>> +##	with a private type.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +## <param name="private_type">
>> +##	<summary>
>> +##	Private file type.
>> +##	</summary>
>> +## </param>
>> +## <param name="object_class">
>> +##	<summary>
>> +##	Class of the object being created.
>> +##	</summary>
>> +## </param>
>> +## <param name="name" optional="true">
>> +##	<summary>
>> +##	The name of the object being created.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_config_home_content_filetrans',`
>> +	gen_require(`
>> +		type user_config_home_t;
>> +	')
>> +
>> +	userdom_search_user_home_dirs($1)
>> +	filetrans_pattern($1, user_config_home_t, $2, $3, $4)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Create specified objects in user home
>> +##	directories with the generic user
>> +##	config home content type.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +## <param name="object_class">
>> +##	<summary>
>> +##	Class of the object being created.
>> +##	</summary>
>> +## </param>
>> +## <param name="name" optional="true">
>> +##	<summary>
>> +##	The name of the object being created.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_home_dir_filetrans_user_config_home_content',`
>> +	gen_require(`
>> +		type user_config_home_t;
>> +	')
>> +
>> +	userdom_user_home_dir_filetrans($1, user_config_home_t, $2, $3)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Create generic user data home
>> +##	content directories.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_create_generic_user_data_home_content_dirs',`
>> +	gen_require(`
>> +		type user_data_home_t;
>> +	')
>> +
>> +	allow $1 user_data_home_t:dir create_dir_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Read generic user data home content.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_read_generic_user_data_home_content',`
>> +	gen_require(`
>> +		type user_data_home_t;
>> +	')
>> +
>> +	userdom_search_user_home_content($1)
>> +	allow $1 user_data_home_t:dir list_dir_perms;
>> +	allow $1 user_data_home_t:file read_file_perms;
>> +	allow $1 user_data_home_t:fifo_file read_fifo_file_perms;
>> +	allow $1 user_data_home_t:lnk_file read_lnk_file_perms;
>> +	allow $1 user_data_home_t:sock_file read_sock_file_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Create, read, write, and delete
>> +##	generic user data home content.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_manage_generic_user_data_home_content',`
>> +	gen_require(`
>> +		type user_data_home_t;
>> +	')
>> +
>> +	userdom_search_user_home_content($1)
>> +	allow $1 user_data_home_t:dir manage_dir_perms;
>> +	allow $1 user_data_home_t:file manage_file_perms;
>> +	allow $1 user_data_home_t:fifo_file manage_fifo_file_perms;
>> +	allow $1 user_data_home_t:lnk_file manage_lnk_file_perms;
>> +	allow $1 user_data_home_t:sock_file manage_sock_file_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Search generic user data home
>> +##	content directories.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_search_generic_user_data_home_content',`
>> +	gen_require(`
>> +		type user_data_home_t;
>> +	')
>> +
>> +	userdom_search_user_home_content($1)
>> +	allow $1 user_data_home_t:dir search_dir_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Create specified objects in generic
>> +##	user data home content directories
>> +##	with a private type.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +## <param name="private_type">
>> +##	<summary>
>> +##	Private file type.
>> +##	</summary>
>> +## </param>
>> +## <param name="object_class">
>> +##	<summary>
>> +##	Class of the object being created.
>> +##	</summary>
>> +## </param>
>> +## <param name="name" optional="true">
>> +##	<summary>
>> +##	The name of the object being created.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_data_home_content_filetrans',`
>> +	gen_require(`
>> +		type user_data_home_t;
>> +	')
>> +
>> +	userdom_search_user_home_content($1)
>> +	filetrans_pattern($1, user_data_home_t, $2, $3, $4)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +##	Create specified objects in user home
>> +##	content directories with the generic
>> +##	user data home content type.
>> +## </summary>
>> +## <param name="domain">
>> +##	<summary>
>> +##	Domain allowed access.
>> +##	</summary>
>> +## </param>
>> +## <param name="object_class">
>> +##	<summary>
>> +##	Class of the object being created.
>> +##	</summary>
>> +## </param>
>> +## <param name="name" optional="true">
>> +##	<summary>
>> +##	The name of the object being created.
>> +##	</summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_home_content_filetrans_user_data_home_content',`
>> +	gen_require(`
>> +		type user_data_home_t;
>> +	')
>> +
>> +	userdom_user_home_content_filetrans($1, user_data_home_t, $2, $3)
>> +')
>> +
>> +########################################
>> +## <summary>
>>  ##	Interface to provide X object permissions on a given X server to
>>  ##	an X client domain.  Gives the domain complete control over the
>>  ##	display.
>> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
>> index 9bc86a0..a42f9bc 100644
>> --- a/policy/modules/services/xserver.te
>> +++ b/policy/modules/services/xserver.te
>> @@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
>>  
>>  attribute x_domain;
>>  
>> +# X Desktop Group
>> +attribute xserver_user_cache_home_content_type;
>> +attribute xserver_user_config_home_content_type;
>> +attribute xserver_user_data_home_content_type;
>> +
>>  # X Events
>>  attribute xevent_type;
>>  attribute input_xevent_type;
>> @@ -106,6 +111,15 @@ type remote_t;
>>  xserver_object_types_template(remote)
>>  xserver_common_x_domain_template(remote, remote_t)
>>  
>> +type user_cache_home_t;
>> +xserver_user_cache_home_content(user_cache_home_t)
>> +
>> +type user_config_home_t;
>> +xserver_user_config_home_content(user_config_home_t)
>> +
>> +type user_data_home_t;
>> +xserver_user_data_home_content(user_data_home_t)
>> +
>>  type user_fonts_t;
>>  typealias user_fonts_t alias { staff_fonts_t sysadm_fonts_t };
>>  typealias user_fonts_t alias { auditadm_fonts_t secadm_fonts_t };
> 
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
> 


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[grift]

On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
> On 11/29/12 08:09, grift wrote:
> > Are we ready to make a decision yet with regard to the two outstanding
> > issues?
> > 
> > - best type names? (my preference user_data_home_t, user_config_home_t,
> > user_cache_home_t)
> 
> replace user with xdg, e.g. xdg_config_home_t.
> 
> > - should be label ~/.local/share with the xdg data home type or ~/.local
> > ( my preference ~/.local/share)
> > 
> > But i will go with whatever in the end
> 
> Here's another option to consider:
> 
> $HOME/.local  -d  gen_context(system_u:object_r:xdg_local_home_t,s0)
> $HOME/.local/share(/.*)?    gen_context(system_u:object_r:xdg_data_home_t,s0)
> 
> and then treat xdg_local_home_t similar to user_home_dir_t and filetrans everything under it.  Then the named filetrans for ~/.local/share will work right on top of any of the other random dirs that pop up under there.

I understand your reasoning but i am not confident about the type name
"xdg_local_home_t" and i am also not confident that this type should be
declared in the xserver policy module

how about we use local_home_t and declare it in the userdomain module?

> > On Mon, 2012-11-05 at 12:55 +0100, Dominick Grift wrote:
> >> Creates 3 type attributes for xdg cache (~/.cache), config (~/.config)
> >> and data (~/.local/share user home content and assigns to
> >> xserver_user_cache_home_content(), xserver_user_config_home_content()
> >> and xserver_user_data_home_content() respectively
> >>
> >> Creates 3 types for generic xdg user cache, config and data home
> >> content, assigns to them their respective type attributes and
> >> classifieds them user_home_content_type by calling xserver_user_cache,
> >> config, data_home_content
> >>
> >> Create the various basic interfaces that will be needed:
> >>
> >> 1. xserver_create_generic_user_cache, config, data, home_dirs:
> >>    This will be used together with
> >>    xserver_user_home_(content|dir)_filetrans_cache, config,
> >>    data_home_content and allows the caller to create ~/.cache, ~/.config
> >>    and ~/.local/share directories. Each XDG aware program needs to be
> >>    able to create these.
> >>
> >> 2. xserver_read|manage_generic_user_cache, config, data_home_content:
> >>    By default content is created with a generic type and these broad
> >>    interfaces allow the caller to read of manage content with these
> >>    generic types
> >>
> >> 3. xserver_user_cache, config, data_home_content_filetrans:
> >>    Allows callers to create specified objects in these location with a
> >>    private type
> >>
> >> Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
> >> ~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
> >> (user_data_home_t)
> >>
> >> There is a little issue with user_data_home, this is content for
> >> ~/.local/share and as per xdg specification "share" is the user data
> >> root dir instead of ~/.local, that means that the type transition
> >> happens on user home content instead of user home dir. this makes it a
> >> bit more prone to error since all directories named share created by
> >> xserver_restricted_role callers in generic user home content
> >> directories will be created with user_data_home_t. We could consider
> >> using ~/.local instead
> >>
> >> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> >> ---
> >>  policy/modules/services/xserver.fc |   4 +
> >>  policy/modules/services/xserver.if | 533 +++++++++++++++++++++++++++++++++++++
> >>  policy/modules/services/xserver.te |  14 +
> >>  3 files changed, 551 insertions(+)
> >>
> >> diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
> >> index 9393f65..e64ecb2 100644
> >> --- a/policy/modules/services/xserver.fc
> >> +++ b/policy/modules/services/xserver.fc
> >> @@ -1,6 +1,10 @@
> >>  #
> >>  # HOME_DIR
> >>  #
> >> +
> >> +HOME_DIR/\.cache(/.*)?	gen_context(system_u:object_r:user_cache_home_t,s0)
> >> +HOME_DIR/\.config(/.*)?	gen_context(system_u:object_r:user_config_home_t,s0)
> >> +HOME_DIR/\.local/share(/.*)?	gen_context(system_u:object_r:user_data_home_t,s0)
> >>  HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
> >>  HOME_DIR/\.fonts(/.*)?		gen_context(system_u:object_r:user_fonts_t,s0)
> >>  HOME_DIR/\.fonts/auto(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
> >> diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
> >> index 6bf0ecc..c4f7cb4 100644
> >> --- a/policy/modules/services/xserver.if
> >> +++ b/policy/modules/services/xserver.if
> >> @@ -22,6 +22,7 @@ interface(`xserver_restricted_role',`
> >>  		type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
> >>  		type iceauth_t, iceauth_exec_t, iceauth_home_t;
> >>  		type xauth_t, xauth_exec_t, xauth_home_t;
> >> +		type user_cache_home_t, user_config_home_t, user_data_home_t;
> >>  	')
> >>  
> >>  	role $1 types { xserver_t xauth_t iceauth_t };
> >> @@ -34,6 +35,16 @@ interface(`xserver_restricted_role',`
> >>  
> >>  	allow xserver_t $2:shm rw_shm_perms;
> >>  
> >> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
> >> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> >> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:file { manage_file_perms relabel_file_perms };
> >> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> >> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
> >> +
> >> +	userdom_user_home_dir_filetrans($2, user_cache_home_t, dir, ".cache")
> >> +	userdom_user_home_dir_filetrans($2, user_config_home_t, dir, ".config")
> >> +	userdom_user_home_content_filetrans($2, user_data_home_t, dir, "share")
> >> +
> >>  	allow $2 user_fonts_t:dir list_dir_perms;
> >>  	allow $2 user_fonts_t:file read_file_perms;
> >>  
> >> @@ -531,6 +542,72 @@ interface(`xserver_use_user_fonts',`
> >>  
> >>  ########################################
> >>  ## <summary>
> >> +##	Make the specified type usable in a
> >> +##	user cache home directory.
> >> +## </summary>
> >> +## <param name="type">
> >> +##	<summary>
> >> +##	Type to be used as a file in the
> >> +##	user cache home directory.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_cache_home_content',`
> >> +	gen_require(`
> >> +		attribute xserver_user_cache_home_content_type;
> >> +	')
> >> +
> >> +	typeattribute $1 xserver_user_cache_home_content_type;
> >> +
> >> +	userdom_user_home_content($1)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Make the specified type usable in a
> >> +##	user config home directory.
> >> +## </summary>
> >> +## <param name="type">
> >> +##	<summary>
> >> +##	Type to be used as a file in the
> >> +##	user config home directory.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_config_home_content',`
> >> +	gen_require(`
> >> +		attribute xserver_user_config_home_content_type;
> >> +	')
> >> +
> >> +	typeattribute $1 xserver_user_config_home_content_type;
> >> +
> >> +	userdom_user_home_content($1)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Make the specified type usable in a
> >> +##	user data home directory.
> >> +## </summary>
> >> +## <param name="type">
> >> +##	<summary>
> >> +##	Type to be used as a file in the
> >> +##	user data home directory.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_data_home_content',`
> >> +	gen_require(`
> >> +		attribute xserver_user_data_home_content_type;
> >> +	')
> >> +
> >> +	typeattribute $1 xserver_user_data_home_content_type;
> >> +
> >> +	userdom_user_home_content($1)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >>  ##	Transition to the Xauthority domain.
> >>  ## </summary>
> >>  ## <param name="domain">
> >> @@ -1272,6 +1349,462 @@ interface(`xserver_manage_core_devices',`
> >>  
> >>  ########################################
> >>  ## <summary>
> >> +##	Create generic user cache home
> >> +##	content directories.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_create_generic_user_cache_home_content_dirs',`
> >> +	gen_require(`
> >> +		type user_cache_home_t;
> >> +	')
> >> +
> >> +	allow $1 user_cache_home_t:dir create_dir_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Read generic user cache home content.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_read_generic_user_cache_home_content',`
> >> +	gen_require(`
> >> +		type user_cache_home_t;
> >> +	')
> >> +
> >> +	userdom_search_user_home_dirs($1)
> >> +	allow $1 user_cache_home_t:dir list_dir_perms;
> >> +	allow $1 user_cache_home_t:file read_file_perms;
> >> +	allow $1 user_cache_home_t:fifo_file read_fifo_file_perms;
> >> +	allow $1 user_cache_home_t:lnk_file read_lnk_file_perms;
> >> +	allow $1 user_cache_home_t:sock_file read_sock_file_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Create, read, write, and delete
> >> +##	generic user cache home content.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_manage_generic_user_cache_home_content',`
> >> +	gen_require(`
> >> +		type user_cache_home_t;
> >> +	')
> >> +
> >> +	userdom_search_user_home_dirs($1)
> >> +	allow $1 user_cache_home_t:dir manage_dir_perms;
> >> +	allow $1 user_cache_home_t:file manage_file_perms;
> >> +	allow $1 user_cache_home_t:fifo_file manage_fifo_file_perms;
> >> +	allow $1 user_cache_home_t:lnk_file manage_lnk_file_perms;
> >> +	allow $1 user_cache_home_t:sock_file manage_sock_file_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Search generic user cache home
> >> +##	content directories.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_search_generic_user_cache_home_content',`
> >> +	gen_require(`
> >> +		type user_cache_home_t;
> >> +	')
> >> +
> >> +	userdom_search_user_home_dirs($1)
> >> +	allow $1 user_cache_home_t:dir search_dir_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Create specified objects in generic
> >> +##	user cache home content directories
> >> +##	with a private type.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="private_type">
> >> +##	<summary>
> >> +##	Private file type.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="object_class">
> >> +##	<summary>
> >> +##	Class of the object being created.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="name" optional="true">
> >> +##	<summary>
> >> +##	The name of the object being created.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_cache_home_content_filetrans',`
> >> +	gen_require(`
> >> +		type user_cache_home_t;
> >> +	')
> >> +
> >> +	userdom_search_user_home_dirs($1)
> >> +	filetrans_pattern($1, user_cache_home_t, $2, $3, $4)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Create specified objects in user home
> >> +##	directories with the generic user
> >> +##	cache home content type.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="object_class">
> >> +##	<summary>
> >> +##	Class of the object being created.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="name" optional="true">
> >> +##	<summary>
> >> +##	The name of the object being created.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_home_dir_filetrans_user_cache_home_content',`
> >> +	gen_require(`
> >> +		type user_cache_home_t;
> >> +	')
> >> +
> >> +	userdom_user_home_dir_filetrans($1, user_cache_home_t, $2, $3)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Create generic user config home
> >> +##	content directories.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_create_generic_user_config_home_content_dirs',`
> >> +	gen_require(`
> >> +		type user_config_home_t;
> >> +	')
> >> +
> >> +	allow $1 user_config_home_t:dir create_dir_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Read generic user config home content.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_read_generic_user_config_home_content',`
> >> +	gen_require(`
> >> +		type user_config_home_t;
> >> +	')
> >> +
> >> +	userdom_search_user_home_dirs($1)
> >> +	allow $1 user_config_home_t:dir list_dir_perms;
> >> +	allow $1 user_config_home_t:file read_file_perms;
> >> +	allow $1 user_config_home_t:fifo_file read_fifo_file_perms;
> >> +	allow $1 user_config_home_t:lnk_file read_lnk_file_perms;
> >> +	allow $1 user_config_home_t:sock_file read_sock_file_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Create, read, write, and delete
> >> +##	generic user config home content.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_manage_generic_user_config_home_content',`
> >> +	gen_require(`
> >> +		type user_config_home_t;
> >> +	')
> >> +
> >> +	userdom_search_user_home_dirs($1)
> >> +	allow $1 user_config_home_t:dir manage_dir_perms;
> >> +	allow $1 user_config_home_t:file manage_file_perms;
> >> +	allow $1 user_config_home_t:fifo_file manage_fifo_file_perms;
> >> +	allow $1 user_config_home_t:lnk_file manage_lnk_file_perms;
> >> +	allow $1 user_config_home_t:sock_file manage_sock_file_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Search generic user config home
> >> +##	content directories.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_search_generic_user_config_home_content',`
> >> +	gen_require(`
> >> +		type user_config_home_t;
> >> +	')
> >> +
> >> +	userdom_search_user_home_dirs($1)
> >> +	allow $1 user_config_home_t:dir search_dir_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Create specified objects in generic
> >> +##	user config home content directories
> >> +##	with a private type.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="private_type">
> >> +##	<summary>
> >> +##	Private file type.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="object_class">
> >> +##	<summary>
> >> +##	Class of the object being created.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="name" optional="true">
> >> +##	<summary>
> >> +##	The name of the object being created.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_config_home_content_filetrans',`
> >> +	gen_require(`
> >> +		type user_config_home_t;
> >> +	')
> >> +
> >> +	userdom_search_user_home_dirs($1)
> >> +	filetrans_pattern($1, user_config_home_t, $2, $3, $4)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Create specified objects in user home
> >> +##	directories with the generic user
> >> +##	config home content type.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="object_class">
> >> +##	<summary>
> >> +##	Class of the object being created.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="name" optional="true">
> >> +##	<summary>
> >> +##	The name of the object being created.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_home_dir_filetrans_user_config_home_content',`
> >> +	gen_require(`
> >> +		type user_config_home_t;
> >> +	')
> >> +
> >> +	userdom_user_home_dir_filetrans($1, user_config_home_t, $2, $3)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Create generic user data home
> >> +##	content directories.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_create_generic_user_data_home_content_dirs',`
> >> +	gen_require(`
> >> +		type user_data_home_t;
> >> +	')
> >> +
> >> +	allow $1 user_data_home_t:dir create_dir_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Read generic user data home content.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_read_generic_user_data_home_content',`
> >> +	gen_require(`
> >> +		type user_data_home_t;
> >> +	')
> >> +
> >> +	userdom_search_user_home_content($1)
> >> +	allow $1 user_data_home_t:dir list_dir_perms;
> >> +	allow $1 user_data_home_t:file read_file_perms;
> >> +	allow $1 user_data_home_t:fifo_file read_fifo_file_perms;
> >> +	allow $1 user_data_home_t:lnk_file read_lnk_file_perms;
> >> +	allow $1 user_data_home_t:sock_file read_sock_file_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Create, read, write, and delete
> >> +##	generic user data home content.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_manage_generic_user_data_home_content',`
> >> +	gen_require(`
> >> +		type user_data_home_t;
> >> +	')
> >> +
> >> +	userdom_search_user_home_content($1)
> >> +	allow $1 user_data_home_t:dir manage_dir_perms;
> >> +	allow $1 user_data_home_t:file manage_file_perms;
> >> +	allow $1 user_data_home_t:fifo_file manage_fifo_file_perms;
> >> +	allow $1 user_data_home_t:lnk_file manage_lnk_file_perms;
> >> +	allow $1 user_data_home_t:sock_file manage_sock_file_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Search generic user data home
> >> +##	content directories.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_search_generic_user_data_home_content',`
> >> +	gen_require(`
> >> +		type user_data_home_t;
> >> +	')
> >> +
> >> +	userdom_search_user_home_content($1)
> >> +	allow $1 user_data_home_t:dir search_dir_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Create specified objects in generic
> >> +##	user data home content directories
> >> +##	with a private type.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="private_type">
> >> +##	<summary>
> >> +##	Private file type.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="object_class">
> >> +##	<summary>
> >> +##	Class of the object being created.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="name" optional="true">
> >> +##	<summary>
> >> +##	The name of the object being created.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_data_home_content_filetrans',`
> >> +	gen_require(`
> >> +		type user_data_home_t;
> >> +	')
> >> +
> >> +	userdom_search_user_home_content($1)
> >> +	filetrans_pattern($1, user_data_home_t, $2, $3, $4)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +##	Create specified objects in user home
> >> +##	content directories with the generic
> >> +##	user data home content type.
> >> +## </summary>
> >> +## <param name="domain">
> >> +##	<summary>
> >> +##	Domain allowed access.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="object_class">
> >> +##	<summary>
> >> +##	Class of the object being created.
> >> +##	</summary>
> >> +## </param>
> >> +## <param name="name" optional="true">
> >> +##	<summary>
> >> +##	The name of the object being created.
> >> +##	</summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_home_content_filetrans_user_data_home_content',`
> >> +	gen_require(`
> >> +		type user_data_home_t;
> >> +	')
> >> +
> >> +	userdom_user_home_content_filetrans($1, user_data_home_t, $2, $3)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >>  ##	Interface to provide X object permissions on a given X server to
> >>  ##	an X client domain.  Gives the domain complete control over the
> >>  ##	display.
> >> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> >> index 9bc86a0..a42f9bc 100644
> >> --- a/policy/modules/services/xserver.te
> >> +++ b/policy/modules/services/xserver.te
> >> @@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
> >>  
> >>  attribute x_domain;
> >>  
> >> +# X Desktop Group
> >> +attribute xserver_user_cache_home_content_type;
> >> +attribute xserver_user_config_home_content_type;
> >> +attribute xserver_user_data_home_content_type;
> >> +
> >>  # X Events
> >>  attribute xevent_type;
> >>  attribute input_xevent_type;
> >> @@ -106,6 +111,15 @@ type remote_t;
> >>  xserver_object_types_template(remote)
> >>  xserver_common_x_domain_template(remote, remote_t)
> >>  
> >> +type user_cache_home_t;
> >> +xserver_user_cache_home_content(user_cache_home_t)
> >> +
> >> +type user_config_home_t;
> >> +xserver_user_config_home_content(user_config_home_t)
> >> +
> >> +type user_data_home_t;
> >> +xserver_user_data_home_content(user_data_home_t)
> >> +
> >>  type user_fonts_t;
> >>  typealias user_fonts_t alias { staff_fonts_t sysadm_fonts_t };
> >>  typealias user_fonts_t alias { auditadm_fonts_t secadm_fonts_t };
> > 
> > 
> > _______________________________________________
> > refpolicy mailing list
> > refpolicy at oss.tresys.com
> > http://oss.tresys.com/mailman/listinfo/refpolicy
> > 
> 
> 

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[grift]

On Thu, 2012-11-29 at 15:16 +0100, grift wrote:
> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
> > On 11/29/12 08:09, grift wrote:
> > > Are we ready to make a decision yet with regard to the two outstanding
> > > issues?
> > > 
> > > - best type names? (my preference user_data_home_t, user_config_home_t,
> > > user_cache_home_t)
> > 
> > replace user with xdg, e.g. xdg_config_home_t.
> > 
> > > - should be label ~/.local/share with the xdg data home type or ~/.local
> > > ( my preference ~/.local/share)
> > > 
> > > But i will go with whatever in the end
> > 
> > Here's another option to consider:
> > 
> > $HOME/.local  -d  gen_context(system_u:object_r:xdg_local_home_t,s0)
> > $HOME/.local/share(/.*)?    gen_context(system_u:object_r:xdg_data_home_t,s0)
> > 
> > and then treat xdg_local_home_t similar to user_home_dir_t and filetrans everything under it.  Then the named filetrans for ~/.local/share will work right on top of any of the other random dirs that pop up under there.
> 
> I understand your reasoning but i am not confident about the type name
> "xdg_local_home_t" and i am also not confident that this type should be
> declared in the xserver policy module
> 
> how about we use local_home_t and declare it in the userdomain module?

Anyways i am fine with your solution. its not such a big deal

I will rewrite this patch with the improvements

> > > On Mon, 2012-11-05 at 12:55 +0100, Dominick Grift wrote:
> > >> Creates 3 type attributes for xdg cache (~/.cache), config (~/.config)
> > >> and data (~/.local/share user home content and assigns to
> > >> xserver_user_cache_home_content(), xserver_user_config_home_content()
> > >> and xserver_user_data_home_content() respectively
> > >>
> > >> Creates 3 types for generic xdg user cache, config and data home
> > >> content, assigns to them their respective type attributes and
> > >> classifieds them user_home_content_type by calling xserver_user_cache,
> > >> config, data_home_content
> > >>
> > >> Create the various basic interfaces that will be needed:
> > >>
> > >> 1. xserver_create_generic_user_cache, config, data, home_dirs:
> > >>    This will be used together with
> > >>    xserver_user_home_(content|dir)_filetrans_cache, config,
> > >>    data_home_content and allows the caller to create ~/.cache, ~/.config
> > >>    and ~/.local/share directories. Each XDG aware program needs to be
> > >>    able to create these.
> > >>
> > >> 2. xserver_read|manage_generic_user_cache, config, data_home_content:
> > >>    By default content is created with a generic type and these broad
> > >>    interfaces allow the caller to read of manage content with these
> > >>    generic types
> > >>
> > >> 3. xserver_user_cache, config, data_home_content_filetrans:
> > >>    Allows callers to create specified objects in these location with a
> > >>    private type
> > >>
> > >> Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
> > >> ~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
> > >> (user_data_home_t)
> > >>
> > >> There is a little issue with user_data_home, this is content for
> > >> ~/.local/share and as per xdg specification "share" is the user data
> > >> root dir instead of ~/.local, that means that the type transition
> > >> happens on user home content instead of user home dir. this makes it a
> > >> bit more prone to error since all directories named share created by
> > >> xserver_restricted_role callers in generic user home content
> > >> directories will be created with user_data_home_t. We could consider
> > >> using ~/.local instead
> > >>
> > >> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> > >> ---
> > >>  policy/modules/services/xserver.fc |   4 +
> > >>  policy/modules/services/xserver.if | 533 +++++++++++++++++++++++++++++++++++++
> > >>  policy/modules/services/xserver.te |  14 +
> > >>  3 files changed, 551 insertions(+)
> > >>
> > >> diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
> > >> index 9393f65..e64ecb2 100644
> > >> --- a/policy/modules/services/xserver.fc
> > >> +++ b/policy/modules/services/xserver.fc
> > >> @@ -1,6 +1,10 @@
> > >>  #
> > >>  # HOME_DIR
> > >>  #
> > >> +
> > >> +HOME_DIR/\.cache(/.*)?	gen_context(system_u:object_r:user_cache_home_t,s0)
> > >> +HOME_DIR/\.config(/.*)?	gen_context(system_u:object_r:user_config_home_t,s0)
> > >> +HOME_DIR/\.local/share(/.*)?	gen_context(system_u:object_r:user_data_home_t,s0)
> > >>  HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
> > >>  HOME_DIR/\.fonts(/.*)?		gen_context(system_u:object_r:user_fonts_t,s0)
> > >>  HOME_DIR/\.fonts/auto(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
> > >> diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
> > >> index 6bf0ecc..c4f7cb4 100644
> > >> --- a/policy/modules/services/xserver.if
> > >> +++ b/policy/modules/services/xserver.if
> > >> @@ -22,6 +22,7 @@ interface(`xserver_restricted_role',`
> > >>  		type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
> > >>  		type iceauth_t, iceauth_exec_t, iceauth_home_t;
> > >>  		type xauth_t, xauth_exec_t, xauth_home_t;
> > >> +		type user_cache_home_t, user_config_home_t, user_data_home_t;
> > >>  	')
> > >>  
> > >>  	role $1 types { xserver_t xauth_t iceauth_t };
> > >> @@ -34,6 +35,16 @@ interface(`xserver_restricted_role',`
> > >>  
> > >>  	allow xserver_t $2:shm rw_shm_perms;
> > >>  
> > >> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
> > >> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> > >> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:file { manage_file_perms relabel_file_perms };
> > >> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> > >> +	allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
> > >> +
> > >> +	userdom_user_home_dir_filetrans($2, user_cache_home_t, dir, ".cache")
> > >> +	userdom_user_home_dir_filetrans($2, user_config_home_t, dir, ".config")
> > >> +	userdom_user_home_content_filetrans($2, user_data_home_t, dir, "share")
> > >> +
> > >>  	allow $2 user_fonts_t:dir list_dir_perms;
> > >>  	allow $2 user_fonts_t:file read_file_perms;
> > >>  
> > >> @@ -531,6 +542,72 @@ interface(`xserver_use_user_fonts',`
> > >>  
> > >>  ########################################
> > >>  ## <summary>
> > >> +##	Make the specified type usable in a
> > >> +##	user cache home directory.
> > >> +## </summary>
> > >> +## <param name="type">
> > >> +##	<summary>
> > >> +##	Type to be used as a file in the
> > >> +##	user cache home directory.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_cache_home_content',`
> > >> +	gen_require(`
> > >> +		attribute xserver_user_cache_home_content_type;
> > >> +	')
> > >> +
> > >> +	typeattribute $1 xserver_user_cache_home_content_type;
> > >> +
> > >> +	userdom_user_home_content($1)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Make the specified type usable in a
> > >> +##	user config home directory.
> > >> +## </summary>
> > >> +## <param name="type">
> > >> +##	<summary>
> > >> +##	Type to be used as a file in the
> > >> +##	user config home directory.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_config_home_content',`
> > >> +	gen_require(`
> > >> +		attribute xserver_user_config_home_content_type;
> > >> +	')
> > >> +
> > >> +	typeattribute $1 xserver_user_config_home_content_type;
> > >> +
> > >> +	userdom_user_home_content($1)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Make the specified type usable in a
> > >> +##	user data home directory.
> > >> +## </summary>
> > >> +## <param name="type">
> > >> +##	<summary>
> > >> +##	Type to be used as a file in the
> > >> +##	user data home directory.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_data_home_content',`
> > >> +	gen_require(`
> > >> +		attribute xserver_user_data_home_content_type;
> > >> +	')
> > >> +
> > >> +	typeattribute $1 xserver_user_data_home_content_type;
> > >> +
> > >> +	userdom_user_home_content($1)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >>  ##	Transition to the Xauthority domain.
> > >>  ## </summary>
> > >>  ## <param name="domain">
> > >> @@ -1272,6 +1349,462 @@ interface(`xserver_manage_core_devices',`
> > >>  
> > >>  ########################################
> > >>  ## <summary>
> > >> +##	Create generic user cache home
> > >> +##	content directories.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_create_generic_user_cache_home_content_dirs',`
> > >> +	gen_require(`
> > >> +		type user_cache_home_t;
> > >> +	')
> > >> +
> > >> +	allow $1 user_cache_home_t:dir create_dir_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Read generic user cache home content.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_read_generic_user_cache_home_content',`
> > >> +	gen_require(`
> > >> +		type user_cache_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_search_user_home_dirs($1)
> > >> +	allow $1 user_cache_home_t:dir list_dir_perms;
> > >> +	allow $1 user_cache_home_t:file read_file_perms;
> > >> +	allow $1 user_cache_home_t:fifo_file read_fifo_file_perms;
> > >> +	allow $1 user_cache_home_t:lnk_file read_lnk_file_perms;
> > >> +	allow $1 user_cache_home_t:sock_file read_sock_file_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Create, read, write, and delete
> > >> +##	generic user cache home content.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_manage_generic_user_cache_home_content',`
> > >> +	gen_require(`
> > >> +		type user_cache_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_search_user_home_dirs($1)
> > >> +	allow $1 user_cache_home_t:dir manage_dir_perms;
> > >> +	allow $1 user_cache_home_t:file manage_file_perms;
> > >> +	allow $1 user_cache_home_t:fifo_file manage_fifo_file_perms;
> > >> +	allow $1 user_cache_home_t:lnk_file manage_lnk_file_perms;
> > >> +	allow $1 user_cache_home_t:sock_file manage_sock_file_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Search generic user cache home
> > >> +##	content directories.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_search_generic_user_cache_home_content',`
> > >> +	gen_require(`
> > >> +		type user_cache_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_search_user_home_dirs($1)
> > >> +	allow $1 user_cache_home_t:dir search_dir_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Create specified objects in generic
> > >> +##	user cache home content directories
> > >> +##	with a private type.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="private_type">
> > >> +##	<summary>
> > >> +##	Private file type.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="object_class">
> > >> +##	<summary>
> > >> +##	Class of the object being created.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="name" optional="true">
> > >> +##	<summary>
> > >> +##	The name of the object being created.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_cache_home_content_filetrans',`
> > >> +	gen_require(`
> > >> +		type user_cache_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_search_user_home_dirs($1)
> > >> +	filetrans_pattern($1, user_cache_home_t, $2, $3, $4)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Create specified objects in user home
> > >> +##	directories with the generic user
> > >> +##	cache home content type.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="object_class">
> > >> +##	<summary>
> > >> +##	Class of the object being created.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="name" optional="true">
> > >> +##	<summary>
> > >> +##	The name of the object being created.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_home_dir_filetrans_user_cache_home_content',`
> > >> +	gen_require(`
> > >> +		type user_cache_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_user_home_dir_filetrans($1, user_cache_home_t, $2, $3)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Create generic user config home
> > >> +##	content directories.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_create_generic_user_config_home_content_dirs',`
> > >> +	gen_require(`
> > >> +		type user_config_home_t;
> > >> +	')
> > >> +
> > >> +	allow $1 user_config_home_t:dir create_dir_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Read generic user config home content.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_read_generic_user_config_home_content',`
> > >> +	gen_require(`
> > >> +		type user_config_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_search_user_home_dirs($1)
> > >> +	allow $1 user_config_home_t:dir list_dir_perms;
> > >> +	allow $1 user_config_home_t:file read_file_perms;
> > >> +	allow $1 user_config_home_t:fifo_file read_fifo_file_perms;
> > >> +	allow $1 user_config_home_t:lnk_file read_lnk_file_perms;
> > >> +	allow $1 user_config_home_t:sock_file read_sock_file_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Create, read, write, and delete
> > >> +##	generic user config home content.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_manage_generic_user_config_home_content',`
> > >> +	gen_require(`
> > >> +		type user_config_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_search_user_home_dirs($1)
> > >> +	allow $1 user_config_home_t:dir manage_dir_perms;
> > >> +	allow $1 user_config_home_t:file manage_file_perms;
> > >> +	allow $1 user_config_home_t:fifo_file manage_fifo_file_perms;
> > >> +	allow $1 user_config_home_t:lnk_file manage_lnk_file_perms;
> > >> +	allow $1 user_config_home_t:sock_file manage_sock_file_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Search generic user config home
> > >> +##	content directories.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_search_generic_user_config_home_content',`
> > >> +	gen_require(`
> > >> +		type user_config_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_search_user_home_dirs($1)
> > >> +	allow $1 user_config_home_t:dir search_dir_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Create specified objects in generic
> > >> +##	user config home content directories
> > >> +##	with a private type.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="private_type">
> > >> +##	<summary>
> > >> +##	Private file type.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="object_class">
> > >> +##	<summary>
> > >> +##	Class of the object being created.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="name" optional="true">
> > >> +##	<summary>
> > >> +##	The name of the object being created.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_config_home_content_filetrans',`
> > >> +	gen_require(`
> > >> +		type user_config_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_search_user_home_dirs($1)
> > >> +	filetrans_pattern($1, user_config_home_t, $2, $3, $4)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Create specified objects in user home
> > >> +##	directories with the generic user
> > >> +##	config home content type.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="object_class">
> > >> +##	<summary>
> > >> +##	Class of the object being created.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="name" optional="true">
> > >> +##	<summary>
> > >> +##	The name of the object being created.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_home_dir_filetrans_user_config_home_content',`
> > >> +	gen_require(`
> > >> +		type user_config_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_user_home_dir_filetrans($1, user_config_home_t, $2, $3)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Create generic user data home
> > >> +##	content directories.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_create_generic_user_data_home_content_dirs',`
> > >> +	gen_require(`
> > >> +		type user_data_home_t;
> > >> +	')
> > >> +
> > >> +	allow $1 user_data_home_t:dir create_dir_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Read generic user data home content.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_read_generic_user_data_home_content',`
> > >> +	gen_require(`
> > >> +		type user_data_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_search_user_home_content($1)
> > >> +	allow $1 user_data_home_t:dir list_dir_perms;
> > >> +	allow $1 user_data_home_t:file read_file_perms;
> > >> +	allow $1 user_data_home_t:fifo_file read_fifo_file_perms;
> > >> +	allow $1 user_data_home_t:lnk_file read_lnk_file_perms;
> > >> +	allow $1 user_data_home_t:sock_file read_sock_file_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Create, read, write, and delete
> > >> +##	generic user data home content.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_manage_generic_user_data_home_content',`
> > >> +	gen_require(`
> > >> +		type user_data_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_search_user_home_content($1)
> > >> +	allow $1 user_data_home_t:dir manage_dir_perms;
> > >> +	allow $1 user_data_home_t:file manage_file_perms;
> > >> +	allow $1 user_data_home_t:fifo_file manage_fifo_file_perms;
> > >> +	allow $1 user_data_home_t:lnk_file manage_lnk_file_perms;
> > >> +	allow $1 user_data_home_t:sock_file manage_sock_file_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Search generic user data home
> > >> +##	content directories.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_search_generic_user_data_home_content',`
> > >> +	gen_require(`
> > >> +		type user_data_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_search_user_home_content($1)
> > >> +	allow $1 user_data_home_t:dir search_dir_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Create specified objects in generic
> > >> +##	user data home content directories
> > >> +##	with a private type.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="private_type">
> > >> +##	<summary>
> > >> +##	Private file type.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="object_class">
> > >> +##	<summary>
> > >> +##	Class of the object being created.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="name" optional="true">
> > >> +##	<summary>
> > >> +##	The name of the object being created.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_data_home_content_filetrans',`
> > >> +	gen_require(`
> > >> +		type user_data_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_search_user_home_content($1)
> > >> +	filetrans_pattern($1, user_data_home_t, $2, $3, $4)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +##	Create specified objects in user home
> > >> +##	content directories with the generic
> > >> +##	user data home content type.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +##	<summary>
> > >> +##	Domain allowed access.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="object_class">
> > >> +##	<summary>
> > >> +##	Class of the object being created.
> > >> +##	</summary>
> > >> +## </param>
> > >> +## <param name="name" optional="true">
> > >> +##	<summary>
> > >> +##	The name of the object being created.
> > >> +##	</summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_home_content_filetrans_user_data_home_content',`
> > >> +	gen_require(`
> > >> +		type user_data_home_t;
> > >> +	')
> > >> +
> > >> +	userdom_user_home_content_filetrans($1, user_data_home_t, $2, $3)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >>  ##	Interface to provide X object permissions on a given X server to
> > >>  ##	an X client domain.  Gives the domain complete control over the
> > >>  ##	display.
> > >> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> > >> index 9bc86a0..a42f9bc 100644
> > >> --- a/policy/modules/services/xserver.te
> > >> +++ b/policy/modules/services/xserver.te
> > >> @@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
> > >>  
> > >>  attribute x_domain;
> > >>  
> > >> +# X Desktop Group
> > >> +attribute xserver_user_cache_home_content_type;
> > >> +attribute xserver_user_config_home_content_type;
> > >> +attribute xserver_user_data_home_content_type;
> > >> +
> > >>  # X Events
> > >>  attribute xevent_type;
> > >>  attribute input_xevent_type;
> > >> @@ -106,6 +111,15 @@ type remote_t;
> > >>  xserver_object_types_template(remote)
> > >>  xserver_common_x_domain_template(remote, remote_t)
> > >>  
> > >> +type user_cache_home_t;
> > >> +xserver_user_cache_home_content(user_cache_home_t)
> > >> +
> > >> +type user_config_home_t;
> > >> +xserver_user_config_home_content(user_config_home_t)
> > >> +
> > >> +type user_data_home_t;
> > >> +xserver_user_data_home_content(user_data_home_t)
> > >> +
> > >>  type user_fonts_t;
> > >>  typealias user_fonts_t alias { staff_fonts_t sysadm_fonts_t };
> > >>  typealias user_fonts_t alias { auditadm_fonts_t secadm_fonts_t };
> > > 
> > > 
> > > _______________________________________________
> > > refpolicy mailing list
> > > refpolicy at oss.tresys.com
> > > http://oss.tresys.com/mailman/listinfo/refpolicy
> > > 
> > 
> > 
> 
> 

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[Christopher J. PeBenito]

On 11/29/12 09:16, grift wrote:
> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
>> On 11/29/12 08:09, grift wrote:
>>> Are we ready to make a decision yet with regard to the two outstanding
>>> issues?
>>>
>>> - best type names? (my preference user_data_home_t, user_config_home_t,
>>> user_cache_home_t)
>>
>> replace user with xdg, e.g. xdg_config_home_t.
>>
>>> - should be label ~/.local/share with the xdg data home type or ~/.local
>>> ( my preference ~/.local/share)
>>>
>>> But i will go with whatever in the end
>>
>> Here's another option to consider:
>>
>> $HOME/.local  -d  gen_context(system_u:object_r:xdg_local_home_t,s0)
>> $HOME/.local/share(/.*)?    gen_context(system_u:object_r:xdg_data_home_t,s0)
>>
>> and then treat xdg_local_home_t similar to user_home_dir_t and filetrans everything under it.  Then the named filetrans for ~/.local/share will work right on top of any of the other random dirs that pop up under there.
> 
> I understand your reasoning but i am not confident about the type name
> "xdg_local_home_t" and i am also not confident that this type should be
> declared in the xserver policy module
> 
> how about we use local_home_t and declare it in the userdomain module?

I'm unclear why you disagree.  It seems to make sense that 1. this standard is defined by the X desktop group, so xdg doesn't seem so bad to have in the type name.  2. I don't think it makes sense in userdomain because this standard applies to X desktops, so if you don't have an xserver, theres no need for these definitions.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[grift]

On Fri, 2012-11-30 at 09:35 -0500, Christopher J. PeBenito wrote:
> On 11/29/12 09:16, grift wrote:
> > On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
> >> On 11/29/12 08:09, grift wrote:
> >>> Are we ready to make a decision yet with regard to the two outstanding
> >>> issues?
> >>>
> >>> - best type names? (my preference user_data_home_t, user_config_home_t,
> >>> user_cache_home_t)
> >>
> >> replace user with xdg, e.g. xdg_config_home_t.
> >>
> >>> - should be label ~/.local/share with the xdg data home type or ~/.local
> >>> ( my preference ~/.local/share)
> >>>
> >>> But i will go with whatever in the end
> >>
> >> Here's another option to consider:
> >>
> >> $HOME/.local  -d  gen_context(system_u:object_r:xdg_local_home_t,s0)
> >> $HOME/.local/share(/.*)?    gen_context(system_u:object_r:xdg_data_home_t,s0)
> >>
> >> and then treat xdg_local_home_t similar to user_home_dir_t and filetrans everything under it.  Then the named filetrans for ~/.local/share will work right on top of any of the other random dirs that pop up under there.
> > 
> > I understand your reasoning but i am not confident about the type name
> > "xdg_local_home_t" and i am also not confident that this type should be
> > declared in the xserver policy module
> > 
> > how about we use local_home_t and declare it in the userdomain module?
> 
> I'm unclear why you disagree.  It seems to make sense that 1. this standard is defined by the X desktop group, so xdg doesn't seem so bad to have in the type name.  2. I don't think it makes sense in userdomain because this standard applies to X desktops, so if you don't have an xserver, theres no need for these definitions.
> 

As far as i can see ~/.local is not part of the X desktop group although
it depends on it for ~/.local/share (data dir)

userdomain might indeed not be a optimal alternative place to declare a
type for .local but i am not confident that xserver is either.

What i understand is , is that ~/.local is "a place where users can
install apps with a prefix inside $HOME"

I imagine one could have a headless server without X or the xserver
policy and still use ~/.local to "install apps with a prefix inside
$HOME"

But that is my view and i do not mind going your way. It is not such a
big deal.

My patch v3 declares xdg_local_home_t is xserver module

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/30/2012 12:01 PM, grift wrote:
> On Fri, 2012-11-30 at 09:35 -0500, Christopher J. PeBenito wrote:
>> On 11/29/12 09:16, grift wrote:
>>> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
>>>> On 11/29/12 08:09, grift wrote:
>>>>> Are we ready to make a decision yet with regard to the two
>>>>> outstanding issues?
>>>>> 
>>>>> - best type names? (my preference user_data_home_t,
>>>>> user_config_home_t, user_cache_home_t)
>>>> 
>>>> replace user with xdg, e.g. xdg_config_home_t.
>>>> 
>>>>> - should be label ~/.local/share with the xdg data home type or
>>>>> ~/.local ( my preference ~/.local/share)
>>>>> 
>>>>> But i will go with whatever in the end
>>>> 
>>>> Here's another option to consider:
>>>> 
>>>> $HOME/.local  -d  gen_context(system_u:object_r:xdg_local_home_t,s0) 
>>>> $HOME/.local/share(/.*)?
>>>> gen_context(system_u:object_r:xdg_data_home_t,s0)
>>>> 
>>>> and then treat xdg_local_home_t similar to user_home_dir_t and
>>>> filetrans everything under it.  Then the named filetrans for
>>>> ~/.local/share will work right on top of any of the other random dirs
>>>> that pop up under there.
>>> 
>>> I understand your reasoning but i am not confident about the type name 
>>> "xdg_local_home_t" and i am also not confident that this type should
>>> be declared in the xserver policy module
>>> 
>>> how about we use local_home_t and declare it in the userdomain module?
>> 
>> I'm unclear why you disagree.  It seems to make sense that 1. this
>> standard is defined by the X desktop group, so xdg doesn't seem so bad to
>> have in the type name.  2. I don't think it makes sense in userdomain
>> because this standard applies to X desktops, so if you don't have an
>> xserver, theres no need for these definitions.
>> 
> 
> As far as i can see ~/.local is not part of the X desktop group although it
> depends on it for ~/.local/share (data dir)
> 
> userdomain might indeed not be a optimal alternative place to declare a 
> type for .local but i am not confident that xserver is either.
> 
> What i understand is , is that ~/.local is "a place where users can install
> apps with a prefix inside $HOME"
> 
> I imagine one could have a headless server without X or the xserver policy
> and still use ~/.local to "install apps with a prefix inside $HOME"
> 
> But that is my view and i do not mind going your way. It is not such a big
> deal.
> 
> My patch v3 declares xdg_local_home_t is xserver module
> 
> _______________________________________________ refpolicy mailing list 
> refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy
> 
python uses ~/.local


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlC5EbQACgkQrlYvE4MpobMxagCgz1940l6WUbb5Aq61IkiZM20U
ACUAoJgCkYldMwTkAyPr5LNA+Jhsd5sP
=vMke
-----END PGP SIGNATURE-----

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[Christopher J. PeBenito]

On 11/30/2012 3:06 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/30/2012 12:01 PM, grift wrote:
>> On Fri, 2012-11-30 at 09:35 -0500, Christopher J. PeBenito wrote:
>>> On 11/29/12 09:16, grift wrote:
>>>> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
>>>>> On 11/29/12 08:09, grift wrote:
>>>>>> Are we ready to make a decision yet with regard to the two
>>>>>> outstanding issues?
>>>>>>
>>>>>> - best type names? (my preference user_data_home_t,
>>>>>> user_config_home_t, user_cache_home_t)
>>>>>
>>>>> replace user with xdg, e.g. xdg_config_home_t.
>>>>>
>>>>>> - should be label ~/.local/share with the xdg data home type or
>>>>>> ~/.local ( my preference ~/.local/share)
>>>>>>
>>>>>> But i will go with whatever in the end
>>>>>
>>>>> Here's another option to consider:
>>>>>
>>>>> $HOME/.local  -d  gen_context(system_u:object_r:xdg_local_home_t,s0)
>>>>> $HOME/.local/share(/.*)?
>>>>> gen_context(system_u:object_r:xdg_data_home_t,s0)
>>>>>
>>>>> and then treat xdg_local_home_t similar to user_home_dir_t and
>>>>> filetrans everything under it.  Then the named filetrans for
>>>>> ~/.local/share will work right on top of any of the other random dirs
>>>>> that pop up under there.
>>>>
>>>> I understand your reasoning but i am not confident about the type name
>>>> "xdg_local_home_t" and i am also not confident that this type should
>>>> be declared in the xserver policy module
>>>>
>>>> how about we use local_home_t and declare it in the userdomain module?
>>>
>>> I'm unclear why you disagree.  It seems to make sense that 1. this
>>> standard is defined by the X desktop group, so xdg doesn't seem so bad to
>>> have in the type name.  2. I don't think it makes sense in userdomain
>>> because this standard applies to X desktops, so if you don't have an
>>> xserver, theres no need for these definitions.
>>>
>>
>> As far as i can see ~/.local is not part of the X desktop group although it
>> depends on it for ~/.local/share (data dir)
>>
>> userdomain might indeed not be a optimal alternative place to declare a
>> type for .local but i am not confident that xserver is either.
>>
>> What i understand is , is that ~/.local is "a place where users can install
>> apps with a prefix inside $HOME"
>>
>> I imagine one could have a headless server without X or the xserver policy
>> and still use ~/.local to "install apps with a prefix inside $HOME"
>>
>> But that is my view and i do not mind going your way. It is not such a big
>> deal.
>>
>> My patch v3 declares xdg_local_home_t is xserver module
>>
>>
> python uses ~/.local

Yuck.  Well I guess that makes local_home_t make sense for ~/.local and xdg_data_home_t for ~/.local/data.  Then local_home_t could be declared in userdomain.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[grift]

On Thu, 2012-12-06 at 23:53 -0500, Christopher J. PeBenito wrote:
> On 11/30/2012 3:06 PM, Daniel J Walsh wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On 11/30/2012 12:01 PM, grift wrote:
> >> On Fri, 2012-11-30 at 09:35 -0500, Christopher J. PeBenito wrote:
> >>> On 11/29/12 09:16, grift wrote:
> >>>> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
> >>>>> On 11/29/12 08:09, grift wrote:
> >>>>>> Are we ready to make a decision yet with regard to the two
> >>>>>> outstanding issues?
> >>>>>>
> >>>>>> - best type names? (my preference user_data_home_t,
> >>>>>> user_config_home_t, user_cache_home_t)
> >>>>>
> >>>>> replace user with xdg, e.g. xdg_config_home_t.
> >>>>>
> >>>>>> - should be label ~/.local/share with the xdg data home type or
> >>>>>> ~/.local ( my preference ~/.local/share)
> >>>>>>
> >>>>>> But i will go with whatever in the end
> >>>>>
> >>>>> Here's another option to consider:
> >>>>>
> >>>>> $HOME/.local  -d  gen_context(system_u:object_r:xdg_local_home_t,s0)
> >>>>> $HOME/.local/share(/.*)?
> >>>>> gen_context(system_u:object_r:xdg_data_home_t,s0)
> >>>>>
> >>>>> and then treat xdg_local_home_t similar to user_home_dir_t and
> >>>>> filetrans everything under it.  Then the named filetrans for
> >>>>> ~/.local/share will work right on top of any of the other random dirs
> >>>>> that pop up under there.
> >>>>
> >>>> I understand your reasoning but i am not confident about the type name
> >>>> "xdg_local_home_t" and i am also not confident that this type should
> >>>> be declared in the xserver policy module
> >>>>
> >>>> how about we use local_home_t and declare it in the userdomain module?
> >>>
> >>> I'm unclear why you disagree.  It seems to make sense that 1. this
> >>> standard is defined by the X desktop group, so xdg doesn't seem so bad to
> >>> have in the type name.  2. I don't think it makes sense in userdomain
> >>> because this standard applies to X desktops, so if you don't have an
> >>> xserver, theres no need for these definitions.
> >>>
> >>
> >> As far as i can see ~/.local is not part of the X desktop group although it
> >> depends on it for ~/.local/share (data dir)
> >>
> >> userdomain might indeed not be a optimal alternative place to declare a
> >> type for .local but i am not confident that xserver is either.
> >>
> >> What i understand is , is that ~/.local is "a place where users can install
> >> apps with a prefix inside $HOME"
> >>
> >> I imagine one could have a headless server without X or the xserver policy
> >> and still use ~/.local to "install apps with a prefix inside $HOME"
> >>
> >> But that is my view and i do not mind going your way. It is not such a big
> >> deal.
> >>
> >> My patch v3 declares xdg_local_home_t is xserver module
> >>
> >>
> > python uses ~/.local
> 
> Yuck.  Well I guess that makes local_home_t make sense for ~/.local and xdg_data_home_t for ~/.local/data.  Then local_home_t could be declared in userdomain.
> 

Agreed on the point above

Another different point with regard to the actual XDG types. Would you
oppose a separate policy module called xdg?

I prefer that over using xserver policy module

My concern is mainly because of the xdg runtime dir. It is not directly
related to xserver.

If we use a separate policy module for the xdg types then we have a
little insurance that we do not run into any unneeded dependencies in
the future.

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[Christopher J. PeBenito]

On 12/11/2012 7:35 AM, grift wrote:
> On Thu, 2012-12-06 at 23:53 -0500, Christopher J. PeBenito wrote:
>> On 11/30/2012 3:06 PM, Daniel J Walsh wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On 11/30/2012 12:01 PM, grift wrote:
>>>> On Fri, 2012-11-30 at 09:35 -0500, Christopher J. PeBenito wrote:
>>>>> On 11/29/12 09:16, grift wrote:
>>>>>> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
>>>>>>> On 11/29/12 08:09, grift wrote:
>>>>>>>> Are we ready to make a decision yet with regard to the two
>>>>>>>> outstanding issues?
>>>>>>>>
>>>>>>>> - best type names? (my preference user_data_home_t,
>>>>>>>> user_config_home_t, user_cache_home_t)
>>>>>>>
>>>>>>> replace user with xdg, e.g. xdg_config_home_t.
>>>>>>>
>>>>>>>> - should be label ~/.local/share with the xdg data home type or
>>>>>>>> ~/.local ( my preference ~/.local/share)
>>>>>>>>
>>>>>>>> But i will go with whatever in the end
>>>>>>>
>>>>>>> Here's another option to consider:
>>>>>>>
>>>>>>> $HOME/.local  -d  gen_context(system_u:object_r:xdg_local_home_t,s0)
>>>>>>> $HOME/.local/share(/.*)?
>>>>>>> gen_context(system_u:object_r:xdg_data_home_t,s0)
>>>>>>>
>>>>>>> and then treat xdg_local_home_t similar to user_home_dir_t and
>>>>>>> filetrans everything under it.  Then the named filetrans for
>>>>>>> ~/.local/share will work right on top of any of the other random dirs
>>>>>>> that pop up under there.
>>>>>>
>>>>>> I understand your reasoning but i am not confident about the type name
>>>>>> "xdg_local_home_t" and i am also not confident that this type should
>>>>>> be declared in the xserver policy module
>>>>>>
>>>>>> how about we use local_home_t and declare it in the userdomain module?
>>>>>
>>>>> I'm unclear why you disagree.  It seems to make sense that 1. this
>>>>> standard is defined by the X desktop group, so xdg doesn't seem so bad to
>>>>> have in the type name.  2. I don't think it makes sense in userdomain
>>>>> because this standard applies to X desktops, so if you don't have an
>>>>> xserver, theres no need for these definitions.
>>>>>
>>>>
>>>> As far as i can see ~/.local is not part of the X desktop group although it
>>>> depends on it for ~/.local/share (data dir)
>>>>
>>>> userdomain might indeed not be a optimal alternative place to declare a
>>>> type for .local but i am not confident that xserver is either.
>>>>
>>>> What i understand is , is that ~/.local is "a place where users can install
>>>> apps with a prefix inside $HOME"
>>>>
>>>> I imagine one could have a headless server without X or the xserver policy
>>>> and still use ~/.local to "install apps with a prefix inside $HOME"
>>>>
>>>> But that is my view and i do not mind going your way. It is not such a big
>>>> deal.
>>>>
>>>> My patch v3 declares xdg_local_home_t is xserver module
>>>>
>>>>
>>> python uses ~/.local
>>
>> Yuck.  Well I guess that makes local_home_t make sense for ~/.local and xdg_data_home_t for ~/.local/data.  Then local_home_t could be declared in userdomain.
>>
>
> Agreed on the point above
>
> Another different point with regard to the actual XDG types. Would you
> oppose a separate policy module called xdg?
>
> I prefer that over using xserver policy module
>
> My concern is mainly because of the xdg runtime dir. It is not directly
> related to xserver.
>
> If we use a separate policy module for the xdg types then we have a
> little insurance that we do not run into any unneeded dependencies in
> the future.

I think it depends on the cleanliness of the implementation.  Can you do a partial implementation, say implement the support for one of the types?

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] [PATCH 3/3] Implement X Desktop Group

[grift]

On Tue, 2012-12-11 at 09:31 -0500, Christopher J. PeBenito wrote:
> On 12/11/2012 7:35 AM, grift wrote:
> > On Thu, 2012-12-06 at 23:53 -0500, Christopher J. PeBenito wrote:
> >> On 11/30/2012 3:06 PM, Daniel J Walsh wrote:
> >>> -----BEGIN PGP SIGNED MESSAGE-----
> >>> Hash: SHA1
> >>>
> >>> On 11/30/2012 12:01 PM, grift wrote:
> >>>> On Fri, 2012-11-30 at 09:35 -0500, Christopher J. PeBenito wrote:
> >>>>> On 11/29/12 09:16, grift wrote:
> >>>>>> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
> >>>>>>> On 11/29/12 08:09, grift wrote:
> >>>>>>>> Are we ready to make a decision yet with regard to the two
> >>>>>>>> outstanding issues?
> >>>>>>>>
> >>>>>>>> - best type names? (my preference user_data_home_t,
> >>>>>>>> user_config_home_t, user_cache_home_t)
> >>>>>>>
> >>>>>>> replace user with xdg, e.g. xdg_config_home_t.
> >>>>>>>
> >>>>>>>> - should be label ~/.local/share with the xdg data home type or
> >>>>>>>> ~/.local ( my preference ~/.local/share)
> >>>>>>>>
> >>>>>>>> But i will go with whatever in the end
> >>>>>>>
> >>>>>>> Here's another option to consider:
> >>>>>>>
> >>>>>>> $HOME/.local  -d  gen_context(system_u:object_r:xdg_local_home_t,s0)
> >>>>>>> $HOME/.local/share(/.*)?
> >>>>>>> gen_context(system_u:object_r:xdg_data_home_t,s0)
> >>>>>>>
> >>>>>>> and then treat xdg_local_home_t similar to user_home_dir_t and
> >>>>>>> filetrans everything under it.  Then the named filetrans for
> >>>>>>> ~/.local/share will work right on top of any of the other random dirs
> >>>>>>> that pop up under there.
> >>>>>>
> >>>>>> I understand your reasoning but i am not confident about the type name
> >>>>>> "xdg_local_home_t" and i am also not confident that this type should
> >>>>>> be declared in the xserver policy module
> >>>>>>
> >>>>>> how about we use local_home_t and declare it in the userdomain module?
> >>>>>
> >>>>> I'm unclear why you disagree.  It seems to make sense that 1. this
> >>>>> standard is defined by the X desktop group, so xdg doesn't seem so bad to
> >>>>> have in the type name.  2. I don't think it makes sense in userdomain
> >>>>> because this standard applies to X desktops, so if you don't have an
> >>>>> xserver, theres no need for these definitions.
> >>>>>
> >>>>
> >>>> As far as i can see ~/.local is not part of the X desktop group although it
> >>>> depends on it for ~/.local/share (data dir)
> >>>>
> >>>> userdomain might indeed not be a optimal alternative place to declare a
> >>>> type for .local but i am not confident that xserver is either.
> >>>>
> >>>> What i understand is , is that ~/.local is "a place where users can install
> >>>> apps with a prefix inside $HOME"
> >>>>
> >>>> I imagine one could have a headless server without X or the xserver policy
> >>>> and still use ~/.local to "install apps with a prefix inside $HOME"
> >>>>
> >>>> But that is my view and i do not mind going your way. It is not such a big
> >>>> deal.
> >>>>
> >>>> My patch v3 declares xdg_local_home_t is xserver module
> >>>>
> >>>>
> >>> python uses ~/.local
> >>
> >> Yuck.  Well I guess that makes local_home_t make sense for ~/.local and xdg_data_home_t for ~/.local/data.  Then local_home_t could be declared in userdomain.
> >>
> >
> > Agreed on the point above
> >
> > Another different point with regard to the actual XDG types. Would you
> > oppose a separate policy module called xdg?
> >
> > I prefer that over using xserver policy module
> >
> > My concern is mainly because of the xdg runtime dir. It is not directly
> > related to xserver.
> >
> > If we use a separate policy module for the xdg types then we have a
> > little insurance that we do not run into any unneeded dependencies in
> > the future.
> 
> I think it depends on the cleanliness of the implementation.  Can you do a partial implementation, say implement the support for one of the types?
> 
yes sure i do not see why not (that is if understand you correctly)

i will in the near future prepare a patch so that you can see what i
have in mind and then you can decide later)

better take our time and make the right decision