[refpolicy] [RFC] Introduction of xdg_* types for user content

[sven.vermeulen@siphos.be (Sven Vermeulen)]

Hi list

While updating my previous domain definition for the mutt e-mail application
(as well as working on a whole lot of other user application domains) I got
more and more into contact with the user-content categorical stuff. We had a
few discussions on it earlier as well, and Dominick also helped me out
investigating all this on #selinux.

In short, user directories have a few locations that are not really /user/
content, but more /user application/ content. This includes of course the
configuration files of user applications, specific data locations and
caches. The freedesktop project [1] has also tried to get these locations
better defined, and created the "XDG Base Directory Specification" [2] from
which I am devising this RFC.

[1] http://www.freedesktop.org/wiki/
[2] http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

My initial idea is to support these XDG locations within the SELinux policy,
by creating types such as
- xdg_data_home_t 	~/.local/share
- xdg_config_home_t	~/.config
- xdg_cache_home_t	~/.cache

The userdomain definition would then have read/manage interfaces on these
types. Of course, the types themselves are fully manageable by the user
domains themselves.

The advantage of such an approach would be that many domain definitions do
not require userdom_manage_user_home_content_* privileges anymore in the
majority of cases. Also, by destinguishing the types (data, config, cache)
it is also simpler to define the rights. The downside is that quite a few
domains will need to be updated to reflect this, but that shouldn't be a
reason for not doing things ;-)

I do have a couple of questions on this approach though...

1/ Would it be wise to reuse these types? 

A prime example: vim, which most likely never needs its own domain, "caches"
information in a ~/.viminfo file. Although this file acts like a cache, it
isn't a file for the XDG specification. Yet I personally mark this file as
xdg_cache_home_t and have all domains that run vim (slrn, mutt) use
userdom_manage_xdg_cache_home().

On one side, I think that is allowed, since the purpose of the type is the
same. But perhaps I shouldn't call the types xdg_* but rather user_*
instead?

2/ Would it be wise to mark HOME_DIR/\.??* as xdg_config_home_t?

Almost all files in a users' home directory that are prepended with a period
are used for configuration purposes. There are exceptions of course, but I
have the impression that these exceptions are managed by their own domains
anyhow. Since HOME_DIR/\.??* is a very generic expression, every module that
defines something with a regular expression "later" than the second position
in the name (say HOME_DIR/\.vnc(/.*)?) will win the file context anyhow.

Wkr,
	Sven Vermeulen