* Application diff
@ 2007-04-11 21:16 Daniel J Walsh
0 siblings, 0 replies; only message in thread
From: Daniel J Walsh @ 2007-04-11 21:16 UTC (permalink / raw)
To: Christopher J. PeBenito, SE Linux
[-- Attachment #1: Type: text/plain, Size: 100 bytes --]
This patch defines applications that are executed by users.
So that we can handle FDs properly.
[-- Attachment #2: application.diff --]
[-- Type: text/x-patch, Size: 10749 bytes --]
--- nsaserefpolicy/policy/modules/admin/acct.te 2007-03-26 10:39:08.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/admin/acct.te 2007-04-11 16:04:22.000000000 -0400
@@ -9,6 +9,7 @@
type acct_t;
type acct_exec_t;
init_system_domain(acct_t,acct_exec_t)
+application_executable_file(acct_exec_t)
type acct_data_t;
logging_log_file(acct_data_t)
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-02-19 11:32:54.000000000 -0500
+++ serefpolicy-2.5.12/policy/modules/admin/consoletype.te 2007-04-11 16:04:22.000000000 -0400
@@ -16,6 +21,7 @@
ifdef(`targeted_policy',`',`
init_system_domain(consoletype_t,consoletype_exec_t)
')
+application_executable_file(consoletype_exec_t)
########################################
#
--- nsaserefpolicy/policy/modules/admin/dmesg.te 2006-11-16 17:15:26.000000000 -0500
+++ serefpolicy-2.5.12/policy/modules/admin/dmesg.te 2007-04-11 16:04:22.000000000 -0400
@@ -10,6 +10,7 @@
type dmesg_t;
type dmesg_exec_t;
init_system_domain(dmesg_t,dmesg_exec_t)
+ application_executable_file(dmesg_exec_t)
role system_r types dmesg_t;
')
--- nsaserefpolicy/policy/modules/admin/netutils.te 2007-03-26 16:24:13.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/admin/netutils.te 2007-04-11 16:22:25.000000000 -0400
@@ -31,6 +31,7 @@
type traceroute_t;
type traceroute_exec_t;
init_system_domain(traceroute_t,traceroute_exec_t)
+application_executable_file(traceroute_exec_t)
role system_r types traceroute_t;
########################################
--- nsaserefpolicy/policy/modules/admin/rpm.te 2007-02-19 11:32:54.000000000 -0500
+++ serefpolicy-2.5.12/policy/modules/admin/rpm.te 2007-04-11 16:04:22.000000000 -0400
@@ -9,6 +9,8 @@
type rpm_t;
type rpm_exec_t;
init_system_domain(rpm_t,rpm_exec_t)
+application_executable_file(rpm_exec_t)
+
domain_obj_id_change_exemption(rpm_t)
domain_role_change_exemption(rpm_t)
domain_system_change_exemption(rpm_t)
--- nsaserefpolicy/policy/modules/services/cvs.te 2007-03-26 16:24:12.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/services/cvs.te 2007-04-11 16:04:22.000000000 -0400
@@ -16,6 +16,7 @@
type cvs_t;
type cvs_exec_t;
inetd_tcp_service_domain(cvs_t,cvs_exec_t)
+application_executable_file(cvs_exec_t)
role system_r types cvs_t;
type cvs_data_t; # customizable
--- nsaserefpolicy/policy/modules/services/mta.te 2007-02-19 11:32:53.000000000 -0500
+++ serefpolicy-2.5.12/policy/modules/services/mta.te 2007-04-11 16:04:22.000000000 -0400
@@ -27,6 +27,7 @@
type sendmail_exec_t;
files_type(sendmail_exec_t)
+application_executable_file(sendmail_exec_t)
mta_base_mail_template(system)
role system_r types system_mail_t;
--- nsaserefpolicy/policy/modules/services/procmail.te 2007-03-26 10:39:05.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/services/procmail.te 2007-04-11 16:04:22.000000000 -0400
@@ -10,6 +10,7 @@
type procmail_exec_t;
domain_type(procmail_t)
domain_entry_file(procmail_t,procmail_exec_t)
+application_executable_file(procmail_exec_t)
role system_r types procmail_t;
type procmail_tmp_t;
--- nsaserefpolicy/policy/modules/services/rsync.te 2007-03-26 16:24:12.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/services/rsync.te 2007-04-11 16:04:22.000000000 -0400
@@ -17,6 +17,7 @@
type rsync_t;
type rsync_exec_t;
init_daemon_domain(rsync_t,rsync_exec_t)
+application_executable_file(rsync_exec_t)
role system_r types rsync_t;
type rsync_data_t;
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-03-26 16:24:12.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/services/spamassassin.te 2007-04-11 16:04:22.000000000 -0400
@@ -26,7 +24,7 @@
# spamassassin client executable
type spamc_exec_t;
-corecmd_executable_file(spamc_exec_t)
+application_executable_file(spamc_exec_t)
type spamd_t;
type spamd_exec_t;
@@ -46,7 +44,7 @@
files_pid_file(spamd_var_run_t)
type spamassassin_exec_t;
-corecmd_executable_file(spamassassin_exec_t)
+application_executable_file(spamassassin_exec_t)
########################################
#
--- nsaserefpolicy/policy/modules/services/ssh.te 2007-03-26 16:24:12.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/services/ssh.te 2007-04-11 16:04:22.000000000 -0400
@@ -24,11 +24,11 @@
# Type for the ssh-agent executable.
type ssh_agent_exec_t;
-files_type(ssh_agent_exec_t)
+application_executable_file(ssh_agent_exec_t)
# ssh client executable.
type ssh_exec_t;
-corecmd_executable_file(ssh_exec_t)
+application_executable_file(ssh_exec_t)
type ssh_keygen_t;
type ssh_keygen_exec_t;
--- nsaserefpolicy/policy/modules/system/application.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.5.12/policy/modules/system/application.fc 2007-04-11 16:04:22.000000000 -0400
@@ -0,0 +1 @@
+# No application file contexts.
--- nsaserefpolicy/policy/modules/system/application.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.5.12/policy/modules/system/application.if 2007-04-11 16:04:22.000000000 -0400
@@ -0,0 +1,104 @@
+## <summary>Policy for application domains</summary>
+
+########################################
+## <summary>
+## Make the specified type usable as an application domain.
+## </summary>
+## <param name="type">
+## <summary>
+## Type to be used as a domain type.
+## </summary>
+## </param>
+#
+interface(`application_type',`
+ gen_require(`
+ attribute application_domain_type;
+ ')
+
+ typeattribute $1 application_domain_type;
+
+ # start with basic domain
+ domain_type($1)
+')
+
+########################################
+## <summary>
+## Make the specified type usable for files
+## that are exectuables, such as binary programs.
+## This does not include shared libraries.
+## </summary>
+## <param name="type">
+## <summary>
+## Type to be used for files.
+## </summary>
+## </param>
+#
+interface(`application_executable_file',`
+ gen_require(`
+ attribute application_exec_type;
+ ')
+
+ typeattribute $1 application_exec_type;
+
+ corecmd_executable_file($1)
+')
+
+########################################
+## <summary>
+## Execute application executables in the caller domain.
+## </summary>
+## <param name="type">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`application_exec',`
+ gen_require(`
+ attribute application_exec_type;
+ ')
+
+ can_exec($1, application_exec_type)
+')
+
+########################################
+## <summary>
+## Execute all executable files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`application_exec_all',`
+ # Need this dontaudit or command completion fires hundreds of avcs
+ corecmd_dontaudit_exec_all_executables($1)
+ corecmd_exec_bin($1)
+ corecmd_exec_shell($1)
+ corecmd_exec_chroot($1)
+ application_exec($1)
+')
+
+########################################
+## <summary>
+## Create a domain which can be started by users
+## </summary>
+## <param name="domain">
+## <summary>
+## Type to be used as a domain.
+## </summary>
+## </param>
+## <param name="entry_point">
+## <summary>
+## Type of the program to be used as an entry point to this domain.
+## </summary>
+## </param>
+#
+interface(`application_domain',`
+
+ application_type($1)
+ application_executable_file($2)
+ domain_entry_file($1,$2)
+')
--- nsaserefpolicy/policy/modules/system/application.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.5.12/policy/modules/system/application.te 2007-04-11 16:04:22.000000000 -0400
@@ -0,0 +1,14 @@
+
+policy_module(application,1.0.0)
+
+# Attribute of user applications
+attribute application_domain_type;
+
+# Executables to be run by user
+attribute application_exec_type;
+
+optional_policy(`
+ ssh_sigchld(application_domain_type)
+ ssh_rw_stream_sockets(application_domain_type)
+')
+
--- nsaserefpolicy/policy/modules/system/fstools.te 2007-03-26 10:39:07.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/system/fstools.te 2007-04-11 16:04:22.000000000 -0400
@@ -9,6 +9,7 @@
type fsadm_t;
type fsadm_exec_t;
init_system_domain(fsadm_t,fsadm_exec_t)
+application_executable_file(fsadm_exec_t)
role system_r types fsadm_t;
type fsadm_log_t;
--- nsaserefpolicy/policy/modules/system/logging.te 2007-03-26 10:39:07.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/system/logging.te 2007-04-11 16:04:22.000000000 -0400
@@ -11,6 +11,7 @@
type auditctl_t;
type auditctl_exec_t;
init_system_domain(auditctl_t,auditctl_exec_t)
+application_type(auditctl_t)
role system_r types auditctl_t;
type auditd_etc_t;
--- nsaserefpolicy/policy/modules/system/lvm.te 2007-03-26 10:39:07.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/system/lvm.te 2007-04-11 16:04:22.000000000 -0400
@@ -16,6 +16,7 @@
type lvm_t;
type lvm_exec_t;
init_system_domain(lvm_t,lvm_exec_t)
+application_type(lvm_t)
# needs privowner because it assigns the identity system_u to device nodes
# but runs as the identity of the sysadmin
domain_obj_id_change_exemption(lvm_t)
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-03-26 10:39:07.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/system/selinuxutil.te 2007-04-11 16:04:22.000000000 -0400
@@ -26,11 +24,9 @@
files_type(selinux_config_t)
type checkpolicy_t, can_write_binary_policy;
-domain_type(checkpolicy_t)
-role system_r types checkpolicy_t;
-
type checkpolicy_exec_t;
-domain_entry_file(checkpolicy_t,checkpolicy_exec_t)
+application_domain(checkpolicy_t, checkpolicy_exec_t)
+role system_r types checkpolicy_t;
#
# default_context_t is the type applied to
@@ -83,31 +79,34 @@
type restorecon_exec_t;
domain_obj_id_change_exemption(restorecon_t)
init_system_domain(restorecon_t,restorecon_exec_t)
+application_domain(restorecon_t,restorecon_exec_t)
role system_r types restorecon_t;
type restorecond_t;
type restorecond_exec_t;
init_daemon_domain(restorecond_t,restorecond_exec_t)
domain_obj_id_change_exemption(restorecond_t)
-role system_r types restorecond_t;
type restorecond_var_run_t;
files_pid_file(restorecond_var_run_t)
type run_init_t;
type run_init_exec_t;
-domain_type(run_init_t)
-domain_entry_file(run_init_t,run_init_exec_t)
+application_domain(run_init_t, run_init_exec_t)
domain_system_change_exemption(run_init_t)
+role system_r types run_init_t;
type semanage_t;
-domain_type(semanage_t)
-domain_interactive_fd(semanage_t)
-
type semanage_exec_t;
-domain_entry_file(semanage_t, semanage_exec_t)
+application_domain(semanage_t, semanage_exec_t)
+domain_interactive_fd(semanage_t)
role system_r types semanage_t;
+ifdef(`targeted_policy',`
+init_use_fds(semanage_t)
+init_system_domain(semanage_t, semanage_exec_t)
+')
+
type semanage_store_t;
files_type(semanage_store_t)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2007-04-11 21:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-04-11 21:16 Application diff Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.