[refpolicy] [PATCH 0/2] Add links_t domain for the links browser

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] [PATCH 0/2] Add links_t domain for the links browser
@ 2011-10-23 14:29 Sven Vermeulen
  2011-10-23 14:30 ` [refpolicy] [PATCH 1/2] Support the console/graphical " Sven Vermeulen
  2011-10-23 14:30 ` [refpolicy] [PATCH 2/2] Allow user domains to call links Sven Vermeulen
  0 siblings, 2 replies; 5+ messages in thread
From: Sven Vermeulen @ 2011-10-23 14:29 UTC (permalink / raw)
  To: refpolicy

This patchset adds support for the links browser.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [refpolicy] [PATCH 1/2] Support the console/graphical links browser
  2011-10-23 14:29 [refpolicy] [PATCH 0/2] Add links_t domain for the links browser Sven Vermeulen
@ 2011-10-23 14:30 ` Sven Vermeulen
  2011-11-08 15:08   ` Christopher J. PeBenito
  2011-10-23 14:30 ` [refpolicy] [PATCH 2/2] Allow user domains to call links Sven Vermeulen
  1 sibling, 1 reply; 5+ messages in thread
From: Sven Vermeulen @ 2011-10-23 14:30 UTC (permalink / raw)
  To: refpolicy


Introduce the links_t domain for the links browser, which is an
ncurses/svgalib/X11 browser (so supports both commandline-only as
well as GUI environments)

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 links.fc |    6 ++++++
 links.if |   36 ++++++++++++++++++++++++++++++++++++
 links.te |   57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 99 insertions(+), 0 deletions(-)
 create mode 100644 links.fc
 create mode 100644 links.if
 create mode 100644 links.te

diff --git a/links.fc b/links.fc
new file mode 100644
index 0000000..5749b58
--- /dev/null
+++ b/links.fc
@@ -0,0 +1,6 @@
+HOME_DIR/\.links(/.*)?    gen_context(system_u:object_r:links_home_t,s0)
+
+# 
+# /usr
+#
+/usr/bin/links         -- gen_context(system_u:object_r:links_exec_t,s0)
diff --git a/links.if b/links.if
new file mode 100644
index 0000000..bf3e20a
--- /dev/null
+++ b/links.if
@@ -0,0 +1,36 @@
+## <summary>Links web browser</summary>
+
+#######################################
+## <summary>
+##      The role interface for the links module.
+## </summary>
+## <param name="user_role">
+##      <summary>
+##      The role associated with the user domain.
+##      </summary>
+## </param>
+## <param name="user_domain">
+##      <summary>
+##      The type of the user domain.
+##      </summary>
+## </param>
+#
+interface(`links_role',`
+	gen_require(`
+		type links_t, links_exec_t, links_tmpfs_t, links_home_t;
+	')
+
+	role $1 types links_t;
+
+	manage_dirs_pattern($2, links_home_t, links_home_t)
+	manage_files_pattern($2, links_home_t, links_home_t)
+	manage_lnk_files_pattern($2, links_home_t, links_home_t)
+
+	relabel_dirs_pattern($2, links_home_t, links_home_t)
+	relabel_files_pattern($2, links_home_t, links_home_t)
+	relabel_lnk_files_pattern($2, links_home_t, links_home_t)
+
+	domtrans_pattern($2, links_exec_t, links_t)
+
+	ps_process_pattern($2, links_t)
+')	
diff --git a/links.te b/links.te
new file mode 100644
index 0000000..6289570
--- /dev/null
+++ b/links.te
@@ -0,0 +1,57 @@
+policy_module(links, 1.0.0)
+
+############################
+# 
+# Declarations
+#
+
+type links_t;
+type links_exec_t;
+application_domain(links_t, links_exec_t)
+
+type links_home_t;
+typealias links_home_t alias { user_links_home_t staff_links_home_t sysadm_links_home_t };
+userdom_user_home_content(links_home_t)
+
+type links_tmpfs_t;
+typealias links_tmpfs_t alias { user_links_tmpfs_t staff_links_tmpfs_t sysadm_links_tmpfs_t };
+files_tmpfs_file(links_tmpfs_t)
+ubac_constrained(links_tmpfs_t)
+
+############################
+#
+# Policy
+#
+
+allow links_t self:process signal_perms;
+allow links_t self:unix_stream_socket create_stream_socket_perms;
+
+manage_dirs_pattern(links_t, links_home_t, links_home_t)
+manage_files_pattern(links_t, links_home_t, links_home_t)
+manage_lnk_files_pattern(links_t, links_home_t, links_home_t)
+manage_sock_files_pattern(links_t, links_home_t, links_home_t)
+manage_fifo_files_pattern(links_t, links_home_t, links_home_t)
+
+manage_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
+manage_lnk_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
+manage_fifo_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
+manage_sock_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
+fs_tmpfs_filetrans(links_t, links_tmpfs_t, { file lnk_file sock_file fifo_file })
+
+userdom_user_home_dir_filetrans(links_t, links_home_t, dir)
+
+corenet_tcp_connect_http_port(links_t)
+
+domain_use_interactive_fds(links_t)
+
+auth_use_nsswitch(links_t)
+
+miscfiles_read_localization(links_t)
+
+userdom_manage_user_home_content_dirs(links_t)
+userdom_manage_user_home_content_files(links_t)
+userdom_use_user_terminals(links_t)
+
+optional_policy(`
+	xserver_user_x_domain_template(links, links_t, links_tmpfs_t)
+')
-- 
1.7.3.4

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [refpolicy] [PATCH 1/2] Support the console/graphical links browser
  2011-10-23 14:30 ` [refpolicy] [PATCH 1/2] Support the console/graphical " Sven Vermeulen
@ 2011-11-08 15:08   ` Christopher J. PeBenito
  2011-11-08 15:11     ` Christopher J. PeBenito
  0 siblings, 1 reply; 5+ messages in thread
From: Christopher J. PeBenito @ 2011-11-08 15:08 UTC (permalink / raw)
  To: refpolicy

On 10/23/11 10:30, Sven Vermeulen wrote:
> 
> Introduce the links_t domain for the links browser, which is an
> ncurses/svgalib/X11 browser (so supports both commandline-only as
> well as GUI environments)

A couple small notes inline.

> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  links.fc |    6 ++++++
>  links.if |   36 ++++++++++++++++++++++++++++++++++++
>  links.te |   57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 99 insertions(+), 0 deletions(-)
>  create mode 100644 links.fc
>  create mode 100644 links.if
>  create mode 100644 links.te
> 

> diff --git a/links.te b/links.te
> new file mode 100644
> index 0000000..6289570
> --- /dev/null
> +++ b/links.te
> @@ -0,0 +1,57 @@
> +policy_module(links, 1.0.0)
> +
> +############################
> +# 
> +# Declarations
> +#
> +
> +type links_t;
> +type links_exec_t;
> +application_domain(links_t, links_exec_t)
> +
> +type links_home_t;
> +typealias links_home_t alias { user_links_home_t staff_links_home_t sysadm_links_home_t };
> +userdom_user_home_content(links_home_t)
> +
> +type links_tmpfs_t;
> +typealias links_tmpfs_t alias { user_links_tmpfs_t staff_links_tmpfs_t sysadm_links_tmpfs_t };
> +files_tmpfs_file(links_tmpfs_t)
> +ubac_constrained(links_tmpfs_t)

The aliases aren't necessary.  They only exist in current policies for compatibility reasons.  Since this is a new module, there is no compatibility to preserve.

> +############################
> +#
> +# Policy
> +#
> +
> +allow links_t self:process signal_perms;
> +allow links_t self:unix_stream_socket create_stream_socket_perms;
> +
> +manage_dirs_pattern(links_t, links_home_t, links_home_t)
> +manage_files_pattern(links_t, links_home_t, links_home_t)
> +manage_lnk_files_pattern(links_t, links_home_t, links_home_t)
> +manage_sock_files_pattern(links_t, links_home_t, links_home_t)
> +manage_fifo_files_pattern(links_t, links_home_t, links_home_t)
> +
> +manage_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
> +manage_lnk_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
> +manage_fifo_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
> +manage_sock_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
> +fs_tmpfs_filetrans(links_t, links_tmpfs_t, { file lnk_file sock_file fifo_file })
> +
> +userdom_user_home_dir_filetrans(links_t, links_home_t, dir)

This can go up with the other links_home_t rules, similar to how you have the above fs_tmpfs_filetrans().

> +
> +corenet_tcp_connect_http_port(links_t)
> +
> +domain_use_interactive_fds(links_t)
> +
> +auth_use_nsswitch(links_t)
> +
> +miscfiles_read_localization(links_t)
> +
> +userdom_manage_user_home_content_dirs(links_t)
> +userdom_manage_user_home_content_files(links_t)

Can this be limited?  Is it so users can download files and save them to their home dir?  If so, it should be tunable.

> +userdom_use_user_terminals(links_t)
> +
> +optional_policy(`
> +	xserver_user_x_domain_template(links, links_t, links_tmpfs_t)
> +')


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [refpolicy] [PATCH 1/2] Support the console/graphical links browser
  2011-11-08 15:08   ` Christopher J. PeBenito
@ 2011-11-08 15:11     ` Christopher J. PeBenito
  0 siblings, 0 replies; 5+ messages in thread
From: Christopher J. PeBenito @ 2011-11-08 15:11 UTC (permalink / raw)
  To: refpolicy

On 11/08/11 10:08, Christopher J. PeBenito wrote:
> On 10/23/11 10:30, Sven Vermeulen wrote:
> 
> A couple small notes inline.

>> +type links_t;
>> +type links_exec_t;
>> +application_domain(links_t, links_exec_t)
>> +
>> +type links_home_t;
>> +typealias links_home_t alias { user_links_home_t staff_links_home_t sysadm_links_home_t };
>> +userdom_user_home_content(links_home_t)
>> +
>> +type links_tmpfs_t;
>> +typealias links_tmpfs_t alias { user_links_tmpfs_t staff_links_tmpfs_t sysadm_links_tmpfs_t };
>> +files_tmpfs_file(links_tmpfs_t)
>> +ubac_constrained(links_tmpfs_t)
> 
> The aliases aren't necessary.  They only exist in current policies for compatibility reasons.  Since this is a new module, there is no compatibility to preserve.

You should also update to use the new userdom interfaces for apps and tmpfs files, e.g. userdom_user_tmpfs_file().

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [refpolicy] [PATCH 2/2] Allow user domains to call links
  2011-10-23 14:29 [refpolicy] [PATCH 0/2] Add links_t domain for the links browser Sven Vermeulen
  2011-10-23 14:30 ` [refpolicy] [PATCH 1/2] Support the console/graphical " Sven Vermeulen
@ 2011-10-23 14:30 ` Sven Vermeulen
  1 sibling, 0 replies; 5+ messages in thread
From: Sven Vermeulen @ 2011-10-23 14:30 UTC (permalink / raw)
  To: refpolicy


Grant the links_role to the default user domains (staff, sysadm and the
regular user).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/roles/staff.te      |    4 ++++
 policy/modules/roles/sysadm.te     |    4 ++++
 policy/modules/roles/unprivuser.te |    4 ++++
 3 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index c10c3d6..ae4a59a 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -109,6 +109,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		links_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
 		lockdev_role(staff_r, staff_t)
 	')
 
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 954417f..200e490 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -461,5 +461,9 @@ ifndef(`distro_redhat',`
 	optional_policy(`
 		java_role(sysadm_r, sysadm_t)
 	')
+
+	optional_policy(`
+		links_role(sysadm_r, sysadm_t)
+	')
 ')
 
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index c576b6c..074155f 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -86,6 +86,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		links_role(user_r, user_t)
+	')
+
+	optional_policy(`
 		lockdev_role(user_r, user_t)
 	')
 
-- 
1.7.3.4

^ permalink raw reply related	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2011-11-08 15:11 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-10-23 14:29 [refpolicy] [PATCH 0/2] Add links_t domain for the links browser Sven Vermeulen
2011-10-23 14:30 ` [refpolicy] [PATCH 1/2] Support the console/graphical " Sven Vermeulen
2011-11-08 15:08   ` Christopher J. PeBenito
2011-11-08 15:11     ` Christopher J. PeBenito
2011-10-23 14:30 ` [refpolicy] [PATCH 2/2] Allow user domains to call links Sven Vermeulen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.