From: dwalsh@redhat.com (Daniel J Walsh)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH] Label ~/\.adobe(/.*)? as mozilla_home_t for flash
Date: Mon, 15 Oct 2012 13:34:18 -0400 [thread overview]
Message-ID: <507C491A.1050302@redhat.com> (raw)
In-Reply-To: <1350312761.5279.7.camel@d30.localdomain>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/15/2012 10:52 AM, Dominick Grift wrote:
>
>
> On Mon, 2012-10-15 at 16:24 +0200, Dominick Grift wrote:
>>>
>>> I agree we should start to be moving to more types in homedir for
>>> better separation. I would love to try to remove mozilla_plugin_t from
>>> full access to mozilla_home_t also.
>>
>> Yes if we can somehow prevent plugin access to passwords that would
>> already be a win
>>
>> another thing that comes to mind is
>>
>> .mozilla/plugins
>>
>> If we give that a private type of lets say mozilla_plugin_home_t then we
>> can allow mozilla_t/mozilla_plugin (whatever mmaps flash) mmap access to
>> only content in there (libflashplayer.so etc)
>>
>> Not very important but might be nice to have so that users can download
>> and run plugins on their own discretion and still have some level of
>> mandatory protection
>
> Concept:
>
>
>> From 3bf2ef145b28d4ad3429fcde0847e8bfc7438b4c Mon, 15 Oct 2012 16:51:08
>> +0200 From: Dominick Grift <dominick.grift@gmail.com> Date: Mon, 15 Oct
>> 2012 16:50:02 +0200 Subject: [PATCH] Changes to the mozilla policy
>> module
>>
>>
>> Implement mozilla_plugin userdom user home content type for
>> ~/.mozilla/plugins so that mozilla domains no longer have to be able to
>> execute mozilla userdom user home content files
>>
>> Signed-off-by: Dominick Grift <dominick.grift@gmail.com> diff --git
>> a/mozilla.fc b/mozilla.fc index e9bd2d6..841b4ce 100644 --- a/mozilla.fc
>> +++ b/mozilla.fc @@ -1,5 +1,6 @@ HOME_DIR/\.galeon(/.*)?
>> gen_context(system_u:object_r:mozilla_home_t,s0) HOME_DIR/\.mozilla(/.*)?
>> gen_context(system_u:object_r:mozilla_home_t,s0)
>> +HOME_DIR/\.mozilla/plugins(/.*)?
>> gen_context(system_u:object_r:mozilla_plugin_home_t,s0)
>> HOME_DIR/\.netscape(/.*)?
>> gen_context(system_u:object_r:mozilla_home_t,s0) HOME_DIR/\.phoenix(/.*)?
>> gen_context(system_u:object_r:mozilla_home_t,s0)
>>
>> diff --git a/mozilla.if b/mozilla.if index 12d2481..f5fca86 100644 ---
>> a/mozilla.if +++ b/mozilla.if @@ -19,7 +19,7 @@ gen_require(` type
>> mozilla_t, mozilla_exec_t, mozilla_home_t; type mozilla_tmp_t,
>> mozilla_tmpfs_t, mozilla_plugin_tmp_t; - type mozilla_plugin_tmpfs_t; +
>> type mozilla_plugin_tmpfs_t, mozilla_plugin_home_t; attribute_role
>> mozilla_roles; ')
>>
>> @@ -48,13 +48,15 @@
>>
>> stream_connect_pattern($2, mozilla_tmpfs_t, mozilla_tmpfs_t, mozilla_t)
>>
>> - allow $2 mozilla_home_t:dir { manage_dir_perms relabel_dir_perms }; -
>> allow $2 mozilla_home_t:file { manage_file_perms relabel_file_perms }; +
>> allow $2 { mozilla_home_t mozilla_plugin_home_t }:dir { manage_dir_perms
>> relabel_dir_perms }; + allow $2 { mozilla_home_t mozilla_plugin_home_t
>> }:file { manage_file_perms relabel_file_perms }; allow $2
>> mozilla_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms
>> }; userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".galeon")
>> userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".mozilla")
>> userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".netscape")
>> userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".phoenix") + +
>> filetrans_pattern($2, mozilla_home_t, mozilla_plugin_home_t, dir,
>> "plugins")
>>
>> allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:dir { manage_dir_perms
>> relabel_dir_perms }; allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:file
>> { manage_file_perms relabel_file_perms }; @@ -219,7 +221,7 @@
>>
>> ######################################## ## <summary> -## Execute mozilla
>> home directory files. +## Execute mozilla home directory files.
>> (Deprecated) ## </summary> ## <param name="domain"> ## <summary> @@
>> -228,12 +230,27 @@ ## </param> #
>> interface(`mozilla_exec_user_home_files',` + refpolicywarn(`$0($*) has
>> been deprecated, use mozilla_exec_user_plugin_home_files() instead.') +
>> mozilla_exec_user_plugin_home_files($1) +') +
>> +######################################## +## <summary> +## Execute
>> mozilla plugin home directory files. +## </summary> +## <param
>> name="domain"> +## <summary> +## Domain allowed access. +## </summary>
>> +## </param> +# +interface(`mozilla_exec_user_plugin_home_files',`
>> gen_require(` - type mozilla_home_t; + type mozilla_home_t,
>> mozilla_plugin_home_t; ')
>>
>> userdom_search_user_home_dirs($1) - can_exec($1, mozilla_home_t) +
>> exec_files_pattern($1, { mozilla_home_t mozilla_plugin_home_t },
>> mozilla_plugin_home_t) ')
>>
>> ######################################## @@ -248,11 +265,27 @@ ##
>> </param> # interface(`mozilla_execmod_user_home_files',` +
>> refpolicywarn(`$0($*) has been deprecated, use
>> mozilla_execmod_user_plugin_home_files() instead.') +
>> mozilla_execmod_user_plugin_home_files($1) +') +
>> +######################################## +## <summary> +## Mozilla
>> plugin home directory file +## text relocation. +## </summary> +## <param
>> name="domain"> +## <summary> +## Domain allowed access. +## </summary>
>> +## </param> +# +interface(`mozilla_execmod_user_plugin_home_files',`
>> gen_require(` - type mozilla_home_t; + type mozilla_plugin_home_t; ')
>>
>> - allow $1 mozilla_home_t:file execmod; + allow $1
>> mozilla_plugin_home_t:file execmod; ')
>>
>> ######################################## diff --git a/mozilla.te
>> b/mozilla.te index 43236ef..05073e3 100644 --- a/mozilla.te +++
>> b/mozilla.te @@ -1,4 +1,4 @@ -policy_module(mozilla, 2.6.6)
>> +policy_module(mozilla, 2.6.7)
>>
>> ######################################## # @@ -33,6 +33,9 @@ type
>> mozilla_plugin_exec_t; userdom_user_application_domain(mozilla_plugin_t,
>> mozilla_plugin_exec_t) role mozilla_plugin_roles types mozilla_plugin_t;
>> + +type mozilla_plugin_home_t;
>> +userdom_user_home_content(mozilla_plugin_home_t)
>>
>> type mozilla_plugin_tmp_t; userdom_user_tmp_file(mozilla_plugin_tmp_t) @@
>> -72,13 +75,15 @@ allow mozilla_t mozilla_plugin_t:unix_stream_socket
>> rw_socket_perms; allow mozilla_t mozilla_plugin_t:fd use;
>>
>> -manage_dirs_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
>> -manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
>> -manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
>> +allow mozilla_t { mozilla_home_t mozilla_plugin_home_t }:dir
>> manage_dir_perms; +allow mozilla_t { mozilla_home_t mozilla_plugin_home_t
>> }:file manage_file_perms; +allow mozilla_t mozilla_home_t:lnk_file
>> manage_lnk_file_perms; userdom_user_home_dir_filetrans(mozilla_t,
>> mozilla_home_t, dir, ".galeon")
>> userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir,
>> ".mozilla") userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t,
>> dir, ".netscape") userdom_user_home_dir_filetrans(mozilla_t,
>> mozilla_home_t, dir, ".phoenix") + +filetrans_pattern(mozilla_t,
>> mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
>>
>> manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
>> manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t) @@ -96,7
>> +101,7 @@
>>
>> stream_connect_pattern(mozilla_t, mozilla_plugin_tmpfs_t,
>> mozilla_plugin_tmpfs_t, mozilla_plugin_t)
>>
>> -can_exec(mozilla_t, { mozilla_exec_t mozilla_plugin_rw_t })
>> +can_exec(mozilla_t, { mozilla_exec_t mozilla_plugin_rw_t
>> mozilla_plugin_home_t })
>>
>> kernel_read_kernel_sysctls(mozilla_t)
>> kernel_read_network_state(mozilla_t) @@ -306,13 +311,15 @@ allow
>> mozilla_plugin_t mozilla_t:shm { rw_shm_perms destroy }; allow
>> mozilla_plugin_t mozilla_t:sem create_sem_perms;
>>
>> -manage_dirs_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
>> -manage_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
>> -manage_lnk_files_pattern(mozilla_plugin_t, mozilla_home_t,
>> mozilla_home_t) +allow mozilla_plugin_t { mozilla_home_t
>> mozilla_plugin_home_t }:dir manage_dir_perms; +allow mozilla_plugin_t {
>> mozilla_home_t mozilla_plugin_home_t }:file manage_file_perms; +allow
>> mozilla_plugin_t mozilla_home_t:lnk_file manage_lnk_file_perms;
>> userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir,
>> ".galeon") userdom_user_home_dir_filetrans(mozilla_plugin_t,
>> mozilla_home_t, dir, ".mozilla")
>> userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir,
>> ".netscape") userdom_user_home_dir_filetrans(mozilla_plugin_t,
>> mozilla_home_t, dir, ".phoenix") + +filetrans_pattern(mozilla_plugin_t,
>> mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
>>
>> manage_dirs_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t,
>> mozilla_plugin_tmp_t) manage_files_pattern(mozilla_plugin_t,
>> mozilla_plugin_tmp_t, mozilla_plugin_tmp_t) @@ -327,13 +334,13 @@
>> fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file
>> lnk_file sock_file fifo_file })
>>
>> allow mozilla_plugin_t mozilla_plugin_rw_t:dir list_dir_perms;
>> -read_files_pattern(mozilla_plugin_t, mozilla_plugin_rw_t,
>> mozilla_plugin_rw_t) -read_lnk_files_pattern(mozilla_plugin_t,
>> mozilla_plugin_rw_t, mozilla_plugin_rw_t) +allow mozilla_plugin_t
>> mozilla_plugin_rw_t:file read_file_perms; +allow mozilla_plugin_t
>> mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
>>
>> dgram_send_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t,
>> mozilla_plugin_tmpfs_t, mozilla_t)
>> stream_connect_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t,
>> mozilla_plugin_tmpfs_t, mozilla_t)
>>
>> -can_exec(mozilla_plugin_t, { mozilla_exec_t mozilla_home_t
>> mozilla_plugin_tmp_t }) +can_exec(mozilla_plugin_t, { mozilla_exec_t
>> mozilla_plugin_home_t mozilla_plugin_tmp_t })
>>
>> kernel_read_all_sysctls(mozilla_plugin_t)
>> kernel_read_system_state(mozilla_plugin_t) @@ -561,19 +568,22 @@ allow
>> mozilla_plugin_config_t self:fifo_file rw_fifo_file_perms; allow
>> mozilla_plugin_config_t self:unix_stream_socket
>> create_stream_socket_perms;
>>
>> -manage_dirs_pattern(mozilla_plugin_config_t, mozilla_plugin_rw_t,
>> mozilla_plugin_rw_t) -manage_files_pattern(mozilla_plugin_config_t,
>> mozilla_plugin_rw_t, mozilla_plugin_rw_t)
>> -manage_lnk_files_pattern(mozilla_plugin_config_t, mozilla_plugin_rw_t,
>> mozilla_plugin_rw_t) +allow mozilla_plugin_config_t
>> mozilla_plugin_rw_t:dir manage_dir_perms; +allow mozilla_plugin_config_t
>> mozilla_plugin_rw_t:file manage_file_perms; +allow
>> mozilla_plugin_config_t mozilla_plugin_rw_t:lnk_file
>> manage_lnk_file_perms;
>>
>> -manage_dirs_pattern(mozilla_plugin_config_t, mozilla_home_t,
>> mozilla_home_t) -manage_files_pattern(mozilla_plugin_config_t,
>> mozilla_home_t, mozilla_home_t)
>> -manage_lnk_files_pattern(mozilla_plugin_config_t, mozilla_home_t,
>> mozilla_home_t) +allow mozilla_plugin_config_t { mozilla_home_t
>> mozilla_plugin_home_t }:dir manage_dir_perms; +allow
>> mozilla_plugin_config_t { mozilla_home_t mozilla_plugin_home_t }:file
>> manage_file_perms; +allow mozilla_plugin_config_t mozilla_home_t:lnk_file
>> manage_lnk_file_perms; +
>> userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t,
>> dir, ".galeon") userdom_user_home_dir_filetrans(mozilla_plugin_config_t,
>> mozilla_home_t, dir, ".mozilla")
>> userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t,
>> dir, ".netscape")
>> userdom_user_home_dir_filetrans(mozilla_plugin_config_t, mozilla_home_t,
>> dir, ".phoenix")
>>
>> -can_exec(mozilla_plugin_config_t, mozilla_plugin_rw_t)
>> +filetrans_pattern(mozilla_plugin_config_t, mozilla_home_t,
>> mozilla_plugin_home_t, dir, "plugins") +
>> +can_exec(mozilla_plugin_config_t, { mozilla_plugin_rw_t
>> mozilla_plugin_home_t })
>>
>> kernel_read_system_state(mozilla_plugin_config_t)
>> kernel_request_load_module(mozilla_plugin_config_t)
>
> Now mozilla_plugin_t and mozilla_plugin_config_t *may* no longer need full
> access to type mozilla_home_t
>
> I still allowed them full access in patch above but i guess we could try
> and remove it and see where that gets us
>
>> _______________________________________________
>>> refpolicy mailing list refpolicy at oss.tresys.com
>>> http://oss.tresys.com/mailman/listinfo/refpolicy
>>
>>
>
>
> _______________________________________________ refpolicy mailing list
> refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy
>
Right seems like a nice experiment with Rawhide/F19.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlB8SRoACgkQrlYvE4MpobPDlACeIgAiDT4YX2C74xQ03ToZKdOY
OYgAn3Z8MJejruXfJ9alXCrIiHS3Acnw
=1bSk
-----END PGP SIGNATURE-----
prev parent reply other threads:[~2012-10-15 17:34 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-14 19:51 [refpolicy] [PATCH] Label ~/\.adobe(/.*)? as mozilla_home_t for flash Mika Pflüger
2012-10-14 20:17 ` Dominick Grift
2012-10-14 20:33 ` Dominick Grift
2012-10-14 20:44 ` Dominick Grift
2012-10-15 9:43 ` Sven Vermeulen
2012-10-15 14:06 ` Daniel J Walsh
2012-10-15 14:24 ` Dominick Grift
2012-10-15 14:52 ` Dominick Grift
2012-10-15 17:34 ` Daniel J Walsh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=507C491A.1050302@redhat.com \
--to=dwalsh@redhat.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.