selinux-policy/refpolicy/policy/modules/apps/gpg.if

357 lines
9.9 KiB
Plaintext
Raw Normal View History

## <summary>Policy for GNU Privacy Guard and related programs.</summary>
2005-05-05 21:40:32 +00:00
#######################################
2005-06-23 21:30:57 +00:00
## <summary>
2005-06-24 20:37:09 +00:00
## The per user domain template for the gpg module.
2005-06-23 21:30:57 +00:00
## </summary>
## <desc>
## <p>
## This template creates the types and rules for GPG,
## GPG-agent, and GPG helper programs. This protects
## the user keys and secrets, and runs the programs
## in domains specific to the user type.
## </p>
## <p>
2005-06-24 20:37:09 +00:00
## This is invoked automatically for each user and
## generally does not need to be invoked directly
## by policy writers.
2005-06-23 21:30:57 +00:00
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-06-23 21:30:57 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-06-23 21:30:57 +00:00
## </param>
2006-02-01 13:07:45 +00:00
## <param name="userdomain">
## <summary>
2006-02-01 13:07:45 +00:00
## The user domain.
## </summary>
## </param>
2006-02-01 13:07:45 +00:00
## <param name="role">
## <summary>
2006-02-01 13:07:45 +00:00
## The role associated with the user.
## </summary>
## </param>
2005-05-05 21:40:32 +00:00
#
template(`gpg_per_userdomain_template',`
2005-10-18 18:25:33 +00:00
gen_require(`
type gpg_exec_t, gpg_helper_exec_t;
type gpg_agent_exec_t, pinentry_exec_t;
')
########################################
#
# Declarations
#
2005-05-05 21:40:32 +00:00
type $1_gpg_t;
2005-06-13 17:35:46 +00:00
domain_type($1_gpg_t)
domain_entry_file($1_gpg_t,gpg_exec_t)
role $3 types $1_gpg_t;
2005-05-05 21:40:32 +00:00
type $1_gpg_agent_t;
2005-06-13 17:35:46 +00:00
domain_type($1_gpg_agent_t)
domain_entry_file($1_gpg_agent_t,gpg_agent_exec_t)
role $3 types $1_gpg_agent_t;
2005-05-05 21:40:32 +00:00
type $1_gpg_agent_tmp_t;
2005-06-13 17:35:46 +00:00
files_tmp_file($1_gpg_agent_tmp_t)
2005-05-05 21:40:32 +00:00
2005-12-01 18:01:21 +00:00
type $1_gpg_secret_t;
userdom_home_file($1,$1_gpg_secret_t)
2005-05-05 21:40:32 +00:00
type $1_gpg_helper_t;
2005-06-13 17:35:46 +00:00
domain_type($1_gpg_helper_t)
domain_entry_file($1_gpg_helper_t,gpg_helper_exec_t)
role $3 types $1_gpg_helper_t;
2005-05-05 21:40:32 +00:00
type $1_gpg_pinentry_t;
2005-06-13 17:35:46 +00:00
domain_type($1_gpg_pinentry_t)
domain_entry_file($1_gpg_pinentry_t,pinentry_exec_t)
role $3 types $1_gpg_pinentry_t;
2005-05-05 21:40:32 +00:00
########################################
#
# GPG local policy
#
2005-05-05 21:40:32 +00:00
# transition from the userdomain to the derived domain
domain_auto_trans($2,gpg_exec_t,$1_gpg_t)
2005-05-05 21:40:32 +00:00
allow $2 $1_gpg_t:fd use;
allow $1_gpg_t $2:fd use;
allow $1_gpg_t $2:fifo_file rw_file_perms;
allow $1_gpg_t $2:process sigchld;
2005-05-05 21:40:32 +00:00
allow $1_gpg_t self:capability { ipc_lock setuid };
allow { $2 $1_gpg_t } $1_gpg_t:process signal;
# setrlimit is for ulimit -c 0
2005-09-16 19:36:10 +00:00
allow $1_gpg_t self:process { setrlimit setcap setpgid };
2005-05-05 21:40:32 +00:00
2005-06-09 18:08:26 +00:00
allow $1_gpg_t self:fifo_file rw_file_perms;
allow $1_gpg_t self:tcp_socket create_stream_socket_perms;
2005-05-05 21:40:32 +00:00
2005-06-09 18:08:26 +00:00
allow $1_gpg_t $1_gpg_secret_t:dir rw_dir_perms;
allow $1_gpg_t $1_gpg_secret_t:file create_file_perms;
allow $1_gpg_t $1_gpg_secret_t:lnk_file create_lnk_perms;
2005-05-05 21:40:32 +00:00
2005-06-10 01:01:13 +00:00
corenet_tcp_sendrecv_all_if($1_gpg_t)
corenet_raw_sendrecv_all_if($1_gpg_t)
corenet_udp_sendrecv_all_if($1_gpg_t)
corenet_tcp_sendrecv_all_nodes($1_gpg_t)
corenet_raw_sendrecv_all_nodes($1_gpg_t)
corenet_udp_sendrecv_all_nodes($1_gpg_t)
corenet_tcp_sendrecv_all_ports($1_gpg_t)
corenet_udp_sendrecv_all_ports($1_gpg_t)
2005-12-06 19:59:50 +00:00
corenet_non_ipsec_sendrecv($1_gpg_t)
2005-06-10 01:01:13 +00:00
corenet_tcp_bind_all_nodes($1_gpg_t)
corenet_udp_bind_all_nodes($1_gpg_t)
2005-09-16 19:36:10 +00:00
corenet_tcp_connect_all_ports($1_gpg_t)
2005-05-05 21:40:32 +00:00
2005-06-13 16:22:32 +00:00
dev_read_rand($1_gpg_t)
dev_read_urand($1_gpg_t)
2005-05-05 21:40:32 +00:00
2005-06-10 01:01:13 +00:00
fs_getattr_xattr_fs($1_gpg_t)
2005-05-05 21:40:32 +00:00
2005-06-29 20:53:53 +00:00
domain_use_wide_inherit_fd($1_gpg_t)
files_read_etc_files($1_gpg_t)
2005-06-13 17:35:46 +00:00
files_read_usr_files($1_gpg_t)
2005-06-29 20:53:53 +00:00
files_dontaudit_search_var($1_gpg_t)
2005-05-05 21:40:32 +00:00
2005-06-13 17:35:46 +00:00
libs_use_shared_libs($1_gpg_t)
libs_use_ld_so($1_gpg_t)
2005-05-05 21:40:32 +00:00
miscfiles_read_localization($1_gpg_t)
2005-05-05 21:40:32 +00:00
2005-06-13 17:35:46 +00:00
logging_send_syslog_msg($1_gpg_t)
2005-05-05 21:40:32 +00:00
2005-06-13 17:35:46 +00:00
sysnet_read_config($1_gpg_t)
2005-05-05 21:40:32 +00:00
userdom_use_user_terminals($1,$1_gpg_t)
optional_policy(`nis',`
2005-06-27 16:30:55 +00:00
nis_use_ypbind($1_gpg_t)
')
2005-05-05 21:40:32 +00:00
2005-06-27 16:30:55 +00:00
ifdef(`TODO',`
2005-09-16 19:36:10 +00:00
# Read content to encrypt/decrypt/sign
read_content($1_gpg_t, $1)
# Write content to encrypt/decrypt/sign
write_trusted($1_gpg_t, $1)
2005-05-05 21:40:32 +00:00
ifdef(`gnome-pty-helper.te', `allow $1_gpg_t $1_gph_t:fd use;')
2005-05-05 21:40:32 +00:00
# allow ps to show gpg
can_ps($1_t, $1_gpg_t)
2005-05-05 21:40:32 +00:00
') dnl end TODO
2005-05-05 21:40:32 +00:00
########################################
#
# GPG helper local policy
#
2005-05-05 21:40:32 +00:00
# for helper programs (which automatically fetch keys)
# Note: this is only tested with the hkp interface. If you use eg the
# mail interface you will likely need additional permissions.
2005-05-05 21:40:32 +00:00
# communicate with the user
allow $1_gpg_helper_t $2:fd use;
allow $1_gpg_helper_t $2:fifo_file write;
# transition from the gpg domain to the helper domain
domain_auto_trans($1_gpg_t,gpg_helper_exec_t,$1_gpg_helper_t)
2005-05-05 21:40:32 +00:00
allow $1_gpg_t $1_gpg_helper_t:fd use;
allow $1_gpg_helper_t $1_gpg_t:fd use;
allow $1_gpg_helper_t $1_gpg_t:fifo_file rw_file_perms;
allow $1_gpg_helper_t $1_gpg_t:process sigchld;
2005-05-05 21:40:32 +00:00
2005-06-09 18:08:26 +00:00
allow $1_gpg_helper_t self:unix_stream_socket create_stream_socket_perms;
2005-05-05 21:40:32 +00:00
2005-06-09 18:08:26 +00:00
allow $1_gpg_helper_t self:tcp_socket { connect connected_socket_perms };
allow $1_gpg_helper_t self:udp_socket { connect connected_socket_perms };
2005-05-05 21:40:32 +00:00
dontaudit $1_gpg_helper_t $1_gpg_secret_t:file read;
2005-05-05 21:40:32 +00:00
2005-06-10 01:01:13 +00:00
corenet_tcp_sendrecv_all_if($1_gpg_helper_t)
corenet_raw_sendrecv_all_if($1_gpg_helper_t)
corenet_udp_sendrecv_all_if($1_gpg_helper_t)
corenet_tcp_sendrecv_all_nodes($1_gpg_helper_t)
corenet_udp_sendrecv_all_nodes($1_gpg_helper_t)
corenet_raw_sendrecv_all_nodes($1_gpg_helper_t)
corenet_tcp_sendrecv_all_ports($1_gpg_helper_t)
corenet_udp_sendrecv_all_ports($1_gpg_helper_t)
2005-12-06 19:59:50 +00:00
corenet_non_ipsec_sendrecv($1_gpg_helper_t)
2005-06-10 01:01:13 +00:00
corenet_tcp_bind_all_nodes($1_gpg_helper_t)
corenet_udp_bind_all_nodes($1_gpg_helper_t)
2005-09-16 19:36:10 +00:00
corenet_tcp_connect_all_ports($1_gpg_helper_t)
2005-05-05 21:40:32 +00:00
2005-06-13 16:22:32 +00:00
dev_read_urand($1_gpg_helper_t)
2005-05-05 21:40:32 +00:00
files_read_etc_files($1_gpg_helper_t)
# for nscd
2005-06-13 17:35:46 +00:00
files_dontaudit_search_var($1_gpg_helper_t)
2005-05-05 21:40:32 +00:00
2005-06-13 17:35:46 +00:00
libs_use_ld_so($1_gpg_helper_t)
libs_use_shared_libs($1_gpg_helper_t)
2005-05-05 21:40:32 +00:00
2005-06-13 17:35:46 +00:00
sysnet_read_config($1_gpg_helper_t)
2005-05-05 21:40:32 +00:00
tunable_policy(`use_nfs_home_dirs',`
fs_dontaudit_rw_nfs_files($1_gpg_helper_t)
')
tunable_policy(`use_samba_home_dirs',`
fs_dontaudit_rw_cifs_files($1_gpg_helper_t)
')
2005-05-05 21:40:32 +00:00
ifdef(`TODO',`
2005-05-05 21:40:32 +00:00
2005-09-16 19:36:10 +00:00
ifdef(`xdm.te',`
can_pipe_xdm($1_gpg_t)
')
') dnl end TODO
2005-05-05 21:40:32 +00:00
########################################
#
# GPG agent local policy
#
2005-05-05 21:40:32 +00:00
# rlimit: gpg-agent wants to prevent coredumps
allow $1_gpg_agent_t self:process setrlimit;
2005-05-05 21:40:32 +00:00
2005-06-09 18:08:26 +00:00
allow $1_gpg_agent_t self:unix_stream_socket create_stream_socket_perms ;
allow $1_gpg_agent_t self:fifo_file rw_file_perms;
2005-05-05 21:40:32 +00:00
2005-06-29 20:53:53 +00:00
# read and write ~/.gnupg (gpg-agent stores secret keys in ~/.gnupg/private-keys-v1.d )
allow $1_gpg_agent_t $1_gpg_secret_t:dir create_dir_perms;
allow $1_gpg_agent_t $1_gpg_secret_t:file create_file_perms;
allow $1_gpg_agent_t $1_gpg_secret_t:lnk_file create_lnk_perms;
# allow gpg to connect to the gpg agent
allow $1_gpg_t $1_gpg_agent_tmp_t:dir search;
allow $1_gpg_t $1_gpg_agent_tmp_t:sock_file write;
allow $1_gpg_t $1_gpg_agent_t:unix_stream_socket connectto;
# Allow the user shell to signal the gpg-agent program.
allow $2 $1_gpg_agent_t:process { signal sigkill };
2005-06-29 20:53:53 +00:00
allow $2 $1_gpg_agent_tmp_t:dir create_dir_perms;
allow $2 $1_gpg_agent_tmp_t:file create_file_perms;
allow $2 $1_gpg_agent_tmp_t:sock_file create_file_perms;
files_filetrans_tmp($1_gpg_agent_t, $1_gpg_agent_tmp_t, { file sock_file dir })
2005-06-29 20:53:53 +00:00
corecmd_search_bin($1_gpg_agent_t)
# Transition from the user domain to the derived domain.
domain_auto_trans($2, gpg_agent_exec_t, $1_gpg_agent_t)
2005-06-13 17:35:46 +00:00
domain_use_wide_inherit_fd($1_gpg_agent_t)
2005-05-05 21:40:32 +00:00
2005-06-13 17:35:46 +00:00
libs_use_ld_so($1_gpg_agent_t)
libs_use_shared_libs($1_gpg_agent_t)
miscfiles_read_localization($1_gpg_agent_t)
# Write to the user domain tty.
userdom_use_user_terminals($1,$1_gpg_agent_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs($1_gpg_agent_t)
fs_manage_nfs_files($1_gpg_agent_t)
fs_manage_nfs_symlinks($1_gpg_agent_t)
')
tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_dirs($1_gpg_agent_t)
fs_manage_cifs_files($1_gpg_agent_t)
fs_manage_cifs_symlinks($1_gpg_agent_t)
')
ifdef(`TODO',`
# allow ps to show gpg-agent
can_ps($1_t, $1_gpg_agent_t)
allow $1_gpg_agent_t proc_t:dir search;
allow $1_gpg_agent_t proc_t:lnk_file read;
# read and write ~/.gnupg (gpg-agent stores secret keys in ~/.gnupg/private-keys-v1.d )
allow $1_gpg_agent_t { home_root_t $1_home_dir_t }:dir search;
') dnl endif TODO
##############################
#
# Pinentry local policy
#
# we need to allow gpg-agent to call pinentry so it can get the passphrase
# from the user.
domain_auto_trans($1_gpg_agent_t,pinentry_exec_t,$1_gpg_pinentry_t)
2005-05-05 21:40:32 +00:00
allow $1_gpg_pinentry_t $1_gpg_agent_t:fd use;
allow $1_gpg_agent_t $1_gpg_pinentry_t:fd use;
allow $1_gpg_agent_t $1_gpg_pinentry_t:fifo_file rw_file_perms;
allow $1_gpg_agent_t $1_gpg_pinentry_t:process sigchld;
allow $1_gpg_pinentry_t self:unix_stream_socket { connect create getattr read shutdown write };
2005-06-09 18:08:26 +00:00
allow $1_gpg_pinentry_t self:fifo_file rw_file_perms;
# read /proc/meminfo
kernel_read_system_state($1_gpg_pinentry_t)
2005-06-13 17:35:46 +00:00
files_read_usr_files($1_gpg_pinentry_t)
# read /etc/X11/qtrc
files_read_etc_files($1_gpg_pinentry_t)
2005-06-13 17:35:46 +00:00
libs_use_ld_so($1_gpg_pinentry_t)
libs_use_shared_libs($1_gpg_pinentry_t)
miscfiles_read_fonts($1_gpg_pinentry_t)
miscfiles_read_localization($1_gpg_pinentry_t)
2005-06-29 20:53:53 +00:00
tunable_policy(`use_nfs_home_dirs',`
fs_read_nfs_files($1_gpg_pinentry_t)
')
2005-06-29 20:53:53 +00:00
tunable_policy(`use_samba_home_dirs',`
fs_read_cifs_files($1_gpg_pinentry_t)
')
ifdef(`TODO',`
ifdef(`xdm.te', `
allow $1_gpg_pinentry_t xdm_xserver_tmp_t:dir search;
allow $1_gpg_pinentry_t xdm_xserver_tmp_t:sock_file { read write };
2005-06-29 20:53:53 +00:00
allow $1_gpg_pinentry_t xdm_xserver_t:unix_stream_socket connectto;
')
allow $1_gpg_pinentry_t { tmp_t home_root_t }:dir { getattr search };
# for .Xauthority
allow $1_gpg_pinentry_t $1_home_dir_t:dir { getattr search };
2005-06-09 18:08:26 +00:00
allow $1_gpg_pinentry_t $1_home_t:file r_file_perms;
# wants to put some lock files into the user home dir, seems to work fine without
dontaudit $1_gpg_pinentry_t $1_home_t:dir { read write };
dontaudit $1_gpg_pinentry_t $1_home_t:file write;
tunable_policy(`use_nfs_home_dirs',`
2005-06-29 20:53:53 +00:00
dontaudit $1_gpg_pinentry_t nfs_t:dir write;
dontaudit $1_gpg_pinentry_t nfs_t:file write;
')
tunable_policy(`use_samba_home_dirs',`
2005-06-29 20:53:53 +00:00
dontaudit $1_gpg_pinentry_t cifs_t:dir write;
dontaudit $1_gpg_pinentry_t cifs_t:file write;
')
dontaudit $1_gpg_pinentry_t { sysctl_t sysctl_kernel_t }:dir { getattr search };
') dnl end TODO
')