selinux-policy/policy/modules/apps/gpg.if

201 lines
4.4 KiB
Plaintext
Raw Normal View History

## <summary>Policy for GNU Privacy Guard and related programs.</summary>
2005-05-05 21:40:32 +00:00
2008-11-05 16:10:46 +00:00
############################################################
2005-06-23 21:30:57 +00:00
## <summary>
2008-11-05 16:10:46 +00:00
## Role access for gpg
2005-06-23 21:30:57 +00:00
## </summary>
2008-11-05 16:10:46 +00:00
## <param name="role">
## <summary>
2008-11-05 16:10:46 +00:00
## Role allowed access
## </summary>
## </param>
2008-11-05 16:10:46 +00:00
## <param name="domain">
## <summary>
2008-11-05 16:10:46 +00:00
## User domain for the role
## </summary>
## </param>
2005-05-05 21:40:32 +00:00
#
2008-11-05 16:10:46 +00:00
interface(`gpg_role',`
2005-10-18 18:25:33 +00:00
gen_require(`
2008-11-05 16:10:46 +00:00
type gpg_t, gpg_exec_t;
type gpg_agent_t, gpg_agent_exec_t;
type gpg_agent_tmp_t;
type gpg_helper_t, gpg_pinentry_t;
2010-04-30 19:24:19 +00:00
type gpg_pinentry_tmp_t;
2005-10-18 18:25:33 +00:00
')
2008-11-05 16:10:46 +00:00
role $1 types { gpg_t gpg_agent_t gpg_helper_t gpg_pinentry_t };
2005-05-05 21:40:32 +00:00
2006-07-06 17:00:29 +00:00
# transition from the userdomain to the derived domain
2008-11-05 16:10:46 +00:00
domtrans_pattern($2, gpg_exec_t, gpg_t)
2006-07-06 17:00:29 +00:00
# allow ps to show gpg
2008-11-05 16:10:46 +00:00
ps_process_pattern($2, gpg_t)
allow $2 gpg_t:process { signull sigstop signal sigkill };
2005-05-05 21:40:32 +00:00
2010-04-30 19:24:19 +00:00
# communicate with the user
2008-11-05 16:10:46 +00:00
allow gpg_helper_t $2:fd use;
allow gpg_helper_t $2:fifo_file write;
2005-06-29 20:53:53 +00:00
2006-07-06 17:00:29 +00:00
# allow ps to show gpg-agent
2008-11-05 16:10:46 +00:00
ps_process_pattern($2, gpg_agent_t)
2006-07-06 17:00:29 +00:00
2005-06-29 20:53:53 +00:00
# Allow the user shell to signal the gpg-agent program.
2008-11-05 16:10:46 +00:00
allow $2 gpg_agent_t:process { signal sigkill };
2008-11-05 16:10:46 +00:00
manage_dirs_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
manage_files_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
manage_sock_files_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
files_tmp_filetrans(gpg_agent_t, gpg_agent_tmp_t, { file sock_file dir })
2008-11-05 16:10:46 +00:00
# Transition from the user domain to the agent domain.
domtrans_pattern($2, gpg_agent_exec_t, gpg_agent_t)
2009-07-21 14:07:38 +00:00
2010-04-30 19:24:19 +00:00
manage_sock_files_pattern($2, gpg_pinentry_tmp_t, gpg_pinentry_tmp_t)
relabel_sock_files_pattern($2, gpg_pinentry_tmp_t, gpg_pinentry_tmp_t)
optional_policy(`
gpg_pinentry_dbus_chat($2)
')
2009-07-21 14:07:38 +00:00
ifdef(`hide_broken_symptoms',`
#Leaked File Descriptors
2010-07-06 14:58:40 +00:00
dontaudit gpg_t $2:socket_class_set { getattr read write };
2009-07-21 14:07:38 +00:00
dontaudit gpg_t $2:fifo_file rw_fifo_file_perms;
2010-07-06 14:58:40 +00:00
dontaudit gpg_agent_t $2:socket_class_set { getattr read write };
dontaudit gpg_agent_t $2:fifo_file rw_fifo_file_perms;
2009-07-21 14:07:38 +00:00
')
')
2006-03-08 20:09:42 +00:00
########################################
## <summary>
2008-12-03 19:16:20 +00:00
## Transition to a user gpg domain.
2006-03-08 20:09:42 +00:00
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
2006-03-08 20:09:42 +00:00
## </summary>
## </param>
#
2008-11-05 16:10:46 +00:00
interface(`gpg_domtrans',`
2006-03-08 20:09:42 +00:00
gen_require(`
2008-11-05 16:10:46 +00:00
type gpg_t, gpg_exec_t;
2006-03-08 20:09:42 +00:00
')
2008-11-05 16:10:46 +00:00
domtrans_pattern($1, gpg_exec_t, gpg_t)
2006-03-08 20:09:42 +00:00
')
2010-08-26 13:41:21 +00:00
######################################
## <summary>
## Transition to a gpg web domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`gpg_domtrans_web',`
gen_require(`
type gpg_web_t, gpg_exec_t;
')
domtrans_pattern($1, gpg_exec_t, gpg_web_t)
')
######################################
## <summary>
## Make gpg an entrypoint for
## the specified domain.
## </summary>
## <param name="domain">
## <summary>
## The domain for which cifs_t is an entrypoint.
## </summary>
## </param>
#
interface(`gpg_entry_type',`
gen_require(`
type gpg_exec_t;
')
domain_entry_file($1, gpg_exec_t)
')
2006-03-13 21:36:49 +00:00
########################################
## <summary>
2008-12-03 19:16:20 +00:00
## Send generic signals to user gpg processes.
2006-03-13 21:36:49 +00:00
## </summary>
## <param name="domain">
## <summary>
2008-12-03 19:16:20 +00:00
## Domain allowed access.
2006-03-13 21:36:49 +00:00
## </summary>
## </param>
#
2008-11-05 16:10:46 +00:00
interface(`gpg_signal',`
2006-03-13 21:36:49 +00:00
gen_require(`
2008-11-05 16:10:46 +00:00
type gpg_t;
2006-03-13 21:36:49 +00:00
')
2008-11-05 16:10:46 +00:00
allow $1 gpg_t:process signal;
2006-03-13 21:36:49 +00:00
')
2010-04-30 19:24:19 +00:00
########################################
## <summary>
## Read and write GPG agent pipes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`gpg_rw_agent_pipes',`
# Just wants read/write could this be a leak?
gen_require(`
type gpg_agent_t;
')
allow $1 gpg_agent_t:fifo_file rw_fifo_file_perms;
')
########################################
## <summary>
## Send messages to and from GPG
## Pinentry over DBUS.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`gpg_pinentry_dbus_chat',`
gen_require(`
type gpg_pinentry_t;
class dbus send_msg;
')
allow $1 gpg_pinentry_t:dbus send_msg;
allow gpg_pinentry_t $1:dbus send_msg;
')
########################################
## <summary>
## List Gnu Privacy Guard user secrets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`gpg_list_user_secrets',`
gen_require(`
type gpg_secret_t;
')
list_dirs_pattern($1, gpg_secret_t, gpg_secret_t)
userdom_search_user_home_dirs($1)
')