selinux-policy/policy/modules/system/userdomain.if

5723 lines
125 KiB
Plaintext
Raw Normal View History

2005-05-18 21:00:30 +00:00
## <summary>Policy for user domains</summary>
#######################################
## <summary>
2006-09-06 22:07:25 +00:00
## The template containing the most basic rules common to all users.
## </summary>
## <desc>
## <p>
2006-09-06 22:07:25 +00:00
## The template containing the most basic rules common to all users.
## </p>
## <p>
2006-09-06 22:07:25 +00:00
## This template creates a user domain, types, and
## rules for the user's tty and pty.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
2006-09-06 22:07:25 +00:00
## <rolebase/>
#
2006-09-06 22:07:25 +00:00
template(`userdom_base_user_template',`
gen_require(`
attribute userdomain;
class context contains;
')
attribute $1_file_type;
type $1_t, userdomain;
2005-06-13 17:35:46 +00:00
domain_type($1_t)
corecmd_shell_entry_type($1_t)
2006-05-01 19:11:54 +00:00
corecmd_bin_entry_type($1_t)
domain_user_exemption_target($1_t)
role $1_r types $1_t;
allow system_r $1_r;
type $1_devpts_t;
2005-06-10 01:01:13 +00:00
term_user_pty($1_t,$1_devpts_t)
2005-09-05 18:17:17 +00:00
files_type($1_devpts_t)
type $1_tty_device_t;
2006-10-16 16:51:57 +00:00
term_user_tty($1_t,$1_tty_device_t)
2006-09-06 22:07:25 +00:00
allow $1_t self:process { signal_perms getsched setsched share getpgid setpgid setcap getsession };
allow $1_t self:fd use;
2006-12-12 20:08:08 +00:00
allow $1_t self:fifo_file rw_fifo_file_perms;
2006-04-24 14:52:01 +00:00
allow $1_t self:unix_dgram_socket { create_socket_perms sendto };
allow $1_t self:unix_stream_socket { create_stream_socket_perms connectto };
2005-06-09 18:08:26 +00:00
allow $1_t self:shm create_shm_perms;
allow $1_t self:sem create_sem_perms;
allow $1_t self:msgq create_msgq_perms;
allow $1_t self:msg { send receive };
allow $1_t self:context contains;
dontaudit $1_t self:socket create;
2006-09-06 22:07:25 +00:00
allow $1_t $1_devpts_t:chr_file { setattr ioctl read getattr lock write append };
term_create_pty($1_t,$1_devpts_t)
2006-12-12 20:08:08 +00:00
allow $1_t $1_tty_device_t:chr_file { setattr rw_chr_file_perms };
kernel_read_kernel_sysctls($1_t)
2005-11-29 15:49:18 +00:00
kernel_dontaudit_list_unlabeled($1_t)
kernel_dontaudit_getattr_unlabeled_files($1_t)
2005-11-29 15:49:18 +00:00
kernel_dontaudit_getattr_unlabeled_symlinks($1_t)
kernel_dontaudit_getattr_unlabeled_pipes($1_t)
kernel_dontaudit_getattr_unlabeled_sockets($1_t)
kernel_dontaudit_getattr_unlabeled_blk_files($1_t)
kernel_dontaudit_getattr_unlabeled_chr_files($1_t)
2005-07-19 18:40:31 +00:00
# When the user domain runs ps, there will be a number of access
# denials when ps tries to search /proc. Do not audit these denials.
domain_dontaudit_read_all_domains_state($1_t)
2005-11-29 15:49:18 +00:00
domain_dontaudit_getattr_all_domains($1_t)
2005-07-19 18:40:31 +00:00
domain_dontaudit_getsession_all_domains($1_t)
2006-09-06 22:07:25 +00:00
files_read_etc_files($1_t)
files_read_etc_runtime_files($1_t)
files_read_usr_files($1_t)
# Read directories and files with the readable_t type.
# This type is a general type for "world"-readable files.
files_list_world_readable($1_t)
files_read_world_readable_files($1_t)
files_read_world_readable_symlinks($1_t)
files_read_world_readable_pipes($1_t)
files_read_world_readable_sockets($1_t)
# old broswer_domain():
files_dontaudit_list_non_security($1_t)
files_dontaudit_getattr_non_security_files($1_t)
files_dontaudit_getattr_non_security_symlinks($1_t)
files_dontaudit_getattr_non_security_pipes($1_t)
files_dontaudit_getattr_non_security_sockets($1_t)
files_dontaudit_getattr_non_security_blk_files($1_t)
files_dontaudit_getattr_non_security_chr_files($1_t)
2006-09-06 22:07:25 +00:00
libs_use_ld_so($1_t)
libs_use_shared_libs($1_t)
libs_exec_ld_so($1_t)
miscfiles_read_localization($1_t)
miscfiles_read_certs($1_t)
sysnet_read_config($1_t)
2006-09-06 22:07:25 +00:00
tunable_policy(`allow_execmem',`
# Allow loading DSOs that require executable stack.
allow $1_t self:process execmem;
')
tunable_policy(`allow_execmem && allow_execstack',`
# Allow making the stack executable via mprotect.
allow $1_t self:process execstack;
')
')
#######################################
## <summary>
## The template for creating a home directory
## that the user has read-only access.
## </summary>
## <desc>
## <p>
## The template for creating a home directory
## that the user has read-only access.
## </p>
## <p>
## This does not allow execute access.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <rolebase/>
#
template(`userdom_ro_home_template',`
gen_require(`
attribute home_type, home_dir_type, $1_file_type;
')
2006-09-06 22:07:25 +00:00
# type for contents of home directory
type $1_home_t, $1_file_type, home_type;
files_type($1_home_t)
files_associate_tmp($1_home_t)
fs_associate_tmpfs($1_home_t)
files_mountpoint($1_home_t)
2006-09-06 22:07:25 +00:00
# type of home directory
type $1_home_dir_t, home_dir_type, home_type;
files_type($1_home_dir_t)
files_mountpoint($1_home_dir_t)
2006-09-06 22:07:25 +00:00
files_associate_tmp($1_home_dir_t)
fs_associate_tmpfs($1_home_dir_t)
files_poly_member($1_home_dir_t)
2006-09-06 22:07:25 +00:00
##############################
#
# User home directory file rules
#
allow $1_file_type $1_home_t:filesystem associate;
# Rules used to associate a homedir as a mountpoint
allow $1_home_t self:filesystem associate;
##############################
#
# Domain access to home dir
#
# read-only home directory
allow $1_t $1_home_dir_t:dir list_dir_perms;
2006-12-12 20:08:08 +00:00
allow $1_t $1_home_t:dir list_dir_perms;
allow $1_t $1_home_t:file entrypoint;
read_files_pattern($1_t,{ $1_home_t $1_home_dir_t },$1_home_t)
read_lnk_files_pattern($1_t,{ $1_home_t $1_home_dir_t },$1_home_t)
read_fifo_files_pattern($1_t,{ $1_home_t $1_home_dir_t },$1_home_t)
read_sock_files_pattern($1_t,{ $1_home_t $1_home_dir_t },$1_home_t)
2006-09-06 22:07:25 +00:00
files_list_home($1_t)
tunable_policy(`use_nfs_home_dirs',`
fs_list_nfs_dirs($1_t)
fs_read_nfs_files($1_t)
fs_read_nfs_symlinks($1_t)
fs_read_nfs_named_sockets($1_t)
fs_read_nfs_named_pipes($1_t)
',`
fs_dontaudit_read_nfs_dirs($1_t)
fs_dontaudit_read_nfs_files($1_t)
')
tunable_policy(`use_samba_home_dirs',`
fs_list_cifs_dirs($1_t)
fs_read_cifs_files($1_t)
fs_read_cifs_symlinks($1_t)
fs_read_cifs_named_sockets($1_t)
fs_read_cifs_named_pipes($1_t)
',`
fs_dontaudit_list_cifs_dirs($1_t)
fs_dontaudit_read_cifs_files($1_t)
')
')
#######################################
## <summary>
## The template for creating a home directory
## that the user has full access.
## </summary>
## <desc>
## <p>
## The template for creating a home directory
## that the user has full access.
## </p>
## <p>
## This does not allow execute access.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <rolebase/>
#
template(`userdom_manage_home_template',`
gen_require(`
attribute home_type, home_dir_type, $1_file_type;
')
2006-09-06 22:07:25 +00:00
# type for contents of home directory
type $1_home_t, $1_file_type, home_type;
files_type($1_home_t)
files_associate_tmp($1_home_t)
fs_associate_tmpfs($1_home_t)
# type of home directory
type $1_home_dir_t, home_dir_type, home_type;
files_type($1_home_dir_t)
files_associate_tmp($1_home_dir_t)
fs_associate_tmpfs($1_home_dir_t)
##############################
#
# User home directory file rules
#
allow $1_file_type $1_home_t:filesystem associate;
# Rules used to associate a homedir as a mountpoint
allow $1_home_t self:filesystem associate;
##############################
#
# Domain access to home dir
#
# full control of the home directory
2006-12-12 20:08:08 +00:00
allow $1_t $1_home_t:file entrypoint;
manage_dirs_pattern($1_t,{ $1_home_dir_t $1_home_t },$1_home_t)
manage_files_pattern($1_t,{ $1_home_dir_t $1_home_t },$1_home_t)
manage_lnk_files_pattern($1_t,{ $1_home_dir_t $1_home_t },$1_home_t)
manage_sock_files_pattern($1_t,{ $1_home_dir_t $1_home_t },$1_home_t)
manage_fifo_files_pattern($1_t,{ $1_home_dir_t $1_home_t },$1_home_t)
relabel_dirs_pattern($1_t,{ $1_home_dir_t $1_home_t },$1_home_t)
relabel_files_pattern($1_t,{ $1_home_dir_t $1_home_t },$1_home_t)
relabel_lnk_files_pattern($1_t,{ $1_home_dir_t $1_home_t },$1_home_t)
relabel_sock_files_pattern($1_t,{ $1_home_dir_t $1_home_t },$1_home_t)
relabel_fifo_files_pattern($1_t,{ $1_home_dir_t $1_home_t },$1_home_t)
filetrans_pattern($1_t,$1_home_dir_t,$1_home_t,{ dir file lnk_file sock_file fifo_file })
2006-09-06 22:07:25 +00:00
files_list_home($1_t)
2006-12-12 20:08:08 +00:00
# cjp: this should probably be removed:
allow $1_t $1_home_dir_t:dir { manage_dir_perms relabel_dir_perms };
2006-09-06 22:07:25 +00:00
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs($1_t)
fs_manage_nfs_files($1_t)
fs_manage_nfs_symlinks($1_t)
fs_manage_nfs_named_sockets($1_t)
fs_manage_nfs_named_pipes($1_t)
',`
fs_dontaudit_manage_nfs_dirs($1_t)
fs_dontaudit_manage_nfs_files($1_t)
')
tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_dirs($1_t)
fs_manage_cifs_files($1_t)
fs_manage_cifs_symlinks($1_t)
fs_manage_cifs_named_sockets($1_t)
fs_manage_cifs_named_pipes($1_t)
',`
fs_dontaudit_manage_cifs_dirs($1_t)
fs_dontaudit_manage_cifs_files($1_t)
')
')
#######################################
## <summary>
## The template for allowing the user
## to execute files in their home directory.
## </summary>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <rolebase/>
#
template(`userdom_exec_home_template',`
can_exec($1_t,$1_home_t)
tunable_policy(`use_nfs_home_dirs',`
fs_exec_nfs_files($1_t)
')
tunable_policy(`use_samba_home_dirs',`
fs_exec_cifs_files($1_t)
')
')
#######################################
## <summary>
## The template for polyinstantiating
## a user home directory.
## </summary>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <rolebase/>
#
template(`userdom_poly_home_template',`
type_member $1_t $1_home_dir_t:dir $1_home_dir_t;
files_poly($1_home_dir_t)
files_poly_parent($1_home_dir_t)
files_poly_parent($1_home_t)
files_poly_member($1_home_t)
2006-09-06 22:07:25 +00:00
')
#######################################
## <summary>
## The template for full access to the temporary directories.
## </summary>
## <desc>
## <p>
## The template for full access to the temporary directories.
## This creates a derived type for the user
## temporary type. Execute access is not given.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <rolebase/>
#
template(`userdom_manage_tmp_template',`
gen_require(`
attribute $1_file_type;
')
2006-09-06 22:07:25 +00:00
type $1_tmp_t, $1_file_type;
files_tmp_file($1_tmp_t)
2006-12-12 20:08:08 +00:00
manage_dirs_pattern($1_t,$1_tmp_t,$1_tmp_t)
manage_files_pattern($1_t,$1_tmp_t,$1_tmp_t)
manage_lnk_files_pattern($1_t,$1_tmp_t,$1_tmp_t)
manage_sock_files_pattern($1_t,$1_tmp_t,$1_tmp_t)
manage_fifo_files_pattern($1_t,$1_tmp_t,$1_tmp_t)
2006-09-06 22:07:25 +00:00
files_tmp_filetrans($1_t, $1_tmp_t, { dir file lnk_file sock_file fifo_file })
')
#######################################
## <summary>
## The template for execute access to the user temporary files.
## </summary>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <rolebase/>
#
template(`userdom_exec_tmp_template',`
2006-12-12 20:08:08 +00:00
exec_files_pattern($1_t,$1_tmp_t,$1_tmp_t)
2006-09-06 22:07:25 +00:00
')
#######################################
## <summary>
## The template for a polyinstantiated temporary directory.
## </summary>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <rolebase/>
#
template(`userdom_poly_tmp_template',`
files_poly_member_tmp($1_t,tmp_t)
2006-09-06 22:07:25 +00:00
')
#######################################
## <summary>
## The template for creating a tmpfs type
## that the user has full access.
## </summary>
## <desc>
## <p>
## The template for creating a tmpfs type
## that the user has full access.
## </p>
## <p>
## This does not allow execute access.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <rolebase/>
#
template(`userdom_manage_tmpfs_template',`
gen_require(`
attribute $1_file_type;
')
2006-09-06 22:07:25 +00:00
type $1_tmpfs_t, $1_file_type;
files_tmpfs_file($1_tmpfs_t)
2006-12-12 20:08:08 +00:00
manage_dirs_pattern($1_t,$1_tmpfs_t,$1_tmpfs_t)
manage_files_pattern($1_t,$1_tmpfs_t,$1_tmpfs_t)
manage_lnk_files_pattern($1_t,$1_tmpfs_t,$1_tmpfs_t)
manage_sock_files_pattern($1_t,$1_tmpfs_t,$1_tmpfs_t)
manage_fifo_files_pattern($1_t,$1_tmpfs_t,$1_tmpfs_t)
2006-09-06 22:07:25 +00:00
fs_tmpfs_filetrans($1_t,$1_tmpfs_t, { dir file lnk_file sock_file fifo_file })
')
#######################################
## <summary>
## The template for creating a set of types
## for untrusted content.
## </summary>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <rolebase/>
#
template(`userdom_untrusted_content_template',`
gen_require(`
attribute $1_file_type;
attribute untrusted_content_type, untrusted_content_tmp_type;
type $1_t;
')
# types for network-obtained content
type $1_untrusted_content_t, $1_file_type, untrusted_content_type; #, customizable
files_type($1_untrusted_content_t)
files_poly_member($1_untrusted_content_t)
type $1_untrusted_content_tmp_t, $1_file_type, untrusted_content_tmp_type; # customizable
files_tmp_file($1_untrusted_content_tmp_t)
# Allow user to relabel untrusted content
2006-12-12 20:08:08 +00:00
allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:file { getattr unlink relabel_file_perms rename };
2006-09-06 22:07:25 +00:00
tunable_policy(`read_untrusted_content',`
allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:dir list_dir_perms;
2006-12-12 20:08:08 +00:00
read_files_pattern($1_t,{ $1_untrusted_content_t $1_untrusted_content_tmp_t },{ $1_untrusted_content_t $1_untrusted_content_tmp_t })
read_lnk_files_pattern($1_t,{ $1_untrusted_content_t $1_untrusted_content_tmp_t },{ $1_untrusted_content_t $1_untrusted_content_tmp_t })
2006-09-06 22:07:25 +00:00
',`
dontaudit $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:dir list_dir_perms;
dontaudit $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:file read_file_perms;
')
')
#######################################
## <summary>
## The template allowing the user to execute
## generic programs, such as those found in /bin,
## /sbin, /usr/bin, and /usr/sbin.
## </summary>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <rolebase/>
#
template(`userdom_exec_generic_pgms_template',`
gen_require(`
type $1_t;
')
corecmd_exec_bin($1_t)
')
#######################################
## <summary>
## The template allowing the user basic
## network permissions
## </summary>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <rolebase/>
#
template(`userdom_basic_networking_template',`
gen_require(`
type $1_t;
')
allow $1_t self:tcp_socket create_stream_socket_perms;
allow $1_t self:udp_socket create_socket_perms;
corenet_non_ipsec_sendrecv($1_t)
corenet_tcp_sendrecv_all_if($1_t)
corenet_udp_sendrecv_all_if($1_t)
corenet_tcp_sendrecv_all_nodes($1_t)
corenet_udp_sendrecv_all_nodes($1_t)
corenet_tcp_sendrecv_all_ports($1_t)
corenet_udp_sendrecv_all_ports($1_t)
corenet_tcp_connect_all_ports($1_t)
corenet_sendrecv_all_client_packets($1_t)
ifdef(`enable_mls',`
# netlabel/CIPSO labeled networking
corenet_tcp_recv_netlabel($1_t)
corenet_udp_recv_netlabel($1_t)
')
2006-09-06 22:07:25 +00:00
')
#######################################
## <summary>
## The template for creating a user xwindows client.
## </summary>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <rolebase/>
#
template(`userdom_xwindows_client_template',`
gen_require(`
type $1_t, $1_tmpfs_t;
')
optional_policy(`
dev_rw_xserver_misc($1_t)
dev_rw_power_management($1_t)
dev_read_input($1_t)
dev_read_misc($1_t)
dev_write_misc($1_t)
# open office is looking for the following
dev_getattr_agp_dev($1_t)
dev_dontaudit_rw_dri($1_t)
# GNOME checks for usb and other devices:
dev_rw_usbfs($1_t)
xserver_user_client_template($1,$1_t,$1_tmpfs_t)
xserver_xsession_entry_type($1_t)
xserver_dontaudit_write_log($1_t)
xserver_stream_connect_xdm($1_t)
# certain apps want to read xdm.pid file
xserver_read_xdm_pid($1_t)
# gnome-session creates socket under /tmp/.ICE-unix/
xserver_create_xdm_tmp_sockets($1_t)
# Needed for escd, remove if we get escd policy
xserver_manage_xdm_tmp_files($1_t)
2006-09-06 22:07:25 +00:00
')
')
#######################################
## <summary>
## The template for allowing the user to change passwords.
## </summary>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <rolebase/>
#
template(`userdom_change_password_template',`
gen_require(`
type $1_t, $1_devpts_t, $1_tty_device_t;
role $1_r;
')
optional_policy(`
usermanage_run_chfn($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
usermanage_run_passwd($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
')
')
#######################################
## <summary>
## The template for allowing the user to change roles.
## </summary>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
#
template(`userdom_role_change_template',`
gen_require(`
role $1_r, $2_r;
type $1_t, $2_t;
type $1_devpts_t, $2_devpts_t;
type $1_tty_device_t, $2_tty_device_t;
')
allow $1_r $2_r;
type_change $2_t $1_devpts_t:chr_file $2_devpts_t;
type_change $2_t $1_tty_device_t:chr_file $2_tty_device_t;
# avoid annoying messages on terminal hangup
dontaudit $1_t { $2_devpts_t $2_tty_device_t }:chr_file ioctl;
')
#######################################
## <summary>
## The template containing rules common to unprivileged
## users and administrative users.
## </summary>
## <desc>
## <p>
## This template creates a user domain, types, and
## rules for the user's tty, pty, tmp, and tmpfs files.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
#
template(`userdom_common_user_template',`
gen_require(`
attribute unpriv_userdomain;
')
2006-09-06 22:07:25 +00:00
userdom_base_user_template($1)
userdom_manage_home_template($1)
userdom_exec_home_template($1)
userdom_manage_tmp_template($1)
userdom_exec_tmp_template($1)
userdom_manage_tmpfs_template($1)
userdom_untrusted_content_template($1)
userdom_basic_networking_template($1)
userdom_exec_generic_pgms_template($1)
userdom_xwindows_client_template($1)
userdom_change_password_template($1)
##############################
#
# User domain Local policy
#
allow $1_t self:capability { setgid chown fowner };
dontaudit $1_t self:capability { sys_nice fsetid };
allow $1_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow $1_t self:process { ptrace setfscreate };
allow $1_t self:context contains;
2006-09-06 22:07:25 +00:00
# evolution and gnome-session try to create a netlink socket
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
allow $1_t unpriv_userdomain:fd use;
kernel_read_system_state($1_t)
kernel_read_network_state($1_t)
kernel_read_net_sysctls($1_t)
# Very permissive allowing every domain to see every type:
kernel_get_sysvipc_info($1_t)
# Find CDROM devices:
kernel_read_device_sysctls($1_t)
corenet_udp_bind_all_nodes($1_t)
corenet_udp_bind_generic_port($1_t)
dev_read_sysfs($1_t)
dev_read_rand($1_t)
dev_read_urand($1_t)
dev_write_sound($1_t)
dev_read_sound($1_t)
dev_read_sound_mixer($1_t)
dev_write_sound_mixer($1_t)
domain_use_interactive_fds($1_t)
# Command completion can fire hundreds of denials
domain_dontaudit_exec_all_entry_files($1_t)
2006-09-06 22:07:25 +00:00
files_exec_etc_files($1_t)
files_search_locks($1_t)
# Check to see if cdrom is mounted
files_search_mnt($1_t)
# cjp: perhaps should cut back on file reads:
files_read_var_files($1_t)
files_read_var_symlinks($1_t)
files_read_generic_spool($1_t)
files_read_var_lib_files($1_t)
# Stat lost+found.
files_getattr_lost_found_dirs($1_t)
fs_get_all_fs_quotas($1_t)
fs_getattr_all_fs($1_t)
fs_getattr_all_dirs($1_t)
fs_search_auto_mountpoints($1_t)
2006-09-14 18:19:04 +00:00
fs_list_inotifyfs($1_t)
2006-09-06 22:07:25 +00:00
# cjp: some of this probably can be removed
selinux_get_fs_mount($1_t)
selinux_validate_context($1_t)
selinux_compute_access_vector($1_t)
selinux_compute_create_context($1_t)
selinux_compute_relabel_context($1_t)
selinux_compute_user_contexts($1_t)
# for eject
storage_getattr_fixed_disk_dev($1_t)
auth_read_login_records($1_t)
auth_dontaudit_write_login_records($1_t)
auth_search_pam_console_data($1_t)
auth_run_pam($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
auth_run_utempter($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
init_read_utmp($1_t)
# The library functions always try to open read-write first,
# then fall back to read-only if it fails.
init_dontaudit_write_utmp($1_t)
# Stop warnings about access to /dev/console
init_dontaudit_use_fds($1_t)
init_dontaudit_use_script_fds($1_t)
2005-06-13 17:35:46 +00:00
libs_exec_lib_files($1_t)
2005-06-13 17:35:46 +00:00
logging_dontaudit_getattr_all_logs($1_t)
2006-09-06 22:07:25 +00:00
miscfiles_read_man_pages($1_t)
2005-07-19 18:40:31 +00:00
# for running TeX programs
miscfiles_read_tetex_data($1_t)
miscfiles_exec_tetex_data($1_t)
2005-09-19 21:17:45 +00:00
seutil_read_file_contexts($1_t)
seutil_read_default_contexts($1_t)
2006-09-06 22:07:25 +00:00
seutil_read_config($1_t)
seutil_run_newrole($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
seutil_exec_checkpolicy($1_t)
seutil_exec_setfiles($1_t)
2006-09-06 22:07:25 +00:00
# for when the network connection is killed
# this is needed when a login role can change
# to this one.
seutil_dontaudit_signal_newrole($1_t)
2005-09-19 21:17:45 +00:00
2005-07-19 18:40:31 +00:00
tunable_policy(`read_default_t',`
files_list_default($1_t)
files_read_default_files($1_t)
files_read_default_symlinks($1_t)
files_read_default_sockets($1_t)
files_read_default_pipes($1_t)
2005-09-19 21:17:45 +00:00
',`
files_dontaudit_list_default($1_t)
files_dontaudit_read_default_files($1_t)
')
2005-06-13 20:44:23 +00:00
tunable_policy(`user_direct_mouse',`
2005-06-13 16:22:32 +00:00
dev_read_mouse($1_t)
2005-06-13 20:44:23 +00:00
')
2005-06-13 20:44:23 +00:00
tunable_policy(`user_ttyfile_stat',`
2005-06-10 01:01:13 +00:00
term_getattr_all_user_ttys($1_t)
2005-06-13 20:44:23 +00:00
')
optional_policy(`
alsa_read_rw_config($1_t)
')
optional_policy(`
2005-11-29 15:49:18 +00:00
# Allow graphical boot to check battery lifespan
apm_stream_connect($1_t)
')
optional_policy(`
2005-10-21 16:39:28 +00:00
canna_stream_connect($1_t)
')
optional_policy(`
cups_stream_connect($1_t)
2005-11-29 21:27:15 +00:00
cups_stream_connect_ptal($1_t)
')
optional_policy(`
allow $1_t self:dbus send_msg;
2005-08-31 20:58:12 +00:00
dbus_system_bus_client_template($1,$1_t)
2005-11-25 16:43:03 +00:00
2006-09-06 22:07:25 +00:00
optional_policy(`
bluetooth_dbus_chat($1_t)
')
optional_policy(`
evolution_dbus_chat($1,$1_t)
evolution_alarm_dbus_chat($1,$1_t)
')
optional_policy(`
2005-11-29 21:27:15 +00:00
cups_dbus_chat_config($1_t)
')
optional_policy(`
2005-11-29 15:49:18 +00:00
hal_dbus_chat($1_t)
')
optional_policy(`
2005-11-25 16:43:03 +00:00
networkmanager_dbus_chat($1_t)
')
2005-08-31 20:58:12 +00:00
')
optional_policy(`
inetd_use_fds($1_t)
2006-02-02 21:08:12 +00:00
inetd_rw_tcp_sockets($1_t)
2005-07-12 20:34:24 +00:00
')
optional_policy(`
inn_read_config($1_t)
inn_read_news_lib($1_t)
inn_read_news_spool($1_t)
')
optional_policy(`
locate_read_lib_files($1_t)
')
2006-09-06 22:07:25 +00:00
# for running depmod as part of the kernel packaging process
optional_policy(`
modutils_read_module_config($1_t)
')
optional_policy(`
mta_rw_spool($1_t)
')
optional_policy(`
2005-06-27 16:30:55 +00:00
nis_use_ypbind($1_t)
')
optional_policy(`
2006-09-06 22:07:25 +00:00
tunable_policy(`allow_user_mysql_connect',`
mysql_stream_connect($1_t)
2005-08-03 17:56:26 +00:00
')
')
optional_policy(`
2006-02-02 21:08:12 +00:00
nscd_socket_use($1_t)
2005-07-13 20:48:51 +00:00
')
optional_policy(`
2005-07-19 18:40:31 +00:00
# to allow monitoring of pcmcia status
pcmcia_read_pid($1_t)
')
optional_policy(`
pcscd_read_pub_files($1_t)
pcscd_stream_connect($1_t)
')
optional_policy(`
2005-08-11 14:49:58 +00:00
quota_dontaudit_getattr_db($1_t)
')
2006-04-14 19:13:17 +00:00
optional_policy(`
resmgr_stream_connect($1_t)
')
optional_policy(`
2005-11-25 17:39:35 +00:00
rpc_dontaudit_getattr_exports($1_t)
2005-11-29 15:49:18 +00:00
rpc_manage_nfs_rw_content($1_t)
2005-11-25 17:39:35 +00:00
')
optional_policy(`
rpm_read_db($1_t)
rpm_dontaudit_manage_db($1_t)
2005-07-12 20:34:24 +00:00
')
optional_policy(`
2006-02-02 21:08:12 +00:00
samba_stream_connect_winbind($1_t)
2005-11-29 15:49:18 +00:00
')
optional_policy(`
2006-01-04 20:44:30 +00:00
slrnpull_search_spool($1_t)
')
optional_policy(`
2006-01-17 23:01:14 +00:00
usernetctl_run($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
')
2005-07-19 18:40:31 +00:00
')
#######################################
## <summary>
## The template for creating a unprivileged user.
## </summary>
## <desc>
## <p>
## This template creates a user domain, types, and
## rules for the user's tty, pty, home directories,
## tmp, and tmpfs files.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
#
2006-09-06 22:07:25 +00:00
template(`userdom_unpriv_user_template', `
gen_require(`
attribute privhome, user_ptynode, user_home_dir_type, user_home_type, user_tmpfile, user_ttynode;
')
##############################
#
# Declarations
#
# Inherit rules for ordinary users.
2006-09-06 22:07:25 +00:00
userdom_common_user_template($1)
2005-09-02 19:11:07 +00:00
typeattribute $1_t unpriv_userdomain;
2006-02-20 21:33:25 +00:00
domain_interactive_fd($1_t)
2005-08-17 17:31:57 +00:00
typeattribute $1_devpts_t user_ptynode;
typeattribute $1_home_dir_t user_home_dir_type;
typeattribute $1_home_t user_home_type;
2005-06-27 16:30:55 +00:00
typeattribute $1_tmp_t user_tmpfile;
2005-06-29 20:53:53 +00:00
typeattribute $1_tty_device_t user_ttynode;
2006-01-10 21:03:16 +00:00
2006-09-06 22:07:25 +00:00
userdom_poly_home_template($1)
userdom_poly_tmp_template($1)
##############################
#
# Local policy
#
# privileged home directory writers
2006-12-12 20:08:08 +00:00
manage_dirs_pattern(privhome,{ $1_home_dir_t $1_home_t },$1_home_t)
manage_files_pattern(privhome,{ $1_home_dir_t $1_home_t },$1_home_t)
manage_lnk_files_pattern(privhome,{ $1_home_dir_t $1_home_t },$1_home_t)
manage_sock_files_pattern(privhome,{ $1_home_dir_t $1_home_t },$1_home_t)
manage_fifo_files_pattern(privhome,{ $1_home_dir_t $1_home_t },$1_home_t)
filetrans_pattern(privhome,$1_home_dir_t,$1_home_t,{ dir file lnk_file sock_file fifo_file })
corecmd_exec_all_executables($1_t)
# port access is audited even if dac would not have allowed it, so dontaudit it here
2005-06-10 01:01:13 +00:00
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
2006-09-06 22:07:25 +00:00
# Need the following rule to allow users to run vpnc
corenet_tcp_bind_xserver_port($1_t)
2005-07-19 18:40:31 +00:00
files_exec_usr_files($1_t)
# cjp: why?
files_read_kernel_symbol_table($1_t)
2006-09-06 22:07:25 +00:00
ifndef(`enable_mls',`
fs_exec_noxattr($1_t)
2006-09-06 22:07:25 +00:00
tunable_policy(`user_rw_noexattrfile',`
fs_manage_noxattr_fs_files($1_t)
fs_manage_noxattr_fs_dirs($1_t)
# Write floppies
storage_raw_read_removable_device($1_t)
storage_raw_write_removable_device($1_t)
',`
storage_raw_read_removable_device($1_t)
')
2005-09-19 21:17:45 +00:00
')
2005-06-13 20:44:23 +00:00
tunable_policy(`user_dmesg',`
kernel_read_ring_buffer($1_t)
2005-06-13 20:44:23 +00:00
',`
2005-06-10 01:01:13 +00:00
kernel_dontaudit_read_ring_buffer($1_t)
2005-06-13 20:44:23 +00:00
')
# Allow users to run TCP servers (bind to ports and accept connection from
# the same domain and outside users) disabling this forces FTP passive mode
# and may change other protocols
2005-06-13 20:44:23 +00:00
tunable_policy(`user_tcp_server',`
2006-09-13 14:23:04 +00:00
corenet_tcp_bind_all_nodes($1_t)
2005-06-10 01:01:13 +00:00
corenet_tcp_bind_generic_port($1_t)
2005-06-13 20:44:23 +00:00
')
optional_policy(`
2005-07-01 13:31:34 +00:00
kerberos_use($1_t)
')
optional_policy(`
2005-08-15 14:46:17 +00:00
loadkeys_run($1_t,$1_r,$1_tty_device_t)
')
optional_policy(`
2005-09-27 19:40:44 +00:00
netutils_run_ping_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
netutils_run_traceroute_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
')
2005-10-14 20:00:07 +00:00
# Run pppd in pppd_t by default for user
optional_policy(`
2005-10-14 20:00:07 +00:00
ppp_run_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
')
optional_policy(`
setroubleshoot_stream_connect($1_t)
')
ifdef(`TODO',`
ifdef(`xdm.te', `
2006-09-06 22:07:25 +00:00
# this should cause the .xsession-errors file to be written to /tmp
dontaudit xdm_t $1_home_t:file rw_file_perms;
')
# Do not audit write denials to /etc/ld.so.cache.
dontaudit $1_t ld_so_cache_t:file write;
dontaudit $1_t sysadm_home_t:file { read append };
') dnl end TODO
')
2005-05-18 13:18:49 +00:00
#######################################
## <summary>
## The template for creating an administrative user.
## </summary>
## <desc>
## <p>
## This template creates a user domain, types, and
## rules for the user's tty, pty, home directories,
## tmp, and tmpfs files.
## </p>
2005-07-19 18:40:31 +00:00
## <p>
## The privileges given to administrative users are:
## <ul>
## <li>Raw disk access</li>
## <li>Set all sysctls</li>
## <li>All kernel ring buffer controls</li>
## <li>Create, read, write, and delete all files but shadow</li>
## <li>Manage source and binary format SELinux policy</li>
## <li>Run insmod</li>
## </ul>
2005-07-19 18:40:31 +00:00
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., sysadm
## is the prefix for sysadm_t).
## </summary>
## </param>
2005-05-18 13:18:49 +00:00
#
2006-09-06 22:07:25 +00:00
template(`userdom_admin_user_template',`
2005-09-21 14:49:41 +00:00
gen_require(`
attribute admin_terminal, privhome;
2005-09-21 14:49:41 +00:00
class passwd { passwd chfn chsh rootok crontab };
')
##############################
#
# Declarations
#
# Inherit rules for ordinary users.
2006-09-06 22:07:25 +00:00
userdom_common_user_template($1)
2005-09-02 19:11:07 +00:00
typeattribute $1_t privhome;
2006-02-02 21:08:12 +00:00
domain_obj_id_change_exemption($1_t)
role system_r types $1_t;
2005-09-21 14:49:41 +00:00
ifdef(`direct_sysadm_daemon',`
2006-02-02 21:08:12 +00:00
domain_system_change_exemption($1_t)
2005-09-21 14:49:41 +00:00
')
typeattribute $1_devpts_t admin_terminal;
typeattribute $1_tty_device_t admin_terminal;
##############################
#
# $1_t local policy
#
allow $1_t self:capability ~sys_module;
allow $1_t self:process { setexec setfscreate };
# Set password information for other users.
allow $1_t self:passwd { passwd chfn chsh };
# Skip authentication when pam_rootok is specified.
allow $1_t self:passwd rootok;
# Manipulate other users crontab.
allow $1_t self:passwd crontab;
2005-09-19 21:17:45 +00:00
allow $1_t self:netlink_audit_socket nlmsg_readpriv;
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
2005-06-10 01:01:13 +00:00
kernel_getattr_message_if($1_t)
kernel_change_ring_buffer_level($1_t)
kernel_clear_ring_buffer($1_t)
kernel_read_ring_buffer($1_t)
kernel_get_sysvipc_info($1_t)
kernel_rw_all_sysctls($1_t)
# signal unlabeled processes:
kernel_kill_unlabeled($1_t)
kernel_signal_unlabeled($1_t)
kernel_sigstop_unlabeled($1_t)
kernel_signull_unlabeled($1_t)
kernel_sigchld_unlabeled($1_t)
2005-07-19 18:40:31 +00:00
corenet_tcp_bind_generic_port($1_t)
# allow setting up tunnels
2006-02-16 21:33:18 +00:00
corenet_rw_tun_tap_dev($1_t)
2005-07-19 18:40:31 +00:00
dev_getattr_generic_blk_files($1_t)
dev_getattr_generic_chr_files($1_t)
2006-09-06 22:07:25 +00:00
# for lsof
dev_getattr_mtrr_dev($1_t)
# Allow MAKEDEV to work
dev_create_all_blk_files($1_t)
dev_create_all_chr_files($1_t)
dev_delete_all_blk_files($1_t)
dev_delete_all_chr_files($1_t)
dev_rename_all_blk_files($1_t)
dev_rename_all_chr_files($1_t)
dev_create_generic_symlinks($1_t)
2005-06-13 17:35:46 +00:00
domain_setpriority_all_domains($1_t)
domain_read_all_domains_state($1_t)
2005-09-16 14:54:36 +00:00
domain_getattr_all_domains($1_t)
domain_dontaudit_ptrace_all_domains($1_t)
# signal all domains:
domain_kill_all_domains($1_t)
domain_signal_all_domains($1_t)
domain_signull_all_domains($1_t)
domain_sigstop_all_domains($1_t)
domain_sigstop_all_domains($1_t)
domain_sigchld_all_domains($1_t)
2005-07-19 18:40:31 +00:00
# for lsof
domain_getattr_all_sockets($1_t)
2005-10-07 18:48:43 +00:00
files_exec_usr_src_files($1_t)
2006-09-06 22:07:25 +00:00
fs_getattr_all_fs($1_t)
fs_set_all_quotas($1_t)
fs_exec_noxattr($1_t)
storage_raw_read_removable_device($1_t)
storage_raw_write_removable_device($1_t)
term_use_all_terms($1_t)
auth_getattr_shadow($1_t)
# Manage almost all files
auth_manage_all_files_except_shadow($1_t)
# Relabel almost all files
auth_relabel_all_files_except_shadow($1_t)
init_telinit($1_t)
2005-06-13 17:35:46 +00:00
logging_send_syslog_msg($1_t)
2005-06-13 17:35:46 +00:00
modutils_domtrans_insmod($1_t)
# The following rule is temporary until such time that a complete
# policy management infrastructure is in place so that an administrator
# cannot directly manipulate policy files with arbitrary programs.
2006-02-02 21:08:12 +00:00
seutil_manage_src_policy($1_t)
# Violates the goal of limiting write access to checkpolicy.
# But presently necessary for installing the file_contexts file.
2006-02-02 21:08:12 +00:00
seutil_manage_bin_policy($1_t)
2006-09-06 22:07:25 +00:00
tunable_policy(`user_rw_noexattrfile',`
fs_manage_noxattr_fs_files($1_t)
fs_manage_noxattr_fs_dirs($1_t)
',`
fs_read_noxattr_fs_files($1_t)
')
optional_policy(`
userhelper_exec($1_t)
')
')
########################################
## <summary>
## Allow user to run as a secadm
## </summary>
## <desc>
## <p>
## Create objects in a user home directory
## with an automatic type transition to
## a specified private type.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role of the object to create.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The terminal
## </summary>
## </param>
#
template(`userdom_security_admin_template',`
allow $1 self:capability { dac_read_search dac_override };
corecmd_exec_shell($1)
domain_obj_id_change_exemption($1)
dev_relabel_all_dev_nodes($1)
files_create_boot_flag($1)
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
mls_process_read_up($1)
mls_file_read_up($1)
mls_file_upgrade($1)
mls_file_downgrade($1)
selinux_set_enforce_mode($1)
selinux_set_boolean($1)
selinux_set_parameters($1)
auth_relabel_all_files_except_shadow($1)
auth_relabel_shadow($1)
init_exec($1)
logging_send_syslog_msg($1)
logging_read_audit_log($1)
logging_read_generic_logs($1)
logging_read_audit_config($1)
seutil_manage_bin_policy($1)
seutil_run_checkpolicy($1,$2,$3)
seutil_run_loadpolicy($1,$2,$3)
seutil_run_semanage($1,$2,$3)
seutil_run_setfiles($1, $2, $3)
userdom_dontaudit_append_staff_home_content_files($1)
userdom_dontaudit_read_sysadm_home_content_files($1)
optional_policy(`
aide_run($1,$2, $3)
')
optional_policy(`
consoletype_exec($1)
')
optional_policy(`
dmesg_exec($1)
')
optional_policy(`
ipsec_run_setkey($1,$2,$3)
')
optional_policy(`
netlabel_run_mgmt($1,$2, $3)
2005-09-19 21:17:45 +00:00
')
2005-05-18 13:18:49 +00:00
')
2005-05-18 21:00:30 +00:00
2006-09-11 15:26:25 +00:00
########################################
## <summary>
## Change to the generic user role.
## </summary>
## <desc>
## <p>
## Change to the generic user role.
## </p>
## <p>
## This is a template to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="prefix">
## <summary>
## The prefix of the user role (e.g., user
## is the prefix for user_r).
## </summary>
## </param>
## <rolecap/>
#
template(`userdom_role_change_generic_user',`
ifdef(`strict_policy',`
userdom_role_change_template($1,user)
',`
refpolicywarn(`$0($*) has no effect in targeted policy.')
')
')
########################################
## <summary>
## Change from the generic user role.
## </summary>
## <desc>
## <p>
## Change from the generic user role to
## the specified role.
## </p>
## <p>
## This is a template to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="prefix">
## <summary>
## The prefix of the user role (e.g., user
## is the prefix for user_r).
## </summary>
## </param>
## <rolecap/>
#
template(`userdom_role_change_from_generic_user',`
ifdef(`strict_policy',`
userdom_role_change_template(user,$1)
',`
refpolicywarn(`$0($*) has no effect in targeted policy.')
')
')
########################################
## <summary>
## Change to the staff user role.
## </summary>
## <desc>
## <p>
## Change to the staff user role.
## </p>
## <p>
## This is a template to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="prefix">
## <summary>
## The prefix of the user role (e.g., user
## is the prefix for user_r).
## </summary>
## </param>
## <rolecap/>
#
template(`userdom_role_change_staff',`
ifdef(`strict_policy',`
userdom_role_change_template($1,staff)
',`
refpolicywarn(`$0($*) has no effect in targeted policy.')
')
')
########################################
## <summary>
## Change from the staff user role.
## </summary>
## <desc>
## <p>
## Change from the staff user role to
## the specified role.
## </p>
## <p>
## This is a template to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="prefix">
## <summary>
## The prefix of the user role (e.g., user
## is the prefix for user_r).
## </summary>
## </param>
## <rolecap/>
#
template(`userdom_role_change_from_staff',`
ifdef(`strict_policy',`
userdom_role_change_template(staff,$1)
',`
refpolicywarn(`$0($*) has no effect in targeted policy.')
')
')
########################################
## <summary>
## Change to the sysadm user role.
## </summary>
## <desc>
## <p>
## Change to the sysadm user role.
## </p>
## <p>
## This is a template to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="prefix">
## <summary>
## The prefix of the user role (e.g., user
## is the prefix for user_r).
## </summary>
## </param>
## <rolecap/>
#
template(`userdom_role_change_sysadm',`
ifdef(`strict_policy',`
userdom_role_change_template($1,sysadm)
',`
refpolicywarn(`$0($*) has no effect in targeted policy.')
')
')
########################################
## <summary>
## Change from the sysadm user role.
## </summary>
## <desc>
## <p>
## Change from the sysadm user role to
## the specified role.
## </p>
## <p>
## This is a template to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="prefix">
## <summary>
## The prefix of the user role (e.g., user
## is the prefix for user_r).
## </summary>
## </param>
## <rolecap/>
#
template(`userdom_role_change_from_sysadm',`
ifdef(`strict_policy',`
userdom_role_change_template(sysadm,$1)
',`
refpolicywarn(`$0($*) has no effect in targeted policy.')
')
')
########################################
## <summary>
## Change to the secadm user role.
## </summary>
## <desc>
## <p>
## Change to the secadm user role.
## </p>
## <p>
## This is a template to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="prefix">
## <summary>
## The prefix of the user role (e.g., user
## is the prefix for user_r).
## </summary>
## </param>
## <rolecap/>
#
template(`userdom_role_change_secadm',`
ifdef(`enable_mls',`
userdom_role_change_template($1,secadm)
',`
refpolicywarn(`$0($*) has no effect in non-MLS policy.')
')
')
########################################
## <summary>
## Change from the secadm user role.
## </summary>
## <desc>
## <p>
## Change from the secadm user role to
## the specified role.
## </p>
## <p>
## This is a template to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="prefix">
## <summary>
## The prefix of the user role (e.g., user
## is the prefix for user_r).
## </summary>
## </param>
## <rolecap/>
#
template(`userdom_role_change_from_secadm',`
ifdef(`enable_mls',`
userdom_role_change_template(secadm,$1)
',`
refpolicywarn(`$0($*) has no effect in non-MLS policy.')
')
')
########################################
## <summary>
## Change to the auditadm user role.
## </summary>
## <desc>
## <p>
## Change to the auditadm user role.
## </p>
## <p>
## This is a template to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="prefix">
## <summary>
## The prefix of the auditadm role (e.g., user
## is the prefix for user_r).
## </summary>
## </param>
## <rolecap/>
#
template(`userdom_role_change_auditadm',`
ifdef(`enable_mls',`
userdom_role_change_template($1,auditadm)
',`
refpolicywarn(`$0($*) has no effect in non-MLS policy.')
')
')
########################################
## <summary>
## Change from the auditadm user role.
## </summary>
## <desc>
## <p>
## Change from the auditadm user role to
## the specified role.
## </p>
## <p>
## This is a template to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="prefix">
## <summary>
## The prefix of the user role (e.g., user
## is the prefix for user_r).
## </summary>
## </param>
## <rolecap/>
#
template(`userdom_role_change_from_auditadm',`
ifdef(`enable_mls',`
userdom_role_change_template(auditadm,$1)
',`
refpolicywarn(`$0($*) has no effect in non-MLS policy.')
')
')
2005-12-01 18:01:21 +00:00
########################################
## <summary>
## Make the specified type usable in a
## user home directory.
## </summary>
## <desc>
## <p>
## Make the specified type usable in a
## user home directory.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-12-01 18:01:21 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-12-01 18:01:21 +00:00
## </param>
## <param name="type">
## <summary>
2005-12-01 18:01:21 +00:00
## Type to be used as a file in the
## user home directory.
## </summary>
2005-12-01 18:01:21 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_user_home_content',`
2005-12-01 18:01:21 +00:00
gen_require(`
2005-12-01 22:53:20 +00:00
attribute $1_file_type;
2005-12-01 18:01:21 +00:00
')
typeattribute $2 $1_file_type;
files_type($2)
')
2006-01-13 16:10:04 +00:00
########################################
## <summary>
## Set the attributes of a user pty.
## </summary>
## <desc>
## <p>
## Set the attributes of a user pty.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-13 16:10:04 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-13 16:10:04 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-13 16:10:04 +00:00
## Domain allowed access.
## </summary>
2006-01-13 16:10:04 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
template(`userdom_setattr_user_ptys',`
2006-01-13 16:10:04 +00:00
ifdef(`strict_policy',`
gen_require(`
type $1_devpts_t;
')
allow $2 $1_devpts_t:chr_file setattr;
')
')
2006-01-11 18:10:49 +00:00
########################################
## <summary>
## Create a user pty.
## </summary>
## <desc>
## <p>
## Create a user pty.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-11 18:10:49 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-11 18:10:49 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-11 18:10:49 +00:00
## Domain allowed access.
## </summary>
2006-01-11 18:10:49 +00:00
## </param>
#
template(`userdom_create_user_pty',`
ifdef(`strict_policy',`
gen_require(`
type $1_devpts_t;
')
term_create_pty($2,$1_devpts_t)
')
')
2005-09-29 20:59:00 +00:00
########################################
## <summary>
## Search user home directories.
## </summary>
## <desc>
## <p>
## Search user home directories.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-09-29 20:59:00 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-09-29 20:59:00 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-09-29 20:59:00 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_search_user_home_dirs',`
2005-09-29 20:59:00 +00:00
gen_require(`
2005-10-19 13:11:49 +00:00
type $1_home_dir_t;
2005-09-29 20:59:00 +00:00
')
files_search_home($2)
2006-12-12 20:08:08 +00:00
allow $2 $1_home_dir_t:dir search_dir_perms;
2005-09-29 20:59:00 +00:00
')
2006-01-18 22:26:26 +00:00
########################################
## <summary>
## List user home directories.
## </summary>
## <desc>
## <p>
## List user home directories.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-18 22:26:26 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-18 22:26:26 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-18 22:26:26 +00:00
## Domain allowed access.
## </summary>
2006-01-18 22:26:26 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_list_user_home_dirs',`
2006-01-18 22:26:26 +00:00
gen_require(`
type $1_home_dir_t;
')
files_search_home($2)
2006-12-12 20:08:08 +00:00
allow $2 $1_home_dir_t:dir list_dir_perms;
2006-01-18 22:26:26 +00:00
')
2006-01-11 18:10:49 +00:00
########################################
## <summary>
## Do a domain transition to the specified
## domain when executing a program in the
## user home directory.
## </summary>
## <desc>
## <p>
## Do a domain transition to the specified
## domain when executing a program in the
## user home directory.
## </p>
## <p>
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-11 18:10:49 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-11 18:10:49 +00:00
## </param>
## <param name="source_domain">
## <summary>
2006-01-11 18:10:49 +00:00
## Domain allowed access.
## </summary>
2006-01-11 18:10:49 +00:00
## </param>
## <param name="target_domain">
## <summary>
2006-01-11 18:10:49 +00:00
## Domain to transition to.
## </summary>
2006-01-11 18:10:49 +00:00
## </param>
#
template(`userdom_user_home_domtrans',`
gen_require(`
type $1_home_dir_t, $1_home_t;
')
files_search_home($2)
allow $2 $1_home_dir_t:dir search_dir_perms;
domain_auto_trans($2,$1_home_t,$3)
')
2005-10-25 00:00:50 +00:00
########################################
## <summary>
2006-01-12 23:23:22 +00:00
## Do not audit attempts to list user home subdirectories.
## </summary>
## <desc>
## <p>
## Do not audit attempts to list user home subdirectories.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain to not audit
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_dontaudit_list_user_home_dirs',`
2006-01-12 23:23:22 +00:00
gen_require(`
type $1_home_dir_t;
')
2006-12-12 20:08:08 +00:00
dontaudit $2 $1_home_dir_t:dir list_dir_perms;
2006-01-12 23:23:22 +00:00
')
########################################
## <summary>
## Create, read, write, and delete directories
2005-10-25 00:00:50 +00:00
## in a user home subdirectory.
## </summary>
## <desc>
## <p>
2006-01-12 23:23:22 +00:00
## Create, read, write, and delete directories
2005-10-25 00:00:50 +00:00
## in a user home subdirectory.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-10-25 00:00:50 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-10-25 00:00:50 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-10-25 00:00:50 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_manage_user_home_content_dirs',`
2005-10-25 00:00:50 +00:00
gen_require(`
type $1_home_dir_t, $1_home_t;
')
files_search_home($2)
2006-12-12 20:08:08 +00:00
manage_dirs_pattern($2,{ $1_home_dir_t $1_home_t },$1_home_t)
2005-10-25 00:00:50 +00:00
')
2006-01-12 22:26:46 +00:00
########################################
## <summary>
## Do not audit attempts to set the
## attributes of user home files.
## </summary>
## <desc>
## <p>
## Do not audit attempts to set the
## attributes of user home files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 22:26:46 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 22:26:46 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 22:26:46 +00:00
## Domain allowed access.
## </summary>
2006-01-12 22:26:46 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_dontaudit_setattr_user_home_content_files',`
2006-01-12 22:26:46 +00:00
gen_require(`
type $1_home_dir_t, $1_home_t;
')
dontaudit $2 $1_home_t:file setattr;
')
2005-08-25 20:27:20 +00:00
########################################
## <summary>
## Read user home files.
2005-08-25 20:27:20 +00:00
## </summary>
## <desc>
## <p>
## Read user home files.
2005-08-25 20:27:20 +00:00
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
2005-08-25 20:27:20 +00:00
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-08-25 20:27:20 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_read_user_home_content_files',`
gen_require(`
2005-10-19 13:11:49 +00:00
type $1_home_dir_t, $1_home_t;
')
files_search_home($2)
2006-12-12 20:08:08 +00:00
read_files_pattern($2,{ $1_home_dir_t $1_home_t },$1_home_t)
')
2006-01-12 22:26:46 +00:00
########################################
## <summary>
2006-01-12 23:23:22 +00:00
## Do not audit attempts to read user home files.
2006-01-12 22:26:46 +00:00
## </summary>
## <desc>
## <p>
2006-01-12 23:23:22 +00:00
## Do not audit attempts to read user home files.
2006-01-12 22:26:46 +00:00
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 22:26:46 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 22:26:46 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain to not audit.
## </summary>
2006-01-12 22:26:46 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_dontaudit_read_user_home_content_files',`
2006-01-12 22:26:46 +00:00
gen_require(`
type $1_home_t;
')
2006-12-12 20:08:08 +00:00
dontaudit $2 $1_home_t:dir list_dir_perms;
dontaudit $2 $1_home_t:file read_file_perms;
2006-01-12 23:23:22 +00:00
')
2006-02-15 16:42:51 +00:00
########################################
## <summary>
## Do not audit attempts to write user home files.
## </summary>
## <desc>
## <p>
## Do not audit attempts to write user home files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_dontaudit_write_user_home_content_files',`
2006-02-15 16:42:51 +00:00
gen_require(`
type $1_home_t;
')
dontaudit $2 $1_home_t:file write;
')
2006-01-12 23:23:22 +00:00
########################################
## <summary>
## Read user home subdirectory symbolic links.
## </summary>
## <desc>
## <p>
## Read user home subdirectory symbolic links.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain allowed access.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_read_user_home_content_symlinks',`
2006-01-12 23:23:22 +00:00
gen_require(`
type $1_home_dir_t, $1_home_t;
')
files_search_home($2)
2006-12-12 20:08:08 +00:00
read_lnk_files_pattern($2,{ $1_home_dir_t $1_home_t },$1_home_t)
2006-01-12 22:26:46 +00:00
')
########################################
## <summary>
## Execute user home files.
## </summary>
## <desc>
## <p>
## Execute user home files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
2005-08-25 20:27:20 +00:00
## <param name="userdomain_prefix">
## <summary>
2005-08-25 20:27:20 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-08-25 20:27:20 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
## </param>
2005-08-25 20:27:20 +00:00
#
2006-02-21 18:40:44 +00:00
template(`userdom_exec_user_home_content_files',`
2005-08-25 20:27:20 +00:00
gen_require(`
2005-10-19 13:11:49 +00:00
type $1_home_dir_t, $1_home_t;
2005-08-25 20:27:20 +00:00
')
files_search_home($2)
2006-12-12 20:08:08 +00:00
exec_files_pattern($2,{ $1_home_dir_t $1_home_t },$1_home_t)
2005-08-25 20:27:20 +00:00
')
2006-01-12 23:23:22 +00:00
########################################
## <summary>
## Do not audit attempts to execute user home files.
## </summary>
## <desc>
## <p>
## Do not audit attempts to execute user home files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain allowed access.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_dontaudit_exec_user_home_content_files',`
2006-01-12 23:23:22 +00:00
gen_require(`
type $1_home_t;
')
dontaudit $2 $1_home_t:file execute;
')
2005-08-25 20:27:20 +00:00
########################################
## <summary>
## Create, read, write, and delete files
## in a user home subdirectory.
## </summary>
## <desc>
## <p>
## Create, read, write, and delete files
## in a user home subdirectory.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-08-25 20:27:20 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-08-25 20:27:20 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
## </param>
2005-08-25 20:27:20 +00:00
#
2006-02-21 18:40:44 +00:00
template(`userdom_manage_user_home_content_files',`
2005-08-25 20:27:20 +00:00
gen_require(`
2005-10-19 13:11:49 +00:00
type $1_home_dir_t, $1_home_t;
2005-08-25 20:27:20 +00:00
')
files_search_home($2)
allow $2 $1_home_dir_t:dir search_dir_perms;
2006-12-12 20:08:08 +00:00
manage_files_pattern($2,$1_home_t,$1_home_t)
2005-08-25 20:27:20 +00:00
')
2006-03-08 20:09:42 +00:00
########################################
## <summary>
## Do not audit attempts to create, read, write, and delete directories
## in a user home subdirectory.
## </summary>
## <desc>
## <p>
## Do not audit attempts to create, read, write, and delete directories
## in a user home subdirectory.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
template(`userdom_dontaudit_manage_user_home_content_dirs',`
gen_require(`
type $1_home_dir_t, $1_home_t;
')
dontaudit $2 $1_home_t:dir manage_dir_perms;
')
2005-08-25 20:27:20 +00:00
########################################
## <summary>
## Create, read, write, and delete symbolic links
## in a user home subdirectory.
## </summary>
## <desc>
## <p>
## Create, read, write, and delete symbolic links
## in a user home subdirectory.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-08-25 20:27:20 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-08-25 20:27:20 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
## </param>
2005-08-25 20:27:20 +00:00
#
2006-02-21 18:40:44 +00:00
template(`userdom_manage_user_home_content_symlinks',`
2005-08-25 20:27:20 +00:00
gen_require(`
2005-10-19 13:11:49 +00:00
type $1_home_dir_t, $1_home_t;
2005-08-25 20:27:20 +00:00
')
files_search_home($2)
allow $2 $1_home_dir_t:dir search_dir_perms;
2006-12-12 20:08:08 +00:00
manage_lnk_files_pattern($2,$1_home_t,$1_home_t)
2005-08-25 20:27:20 +00:00
')
2005-09-14 18:33:53 +00:00
########################################
## <summary>
## Create, read, write, and delete named pipes
## in a user home subdirectory.
## </summary>
## <desc>
## <p>
## Create, read, write, and delete named pipes
## in a user home subdirectory.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-09-14 18:33:53 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-09-14 18:33:53 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-09-14 18:33:53 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_manage_user_home_content_pipes',`
2005-09-14 18:33:53 +00:00
gen_require(`
2005-10-19 13:11:49 +00:00
type $1_home_dir_t, $1_home_t;
2005-09-14 18:33:53 +00:00
')
files_search_home($2)
allow $2 $1_home_dir_t:dir search_dir_perms;
2006-12-12 20:08:08 +00:00
manage_fifo_files_pattern($2,$1_home_t,$1_home_t)
2005-09-14 18:33:53 +00:00
')
########################################
## <summary>
## Create, read, write, and delete named sockets
## in a user home subdirectory.
## </summary>
## <desc>
## <p>
## Create, read, write, and delete named sockets
## in a user home subdirectory.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-09-14 18:33:53 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-09-14 18:33:53 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-09-14 18:33:53 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_manage_user_home_content_sockets',`
2005-09-14 18:33:53 +00:00
gen_require(`
2005-10-19 13:11:49 +00:00
type $1_home_dir_t, $1_home_t;
2005-09-14 18:33:53 +00:00
')
files_search_home($2)
allow $2 $1_home_dir_t:dir search_dir_perms;
2006-12-12 20:08:08 +00:00
manage_sock_files_pattern($2,$1_home_t,$1_home_t)
2005-09-14 18:33:53 +00:00
')
########################################
## <summary>
2006-02-03 16:13:15 +00:00
## Create objects in a user home directory
## with an automatic type transition to
## a specified private type.
2005-09-14 18:33:53 +00:00
## </summary>
## <desc>
## <p>
2006-02-03 16:13:15 +00:00
## Create objects in a user home directory
## with an automatic type transition to
## a specified private type.
2005-09-14 18:33:53 +00:00
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-09-14 18:33:53 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-09-14 18:33:53 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-09-14 18:33:53 +00:00
## </param>
2006-02-03 16:13:15 +00:00
## <param name="private_type">
## <summary>
2006-02-03 16:13:15 +00:00
## The type of the object to create.
## </summary>
2006-02-03 16:13:15 +00:00
## </param>
## <param name="object_class">
## <summary>
2005-09-14 18:33:53 +00:00
## The class of the object to be created. If not
## specified, file is used.
## </summary>
2005-09-14 18:33:53 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_user_home_dir_filetrans',`
2005-09-14 18:33:53 +00:00
gen_require(`
2006-02-03 16:13:15 +00:00
type $1_home_dir_t;
2005-09-14 18:33:53 +00:00
')
files_search_home($2)
2006-12-12 20:08:08 +00:00
filetrans_pattern($2,$1_home_dir_t,$3,$4)
2005-09-14 18:33:53 +00:00
')
########################################
## <summary>
## Create objects in a user home directory
## with an automatic type transition to
## a specified private type.
## </summary>
## <desc>
## <p>
## Create objects in a user home directory
## with an automatic type transition to
## a specified private type.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="private_type">
## <summary>
## The type of the object to create.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created. If not
## specified, file is used.
## </summary>
## </param>
#
template(`userdom_user_home_content_filetrans',`
gen_require(`
type $1_home_t;
')
files_search_home($2)
filetrans_pattern($2,$1_home_t,$3,$4)
')
2006-01-20 19:36:54 +00:00
########################################
## <summary>
2006-02-03 16:13:15 +00:00
## Create objects in a user home directory
## with an automatic type transition to
## the user home file type.
2006-01-20 19:36:54 +00:00
## </summary>
## <desc>
## <p>
2006-02-03 16:13:15 +00:00
## Create objects in a user home directory
## with an automatic type transition to
## the user home file type.
2006-01-20 19:36:54 +00:00
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-20 19:36:54 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-20 19:36:54 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-20 19:36:54 +00:00
## Domain allowed access.
## </summary>
2006-01-20 19:36:54 +00:00
## </param>
## <param name="object_class">
## <summary>
2006-01-20 19:36:54 +00:00
## The class of the object to be created. If not
## specified, file is used.
## </summary>
2006-01-20 19:36:54 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
template(`userdom_user_home_dir_filetrans_user_home_content',`
2006-01-20 19:36:54 +00:00
gen_require(`
type $1_home_dir_t, $1_home_t;
')
files_search_home($2)
2006-12-12 20:08:08 +00:00
filetrans_pattern($2,$1_home_dir_t,$1_home_t,$3)
2006-01-20 19:36:54 +00:00
')
2006-01-12 22:26:46 +00:00
########################################
## <summary>
## Write to user temporary named sockets.
## </summary>
## <desc>
## <p>
## Write to user temporary named sockets.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 22:26:46 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 22:26:46 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 22:26:46 +00:00
## Domain allowed access.
## </summary>
2006-01-12 22:26:46 +00:00
## </param>
#
template(`userdom_write_user_tmp_sockets',`
gen_require(`
type $1_tmp_t;
')
files_search_tmp($2)
allow $2 $1_tmp_t:sock_file write;
')
2006-01-12 23:23:22 +00:00
########################################
## <summary>
## List user temporary directories.
## </summary>
## <desc>
## <p>
## List user temporary directories.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain allowed access.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_list_user_tmp',`
gen_require(`
type $1_tmp_t;
')
files_search_tmp($2)
2006-12-12 20:08:08 +00:00
allow $2 $1_tmp_t:dir list_dir_perms;
2006-01-12 23:23:22 +00:00
')
########################################
## <summary>
## Do not audit attempts to list user
## temporary directories.
## </summary>
## <desc>
## <p>
## Do not audit attempts to list user
## temporary directories.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain to not audit.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_dontaudit_list_user_tmp',`
gen_require(`
type $1_tmp_t;
')
2006-12-12 20:08:08 +00:00
dontaudit $2 $1_tmp_t:dir list_dir_perms;
2006-01-12 23:23:22 +00:00
')
2006-03-08 20:09:42 +00:00
########################################
## <summary>
## Do not audit attempts to manage users
## temporary directories.
## </summary>
## <desc>
## <p>
## Do not audit attempts to manage users
## temporary directories.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
template(`userdom_dontaudit_manage_user_tmp_dirs',`
gen_require(`
type $1_tmp_t;
')
dontaudit $2 $1_tmp_t:dir manage_dir_perms;
')
2006-01-12 23:23:22 +00:00
########################################
## <summary>
## Read user temporary files.
## </summary>
## <desc>
## <p>
## Read user temporary files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain allowed access.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_read_user_tmp_files',`
gen_require(`
type $1_tmp_t;
')
files_search_tmp($2)
2006-12-12 20:08:08 +00:00
allow $2 $1_tmp_t:dir list_dir_perms;
read_files_pattern($2,$1_tmp_t,$1_tmp_t)
2006-01-12 23:23:22 +00:00
')
########################################
## <summary>
## Do not audit attempts to read users
## temporary files.
## </summary>
## <desc>
## <p>
## Do not audit attempts to read users
## temporary files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain to not audit.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_dontaudit_read_user_tmp_files',`
gen_require(`
type $1_tmp_t;
')
dontaudit $2 $1_tmp_t:file r_file_perms;
')
########################################
## <summary>
## Do not audit attempts to append users
## temporary files.
## </summary>
## <desc>
## <p>
## Do not audit attempts to append users
## temporary files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
template(`userdom_dontaudit_append_user_tmp_files',`
gen_require(`
type $1_tmp_t;
')
dontaudit $2 $1_tmp_t:file append;
')
########################################
## <summary>
## Read and write user temporary files.
## </summary>
## <desc>
## <p>
## Read and write user temporary files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
template(`userdom_rw_user_tmp_files',`
gen_require(`
type $1_tmp_t;
')
files_search_tmp($2)
2006-12-12 20:08:08 +00:00
allow $2 $1_tmp_t:dir list_dir_perms;
rw_files_pattern($2,$1_tmp_t,$1_tmp_t)
')
2006-03-08 20:09:42 +00:00
########################################
## <summary>
## Do not audit attempts to manage users
## temporary files.
## </summary>
## <desc>
## <p>
## Do not audit attempts to manage users
## temporary files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
template(`userdom_dontaudit_manage_user_tmp_files',`
gen_require(`
type $1_tmp_t;
')
dontaudit $2 $1_tmp_t:file manage_file_perms;
')
2006-01-12 23:23:22 +00:00
########################################
## <summary>
## Read user
## temporary symbolic links.
## </summary>
## <desc>
## <p>
## Read user
## temporary symbolic links.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain allowed access.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_read_user_tmp_symlinks',`
gen_require(`
type $1_tmp_t;
')
files_search_tmp($2)
2006-12-12 20:08:08 +00:00
allow $2 $1_tmp_t:dir list_dir_perms;
read_lnk_files_pattern($2,$1_tmp_t,$1_tmp_t)
2006-01-12 23:23:22 +00:00
')
2005-08-25 20:27:20 +00:00
########################################
## <summary>
## Create, read, write, and delete user
## temporary directories.
## </summary>
## <desc>
## <p>
## Create, read, write, and delete user
## temporary directories.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-08-25 20:27:20 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-08-25 20:27:20 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
## </param>
2005-08-25 20:27:20 +00:00
#
template(`userdom_manage_user_tmp_dirs',`
gen_require(`
2005-10-19 13:11:49 +00:00
type $1_tmp_t;
2005-08-25 20:27:20 +00:00
')
files_search_tmp($2)
2006-12-12 20:08:08 +00:00
manage_dirs_pattern($2,$1_tmp_t,$1_tmp_t)
2005-08-25 20:27:20 +00:00
')
########################################
## <summary>
## Create, read, write, and delete user
## temporary files.
## </summary>
## <desc>
## <p>
## Create, read, write, and delete user
## temporary files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-08-25 20:27:20 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-08-25 20:27:20 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
## </param>
2005-08-25 20:27:20 +00:00
#
template(`userdom_manage_user_tmp_files',`
gen_require(`
2005-10-19 13:11:49 +00:00
type $1_tmp_t;
2005-08-25 20:27:20 +00:00
')
files_search_tmp($2)
2006-12-12 20:08:08 +00:00
manage_files_pattern($2,$1_tmp_t,$1_tmp_t)
2005-08-25 20:27:20 +00:00
')
########################################
## <summary>
## Create, read, write, and delete user
## temporary symbolic links.
## </summary>
## <desc>
## <p>
## Create, read, write, and delete user
## temporary symbolic links.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-08-25 20:27:20 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-08-25 20:27:20 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
## </param>
2005-08-25 20:27:20 +00:00
#
template(`userdom_manage_user_tmp_symlinks',`
gen_require(`
2005-10-19 13:11:49 +00:00
type $1_tmp_t;
2005-08-25 20:27:20 +00:00
')
files_search_tmp($2)
2006-12-12 20:08:08 +00:00
manage_lnk_files_pattern($2,$1_tmp_t,$1_tmp_t)
2005-08-25 20:27:20 +00:00
')
########################################
## <summary>
## Create, read, write, and delete user
## temporary named pipes.
## </summary>
## <desc>
## <p>
## Create, read, write, and delete user
## temporary named pipes.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-08-25 20:27:20 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-08-25 20:27:20 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
## </param>
2005-08-25 20:27:20 +00:00
#
template(`userdom_manage_user_tmp_pipes',`
gen_require(`
2005-10-19 13:11:49 +00:00
type $1_tmp_t;
2005-08-25 20:27:20 +00:00
')
files_search_tmp($2)
2006-12-12 20:08:08 +00:00
manage_fifo_files_pattern($2,$1_tmp_t,$1_tmp_t)
2005-08-25 20:27:20 +00:00
')
########################################
## <summary>
## Create, read, write, and delete user
## temporary named sockets.
## </summary>
## <desc>
## <p>
## Create, read, write, and delete user
## temporary named sockets.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-08-25 20:27:20 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-08-25 20:27:20 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
## </param>
2005-08-25 20:27:20 +00:00
#
template(`userdom_manage_user_tmp_sockets',`
gen_require(`
2005-10-19 13:11:49 +00:00
type $1_tmp_t;
2005-08-25 20:27:20 +00:00
')
files_search_tmp($2)
2006-12-12 20:08:08 +00:00
manage_sock_files_pattern($2,$1_tmp_t,$1_tmp_t)
2005-08-25 20:27:20 +00:00
')
This patch adds a GConf policy to refpolicy. This policy is much tighter than the GConf policy from the old example policy. It only allows gconfd to access configuration data stored by GConf. Users can modify configuration data using gconftool-2 or gconf-editor, both of which use gconfd. GConf manages multiple configuration sources, so gconfd should be used to make any changes anyway. Normal users who aren't trying to directly edit the configuration data of GConf won't notice anything different. There is also a difference between this policy and the old example policy in handling directories in /tmp. The old example policy labeled /tmp/gconfd-USER with ROLE_gconfd_tmp_t, but, since there was no use of the file_type_auto_trans macro, if that directory was deleted gconfd would create one labeled as tmp_t. This policy uses the files_tmp-filetrans macro to cause a directory in /tmp created by gconfd to be labeled as $1_tmp_t. It is not labeled with $1_gconf_tmp_t, because if /tmp/orbit-USER is deleted, gconfd will create it (through use of ORBit) and it would get the $1_gconf_tmp_t label. By having gconfd create $1_tmp_t directories in /tmp and $1_gconf_tmp_t files and directories in directories labeled with $1_tmp_t, it can control its data without requiring any future bonobo or Gnome policies to have access to $1_gconf_tmp_t. This patch is related to work that I am doing in making gconfd an userspace object manager. If any user program can modify the configuration data that GConf stores, than making gconfd an userspace object manager would be useless. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2006-10-02 15:22:48 +00:00
########################################
## <summary>
## Create objects in a user temporary directory
## with an automatic type transition to
## a specified private type.
## </summary>
## <desc>
## <p>
## Create objects in a user temporary directory
## with an automatic type transition to
## a specified private type.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="private_type">
## <summary>
## The type of the object to create.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created. If not
## specified, file is used.
## </summary>
## </param>
#
template(`userdom_user_tmp_filetrans',`
gen_require(`
type $1_tmp_t;
')
2006-12-12 20:08:08 +00:00
filetrans_pattern($2,$1_tmp_t,$3,$4)
This patch adds a GConf policy to refpolicy. This policy is much tighter than the GConf policy from the old example policy. It only allows gconfd to access configuration data stored by GConf. Users can modify configuration data using gconftool-2 or gconf-editor, both of which use gconfd. GConf manages multiple configuration sources, so gconfd should be used to make any changes anyway. Normal users who aren't trying to directly edit the configuration data of GConf won't notice anything different. There is also a difference between this policy and the old example policy in handling directories in /tmp. The old example policy labeled /tmp/gconfd-USER with ROLE_gconfd_tmp_t, but, since there was no use of the file_type_auto_trans macro, if that directory was deleted gconfd would create one labeled as tmp_t. This policy uses the files_tmp-filetrans macro to cause a directory in /tmp created by gconfd to be labeled as $1_tmp_t. It is not labeled with $1_gconf_tmp_t, because if /tmp/orbit-USER is deleted, gconfd will create it (through use of ORBit) and it would get the $1_gconf_tmp_t label. By having gconfd create $1_tmp_t directories in /tmp and $1_gconf_tmp_t files and directories in directories labeled with $1_tmp_t, it can control its data without requiring any future bonobo or Gnome policies to have access to $1_gconf_tmp_t. This patch is related to work that I am doing in making gconfd an userspace object manager. If any user program can modify the configuration data that GConf stores, than making gconfd an userspace object manager would be useless. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2006-10-02 15:22:48 +00:00
files_search_tmp($2)
')
########################################
## <summary>
## Create objects in the temporary directory
## with an automatic type transition to
## the user temporary type.
## </summary>
## <desc>
## <p>
## Create objects in the temporary directory
## with an automatic type transition to
## the user temporary type.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created. If not
## specified, file is used.
## </summary>
## </param>
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
type $1_home_dir_t;
')
files_tmp_filetrans($2,$1_tmp_t,$3)
')
2006-01-19 22:01:48 +00:00
########################################
## <summary>
## Read user tmpfs files.
## </summary>
## <desc>
## <p>
## Read user tmpfs files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-19 22:01:48 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-19 22:01:48 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-19 22:01:48 +00:00
## Domain allowed access.
## </summary>
2006-01-19 22:01:48 +00:00
## </param>
#
template(`userdom_rw_user_tmpfs_files',`
gen_require(`
type $1_tmpfs_t;
2006-01-19 22:01:48 +00:00
')
fs_search_tmpfs($2)
allow $2 $1_tmpfs_t:dir list_dir_perms;
2006-12-12 20:08:08 +00:00
rw_files_pattern($2,$1_tmpfs_t,$1_tmpfs_t)
read_lnk_files_pattern($2,$1_tmpfs_t,$1_tmpfs_t)
2006-01-19 22:01:48 +00:00
')
2006-01-12 23:23:22 +00:00
########################################
## <summary>
## List users untrusted directories.
## </summary>
## <desc>
## <p>
## List users untrusted directories.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain allowed access.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_list_user_untrusted_content',`
gen_require(`
type $1_untrusted_content_t;
')
2006-12-12 20:08:08 +00:00
allow $2 $1_untrusted_content_t:dir list_dir_perms;
2006-01-12 23:23:22 +00:00
')
########################################
## <summary>
## Do not audit attempts to list user
## untrusted directories.
## </summary>
## <desc>
## <p>
## Do not audit attempts to read user
## untrusted directories.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain to not audit.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_dontaudit_list_user_untrusted_content',`
gen_require(`
type $1_untrusted_content_t;
')
2006-12-12 20:08:08 +00:00
dontaudit $2 $1_untrusted_content_t:dir list_dir_perms;
2006-01-12 23:23:22 +00:00
')
########################################
## <summary>
## Read user untrusted files.
## </summary>
## <desc>
## <p>
## Read user untrusted files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain allowed access.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_read_user_untrusted_content_files',`
gen_require(`
type $1_untrusted_content_t;
')
2006-12-12 20:08:08 +00:00
allow $2 $1_untrusted_content_t:dir list_dir_perms;
read_files_pattern($2,$1_untrusted_content_t,$1_untrusted_content_t)
2006-01-12 23:23:22 +00:00
')
2006-03-08 20:09:42 +00:00
########################################
## <summary>
## Manage user untrusted files.
## </summary>
## <desc>
## <p>
## Create, read, write, and delete untrusted files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
template(`userdom_manage_user_untrusted_content_files',`
gen_require(`
type $1_untrusted_content_t;
')
2006-12-12 20:08:08 +00:00
manage_files_pattern($2,$1_untrusted_content_t,$1_untrusted_content_t)
2006-03-08 20:09:42 +00:00
')
########################################
## <summary>
## Manage user untrusted tmp files.
## </summary>
## <desc>
## <p>
## Create, read, write, and delete untrusted tmp files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
template(`userdom_manage_user_untrusted_content_tmp_files',`
gen_require(`
type $1_untrusted_content_tmp_t;
')
manage_files_pattern($2,$1_untrusted_content_tmp_t,$1_untrusted_content_tmp_t)
')
2006-01-12 23:23:22 +00:00
########################################
## <summary>
## Do not audit attempts to read users
## untrusted files.
## </summary>
## <desc>
## <p>
## Do not audit attempts to read users
## untrusted files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain to not audit.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_dontaudit_read_user_untrusted_content_files',`
gen_require(`
type $1_untrusted_content_t;
')
2006-12-12 20:08:08 +00:00
dontaudit $2 $1_untrusted_content_t:file read_file_perms;
2006-01-12 23:23:22 +00:00
')
########################################
## <summary>
## Read user untrusted symbolic links.
## </summary>
## <desc>
## <p>
## Read user untrusted symbolic links.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain allowed access.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_read_user_untrusted_content_symlinks',`
gen_require(`
type $1_untrusted_content_t;
')
2006-12-12 20:08:08 +00:00
allow $2 $1_untrusted_content_t:dir list_dir_perms;
read_lnk_files_pattern($2,$1_untrusted_content_t,$1_untrusted_content_t)
2006-01-12 23:23:22 +00:00
')
########################################
## <summary>
## List users temporary untrusted directories.
## </summary>
## <desc>
## <p>
## List users temporary untrusted directories.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain allowed access.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_list_user_tmp_untrusted_content',`
gen_require(`
type $1_untrusted_content_tmp_t;
')
2006-12-12 20:08:08 +00:00
allow $2 $1_untrusted_content_tmp_t:dir list_dir_perms;
2006-01-12 23:23:22 +00:00
')
########################################
## <summary>
## Do not audit attempts to list user
## temporary untrusted directories.
## </summary>
## <desc>
## <p>
## Do not audit attempts to list user
## temporary directories.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain to not audit.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_dontaudit_list_user_tmp_untrusted_content',`
gen_require(`
type $1_untrusted_content_tmp_t;
')
2006-12-12 20:08:08 +00:00
dontaudit $2 $1_untrusted_content_tmp_t:dir list_dir_perms;
2006-01-12 23:23:22 +00:00
')
########################################
## <summary>
## Read user temporary untrusted files.
## </summary>
## <desc>
## <p>
## Read user temporary untrusted files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain allowed access.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_read_user_tmp_untrusted_content_files',`
gen_require(`
type $1_untrusted_content_tmp_t;
')
2006-12-12 20:08:08 +00:00
allow $2 $1_untrusted_content_tmp_t:dir list_dir_perms;
read_files_pattern($2,$1_untrusted_content_tmp_t,$1_untrusted_content_tmp_t)
2006-01-12 23:23:22 +00:00
')
########################################
## <summary>
## Do not audit attempts to read users
## temporary untrusted files.
## </summary>
## <desc>
## <p>
## Do not audit attempts to read users
## temporary untrusted files.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain to not audit.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_dontaudit_read_user_tmp_untrusted_content_files',`
gen_require(`
type $1_untrusted_content_tmp_t;
')
dontaudit $2 $1_untrusted_content_tmp_t:file r_file_perms;
')
########################################
## <summary>
## Read user temporary untrusted symbolic links.
## </summary>
## <desc>
## <p>
## Read user temporary untrusted symbolic links.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 23:23:22 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain allowed access.
## </summary>
2006-01-12 23:23:22 +00:00
## </param>
#
template(`userdom_read_user_tmp_untrusted_content_symlinks',`
gen_require(`
type $1_untrusted_content_tmp_t;
')
2006-12-12 20:08:08 +00:00
allow $2 $1_untrusted_content_tmp_t:dir list_dir_perms;
read_lnk_files_pattern($2,$1_untrusted_content_tmp_t,$1_untrusted_content_tmp_t)
2006-01-12 23:23:22 +00:00
')
2006-01-18 22:26:26 +00:00
########################################
## <summary>
## Read all user untrusted content files.
## </summary>
## <param name="domain">
## <summary>
2006-01-18 22:26:26 +00:00
## Domain allowed access.
## </summary>
2006-01-18 22:26:26 +00:00
## </param>
#
interface(`userdom_read_all_untrusted_content',`
gen_require(`
attribute untrusted_content_type;
')
2006-12-12 20:08:08 +00:00
allow $1 untrusted_content_type:dir list_dir_perms;
read_files_pattern($1,untrusted_content_type,untrusted_content_type)
read_lnk_files_pattern($1,untrusted_content_type,untrusted_content_type)
2006-01-18 22:26:26 +00:00
')
########################################
## <summary>
## Read all user temporary untrusted content files.
## </summary>
## <param name="domain">
## <summary>
2006-01-18 22:26:26 +00:00
## Domain allowed access.
## </summary>
2006-01-18 22:26:26 +00:00
## </param>
#
interface(`userdom_read_all_tmp_untrusted_content',`
gen_require(`
attribute untrusted_content_tmp_type;
')
2006-12-12 20:08:08 +00:00
allow $1 untrusted_content_tmp_type:dir list_dir_perms;
read_files_pattern($1,untrusted_content_tmp_type,untrusted_content_tmp_type)
read_lnk_files_pattern($1,untrusted_content_tmp_type,untrusted_content_tmp_type)
2006-01-18 22:26:26 +00:00
')
2006-01-19 21:04:33 +00:00
########################################
## <summary>
## Set the attributes of a user domain tty.
## </summary>
## <desc>
## <p>
## Set the attributes of a user domain tty.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-19 21:04:33 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-19 21:04:33 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-19 21:04:33 +00:00
## Domain allowed access.
## </summary>
2006-01-19 21:04:33 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
template(`userdom_setattr_user_ttys',`
2006-01-19 21:04:33 +00:00
ifdef(`targeted_policy',`
term_setattr_unallocated_ttys($2)
',`
gen_require(`
type $1_tty_device_t;
')
allow $2 $1_tty_device_t:chr_file setattr;
')
')
########################################
## <summary>
## Read and write a user domain tty.
## </summary>
## <desc>
## <p>
## Read and write a user domain tty.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-19 21:04:33 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-19 21:04:33 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-19 21:04:33 +00:00
## Domain allowed access.
## </summary>
2006-01-19 21:04:33 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
template(`userdom_use_user_ttys',`
2006-01-19 21:04:33 +00:00
ifdef(`targeted_policy',`
2006-02-02 21:08:12 +00:00
term_use_unallocated_ttys($2)
2006-01-19 21:04:33 +00:00
',`
gen_require(`
type $1_tty_device_t;
')
allow $2 $1_tty_device_t:chr_file rw_term_perms;
')
')
2005-08-25 20:27:20 +00:00
########################################
## <summary>
## Read and write a user domain tty and pty.
## </summary>
## <desc>
## <p>
## Read and write a user domain tty and pty.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2005-08-25 20:27:20 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2005-08-25 20:27:20 +00:00
## </param>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
## </param>
2005-08-25 20:27:20 +00:00
#
template(`userdom_use_user_terminals',`
2005-10-24 12:38:45 +00:00
ifdef(`targeted_policy',`
2006-02-02 21:08:12 +00:00
term_use_unallocated_ttys($2)
term_use_generic_ptys($2)
2005-10-24 12:38:45 +00:00
',`
gen_require(`
type $1_tty_device_t, $1_devpts_t;
')
2005-08-25 20:27:20 +00:00
2005-10-24 12:38:45 +00:00
allow $2 $1_tty_device_t:chr_file rw_term_perms;
allow $2 $1_devpts_t:chr_file rw_term_perms;
term_list_ptys($2)
')
2005-08-25 20:27:20 +00:00
')
2006-01-12 22:26:46 +00:00
########################################
## <summary>
## Do not audit attempts to read and write
## a user domain tty and pty.
## </summary>
## <desc>
## <p>
## Do not audit attempts to read and write
## a user domain tty and pty.
## </p>
## <p>
## This is a templated interface, and should only
## be called from a per-userdomain template.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
2006-01-12 22:26:46 +00:00
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
2006-01-12 22:26:46 +00:00
## </param>
## <param name="domain">
## <summary>
2006-01-12 22:26:46 +00:00
## Domain allowed access.
## </summary>
2006-01-12 22:26:46 +00:00
## </param>
#
template(`userdom_dontaudit_use_user_terminals',`
gen_require(`
type $1_tty_device_t, $1_devpts_t;
')
dontaudit $2 $1_tty_device_t:chr_file rw_term_perms;
dontaudit $2 $1_devpts_t:chr_file rw_term_perms;
')
########################################
2005-06-27 16:30:55 +00:00
## <summary>
2005-06-23 21:30:57 +00:00
## Execute a shell in all user domains. This
## is an explicit transition, requiring the
## caller to use setexeccon().
2005-06-27 16:30:55 +00:00
## </summary>
2005-06-23 21:30:57 +00:00
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-23 21:30:57 +00:00
## </param>
#
interface(`userdom_spec_domtrans_all_users',`
2005-06-21 17:01:45 +00:00
gen_require(`
attribute userdomain;
')
2005-06-13 17:35:46 +00:00
corecmd_shell_spec_domtrans($1,userdomain)
2006-01-19 21:04:33 +00:00
allow userdomain $1:fd use;
allow userdomain $1:fifo_file rw_file_perms;
allow userdomain $1:process sigchld;
')
2006-01-30 22:51:35 +00:00
########################################
## <summary>
## Execute an Xserver session in all unprivileged user domains. This
## is an explicit transition, requiring the
## caller to use setexeccon().
## </summary>
## <param name="domain">
## <summary>
2006-01-30 22:51:35 +00:00
## Domain allowed access.
## </summary>
2006-01-30 22:51:35 +00:00
## </param>
#
interface(`userdom_xsession_spec_domtrans_all_users',`
gen_require(`
attribute userdomain;
')
xserver_xsession_spec_domtrans($1,userdomain)
allow userdomain $1:fd use;
allow userdomain $1:fifo_file rw_file_perms;
allow userdomain $1:process sigchld;
')
2005-06-21 17:01:45 +00:00
########################################
2005-06-27 16:30:55 +00:00
## <summary>
2005-06-23 21:30:57 +00:00
## Execute a shell in all unprivileged user domains. This
## is an explicit transition, requiring the
## caller to use setexeccon().
2005-06-27 16:30:55 +00:00
## </summary>
2005-06-23 21:30:57 +00:00
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-23 21:30:57 +00:00
## </param>
2005-06-21 17:01:45 +00:00
#
interface(`userdom_spec_domtrans_unpriv_users',`
2005-06-21 17:01:45 +00:00
gen_require(`
attribute unpriv_userdomain;
')
corecmd_shell_spec_domtrans($1,unpriv_userdomain)
2006-01-19 21:04:33 +00:00
allow unpriv_userdomain $1:fd use;
allow unpriv_userdomain $1:fifo_file rw_file_perms;
allow unpriv_userdomain $1:process sigchld;
')
2006-01-30 22:51:35 +00:00
########################################
## <summary>
## Execute an Xserver session in all unprivileged user domains. This
## is an explicit transition, requiring the
## caller to use setexeccon().
## </summary>
## <param name="domain">
## <summary>
2006-01-30 22:51:35 +00:00
## Domain allowed access.
## </summary>
2006-01-30 22:51:35 +00:00
## </param>
#
interface(`userdom_xsession_spec_domtrans_unpriv_users',`
gen_require(`
attribute unpriv_userdomain;
')
xserver_xsession_spec_domtrans($1,unpriv_userdomain)
allow unpriv_userdomain $1:fd use;
allow unpriv_userdomain $1:fifo_file rw_file_perms;
allow unpriv_userdomain $1:process sigchld;
')
2006-01-12 16:00:55 +00:00
########################################
## <summary>
## Manage unpriviledged user SysV sempaphores.
## </summary>
## <param name="domain">
## <summary>
2006-01-12 16:00:55 +00:00
## Domain allowed access.
## </summary>
2006-01-12 16:00:55 +00:00
## </param>
#
interface(`userdom_manage_unpriv_user_semaphores',`
gen_require(`
attribute unpriv_userdomain;
')
allow $1 unpriv_userdomain:sem create_sem_perms;
')
########################################
## <summary>
## Manage unpriviledged user SysV shared
## memory segments.
## </summary>
## <param name="domain">
## <summary>
2006-01-12 16:00:55 +00:00
## Domain allowed access.
## </summary>
2006-01-12 16:00:55 +00:00
## </param>
#
interface(`userdom_manage_unpriv_user_shared_mem',`
gen_require(`
attribute unpriv_userdomain;
')
allow $1 unpriv_userdomain:shm create_shm_perms;
')
2006-01-18 16:40:04 +00:00
########################################
## <summary>
## Execute bin_t in the unprivileged user domains. This
## is an explicit transition, requiring the
## caller to use setexeccon().
## </summary>
## <param name="domain">
## <summary>
2006-01-18 16:40:04 +00:00
## Domain allowed access.
## </summary>
2006-01-18 16:40:04 +00:00
## </param>
#
interface(`userdom_bin_spec_domtrans_unpriv_users',`
gen_require(`
attribute unpriv_userdomain;
')
corecmd_bin_spec_domtrans($1,unpriv_userdomain)
allow unpriv_userdomain $1:fd use;
allow unpriv_userdomain $1:fifo_file rw_file_perms;
allow unpriv_userdomain $1:process sigchld;
')
########################################
## <summary>
## Execute generic sbin programs in all unprivileged user
## domains. This is an explicit transition, requiring the
## caller to use setexeccon().
## </summary>
## <param name="domain">
## <summary>
2006-01-18 16:40:04 +00:00
## Domain allowed access.
## </summary>
2006-01-18 16:40:04 +00:00
## </param>
#
interface(`userdom_sbin_spec_domtrans_unpriv_users',`
2007-03-23 23:24:59 +00:00
userdom_bin_spec_domtrans_unpriv_users($1)
refpolicywarn(`$0() has been deprecated, please use userdom_bin_spec_domtrans_unpriv_users() instead.')
2006-01-18 16:40:04 +00:00
')
########################################
## <summary>
## Execute all entrypoint files in unprivileged user
## domains. This is an explicit transition, requiring the
## caller to use setexeccon().
## </summary>
## <param name="domain">
## <summary>
2006-01-18 16:40:04 +00:00
## Domain allowed access.
## </summary>
2006-01-18 16:40:04 +00:00
## </param>
#
interface(`userdom_entry_spec_domtrans_unpriv_users',`
gen_require(`
attribute unpriv_userdomain;
')
2006-02-02 21:08:12 +00:00
domain_entry_file_spec_domtrans($1,unpriv_userdomain)
2006-01-18 16:40:04 +00:00
allow unpriv_userdomain $1:fd use;
allow unpriv_userdomain $1:fifo_file rw_file_perms;
allow unpriv_userdomain $1:process sigchld;
')
2005-05-26 20:38:45 +00:00
########################################
2005-06-27 16:30:55 +00:00
## <summary>
2005-06-23 21:30:57 +00:00
## Execute a shell in the sysadm domain.
2005-06-27 16:30:55 +00:00
## </summary>
2005-06-23 21:30:57 +00:00
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-23 21:30:57 +00:00
## </param>
2005-05-26 20:38:45 +00:00
#
interface(`userdom_shell_domtrans_sysadm',`
2005-07-06 20:28:29 +00:00
ifdef(`targeted_policy',`
#cjp: need to doublecheck this one
2005-07-08 20:44:57 +00:00
unconfined_shell_domtrans($1)
2005-07-06 20:28:29 +00:00
',`
gen_require(`
type sysadm_t;
')
corecmd_shell_domtrans($1,sysadm_t)
allow sysadm_t $1:fd use;
allow sysadm_t $1:fifo_file rw_file_perms;
allow sysadm_t $1:process sigchld;
2005-07-06 20:28:29 +00:00
')
2005-05-26 20:38:45 +00:00
')
2006-01-18 16:40:04 +00:00
########################################
## <summary>
## Execute a generic bin program in the sysadm domain.
## </summary>
## <param name="domain">
## <summary>
2006-01-18 16:40:04 +00:00
## Domain allowed access.
## </summary>
2006-01-18 16:40:04 +00:00
## </param>
#
interface(`userdom_bin_spec_domtrans_sysadm',`
gen_require(`
type sysadm_t;
')
corecmd_bin_spec_domtrans($1,sysadm_t)
allow sysadm_t $1:fd use;
allow sysadm_t $1:fifo_file rw_file_perms;
allow sysadm_t $1:process sigchld;
')
########################################
## <summary>
2007-03-23 23:24:59 +00:00
## Execute a generic sbin program in the sysadm domain. (Deprecated)
2006-01-18 16:40:04 +00:00
## </summary>
## <param name="domain">
## <summary>
2006-01-18 16:40:04 +00:00
## Domain allowed access.
## </summary>
2006-01-18 16:40:04 +00:00
## </param>
#
interface(`userdom_sbin_spec_domtrans_sysadm',`
2007-03-23 23:24:59 +00:00
userdom_bin_spec_domtrans_sysadm($1)
refpolicywarn(`$0() has been deprecated, please use userdom_bin_spec_domtrans_sysadm() instead.')
2006-01-18 16:40:04 +00:00
')
########################################
## <summary>
## Execute all entrypoint files in the sysadm domain. This
## is an explicit transition, requiring the
## caller to use setexeccon().
## </summary>
## <param name="domain">
## <summary>
2006-01-18 16:40:04 +00:00
## Domain allowed access.
## </summary>
2006-01-18 16:40:04 +00:00
## </param>
#
interface(`userdom_entry_spec_domtrans_sysadm',`
gen_require(`
type sysadm_t;
')
2006-02-02 21:08:12 +00:00
domain_entry_file_spec_domtrans($1,sysadm_t)
2006-01-18 16:40:04 +00:00
allow sysadm_t $1:fd use;
allow sysadm_t $1:fifo_file rw_file_perms;
allow sysadm_t $1:process sigchld;
')
########################################
## <summary>
## Allow sysadm to execute a generic bin program in
## a specified domain. This is an explicit transition,
2007-03-23 23:24:59 +00:00
## requiring the caller to use setexeccon(). (Deprecated)
## </summary>
## <desc>
## <p>
## Allow sysadm to execute a generic bin program in
2007-03-23 23:24:59 +00:00
## a specified domain. (Deprecated)
## </p>
## <p>
## This is a interface to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain to execute in.
## </summary>
## </param>
#
interface(`userdom_sysadm_bin_spec_domtrans_to',`
gen_require(`
type sysadm_t;
')
corecmd_bin_spec_domtrans(sysadm_t,$1)
allow $1 sysadm_t:fd use;
allow $1 sysadm_t:fifo_file rw_file_perms;
allow $1 sysadm_t:process sigchld;
')
########################################
## <summary>
## Allow sysadm to execute a generic sbin program in
## a specified domain. This is an explicit transition,
2007-03-23 23:24:59 +00:00
## requiring the caller to use setexeccon(). (Deprecated)
## </summary>
## <desc>
## <p>
## Allow sysadm to execute a generic sbin program in
2007-03-23 23:24:59 +00:00
## a specified domain. (Deprecated)
## </p>
## <p>
## This is a interface to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain to execute in.
## </summary>
## </param>
#
interface(`userdom_sysadm_sbin_spec_domtrans_to',`
2007-03-23 23:24:59 +00:00
userdom_sysadm_bin_spec_domtrans_to($1)
refpolicywarn(`$0() has been deprecated, please use userdom_sysadm_bin_spec_domtrans_to() instead.')
')
########################################
## <summary>
## Allow sysadm to execute all entrypoint files
## in the specified domain. This is an explicit
## transition, requiring the caller to use setexeccon().
## </summary>
## <desc>
## <p>
## Allow sysadm to execute all entrypoint files
## in the specified domain. This is an explicit
## transition, requiring the caller to use setexeccon().
## </p>
## <p>
## This is a interface to support third party modules
## and its use is not allowed in upstream reference
## policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain to execute in.
## </summary>
## </param>
#
interface(`userdom_sysadm_entry_spec_domtrans_to',`
gen_require(`
type sysadm_t;
')
domain_entry_file_spec_domtrans(sysadm_t, $1)
allow $1 sysadm_t:fd use;
allow $1 sysadm_t:fifo_file rw_file_perms;
allow $1 sysadm_t:process sigchld;
')
########################################
## <summary>
## Search the staff users home directory.
## </summary>
## <param name="domain">
## <summary>
2006-01-12 23:23:22 +00:00
## Domain allowed access.
## </summary>
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_search_staff_home_dirs',`
gen_require(`
type staff_home_dir_t;
')
files_search_home($1)
allow $1 staff_home_dir_t:dir search_dir_perms;
')
########################################
## <summary>
## Do not audit attempts to search the staff
## users home directory.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_dontaudit_search_staff_home_dirs',`
gen_require(`
type staff_home_dir_t;
')
dontaudit $1 staff_home_dir_t:dir search_dir_perms;
')
########################################
## <summary>
## Create, read, write, and delete staff
## home directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_manage_staff_home_dirs',`
ifdef(`targeted_policy',`
userdom_manage_generic_user_home_dirs($1)
',`
gen_require(`
type staff_home_dir_t;
')
files_search_home($1)
allow $1 staff_home_dir_t:dir manage_dir_perms;
')
')
########################################
## <summary>
## Relabel to staff home directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_relabelto_staff_home_dirs',`
ifdef(`targeted_policy',`
userdom_relabelto_generic_user_home_dirs($1)
',`
gen_require(`
type staff_home_dir_t;
')
files_search_home($1)
allow $1 staff_home_dir_t:dir relabelto;
')
')
########################################
## <summary>
## Do not audit attempts to append to the staff
## users home directory.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_dontaudit_append_staff_home_content_files',`
gen_require(`
type staff_home_t;
')
dontaudit $1 staff_home_t:file append;
')
2005-06-30 18:54:08 +00:00
########################################
## <summary>
## Read files in the staff users home directory.
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-30 18:54:08 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_read_staff_home_content_files',`
2005-06-30 18:54:08 +00:00
gen_require(`
type staff_home_dir_t, staff_home_t;
')
files_search_home($1)
2006-12-12 20:08:08 +00:00
allow $1 { staff_home_dir_t staff_home_t }:dir list_dir_perms;
read_files_pattern($1,{ staff_home_dir_t staff_home_t },staff_home_t)
read_lnk_files_pattern($1,{ staff_home_dir_t staff_home_t },staff_home_t)
2005-06-30 18:54:08 +00:00
')
2005-09-27 19:40:44 +00:00
########################################
## <summary>
## Send a SIGCHLD signal to sysadm users.
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-09-27 19:40:44 +00:00
## </param>
#
interface(`userdom_sigchld_sysadm',`
ifdef(`targeted_policy',`
unconfined_sigchld($1)
',`
gen_require(`
type sysadm_t;
')
2005-09-27 19:40:44 +00:00
allow $1 sysadm_t:process sigchld;
')
2005-09-27 19:40:44 +00:00
')
2005-11-08 22:00:30 +00:00
########################################
## <summary>
## Do not audit attepts to get the attributes
## of sysadm ttys.
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-11-08 22:00:30 +00:00
## </param>
#
2006-02-02 21:08:12 +00:00
interface(`userdom_dontaudit_getattr_sysadm_ttys',`
2005-11-08 22:00:30 +00:00
ifdef(`targeted_policy',`
term_dontaudit_getattr_unallocated_ttys($1)
',`
gen_require(`
type sysadm_tty_device_t;
')
dontaudit $1 sysadm_tty_device_t:chr_file getattr;
')
')
########################################
2005-06-27 16:30:55 +00:00
## <summary>
2005-06-23 21:30:57 +00:00
## Read and write sysadm ttys.
2005-06-27 16:30:55 +00:00
## </summary>
2005-06-23 21:30:57 +00:00
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-23 21:30:57 +00:00
## </param>
2005-05-18 21:00:30 +00:00
#
2006-02-02 21:08:12 +00:00
interface(`userdom_use_sysadm_ttys',`
2005-07-06 20:28:29 +00:00
ifdef(`targeted_policy',`
2006-02-02 21:08:12 +00:00
term_use_unallocated_ttys($1)
2005-07-06 20:28:29 +00:00
',`
gen_require(`
type sysadm_tty_device_t;
')
2005-06-30 18:54:08 +00:00
2005-07-06 20:28:29 +00:00
dev_list_all_dev_nodes($1)
term_list_ptys($1)
allow $1 sysadm_tty_device_t:chr_file rw_term_perms;
')
2005-06-30 18:54:08 +00:00
')
2005-07-15 20:45:26 +00:00
########################################
## <summary>
## Do not audit attempts to use sysadm ttys.
## </summary>
## <param name="domain">
## <summary>
2005-07-15 20:45:26 +00:00
## Domain to not audit.
## </summary>
2005-07-15 20:45:26 +00:00
## </param>
#
2006-02-02 21:08:12 +00:00
interface(`userdom_dontaudit_use_sysadm_ttys',`
2005-07-15 20:45:26 +00:00
ifdef(`targeted_policy',`
2006-02-02 21:08:12 +00:00
term_dontaudit_use_unallocated_ttys($1)
2005-07-15 20:45:26 +00:00
',`
gen_require(`
2005-09-15 21:03:29 +00:00
type sysadm_tty_device_t;
2005-07-15 20:45:26 +00:00
')
dontaudit $1 sysadm_tty_device_t:chr_file { read write };
')
')
2005-06-30 18:54:08 +00:00
########################################
## <summary>
## Read and write sysadm ptys.
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-30 18:54:08 +00:00
## </param>
#
2006-02-02 21:08:12 +00:00
interface(`userdom_use_sysadm_ptys',`
2005-07-06 20:28:29 +00:00
ifdef(`targeted_policy',`
2006-02-02 21:08:12 +00:00
term_use_generic_ptys($1)
2005-07-06 20:28:29 +00:00
',`
gen_require(`
type sysadm_devpts_t;
')
2005-07-06 20:28:29 +00:00
dev_list_all_dev_nodes($1)
term_list_ptys($1)
allow $1 sysadm_devpts_t:chr_file rw_term_perms;
')
')
2005-10-07 21:45:04 +00:00
########################################
## <summary>
## Dont audit attempts to read and write sysadm ptys.
## </summary>
## <param name="domain">
## <summary>
2005-10-07 21:45:04 +00:00
## Domain to not audit.
## </summary>
2005-10-07 21:45:04 +00:00
## </param>
#
2006-02-02 21:08:12 +00:00
interface(`userdom_dontaudit_use_sysadm_ptys',`
2005-10-07 21:45:04 +00:00
ifdef(`targeted_policy',`
2006-02-02 21:08:12 +00:00
term_dontaudit_use_generic_ptys($1)
2005-10-07 21:45:04 +00:00
',`
gen_require(`
type sysadm_devpts_t;
')
dontaudit $1 sysadm_devpts_t:chr_file { read write };
')
')
2005-06-21 21:07:46 +00:00
########################################
2005-06-27 16:30:55 +00:00
## <summary>
2005-06-23 21:30:57 +00:00
## Read and write sysadm ttys and ptys.
2005-06-27 16:30:55 +00:00
## </summary>
2005-06-23 21:30:57 +00:00
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-23 21:30:57 +00:00
## </param>
2005-06-21 21:07:46 +00:00
#
interface(`userdom_use_sysadm_terms',`
2006-02-02 21:08:12 +00:00
userdom_use_sysadm_ttys($1)
userdom_use_sysadm_ptys($1)
')
2005-06-08 13:12:00 +00:00
########################################
2005-06-27 16:30:55 +00:00
## <summary>
2005-07-15 20:45:26 +00:00
## Do not audit attempts to use sysadm ttys and ptys.
2005-06-27 16:30:55 +00:00
## </summary>
2005-06-23 21:30:57 +00:00
## <param name="domain">
## <summary>
2005-07-15 20:45:26 +00:00
## Domain to not audit.
## </summary>
2005-06-23 21:30:57 +00:00
## </param>
2005-06-08 13:12:00 +00:00
#
interface(`userdom_dontaudit_use_sysadm_terms',`
2005-07-06 20:28:29 +00:00
ifdef(`targeted_policy',`
2006-02-02 21:08:12 +00:00
term_dontaudit_use_generic_ptys($1)
2005-07-06 20:28:29 +00:00
',`
gen_require(`
attribute admin_terminal;
')
2005-06-08 13:12:00 +00:00
2005-07-06 20:28:29 +00:00
dontaudit $1 admin_terminal:chr_file { read write };
')
2005-06-08 13:12:00 +00:00
')
2005-06-30 18:54:08 +00:00
########################################
## <summary>
## Inherit and use sysadm file descriptors
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-30 18:54:08 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
interface(`userdom_use_sysadm_fds',`
2005-07-06 20:28:29 +00:00
ifdef(`targeted_policy',`
unconfined_use_fds($1)
2005-07-06 20:28:29 +00:00
',`
gen_require(`
type sysadm_t;
')
2005-06-30 18:54:08 +00:00
2005-07-06 20:28:29 +00:00
allow $1 sysadm_t:fd use;
')
2005-06-30 18:54:08 +00:00
')
########################################
## <summary>
## Read and write sysadm user unnamed pipes.
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-30 18:54:08 +00:00
## </param>
#
2006-02-02 21:08:12 +00:00
interface(`userdom_rw_sysadm_pipes',`
2005-07-06 20:28:29 +00:00
ifdef(`targeted_policy',`
#cjp: need to doublecheck this one
2006-02-02 21:08:12 +00:00
unconfined_rw_pipes($1)
2005-07-06 20:28:29 +00:00
',`
gen_require(`
type sysadm_t;
')
2005-06-30 18:54:08 +00:00
2006-12-12 20:08:08 +00:00
allow $1 sysadm_t:fifo_file rw_fifo_file_perms;
2005-07-06 20:28:29 +00:00
')
2005-06-30 18:54:08 +00:00
')
2005-10-11 15:36:53 +00:00
########################################
## <summary>
## Get the attributes of the sysadm users
## home directory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
2005-10-11 15:36:53 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_getattr_sysadm_home_dirs',`
2005-10-11 15:36:53 +00:00
gen_require(`
type sysadm_home_dir_t;
')
allow $1 sysadm_home_dir_t:dir getattr;
')
########################################
## <summary>
## Do not audit attempts to get the
## attributes of the sysadm users
## home directory.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
2006-02-02 21:08:12 +00:00
interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
2006-01-06 22:51:40 +00:00
ifdef(`targeted_policy',`
gen_require(`
type user_home_dir_t;
')
dontaudit $1 user_home_dir_t:dir getattr;
', `
gen_require(`
type sysadm_home_dir_t;
')
2006-01-06 22:51:40 +00:00
dontaudit $1 sysadm_home_dir_t:dir getattr;
')
')
########################################
## <summary>
## Search the sysadm users home directory.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_search_sysadm_home_dirs',`
gen_require(`
type sysadm_home_dir_t;
')
allow $1 sysadm_home_dir_t:dir search_dir_perms;
')
########################################
## <summary>
## Do not audit attempts to search the sysadm
## users home directory.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_dontaudit_search_sysadm_home_dirs',`
2006-01-06 22:51:40 +00:00
ifdef(`targeted_policy',`
2006-01-18 14:48:24 +00:00
gen_require(`
type user_home_dir_t;
')
2006-01-06 22:51:40 +00:00
dontaudit $1 user_home_dir_t:dir search_dir_perms;
',`
gen_require(`
type sysadm_home_dir_t;
')
dontaudit $1 sysadm_home_dir_t:dir search_dir_perms;
')
')
2005-11-08 22:00:30 +00:00
########################################
## <summary>
## List the sysadm users home directory.
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-11-08 22:00:30 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_list_sysadm_home_dirs',`
2005-11-08 22:00:30 +00:00
gen_require(`
type sysadm_home_dir_t;
')
allow $1 sysadm_home_dir_t:dir list_dir_perms;
')
2005-09-05 16:47:19 +00:00
########################################
## <summary>
## Do not audit attempts to list the sysadm
## users home directory.
## </summary>
## <param name="domain">
## <summary>
2005-09-05 16:47:19 +00:00
## Domain to not audit.
## </summary>
2005-09-05 16:47:19 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_dontaudit_list_sysadm_home_dirs',`
2005-09-05 16:47:19 +00:00
gen_require(`
type sysadm_home_dir_t;
')
2005-11-08 22:00:30 +00:00
dontaudit $1 sysadm_home_dir_t:dir list_dir_perms;
2005-09-05 16:47:19 +00:00
')
2006-01-18 14:48:24 +00:00
########################################
## <summary>
## Do not audit attempts to search the sysadm
## users home directory.
## </summary>
## <param name="domain">
## <summary>
2006-01-18 14:48:24 +00:00
## Domain to not audit.
## </summary>
2006-01-18 14:48:24 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_dontaudit_read_sysadm_home_content_files',`
2006-01-18 14:48:24 +00:00
ifdef(`targeted_policy',`
gen_require(`
type user_home_dir_t, user_home_t;
')
dontaudit $1 user_home_dir_t:dir search_dir_perms;
dontaudit $1 user_home_t:dir search_dir_perms;
2006-01-18 14:48:24 +00:00
dontaudit $1 user_home_t:file r_file_perms;
',`
gen_require(`
type sysadm_home_dir_t, sysadm_home_t;
')
dontaudit $1 sysadm_home_dir_t:dir search_dir_perms;
dontaudit $1 sysadm_home_t:dir search_dir_perms;
dontaudit $1 sysadm_home_t:file r_file_perms;
2006-01-18 14:48:24 +00:00
')
')
2005-10-22 19:58:58 +00:00
########################################
## <summary>
## Create objects in sysadm home directories
## with automatic file type transition.
## </summary>
## <param name="domain">
## <summary>
2005-10-22 19:58:58 +00:00
## Domain allowed access.
## </summary>
2005-10-22 19:58:58 +00:00
## </param>
2006-02-03 14:48:12 +00:00
## <param name="private type">
## <summary>
2006-02-03 14:48:12 +00:00
## The type of the object to be created.
## </summary>
2006-02-03 14:48:12 +00:00
## </param>
## <param name="object_class">
## <summary>
2005-10-22 19:58:58 +00:00
## The class of the object to be created.
## If not specified, file is used.
## </summary>
2005-10-22 19:58:58 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_sysadm_home_dir_filetrans',`
2005-10-22 20:06:51 +00:00
gen_require(`
2006-02-03 14:48:12 +00:00
type sysadm_home_dir_t;
2005-10-22 20:06:51 +00:00
')
2005-10-22 19:58:58 +00:00
2006-12-12 20:08:08 +00:00
filetrans_pattern($1,sysadm_home_dir_t,$2,$3)
2005-10-22 19:58:58 +00:00
')
########################################
## <summary>
## Search the sysadm users home sub directories.
## </summary>
## <param name="domain">
## <summary>
2005-10-22 19:58:58 +00:00
## Domain to not audit.
## </summary>
2005-10-22 19:58:58 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_search_sysadm_home_content_dirs',`
2005-10-22 20:06:51 +00:00
gen_require(`
type sysadm_home_dir_t, sysadm_home_t;
2005-10-22 19:58:58 +00:00
')
2005-10-22 20:06:51 +00:00
allow $1 { sysadm_home_dir_t sysadm_home_t }:dir search_dir_perms;
2005-10-22 19:58:58 +00:00
')
2005-06-30 18:54:08 +00:00
########################################
## <summary>
## Read files in the sysadm users home directory.
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-30 18:54:08 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_read_sysadm_home_content_files',`
ifdef(`strict_policy',`
gen_require(`
type sysadm_home_dir_t, sysadm_home_t;
')
files_search_home($1)
2006-12-12 20:08:08 +00:00
allow $1 { sysadm_home_dir_t sysadm_home_t }:dir list_dir_perms;
read_files_pattern($1,{ sysadm_home_dir_t sysadm_home_t },sysadm_home_t)
read_lnk_files_pattern($1,{ sysadm_home_dir_t sysadm_home_t },sysadm_home_t)
',`
userdom_read_generic_user_home_content_files($1)
2005-06-30 18:54:08 +00:00
')
')
2005-06-30 18:54:08 +00:00
########################################
## <summary>
## Read files in the sysadm users home directory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_read_sysadm_tmp_files',`
ifdef(`strict_policy',`
gen_require(`
type sysadm_tmp_t;
')
files_search_tmp($1)
allow $1 sysadm_tmp_t:dir list_dir_perms;
2006-12-12 20:08:08 +00:00
read_files_pattern($1,sysadm_tmp_t,sysadm_tmp_t)
read_lnk_files_pattern($1,sysadm_tmp_t,sysadm_tmp_t)
',`
files_read_generic_tmp_files($1)
')
2005-06-30 18:54:08 +00:00
')
2006-03-28 18:29:52 +00:00
########################################
## <summary>
## Search all users home directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
attribute home_dir_type;
')
files_list_home($1)
allow $1 home_dir_type:dir search_dir_perms;
')
########################################
## <summary>
## List all users home directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_list_all_users_home_dirs',`
gen_require(`
attribute home_dir_type;
')
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
')
########################################
2005-06-27 16:30:55 +00:00
## <summary>
2005-06-23 21:30:57 +00:00
## Search all users home directories.
2005-06-27 16:30:55 +00:00
## </summary>
2005-06-23 21:30:57 +00:00
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-23 21:30:57 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_search_all_users_home_content',`
2005-06-21 21:07:46 +00:00
gen_require(`
attribute home_dir_type, home_type;
')
2005-06-13 17:35:46 +00:00
files_list_home($1)
allow $1 { home_dir_type home_type }:dir search_dir_perms;
')
########################################
## <summary>
## Do not audit attempts to search all users home directories.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_dontaudit_search_all_users_home_content',`
gen_require(`
attribute home_dir_type, home_type;
')
2005-10-21 21:35:25 +00:00
dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
')
########################################
2005-06-27 16:30:55 +00:00
## <summary>
2005-06-23 21:30:57 +00:00
## Read all files in all users home directories.
2005-06-27 16:30:55 +00:00
## </summary>
2005-06-23 21:30:57 +00:00
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-23 21:30:57 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_read_all_users_home_content_files',`
2005-06-21 21:07:46 +00:00
gen_require(`
attribute home_type;
')
2005-06-13 17:35:46 +00:00
files_list_home($1)
2006-12-12 20:08:08 +00:00
allow $1 home_type:dir list_dir_perms;
read_files_pattern($1,home_type,home_type)
')
2005-10-05 19:52:53 +00:00
########################################
## <summary>
## Create, read, write, and delete all directories
## in all users home directories.
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-10-05 19:52:53 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_manage_all_users_home_content_dirs',`
2005-10-05 19:52:53 +00:00
gen_require(`
attribute home_type;
')
files_list_home($1)
2006-12-12 20:08:08 +00:00
allow $1 home_type:dir manage_dir_perms;
2005-10-05 19:52:53 +00:00
')
########################################
## <summary>
## Create, read, write, and delete all files
## in all users home directories.
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-10-05 19:52:53 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_manage_all_users_home_content_files',`
2005-10-05 19:52:53 +00:00
gen_require(`
attribute home_type;
')
files_list_home($1)
2006-12-12 20:08:08 +00:00
manage_files_pattern($1,home_type,home_type)
2005-10-05 19:52:53 +00:00
')
########################################
## <summary>
## Create, read, write, and delete all symlinks
## in all users home directories.
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-10-05 19:52:53 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_manage_all_users_home_content_symlinks',`
2005-10-05 19:52:53 +00:00
gen_require(`
attribute home_type;
')
files_list_home($1)
2006-12-12 20:08:08 +00:00
manage_lnk_files_pattern($1,home_type,home_type)
2005-10-05 19:52:53 +00:00
')
2005-10-25 17:50:00 +00:00
########################################
## <summary>
## Make the specified domain a privileged
## home directory manager.
## </summary>
## <desc>
## <p>
## Make the specified domain a privileged
## home directory manager. This domain will be
## able to manage the contents of all users
## general home directory content, and create
## files with the correct context.
## </p>
## </desc>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-10-25 17:50:00 +00:00
## </param>
#
interface(`userdom_priveleged_home_dir_manager',`
gen_require(`
attribute privhome;
')
files_list_home($1)
typeattribute $1 privhome;
')
########################################
2005-06-27 16:30:55 +00:00
## <summary>
2005-08-17 14:14:07 +00:00
## Send general signals to unprivileged user domains.
2005-06-27 16:30:55 +00:00
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-27 16:30:55 +00:00
## </param>
#
2005-08-17 14:14:07 +00:00
interface(`userdom_signal_unpriv_users',`
2005-06-27 16:30:55 +00:00
gen_require(`
2005-08-17 14:14:07 +00:00
attribute unpriv_userdomain;
2005-06-27 16:30:55 +00:00
')
2005-08-17 14:14:07 +00:00
allow $1 unpriv_userdomain:process signal;
2005-06-27 16:30:55 +00:00
')
########################################
## <summary>
2005-08-17 14:14:07 +00:00
## Inherit the file descriptors from unprivileged user domains.
2005-06-27 16:30:55 +00:00
## </summary>
2005-06-23 21:30:57 +00:00
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-23 21:30:57 +00:00
## </param>
2005-05-18 21:00:30 +00:00
#
2006-02-21 18:40:44 +00:00
interface(`userdom_use_unpriv_users_fds',`
2005-06-21 21:07:46 +00:00
gen_require(`
2005-08-17 14:14:07 +00:00
attribute unpriv_userdomain;
2005-06-21 21:07:46 +00:00
')
2005-08-17 14:14:07 +00:00
allow $1 unpriv_userdomain:fd use;
2005-05-18 21:00:30 +00:00
')
########################################
2005-06-27 16:30:55 +00:00
## <summary>
2005-08-17 14:14:07 +00:00
## Do not audit attempts to inherit the
## file descriptors from all user domains.
2005-06-27 16:30:55 +00:00
## </summary>
2005-06-23 21:30:57 +00:00
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-23 21:30:57 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
interface(`userdom_dontaudit_use_unpriv_user_fds',`
2005-06-21 21:07:46 +00:00
gen_require(`
2005-08-17 14:14:07 +00:00
attribute unpriv_userdomain;
2005-06-21 21:07:46 +00:00
')
2005-08-17 14:14:07 +00:00
dontaudit $1 unpriv_userdomain:fd use;
')
2005-06-21 21:07:46 +00:00
########################################
2005-06-27 16:30:55 +00:00
## <summary>
2005-08-17 14:14:07 +00:00
## Create generic user home directories
## with automatic file type transition.
2005-06-27 16:30:55 +00:00
## </summary>
2005-06-23 21:30:57 +00:00
## <param name="domain">
## <summary>
2005-08-17 14:14:07 +00:00
## Domain allowed access.
## </summary>
2005-06-23 21:30:57 +00:00
## </param>
2005-06-21 21:07:46 +00:00
#
2006-02-21 18:40:44 +00:00
interface(`userdom_home_filetrans_generic_user_home_dir',`
2005-06-21 21:07:46 +00:00
gen_require(`
2005-08-17 14:14:07 +00:00
type user_home_dir_t;
2005-06-21 21:07:46 +00:00
')
files_home_filetrans($1,user_home_dir_t,dir)
')
2005-10-26 21:03:19 +00:00
########################################
## <summary>
## Search generic user home directories.
## </summary>
## <param name="domain">
## <summary>
2005-10-26 21:03:19 +00:00
## Domain allowed access.
## </summary>
2005-10-26 21:03:19 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_search_generic_user_home_dirs',`
2005-10-26 21:03:19 +00:00
gen_require(`
type user_home_dir_t;
')
allow $1 user_home_dir_t:dir search_dir_perms;
')
########################################
2005-06-27 16:30:55 +00:00
## <summary>
2005-08-17 14:14:07 +00:00
## Create objects in generic user home directories
## with automatic file type transition.
## </summary>
## <param name="domain">
## <summary>
2005-08-17 14:14:07 +00:00
## Domain allowed access.
## </summary>
2005-08-17 14:14:07 +00:00
## </param>
## <param name="object_class">
## <summary>
2005-08-17 14:14:07 +00:00
## The class of the object to be created.
## If not specified, file is used.
## </summary>
2005-08-17 14:14:07 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_generic_user_home_dir_filetrans_generic_user_home_content',`
2005-08-17 14:14:07 +00:00
gen_require(`
type user_home_dir_t, user_home_t;
')
files_search_home($1)
2006-12-12 20:08:08 +00:00
filetrans_pattern($1,user_home_dir_t,user_home_t,$2)
2005-08-17 14:14:07 +00:00
')
2005-10-07 21:45:04 +00:00
########################################
## <summary>
## Don't audit search on the user home subdirectory.
## </summary>
## <param name="domain">
## <summary>
2005-10-07 21:45:04 +00:00
## Domain allowed access.
## </summary>
2005-10-07 21:45:04 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
interface(`userdom_dontaudit_search_generic_user_home_dirs',`
2005-10-07 21:45:04 +00:00
gen_require(`
type user_home_t;
')
dontaudit $1 user_home_t:dir search_dir_perms;
2005-10-07 21:45:04 +00:00
')
########################################
## <summary>
## Create, read, write, and delete generic user
## home directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_manage_generic_user_home_dirs',`
gen_require(`
type user_home_dir_t;
')
files_search_home($1)
allow $1 user_home_dir_t:dir manage_dir_perms;
')
2005-08-17 14:14:07 +00:00
########################################
## <summary>
## Create, read, write, and delete
## subdirectories of generic user
## home directories.
## </summary>
## <param name="domain">
## <summary>
2005-08-17 14:14:07 +00:00
## Domain allowed access.
## </summary>
2005-08-17 14:14:07 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_manage_generic_user_home_content_dirs',`
2005-08-17 14:14:07 +00:00
gen_require(`
type user_home_t;
')
files_search_home($1)
2006-12-12 20:08:08 +00:00
manage_dirs_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
2005-08-17 14:14:07 +00:00
')
########################################
## <summary>
## Relabel to staff home directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_relabelto_generic_user_home_dirs',`
gen_require(`
type staff_home_dir_t;
')
files_search_home($1)
allow $1 user_home_dir_t:dir relabelto;
')
########################################
## <summary>
## Read files in generic user home directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_read_generic_user_home_content_files',`
gen_require(`
type user_home_t, user_home_dir_t;
')
files_search_home($1)
2006-12-12 20:08:08 +00:00
allow $1 user_home_t:dir list_dir_perms;
read_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
')
########################################
## <summary>
## Mmap of generic user
## home files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_mmap_generic_user_home_content_files',`
gen_require(`
type user_home_t;
')
files_search_home($1)
allow $1 user_home_t:file execute;
')
2005-08-17 14:14:07 +00:00
########################################
## <summary>
## Create, read, write, and delete files
## in generic user home directories.
## </summary>
## <param name="domain">
## <summary>
2005-08-17 14:14:07 +00:00
## Domain allowed access.
## </summary>
2005-08-17 14:14:07 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_manage_generic_user_home_content_files',`
2005-08-17 14:14:07 +00:00
gen_require(`
type user_home_dir_t, user_home_t;
2005-08-17 14:14:07 +00:00
')
files_search_home($1)
2006-12-12 20:08:08 +00:00
manage_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
2005-08-17 14:14:07 +00:00
')
########################################
## <summary>
## Do not audit attempts to relabel generic user
## home files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_dontaudit_relabel_generic_user_home_content_files',`
gen_require(`
type user_home_t;
')
dontaudit $1 user_home_t:file { relabelto relabelfrom };
')
2005-08-17 14:14:07 +00:00
########################################
## <summary>
## Create, read, write, and delete symbolic
## links in generic user home directories.
## </summary>
## <param name="domain">
## <summary>
2005-08-17 14:14:07 +00:00
## Domain allowed access.
## </summary>
2005-08-17 14:14:07 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_manage_generic_user_home_content_symlinks',`
2005-08-17 14:14:07 +00:00
gen_require(`
type user_home_t;
')
files_search_home($1)
2006-12-12 20:08:08 +00:00
manage_lnk_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
2005-08-17 14:14:07 +00:00
')
########################################
## <summary>
## Create, read, write, and delete named
## pipes in generic user home directories.
## </summary>
## <param name="domain">
## <summary>
2005-08-17 14:14:07 +00:00
## Domain allowed access.
## </summary>
2005-08-17 14:14:07 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_manage_generic_user_home_content_pipes',`
2005-08-17 14:14:07 +00:00
gen_require(`
type user_home_t;
')
files_search_home($1)
2006-12-12 20:08:08 +00:00
manage_fifo_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
2005-08-17 14:14:07 +00:00
')
########################################
## <summary>
## Create, read, write, and delete named
## sockets in generic user home directories.
## </summary>
## <param name="domain">
## <summary>
2005-08-17 14:14:07 +00:00
## Domain allowed access.
## </summary>
2005-08-17 14:14:07 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_manage_generic_user_home_content_sockets',`
2005-08-17 14:14:07 +00:00
gen_require(`
type user_home_t;
')
files_search_home($1)
2006-12-12 20:08:08 +00:00
manage_sock_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
2005-08-17 14:14:07 +00:00
')
2005-10-14 20:00:07 +00:00
########################################
## <summary>
## Search all unprivileged users home directories.
## </summary>
## <param name="domain">
## <summary>
2005-10-14 20:00:07 +00:00
## Domain allowed access.
## </summary>
2005-10-14 20:00:07 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
interface(`userdom_search_unpriv_users_home_dirs',`
2005-10-14 20:00:07 +00:00
gen_require(`
attribute user_home_dir_type;
')
2005-10-22 23:50:23 +00:00
files_search_home($1)
allow $1 user_home_dir_type:dir search_dir_perms;
2005-10-14 20:00:07 +00:00
')
2005-10-07 21:45:04 +00:00
########################################
## <summary>
## Read all unprivileged users home directory
## files.
## </summary>
## <param name="domain">
## <summary>
2005-10-07 21:45:04 +00:00
## Domain allowed access.
## </summary>
2005-10-07 21:45:04 +00:00
## </param>
#
2006-02-21 18:40:44 +00:00
interface(`userdom_read_unpriv_users_home_content_files',`
2005-10-07 21:45:04 +00:00
gen_require(`
2005-10-19 13:11:49 +00:00
attribute user_home_dir_type, user_home_type;
2005-10-07 21:45:04 +00:00
')
2006-01-30 22:51:35 +00:00
files_search_home($1)
2006-12-12 20:08:08 +00:00
allow $1 user_home_type:dir list_dir_perms;
read_files_pattern($1,{ user_home_dir_type user_home_type },user_home_type)
read_lnk_files_pattern($1,{ user_home_dir_type user_home_type },user_home_type)
2005-10-07 21:45:04 +00:00
')
2006-04-11 15:28:37 +00:00
########################################
## <summary>
## Create, read, write, and delete directories in
## unprivileged users home directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_manage_unpriv_users_home_content_dirs',`
gen_require(`
attribute user_home_dir_type, user_home_type;
')
files_search_home($1)
2006-12-12 20:08:08 +00:00
manage_dirs_pattern($1,{ user_home_dir_type user_home_type },user_home_type)
2006-04-11 15:28:37 +00:00
')
########################################
## <summary>
## Create, read, write, and delete files in
## unprivileged users home directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_manage_unpriv_users_home_content_files',`
gen_require(`
attribute user_home_dir_type, user_home_type;
')
files_search_home($1)
2006-12-12 20:08:08 +00:00
manage_files_pattern($1,{ user_home_dir_type user_home_type },user_home_type)
2006-04-11 15:28:37 +00:00
')
2005-10-24 01:53:13 +00:00
########################################
## <summary>
2005-11-08 22:00:30 +00:00
## Set the attributes of user ptys.
2005-10-24 01:53:13 +00:00
## </summary>
## <param name="domain">
## <summary>
2005-10-24 01:53:13 +00:00
## Domain allowed access.
## </summary>
2005-10-24 01:53:13 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
interface(`userdom_setattr_unpriv_users_ptys',`
2005-10-24 01:53:13 +00:00
gen_require(`
2005-11-08 22:00:30 +00:00
attribute user_ptynode;
2005-10-24 01:53:13 +00:00
')
2005-11-08 22:00:30 +00:00
allow $1 user_ptynode:chr_file setattr;
')
2005-12-01 18:01:21 +00:00
########################################
## <summary>
## Read and write unprivileged user ptys.
## </summary>
## <param name="domain">
## <summary>
2005-12-01 18:01:21 +00:00
## Domain allowed access.
## </summary>
2005-12-01 18:01:21 +00:00
## </param>
#
2006-02-02 21:08:12 +00:00
interface(`userdom_use_unpriv_users_ptys',`
2005-12-01 18:01:21 +00:00
ifdef(`targeted_policy',`
2006-02-02 21:08:12 +00:00
term_use_generic_ptys($1)
2005-12-01 18:01:21 +00:00
',`
gen_require(`
attribute user_ptynode;
')
term_search_ptys($1)
allow $1 user_ptynode:chr_file rw_file_perms;
')
')
2005-11-28 22:19:08 +00:00
########################################
## <summary>
## Do not audit attempts to use unprivileged
## user ptys.
## </summary>
## <param name="domain">
## <summary>
2005-12-01 18:01:21 +00:00
## Domain to not audit.
## </summary>
2005-11-28 22:19:08 +00:00
## </param>
#
2006-02-02 21:08:12 +00:00
interface(`userdom_dontaudit_use_unpriv_users_ptys',`
2005-11-28 22:19:08 +00:00
ifdef(`targeted_policy',`
2006-02-02 21:08:12 +00:00
term_dontaudit_use_generic_ptys($1)
2005-11-28 22:19:08 +00:00
',`
gen_require(`
attribute user_ptynode;
')
dontaudit $1 user_ptynode:chr_file rw_file_perms;
')
')
2006-01-20 22:41:54 +00:00
########################################
## <summary>
## Relabel files to unprivileged user pty types.
## </summary>
## <param name="domain">
## <summary>
2006-01-20 22:41:54 +00:00
## Domain allowed access.
## </summary>
2006-01-20 22:41:54 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
interface(`userdom_relabelto_unpriv_users_ptys',`
2006-01-20 22:41:54 +00:00
gen_require(`
attribute user_ptynode;
')
allow $1 user_ptynode:chr_file relabelto;
')
########################################
## <summary>
## Do not audit attempts to relabel files from
## unprivileged user pty types.
## </summary>
## <param name="domain">
## <summary>
2006-01-20 22:41:54 +00:00
## Domain allowed access.
## </summary>
2006-01-20 22:41:54 +00:00
## </param>
#
2006-02-02 21:08:12 +00:00
interface(`userdom_dontaudit_relabelfrom_unpriv_users_ptys',`
2006-01-20 22:41:54 +00:00
gen_require(`
attribute user_ptynode;
')
dontaudit $1 user_ptynode:chr_file relabelfrom;
')
2005-11-08 22:00:30 +00:00
########################################
## <summary>
## Read all unprivileged users temporary directories.
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-11-08 22:00:30 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
interface(`userdom_list_unpriv_users_tmp',`
2005-11-08 22:00:30 +00:00
ifdef(`targeted_policy',`
files_list_tmp($1)
',`
gen_require(`
attribute user_tmpfile;
')
allow $1 user_tmpfile:dir list_dir_perms;
')
2005-10-24 01:53:13 +00:00
')
########################################
## <summary>
## Read all unprivileged users temporary files.
## </summary>
## <param name="domain">
## <summary>
2005-10-24 01:53:13 +00:00
## Domain allowed access.
## </summary>
2005-10-24 01:53:13 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
interface(`userdom_read_unpriv_users_tmp_files',`
2005-11-08 22:00:30 +00:00
ifdef(`targeted_policy',`
files_read_generic_tmp_files($1)
',`
gen_require(`
attribute user_tmpfile;
')
2005-10-24 01:53:13 +00:00
2005-11-08 22:00:30 +00:00
allow $1 user_tmpfile:file { read getattr };
')
2005-10-24 01:53:13 +00:00
')
########################################
## <summary>
## Read all unprivileged users temporary symbolic links.
## </summary>
## <param name="domain">
## <summary>
2005-10-24 01:53:13 +00:00
## Domain allowed access.
## </summary>
2005-10-24 01:53:13 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
interface(`userdom_read_unpriv_users_tmp_symlinks',`
2005-11-08 22:00:30 +00:00
ifdef(`targeted_policy',`
files_read_generic_tmp_symlinks($1)
',`
gen_require(`
attribute user_tmpfile;
')
2005-10-24 01:53:13 +00:00
2005-11-08 22:00:30 +00:00
allow $1 user_tmpfile:lnk_file { getattr read };
')
2005-10-24 01:53:13 +00:00
')
2005-08-17 14:14:07 +00:00
########################################
## <summary>
## Write all unprivileged users files in /tmp
2005-06-27 16:30:55 +00:00
## </summary>
2005-06-23 21:30:57 +00:00
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-23 21:30:57 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
interface(`userdom_write_unpriv_users_tmp_files',`
2005-06-21 21:07:46 +00:00
gen_require(`
2005-08-17 14:14:07 +00:00
attribute user_tmpfile;
2005-06-21 21:07:46 +00:00
')
2005-08-17 14:14:07 +00:00
allow $1 user_tmpfile:file { getattr write append };
')
########################################
## <summary>
## Read and write unprivileged user ttys.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_use_unpriv_users_ttys',`
ifdef(`targeted_policy',`
term_use_unallocated_ttys($1)
',`
gen_require(`
attribute user_ttynode;
')
2006-12-12 20:08:08 +00:00
allow $1 user_ttynode:chr_file rw_term_perms;
')
')
2005-06-29 20:53:53 +00:00
########################################
## <summary>
## Do not audit attempts to use unprivileged
## user ttys.
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-06-29 20:53:53 +00:00
## </param>
#
2006-02-02 21:08:12 +00:00
interface(`userdom_dontaudit_use_unpriv_users_ttys',`
2005-11-22 17:56:53 +00:00
ifdef(`targeted_policy',`
2006-02-02 21:08:12 +00:00
term_dontaudit_use_unallocated_ttys($1)
2005-11-22 17:56:53 +00:00
',`
gen_require(`
attribute user_ttynode;
')
2005-06-29 20:53:53 +00:00
2005-11-22 17:56:53 +00:00
dontaudit $1 user_ttynode:chr_file rw_file_perms;
')
2005-06-29 20:53:53 +00:00
')
2005-07-06 20:28:29 +00:00
########################################
## <summary>
## Read the process state of all user domains.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
2006-02-02 21:08:12 +00:00
interface(`userdom_read_all_users_state',`
gen_require(`
attribute userdomain;
')
2006-12-12 20:08:08 +00:00
read_files_pattern($1,userdomain,userdomain)
kernel_search_proc($1)
')
########################################
## <summary>
## Get the attributes of all user domains.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
2006-02-20 21:33:25 +00:00
interface(`userdom_getattr_all_users',`
gen_require(`
attribute userdomain;
')
allow $1 userdomain:process getattr;
')
2005-08-17 14:14:07 +00:00
########################################
## <summary>
## Inherit the file descriptors from all user domains
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-08-17 14:14:07 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
interface(`userdom_use_all_users_fds',`
2005-08-17 14:14:07 +00:00
gen_require(`
attribute userdomain;
')
allow $1 userdomain:fd use;
')
########################################
2005-09-08 17:12:38 +00:00
## <summary>
## Do not audit attempts to inherit the file
## descriptors from any user domains.
## </summary>
## <param name="domain">
## <summary>
2005-09-08 17:12:38 +00:00
## Domain to not audit.
## </summary>
2005-09-08 17:12:38 +00:00
## </param>
#
2006-02-20 21:33:25 +00:00
interface(`userdom_dontaudit_use_all_users_fds',`
2005-09-08 17:12:38 +00:00
gen_require(`
attribute userdomain;
')
dontaudit $1 userdomain:fd use;
')
########################################
2005-08-17 14:14:07 +00:00
## <summary>
## Send general signals to all user domains.
## </summary>
## <param name="domain">
## <summary>
2005-11-08 22:00:30 +00:00
## Domain allowed access.
## </summary>
2005-08-17 14:14:07 +00:00
## </param>
#
interface(`userdom_signal_all_users',`
gen_require(`
attribute userdomain;
')
allow $1 userdomain:process signal;
')
2005-08-30 20:47:41 +00:00
########################################
## <summary>
## Send a SIGCHLD signal to all user domains.
## </summary>
## <param name="domain">
## <summary>
2005-08-30 20:47:41 +00:00
## Domain allowed access.
## </summary>
2005-08-30 20:47:41 +00:00
## </param>
#
2005-11-29 21:27:15 +00:00
interface(`userdom_sigchld_all_users',`
2005-08-30 20:47:41 +00:00
gen_require(`
attribute userdomain;
')
2005-09-19 21:17:45 +00:00
allow $1 userdomain:process sigchld;
2005-08-30 20:47:41 +00:00
')
2006-06-21 21:02:49 +00:00
########################################
## <summary>
## Create keys for all user domains.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_create_all_users_keys',`
ifdef(`strict_policy',`
gen_require(`
attribute userdomain;
')
allow $1 userdomain:key create;
',`
unconfined_create_keys($1)
')
')
2005-11-29 21:27:15 +00:00
########################################
## <summary>
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
## <summary>
2005-11-29 21:27:15 +00:00
## Domain allowed access.
## </summary>
2005-11-29 21:27:15 +00:00
## </param>
#
interface(`userdom_dbus_send_all_users',`
gen_require(`
attribute userdomain;
class dbus send_msg;
')
allow $1 userdomain:dbus send_msg;
')
2005-07-06 20:28:29 +00:00
########################################
## <summary>
## Unconfined access to user domains.
## </summary>
## <param name="domain">
## <summary>
2005-07-06 20:28:29 +00:00
## Domain allowed access.
## </summary>
2005-07-06 20:28:29 +00:00
## </param>
#
interface(`userdom_unconfined',`
gen_require(`
type user_home_dir_t;
')
2006-12-12 20:08:08 +00:00
allow $1 user_home_dir_t:dir manage_dir_perms;
files_home_filetrans($1,user_home_dir_t,dir)
2005-07-06 20:28:29 +00:00
')