diff --git a/refpolicy/Changelog b/refpolicy/Changelog index 507d840d..0b875c1e 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -11,6 +11,7 @@ - Added modules: alsa automount + cdrecord ddcprobe fetchmail irc diff --git a/refpolicy/policy/global_tunables b/refpolicy/policy/global_tunables index 30d0c27c..287f9ea6 100644 --- a/refpolicy/policy/global_tunables +++ b/refpolicy/policy/global_tunables @@ -159,6 +159,11 @@ gen_tunable(allow_ssh_keysign,false) ## Allow users to connect to mysql gen_tunable(allow_user_mysql_connect,false) +## Allow cdrecord to read various content. +## nfs, samba, removable devices, user temp +## and untrusted content files +gen_tunable(cdrecord_read_content,false) + ## Allow system cron jobs to relabel filesystem ## for restoring file contexts. gen_tunable(cron_can_relabel,false) diff --git a/refpolicy/policy/modules/apps/cdrecord.fc b/refpolicy/policy/modules/apps/cdrecord.fc new file mode 100644 index 00000000..12deb688 --- /dev/null +++ b/refpolicy/policy/modules/apps/cdrecord.fc @@ -0,0 +1,5 @@ +# +# /usr +# +/usr/bin/cdrecord -- gen_context(system_u:object_r:cdrecord_exec_t,s0) + diff --git a/refpolicy/policy/modules/apps/cdrecord.if b/refpolicy/policy/modules/apps/cdrecord.if new file mode 100644 index 00000000..caadac53 --- /dev/null +++ b/refpolicy/policy/modules/apps/cdrecord.if @@ -0,0 +1,197 @@ +## Policy for cdrecord + +####################################### +## +## The per user domain template for the cdrecord module. +## +## +##

+## This template creates derived domains which are used +## for cdrecord. +##

+##

+## This template is invoked automatically for each user, and +## generally does not need to be invoked directly +## by policy writers. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## The type of the user domain. +## +## +## The role associated with the user domain. +## +# +template(`cdrecord_per_userdomain_template', ` + + gen_require(` + type cdrecord_exec_t; + ') + + ######################################## + # + # Declarations + # + + type $1_cdrecord_t; + domain_type($1_cdrecord_t) + domain_entry_file($1_cdrecord_t,cdrecord_exec_t) + role $3 types $1_cdrecord_t; + + ######################################## + # + # Local policy + # + + allow $1_cdrecord_t self:capability { ipc_lock sys_nice setuid dac_override sys_rawio }; + allow $1_cdrecord_t self:process { getsched setsched sigkill }; + allow $1_cdrecord_t self:unix_dgram_socket create_socket_perms; + allow $1_cdrecord_t self:unix_stream_socket create_stream_socket_perms; + + allow $1_cdrecord_t $2:unix_stream_socket { getattr read write ioctl }; + + # allow ps to show cdrecord and allow the user to kill it + allow $2 $1_cdrecord_t:dir { search getattr read }; + allow $2 $1_cdrecord_t:{ file lnk_file } { read getattr }; + allow $2 $1_cdrecord_t:process getattr; + #We need to suppress this denial because procps + #tries to access /proc/pid/environ and this now + #triggers a ptrace check in recent kernels + # (2.4 and 2.6). Might want to change procps + #to not do this, or only if running in a privileged domain. + dontaudit $2 $1_cdrecord_t:process ptrace; + allow $2 $1_cdrecord_t:process signal; + + # Transition from the user domain to the derived domain. + domain_auto_trans($2, cdrecord_exec_t, $1_cdrecord_t) + allow $2 $1_cdrecord_t:fd use; + allow $1_cdrecord_t $2:fd use; + allow $1_cdrecord_t $2:fifo_file rw_file_perms; + allow $1_cdrecord_t $2:process sigchld; + + # allow searching for cdrom-drive + dev_list_all_dev_nodes($1_cdrecord_t) + + domain_wide_inherit_fd($1_cdrecord_t) + domain_use_wide_inherit_fd($1_cdrecord_t) + + files_read_etc_files($1_cdrecord_t) + + term_use_controlling_term($1_cdrecord_t) + term_list_ptys($1_cdrecord_t) + + # allow cdrecord to write the CD + storage_raw_write_removable_device($1_cdrecord_t) + storage_write_scsi_generic($1_cdrecord_t) + + libs_use_ld_so($1_cdrecord_t) + libs_use_shared_libs($1_cdrecord_t) + + logging_send_syslog_msg($1_cdrecord_t) + + miscfiles_read_localization($1_cdrecord_t) + + # write to the user domain tty. + userdom_use_user_terminals($1,$1_cdrecord_t) + userdom_use_user_terminals($1,$2) + + userdom_read_user_home_files($1,$1_cdrecord_t) + + # Handle nfs home dirs + tunable_policy(`cdrecord_read_content && use_nfs_home_dirs',` + fs_list_auto_mountpoints($1_cdrecord_t) + files_list_home($1_cdrecord_t) + fs_read_nfs_files($1_cdrecord_t) + fs_read_nfs_symlinks($1_cdrecord_t) + + ',` + files_dontaudit_list_home($1_cdrecord_t) + fs_dontaudit_list_auto_mountpoints($1_cdrecord_t) + fs_dontaudit_read_nfs_files($1_cdrecord_t) + fs_dontaudit_list_nfs($1_cdrecord_t) + ') + # Handle samba home dirs + tunable_policy(`cdrecord_read_content && use_samba_home_dirs',` + fs_list_auto_mountpoints($1_cdrecord_t) + files_list_home($1_cdrecord_t) + fs_read_cifs_files($1_cdrecord_t) + fs_read_cifs_symlinks($1_cdrecord_t) + ',` + files_dontaudit_list_home($1_cdrecord_t) + fs_dontaudit_list_auto_mountpoints($1_cdrecord_t) + fs_dontaudit_read_cifs_files($1_cdrecord_t) + fs_dontaudit_list_cifs($1_cdrecord_t) + ') + + # Handle removable media, /tmp, and /home + tunable_policy(`cdrecord_read_content',` + userdom_list_user_tmp($1,$1_cdrecord_t) + userdom_read_user_tmp_files($1,$1_cdrecord_t) + userdom_read_user_tmp_symlinks($1,$1_cdrecord_t) + userdom_search_user_home($1,$1_cdrecord_t) + userdom_read_user_home_files($1,$1_cdrecord_t) + userdom_read_user_home_symlinks($1,$1_cdrecord_t) + + ifdef(`enable_mls',` + ',` + fs_search_removable_dirs($1_cdrecord_t) + fs_read_removable_files($1_cdrecord_t) + fs_read_removable_symlinks($1_cdrecord_t) + ') + ',` + files_dontaudit_list_tmp($1_cdrecord_t) + files_dontaudit_list_home($1_cdrecord_t) + fs_dontaudit_list_removable_dirs($1_cdrecord_t) + fs_donaudit_read_removable_files($1_cdrecord_t) + userdom_dontaudit_list_user_tmp($1,$1_cdrecord_t) + userdom_dontaudit_read_user_tmp_files($1,$1_cdrecord_t) + userdom_dontaudit_list_user_home_dir($1,$1_cdrecord_t) + userdom_dontaudit_read_user_home_files($1,$1_cdrecord_t) + ') + + # Handle default_t content + tunable_policy(`cdrecord_read_content && read_default_t',` + files_list_default($1_cdrecord_t) + files_read_default_files($1_cdrecord_t) + files_read_default_symlinks($1_cdrecord_t) + ',` + files_dontaudit_read_default_files($1_cdrecord_t) + files_dontaudit_list_default($1_cdrecord_t) + ') + + # Handle untrusted content + tunable_policy(`cdrecord_read_content && read_untrusted_content',` + files_list_tmp($1_cdrecord_t) + files_list_home($1_cdrecord_t) + userdom_search_user_home($1,$1_cdrecord_t) + + userdom_list_user_untrusted_content($1,$1_cdrecord_t) + userdom_read_user_untrusted_content_files($1,$1_cdrecord_t) + userdom_read_user_untrusted_content_symlinks($1,$1_cdrecord_t) + userdom_list_user_tmp_untrusted_content($1,$1_cdrecord_t) + userdom_read_user_tmp_untrusted_content_files($1,$1_cdrecord_t) + userdom_read_user_tmp_untrusted_content_symlinks($1,$1_cdrecord_t) + ',` + files_dontaudit_list_tmp($1_cdrecord_t) + files_dontaudit_list_home($1_cdrecord_t) + userdom_dontaudit_list_user_home_dir($1,$1_cdrecord_t) + userdom_dontaudit_list_user_untrusted_content($1,$1_cdrecord_t) + userdom_dontaudit_read_user_untrusted_content_files($1,$1_cdrecord_t) + userdom_dontaudit_list_user_tmp_untrusted_content($1,$1_cdrecord_t) + userdom_dontaudit_read_user_tmp_untrusted_content_files($1,$1_cdrecord_t) + ') + + tunable_policy(`use_nfs_home_dirs',` + files_search_mnt($1_cdrecord_t) + fs_read_nfs_files($1_cdrecord_t) + fs_read_nfs_symlinks($1_cdrecord_t) + ') + + ifdef(`TODO',` + can_resmgrd_connect($1_cdrecord_t) + ') +') diff --git a/refpolicy/policy/modules/apps/cdrecord.te b/refpolicy/policy/modules/apps/cdrecord.te new file mode 100644 index 00000000..5e410f79 --- /dev/null +++ b/refpolicy/policy/modules/apps/cdrecord.te @@ -0,0 +1,12 @@ + +policy_module(cdrecord,1.0.0) + +######################################## +# +# Declarations +# + +type cdrecord_t; +type cdrecord_exec_t; +domain_entry_file(cdrecord_t, cdrecord_exec_t) + diff --git a/refpolicy/policy/modules/apps/java.if b/refpolicy/policy/modules/apps/java.if index 147f6708..7e146c7c 100644 --- a/refpolicy/policy/modules/apps/java.if +++ b/refpolicy/policy/modules/apps/java.if @@ -124,8 +124,8 @@ template(`java_per_userdomain_template',` sysnet_read_config($1_javaplugin_t) userdom_dontaudit_use_user_terminals($1,$1_javaplugin_t) - userdom_dontauit_setattr_user_home_files($1,$1_javaplugin_t) - userdom_dontauit_exec_user_home_files($1,$1_javaplugin_t) + userdom_dontaudit_setattr_user_home_files($1,$1_javaplugin_t) + userdom_dontaudit_exec_user_home_files($1,$1_javaplugin_t) userdom_create_user_home($1,$1_javaplugin_t,{ file lnk_file sock_file fifo_file },$1_home_t) userdom_manage_user_home_subdirs($1,$1_javaplugin_t) userdom_manage_user_home_subdir_files($1,$1_javaplugin_t) diff --git a/refpolicy/policy/modules/kernel/files.if b/refpolicy/policy/modules/kernel/files.if index f0ef6a4c..30720ec8 100644 --- a/refpolicy/policy/modules/kernel/files.if +++ b/refpolicy/policy/modules/kernel/files.if @@ -1811,6 +1811,23 @@ interface(`files_dontaudit_search_home',` dontaudit $1 home_root_t:dir search_dir_perms; ') +######################################## +## +## Do not audit attempts to list +## home directories root (/home). +## +## +## Domain to not audit. +## +# +interface(`files_dontaudit_list_home',` + gen_require(` + type home_root_t; + ') + + dontaudit $1 home_root_t:dir r_dir_perms; +') + ######################################## ## ## Get listing of home directories. @@ -2142,6 +2159,22 @@ interface(`files_list_tmp',` allow $1 tmp_t:dir list_dir_perms; ') +######################################## +## +## Do not audit listing of the tmp directory (/tmp). +## +## +## Domain not to audit. +## +# +interface(`files_dontaudit_list_tmp',` + gen_require(` + type tmp_t; + ') + + dontaudit $1 tmp_t:dir { read getattr search }; +') + ######################################## ## ## Read files in the tmp directory (/tmp). diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if index 8cbf09e8..8e71d3cd 100644 --- a/refpolicy/policy/modules/kernel/filesystem.if +++ b/refpolicy/policy/modules/kernel/filesystem.if @@ -377,6 +377,23 @@ interface(`fs_list_auto_mountpoints',` allow $1 autofs_t:dir r_dir_perms; ') +######################################## +## +## Do not audit attempts to list directories of automatically +## mounted filesystems. +## +## +## The type of the domain performing this action. +## +# +interface(`fs_dontaudit_list_auto_mountpoints',` + gen_require(` + type autofs_t; + ') + + dontaudit $1 autofs_t:dir r_dir_perms; +') + ######################################## ## ## Register an interpreter for new binary @@ -1269,6 +1286,87 @@ interface(`fs_search_rpc_dirs',` allow $1 rpc_pipefs_t:dir search_dir_perms; ') +######################################## +## +## Search removable storage directories. +## +## +## Domain allowed access. +## +# +interface(`fs_search_removable_dirs',` + gen_require(` + type removable_t; + ') + + allow $1 removable_t:dir { getattr read search }; + +') + +######################################## +## +## Do not audit attempts to list removable storage directories. +## +## +## Domain not to audit. +## +# +interface(`fs_dontaudit_list_removable_dirs',` + gen_require(` + type removable_t; + ') + dontaudit $1 removable_t:dir r_dir_perms; +') + +######################################## +## +## Read removable storage files. +## +## +## Domain allowed access. +## +# +interface(`fs_read_removable_files',` + gen_require(` + type removable_t; + ') + + allow $1 removable_t:file { read getattr }; + +') + +######################################## +## +## Do not audit attempts to read removable storage files. +## +## +## Domain not to audit. +## +# +interface(`fs_donaudit_read_removable_files',` + gen_require(` + type removable_t; + ') + dontaudit $1 removable_t:file r_file_perms; +') + +######################################## +## +## Read removable storage symbolic links. +## +## +## Domain allowed access. +## +# +interface(`fs_read_removable_symlinks',` + gen_require(` + type removable_t; + ') + + allow $1 removable_t:lnk_file { getattr read }; + +') + ######################################## ## ## Read directories of RPC file system pipes. diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if index ceab9818..321b9cad 100644 --- a/refpolicy/policy/modules/system/userdomain.if +++ b/refpolicy/policy/modules/system/userdomain.if @@ -1126,12 +1126,41 @@ template(`userdom_user_home_domtrans',` ######################################## ## -## Create, read, write, and delete symbolic links +## Do not audit attempts to list user home subdirectories. +## +## +##

+## Do not audit attempts to list user home subdirectories. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain to not audit +## +# +template(`userdom_dontaudit_list_user_home_dir',` + gen_require(` + type $1_home_dir_t; + ') + + dontaudit $2 $1_home_dir_t:dir r_dir_perms; +') + +######################################## +## +## Create, read, write, and delete directories ## in a user home subdirectory. ## ## ##

-## Create, read, write, and delete symbolic links +## Create, read, write, and delete directories ## in a user home subdirectory. ##

##

@@ -1180,7 +1209,7 @@ template(`userdom_manage_user_home_subdirs',` ## Domain allowed access. ## # -template(`userdom_dontauit_setattr_user_home_files',` +template(`userdom_dontaudit_setattr_user_home_files',` gen_require(` type $1_home_dir_t, $1_home_t; ') @@ -1216,17 +1245,47 @@ template(`userdom_read_user_home_files',` files_search_home($2) allow $2 $1_home_dir_t:dir search; - allow $2 $1_home_t:dir search; + allow $2 $1_home_t:dir search_dir_perms; allow $2 $1_home_t:file r_file_perms; ') ######################################## ##

-## Do not audit attempts to execute user home files. +## Do not audit attempts to read user home files. ## ## ##

-## Do not audit attempts to execute user home files. +## Do not audit attempts to read user home files. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain to not audit. +## +# +template(`userdom_dontaudit_read_user_home_files',` + gen_require(` + type $1_home_t; + ') + + dontaudit $2 $1_home_t:dir r_dir_perms; + dontaudit $2 $1_home_t:file r_file_perms; +') + +######################################## +## +## Read user home subdirectory symbolic links. +## +## +##

+## Read user home subdirectory symbolic links. ##

##

## This is a templated interface, and should only @@ -1241,12 +1300,15 @@ template(`userdom_read_user_home_files',` ## Domain allowed access. ## # -template(`userdom_dontauit_exec_user_home_files',` +template(`userdom_read_user_home_symlinks',` gen_require(` - type $1_home_t; + type $1_home_dir_t, $1_home_t; ') - dontaudit $2 $1_home_t:file execute; + files_search_home($2) + allow $2 $1_home_dir_t:dir search; + allow $2 $1_home_t:dir search; + allow $2 $1_home_t:lnk_file r_file_perms; ') ######################################## @@ -1281,6 +1343,35 @@ template(`userdom_exec_user_home_files',` can_exec($2,$1_home_t) ') +######################################## +##

+## Do not audit attempts to execute user home files. +## +## +##

+## Do not audit attempts to execute user home files. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain allowed access. +## +# +template(`userdom_dontaudit_exec_user_home_files',` + gen_require(` + type $1_home_t; + ') + + dontaudit $2 $1_home_t:file execute; +') + ######################################## ## ## Create, read, write, and delete files @@ -1502,6 +1593,162 @@ template(`userdom_write_user_tmp_sockets',` allow $2 $1_tmp_t:sock_file write; ') +######################################## +## +## List user temporary directories. +## +## +##

+## List user temporary directories. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain allowed access. +## +# +template(`userdom_list_user_tmp',` + gen_require(` + type $1_tmp_t; + ') + + files_search_tmp($2) + allow $2 $1_tmp_t:dir r_dir_perms; +') + +######################################## +## +## Do not audit attempts to list user +## temporary directories. +## +## +##

+## Do not audit attempts to list user +## temporary directories. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain to not audit. +## +# +template(`userdom_dontaudit_list_user_tmp',` + gen_require(` + type $1_tmp_t; + ') + + dontaudit $2 $1_tmp_t:dir r_dir_perms; +') + +######################################## +## +## Read user temporary files. +## +## +##

+## Read user temporary files. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain allowed access. +## +# +template(`userdom_read_user_tmp_files',` + gen_require(` + type $1_tmp_t; + ') + + files_search_tmp($2) + allow $2 $1_tmp_t:dir rw_dir_perms; + allow $2 $1_tmp_t:file r_file_perms; +') + +######################################## +## +## Do not audit attempts to read users +## temporary files. +## +## +##

+## Do not audit attempts to read users +## temporary files. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain to not audit. +## +# +template(`userdom_dontaudit_read_user_tmp_files',` + gen_require(` + type $1_tmp_t; + ') + + dontaudit $2 $1_tmp_t:file r_file_perms; +') + +######################################## +## +## Read user +## temporary symbolic links. +## +## +##

+## Read user +## temporary symbolic links. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain allowed access. +## +# +template(`userdom_read_user_tmp_symlinks',` + gen_require(` + type $1_tmp_t; + ') + + files_search_tmp($2) + allow $2 $1_tmp_t:dir rw_dir_perms; + allow $2 $1_tmp_t:lnk_file r_file_perms; +') + ######################################## ## ## Create, read, write, and delete user @@ -1666,6 +1913,308 @@ template(`userdom_manage_user_tmp_sockets',` allow $2 $1_tmp_t:sock_file create_file_perms; ') +######################################## +## +## List users untrusted directories. +## +## +##

+## List users untrusted directories. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain allowed access. +## +# +template(`userdom_list_user_untrusted_content',` + gen_require(` + type $1_untrusted_content_t; + ') + + allow $2 $1_untrusted_content_t:dir r_dir_perms; +') + +######################################## +## +## Do not audit attempts to list user +## untrusted directories. +## +## +##

+## Do not audit attempts to read user +## untrusted directories. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain to not audit. +## +# +template(`userdom_dontaudit_list_user_untrusted_content',` + gen_require(` + type $1_untrusted_content_t; + ') + + dontaudit $2 $1_untrusted_content_t:dir r_dir_perms; +') + +######################################## +## +## Read user untrusted files. +## +## +##

+## Read user untrusted files. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain allowed access. +## +# +template(`userdom_read_user_untrusted_content_files',` + gen_require(` + type $1_untrusted_content_t; + ') + + allow $2 $1_untrusted_content_t:dir rw_dir_perms; + allow $2 $1_untrusted_content_t:file r_file_perms; +') + +######################################## +## +## Do not audit attempts to read users +## untrusted files. +## +## +##

+## Do not audit attempts to read users +## untrusted files. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain to not audit. +## +# +template(`userdom_dontaudit_read_user_untrusted_content_files',` + gen_require(` + type $1_untrusted_content_t; + ') + + dontaudit $2 $1_untrusted_content_t:file r_file_perms; +') + +######################################## +## +## Read user untrusted symbolic links. +## +## +##

+## Read user untrusted symbolic links. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain allowed access. +## +# +template(`userdom_read_user_untrusted_content_symlinks',` + gen_require(` + type $1_untrusted_content_t; + ') + + allow $2 $1_untrusted_content_t:dir rw_dir_perms; + allow $2 $1_untrusted_content_t:lnk_file r_file_perms; +') + +######################################## +## +## List users temporary untrusted directories. +## +## +##

+## List users temporary untrusted directories. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain allowed access. +## +# +template(`userdom_list_user_tmp_untrusted_content',` + gen_require(` + type $1_untrusted_content_tmp_t; + ') + + allow $2 $1_untrusted_content_tmp_t:dir r_dir_perms; +') + +######################################## +## +## Do not audit attempts to list user +## temporary untrusted directories. +## +## +##

+## Do not audit attempts to list user +## temporary directories. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain to not audit. +## +# +template(`userdom_dontaudit_list_user_tmp_untrusted_content',` + gen_require(` + type $1_untrusted_content_tmp_t; + ') + + dontaudit $2 $1_untrusted_content_tmp_t:dir r_dir_perms; +') + +######################################## +## +## Read user temporary untrusted files. +## +## +##

+## Read user temporary untrusted files. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain allowed access. +## +# +template(`userdom_read_user_tmp_untrusted_content_files',` + gen_require(` + type $1_untrusted_content_tmp_t; + ') + + allow $2 $1_untrusted_content_tmp_t:dir rw_dir_perms; + allow $2 $1_untrusted_content_tmp_t:file r_file_perms; +') + +######################################## +## +## Do not audit attempts to read users +## temporary untrusted files. +## +## +##

+## Do not audit attempts to read users +## temporary untrusted files. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain to not audit. +## +# +template(`userdom_dontaudit_read_user_tmp_untrusted_content_files',` + gen_require(` + type $1_untrusted_content_tmp_t; + ') + + dontaudit $2 $1_untrusted_content_tmp_t:file r_file_perms; +') + +######################################## +## +## Read user temporary untrusted symbolic links. +## +## +##

+## Read user temporary untrusted symbolic links. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## Domain allowed access. +## +# +template(`userdom_read_user_tmp_untrusted_content_symlinks',` + gen_require(` + type $1_untrusted_content_tmp_t; + ') + + allow $2 $1_untrusted_content_tmp_t:dir rw_dir_perms; + allow $2 $1_untrusted_content_tmp_t:lnk_file r_file_perms; +') + ######################################## ## ## Read and write a user domain tty and pty. @@ -1834,7 +2383,7 @@ interface(`userdom_shell_domtrans_sysadm',` ## Search the staff users home directory. ## ## -## Domain to not audit. +## Domain allowed access. ## # interface(`userdom_search_staff_home_dir',`