From a2868f6eae01369d18f52aa4b81c9f95f237849a Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Wed, 28 Sep 2005 19:07:22 +0000 Subject: [PATCH] start adding secure_file_type implementation --- refpolicy/policy/modules/services/bind.te | 4 +- refpolicy/policy/modules/services/kerberos.te | 4 +- refpolicy/policy/modules/system/files.if | 140 +++++++++++++++++- refpolicy/policy/modules/system/files.te | 4 + refpolicy/policy/modules/system/logging.te | 8 +- refpolicy/policy/modules/system/userdomain.if | 12 +- 6 files changed, 160 insertions(+), 12 deletions(-) diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te index 4a6af133..b853c527 100644 --- a/refpolicy/policy/modules/services/bind.te +++ b/refpolicy/policy/modules/services/bind.te @@ -7,8 +7,8 @@ policy_module(bind,1.0) # # for DNSSEC key files -type dnssec_t; #, secure_file_type; -files_type(dnssec_t) +type dnssec_t; +files_security_file(dnssec_t) type named_t; type named_exec_t; diff --git a/refpolicy/policy/modules/services/kerberos.te b/refpolicy/policy/modules/services/kerberos.te index 27fac589..67014654 100644 --- a/refpolicy/policy/modules/services/kerberos.te +++ b/refpolicy/policy/modules/services/kerberos.te @@ -23,8 +23,8 @@ type krb5_conf_t; files_type(krb5_conf_t) # types for general configuration files in /etc -type krb5_keytab_t; #, secure_file_type; -files_type(krb5_keytab_t) +type krb5_keytab_t; +files_security_file(krb5_keytab_t) # types for KDC configs and principal file(s) type krb5kdc_conf_t; diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if index f59f4850..c0910e88 100644 --- a/refpolicy/policy/modules/system/files.if +++ b/refpolicy/policy/modules/system/files.if @@ -151,6 +151,26 @@ interface(`files_poly_member_tmp',` type_member $1 tmp_t:dir $2; ') +######################################## +## +## Make the specified type a file that +## should not be dontaudited from +## browsing from user domains. +## +## +## Type of the file to be used as a +## member directory. +## +# +interface(`files_security_file',` + gen_require(` + attribute security_file_type; + ') + + files_type($1) + typeattribute $1 security_file_type; +') + ######################################## ## ## Make the specified type a file @@ -245,6 +265,23 @@ interface(`files_list_all_dirs',` allow $1 file_type:dir r_dir_perms; ') +######################################## +## +## Do not audit attempts to list all +## non security directories. +## +## +## Domain to not audit. +## +# +interface(`files_dontaudit_list_non_security',` + gen_require(` + attribute file_type, security_file_type; + ') + + dontaudit $1 { file_type -security_file_type }:dir r_dir_perms; +') + ######################################## ## ## Get the attributes of all files. @@ -276,12 +313,28 @@ interface(`files_getattr_all_files',` interface(`files_dontaudit_getattr_all_files',` gen_require(` attribute file_type; - class file getattr; ') dontaudit $1 file_type:file getattr; ') +######################################## +## +## Do not audit attempts to get the attributes +## of non security files. +## +## +## Domain to not audit. +## +# +interface(`files_dontaudit_getattr_non_security_files',` + gen_require(` + attribute file_type, security_file_type; + ') + + dontaudit $1 { file_type -security_file_type }:file getattr; +') + ######################################## ## ## Read all files. @@ -342,6 +395,57 @@ interface(`files_dontaudit_getattr_all_symlinks',` dontaudit $1 file_type:lnk_file getattr; ') +######################################## +## +## Do not audit attempts to get the attributes +## of non security symbolic links. +## +## +## Domain to not audit. +## +# +interface(`files_dontaudit_getattr_non_security_symlinks',` + gen_require(` + attribute file_type, security_file_type; + ') + + dontaudit $1 { file_type -security_file_type }:lnk_file getattr; +') + +######################################## +## +## Do not audit attempts to get the attributes +## of non security block devices. +## +## +## Domain to not audit. +## +# +interface(`files_dontaudit_getattr_non_security_blk_dev',` + gen_require(` + attribute file_type, security_file_type; + ') + + dontaudit $1 { file_type -security_file_type }:blk_file getattr; +') + +######################################## +## +## Do not audit attempts to get the attributes +## of non security character devices. +## +## +## Domain to not audit. +## +# +interface(`files_dontaudit_getattr_non_security_chr_dev',` + gen_require(` + attribute file_type, security_file_type; + ') + + dontaudit $1 { file_type -security_file_type }:chr_file getattr; +') + ######################################## ## ## Read all symbolic links. @@ -398,6 +502,23 @@ interface(`files_dontaudit_getattr_all_pipes',` dontaudit $1 file_type:fifo_file getattr; ') +######################################## +## +## Do not audit attempts to get the attributes +## of non security named pipes. +## +## +## Domain to not audit. +## +# +interface(`files_dontaudit_getattr_non_security_pipes',` + gen_require(` + attribute file_type, security_file_type; + ') + + dontaudit $1 { file_type -security_file_type }:fifo_file getattr; +') + ######################################## ## ## Get the attributes of all named sockets. @@ -435,6 +556,23 @@ interface(`files_dontaudit_getattr_all_sockets',` dontaudit $1 file_type:sock_file getattr; ') +######################################## +## +## Do not audit attempts to get the attributes +## of non security named sockets. +## +## +## Domain to not audit. +## +# +interface(`files_dontaudit_getattr_non_security_sockets',` + gen_require(` + attribute file_type, security_file_type; + ') + + dontaudit $1 { file_type -security_file_type }:sock_file getattr; +') + ######################################## ## ## Relabel all files on the filesystem, except diff --git a/refpolicy/policy/modules/system/files.te b/refpolicy/policy/modules/system/files.te index 281fac46..3545494a 100644 --- a/refpolicy/policy/modules/system/files.te +++ b/refpolicy/policy/modules/system/files.te @@ -22,6 +22,10 @@ attribute polyparent; # And labeling for the member directories attribute polymember; +# sensitive security files whose accesses should +# not be dontaudited for uses +attribute security_file_type; + attribute tmpfile; attribute tmpfsfile; diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te index cdc5495c..d23c918e 100644 --- a/refpolicy/policy/modules/system/logging.te +++ b/refpolicy/policy/modules/system/logging.te @@ -13,11 +13,11 @@ type auditctl_exec_t; init_system_domain(auditctl_t,auditctl_exec_t) role system_r types auditctl_t; -type auditd_etc_t; #, secure_file_type; -files_type(auditd_etc_t) +type auditd_etc_t; +files_security_file(auditd_etc_t) -type auditd_log_t; # secure_file_type; -files_type(auditd_log_t) +type auditd_log_t; +files_security_file(auditd_log_t) type auditd_t; type auditd_exec_t; diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if index 0950c76e..8ccac59c 100644 --- a/refpolicy/policy/modules/system/userdomain.if +++ b/refpolicy/policy/modules/system/userdomain.if @@ -212,6 +212,14 @@ template(`base_user_template',` files_exec_etc_files($1_t) files_read_usr_src_files($1_t) files_search_locks($1_t) + # old broswer_domain(): + files_dontaudit_list_non_security($1_t) + files_dontaudit_getattr_non_security_files($1_t) + files_dontaudit_getattr_non_security_symlinks($1_t) + files_dontaudit_getattr_non_security_pipes($1_t) + files_dontaudit_getattr_non_security_sockets($1_t) + files_dontaudit_getattr_non_security_blk_dev($1_t) + files_dontaudit_getattr_non_security_chr_dev($1_t) # Caused by su - init scripts init_dontaudit_use_script_pty($1_t) @@ -385,9 +393,7 @@ template(`base_user_template',` allow $1_t fs_type:dir getattr; - dontaudit $1 file_type - secure_file_type:dir_file_class_set getattr; - dontaudit $1 file_type - secure_file_type:dir search; - dontaudit $1 file_type - secure_file_type:dir read; + # old browser_domain(): dontaudit $1 unlabeled_t:dir_file_class_set getattr; dontaudit $1 unlabeled_t:dir search; dontaudit $1 unlabeled_t:dir read;