Merge branch 'master' of http://oss.tresys.com/git/refpolicy

Conflicts: policy/modules/kernel/domain.if policy/modules/services/xserver.te
2010-09-01 14:11:18 -04:00 · 2010-09-01 14:11:18 -04:00 · cbadf720ba
commit cbadf720ba
parent 02fb4a01f1 785ee7988c
10 changed files with 97 additions and 11 deletions
--- a/1
+++ b/1
@ -1,3 +1,4 @@
+- Conditional mmap_zero support from Dominick Grift.
 - Added devtmpfs support.
 - Dbadm updates from KaiGai Kohei.
 - Virtio disk file context update from Mika Pfluger.
--- a/policy/modules/admin/vbetool.te
+++ b/policy/modules/admin/vbetool.te
@ -1,10 +1,17 @@
-policy_module(vbetool, 1.5.1)
+policy_module(vbetool, 1.5.2)

 ########################################
 #
 # Declarations
 #

+## <desc>
+## <p>
+##	Ignore vbetool mmap_zero errors.
+## </p>
+## </desc>
+gen_tunable(vbetool_mmap_zero_ignore, false)
+
 type vbetool_t;
 type vbetool_exec_t;
 init_system_domain(vbetool_t, vbetool_exec_t)
@ -36,6 +43,10 @@ term_use_unallocated_ttys(vbetool_t)

 miscfiles_read_localization(vbetool_t)

+tunable_policy(`vbetool_mmap_zero_ignore',`
+	dontaudit vbetool_t self:memprotect mmap_zero;
+')
+
 optional_policy(`
 	hal_rw_pid_files(vbetool_t)
 	hal_write_log(vbetool_t)
--- a/policy/modules/apps/wine.if
+++ b/policy/modules/apps/wine.if
@ -116,6 +116,10 @@ template(`wine_role_template',`
 		dontaudit $1_wine_t self:memprotect mmap_zero;
 	')

+	tunable_policy(`wine_mmap_zero_ignore',`
+		dontaudit $1_wine_t self:memprotect mmap_zero;
+	')
+
 	optional_policy(`
 		xserver_role($1_r, $1_wine_t)
 	')
--- a/policy/modules/apps/wine.te
+++ b/policy/modules/apps/wine.te
@ -1,4 +1,4 @@
-policy_module(wine, 1.7.1)
+policy_module(wine, 1.7.2)

 ## <desc>
 ## <p>
@ -13,6 +13,13 @@ gen_tunable(wine_mmap_zero_ignore, false)
 # Declarations
 #

+## <desc>
+## <p>
+##	Ignore wine mmap_zero errors.
+## </p>
+## </desc>
+gen_tunable(wine_mmap_zero_ignore, false)
+
 type wine_t;
 type wine_exec_t;
 application_domain(wine_t, wine_exec_t)
@ -49,6 +56,10 @@ files_execmod_all_files(wine_t)

 userdom_use_user_terminals(wine_t)

+tunable_policy(`wine_mmap_zero_ignore',`
+	dontaudit wine_t self:memprotect mmap_zero;
+')
+
 optional_policy(`
 	hal_dbus_chat(wine_t)
 ')
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@ -1361,23 +1361,53 @@ interface(`domain_entry_file_spec_domtrans',`

 ########################################
 ## <summary>
-##	Ability to mmap a low area of the address space,
-##	as configured by /proc/sys/kernel/mmap_min_addr.
+##	Ability to mmap a low area of the address
+##	space conditionally, as configured by
+##	/proc/sys/kernel/mmap_min_addr.
 ##	Preventing such mappings helps protect against
 ##	exploiting null deref bugs in the kernel.
 ## </summary>
 ## <param name="domain">
-##	<summary>
+## <summary>
 ##	Domain allowed access.
-##	</summary>
+## </summary>
 ## </param>
 #
-interface(`domain_mmap_low_type',`
+interface(`domain_mmap_low',`
+	gen_require(`
+		attribute mmap_low_domain_type;
+		bool mmap_low_allowed;
+	')
+
+	typeattribute $1 mmap_low_domain_type;
+
+	if ( mmap_low_allowed ) {
+		allow $1 self:memprotect mmap_zero;
+	}
+')
+
+########################################
+## <summary>
+##	Ability to mmap a low area of the address
+##	space unconditionally, as configured
+##	by /proc/sys/kernel/mmap_min_addr.
+##	Preventing such mappings helps protect against
+##	exploiting null deref bugs in the kernel.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`domain_mmap_low_uncond',`
 	gen_require(`
 		attribute mmap_low_domain_type;
 	')

 	typeattribute $1 mmap_low_domain_type;
+
+	allow $1 self:memprotect mmap_zero;
 ')

 ########################################
--- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te
@ -1,4 +1,4 @@
-policy_module(domain, 1.8.0)
+policy_module(domain, 1.8.1)

 ########################################
 #
@ -20,6 +20,14 @@ gen_tunable(allow_domain_fd_use, true)
 #
 gen_tunable(domain_kernel_load_modules, false)

+## <desc>
+## <p>
+##	Control the ability to mmap a low area of the address space,
+##	as configured by /proc/sys/kernel/mmap_min_addr.
+## </p>
+## </desc>
+gen_tunable(mmap_low_allowed, false)
+
 # Mark process types as domains
 attribute domain;

--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@ -716,6 +716,26 @@ interface(`kernel_rw_debugfs',`
 	list_dirs_pattern($1, debugfs_t, debugfs_t)
 ')

+########################################
+## <summary>
+##	Manage information from the debugging filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`kernel_manage_debugfs',`
+	gen_require(`
+		type debugfs_t;
+	')
+
+	manage_files_pattern($1, debugfs_t, debugfs_t)
+	read_lnk_files_pattern($1, debugfs_t, debugfs_t)
+	list_dirs_pattern($1, debugfs_t, debugfs_t)
+')
+
 ########################################
 ## <summary>
 ##	Mount a kernel VM filesystem.
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@ -1,4 +1,4 @@
-policy_module(xserver, 3.4.1)
+policy_module(xserver, 3.4.2)

 gen_require(`
 	class x_drawable all_x_drawable_perms;
@ -1031,6 +1031,7 @@ xserver_use_user_fonts(xserver_t)

 ifndef(`distro_redhat',`
 	allow xserver_t self:process { execmem execheap execstack };
+	domain_mmap_low_uncond(xserver_t)
 ')

 ifdef(`distro_rhel4',`
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@ -81,7 +81,7 @@ kernel_unmount_unlabeled(mount_t)
 kernel_read_system_state(mount_t)
 kernel_read_network_state(mount_t)
 kernel_read_kernel_sysctls(mount_t)
-kernel_rw_debugfs(mount_t)
+kernel_manage_debugfs(mount_t)
 kernel_setsched(mount_t)
 kernel_use_fds(mount_t)
 kernel_request_load_module(mount_t)
--- a/policy/modules/system/unconfined.if
+++ b/policy/modules/system/unconfined.if
@ -45,7 +45,7 @@ interface(`unconfined_domain_noaudit',`
 	fs_unconfined($1)
 	selinux_unconfined($1)

-	domain_mmap_low_type($1)
+	domain_mmap_low($1)

 	mls_file_read_all_levels($1)