# Content access macros

# FIXME: After nested booleans are supported, replace NFS/CIFS
# w/ read_network_home, and write_network_home macros from global

# FIXME: If true/false constant booleans are supported, replace
# ugly $3 ifdefs with if(true), if(false)...

# FIXME: Do we want write to imply read?

############################################################
# read_content(domain, role_prefix, bool_prefix)
#
# Allow the given domain to read content.
# Content may be trusted or untrusted,
# Reading anything is subject to a controlling boolean based on bool_prefix.
# Reading untrusted content is additionally subject to read_untrusted_content
# Reading default_t is additionally subject to read_default_t

define(`read_content', `

# Declare controlling boolean
ifelse($3, `', `', `
ifdef(`$3_read_content_defined', `', `
define(`$3_read_content_defined')
bool $3_read_content false;
') dnl ifdef 
') dnl ifelse

# Handle nfs home dirs
ifelse($3, `', 
`if (use_nfs_home_dirs) { ', 
`if ($3_read_content && use_nfs_home_dirs) {')
allow $1 { autofs_t home_root_t }:dir { read search getattr };
r_dir_file($1, nfs_t)
} else {
dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };
dontaudit $1 nfs_t:file r_file_perms;
dontaudit $1 nfs_t:dir r_dir_perms;
}

# Handle samba home dirs
ifelse($3, `',
`if (use_samba_home_dirs) { ',
`if ($3_read_content && use_samba_home_dirs) {')
allow $1 { autofs_t home_root_t }:dir { read search getattr };
r_dir_file($1, cifs_t)
} else {
dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };
dontaudit $1 cifs_t:file r_file_perms;
dontaudit $1 cifs_t:dir r_dir_perms;
}

# Handle removable media, /tmp, and /home
ifelse($3, `', `', 
`if ($3_read_content) {')
allow $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };
r_dir_file($1, { $2_tmp_t $2_home_t } )
ifdef(`mls_policy', `', `
r_dir_file($1, removable_t)
')

ifelse($3, `', `', 
`} else {
dontaudit $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };
dontaudit $1 { removable_t $2_tmp_t $2_home_t }:dir r_dir_perms;
dontaudit $1 { removable_t $2_tmp_t $2_home_t }:file r_file_perms;
}') 

# Handle default_t content
ifelse($3, `',
`if (read_default_t) { ',
`if ($3_read_content && read_default_t) {')
r_dir_file($1, default_t)
} else {
dontaudit $1 default_t:file r_file_perms;
dontaudit $1 default_t:dir r_dir_perms;
} 

# Handle untrusted content
ifelse($3, `',
`if (read_untrusted_content) { ',
`if ($3_read_content && read_untrusted_content) {')
allow $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };
r_dir_file($1, { $2_untrusted_content_t $2_untrusted_content_tmp_t })
} else {
dontaudit $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };
dontaudit $1 { $2_untrusted_content_t $2_untrusted_content_tmp_t }:dir r_dir_perms;
dontaudit $1 { $2_untrusted_content_t $2_untrusted_content_tmp_t }:file r_file_perms;
}
') dnl read_content

#################################################
# write_trusted(domain, role_prefix, bool_prefix)
#
# Allow the given domain to write trusted content.
# This is subject to a controlling boolean based
# on bool_prefix.

define(`write_trusted', `

# Declare controlling boolean
ifelse($3, `', `', `
ifdef(`$3_write_content_defined', `', `
define(`$3_write_content_defined')
bool $3_write_content false;
') dnl ifdef
') dnl ifelse

# Handle nfs homedirs
ifelse($3, `',
`if (use_nfs_home_dirs) { ',
`if ($3_write_content && use_nfs_home_dirs) {')
allow $1 { autofs_t home_root_t }:dir { read search getattr };
create_dir_file($1, nfs_t)
} else {
dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };
dontaudit $1 nfs_t:file create_file_perms;
dontaudit $1 nfs_t:dir create_dir_perms;
}

# Handle samba homedirs
ifelse($3, `',
`if (use_samba_home_dirs) { ',
`if ($3_write_content && use_samba_home_dirs) {')
allow $1 { autofs_t home_root_t }:dir { read search getattr };
create_dir_file($1, cifs_t)
} else {
dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };
dontaudit $1 cifs_t:file create_file_perms;
dontaudit $1 cifs_t:dir create_dir_perms;
}

# Handle /tmp and /home
ifelse($3, `', `', 
`if ($3_write_content) {') 
allow $1 home_root_t:dir { read getattr search };
file_type_auto_trans($1, tmp_t, $2_tmp_t, { dir file });
file_type_auto_trans($1, $2_home_dir_t, $2_home_t, { dir file });
ifelse($3, `', `', 
`} else {
dontaudit $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };
dontaudit $1 { $2_tmp_t $2_home_t }:file create_file_perms;
dontaudit $1 { $2_tmp_t $2_home_t }:dir create_dir_perms;
}')

') dnl write_trusted

#########################################
# write_untrusted(domain, role_prefix)
#
# Allow the given domain to write untrusted content. 
# This is subject to the global boolean write_untrusted.

define(`write_untrusted', `

# Handle nfs homedirs
if (write_untrusted_content && use_nfs_home_dirs) {
allow $1 { autofs_t home_root_t }:dir { read search getattr };
create_dir_file($1, nfs_t)
} else {
dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };
dontaudit $1 nfs_t:file create_file_perms;
dontaudit $1 nfs_t:dir create_dir_perms;
}

# Handle samba homedirs
if (write_untrusted_content && use_samba_home_dirs) {
allow $1 { autofs_t home_root_t }:dir { read search getattr };
create_dir_file($1, cifs_t)
} else {
dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };
dontaudit $1 cifs_t:file create_file_perms;
dontaudit $1 cifs_t:dir create_dir_perms;
}

# Handle /tmp and /home
if (write_untrusted_content) {
allow $1 home_root_t:dir { read getattr search };
file_type_auto_trans($1, { tmp_t $2_tmp_t }, $2_untrusted_content_tmp_t, { dir file })
file_type_auto_trans($1, { $2_home_dir_t $2_home_t }, $2_untrusted_content_t, { dir file })
} else {
dontaudit $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };
dontaudit $1 { $2_tmp_t $2_home_t }:file create_file_perms;
dontaudit $1 { $2_tmp_t $2_home_t }:dir create_dir_perms;
}

') dnl write_untrusted