## <summary>Policy for cdrecord</summary> ####################################### ## <summary> ## The per user domain template for the cdrecord module. ## </summary> ## <desc> ## <p> ## This template creates derived domains which are used ## for cdrecord. ## </p> ## <p> ## This template is invoked automatically for each user, and ## generally does not need to be invoked directly ## by policy writers. ## </p> ## </desc> ## <param name="userdomain_prefix"> ## <summary> ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## </summary> ## </param> ## <param name="user_domain"> ## <summary> ## The type of the user domain. ## </summary> ## </param> ## <param name="user_role"> ## <summary> ## The role associated with the user domain. ## </summary> ## </param> # template(`cdrecord_per_userdomain_template', ` gen_require(` type cdrecord_exec_t; ') ######################################## # # Declarations # type $1_cdrecord_t; domain_type($1_cdrecord_t) domain_entry_file($1_cdrecord_t,cdrecord_exec_t) role $3 types $1_cdrecord_t; ######################################## # # Local policy # allow $1_cdrecord_t self:capability { ipc_lock sys_nice setuid dac_override sys_rawio }; allow $1_cdrecord_t self:process { getsched setsched sigkill }; allow $1_cdrecord_t self:unix_dgram_socket create_socket_perms; allow $1_cdrecord_t self:unix_stream_socket create_stream_socket_perms; allow $1_cdrecord_t $2:unix_stream_socket { getattr read write ioctl }; # allow ps to show cdrecord and allow the user to kill it allow $2 $1_cdrecord_t:dir { search getattr read }; allow $2 $1_cdrecord_t:{ file lnk_file } { read getattr }; allow $2 $1_cdrecord_t:process getattr; #We need to suppress this denial because procps #tries to access /proc/pid/environ and this now #triggers a ptrace check in recent kernels # (2.4 and 2.6). Might want to change procps #to not do this, or only if running in a privileged domain. dontaudit $2 $1_cdrecord_t:process ptrace; allow $2 $1_cdrecord_t:process signal; # Transition from the user domain to the derived domain. domain_auto_trans($2, cdrecord_exec_t, $1_cdrecord_t) allow $2 $1_cdrecord_t:fd use; allow $1_cdrecord_t $2:fd use; allow $1_cdrecord_t $2:fifo_file rw_file_perms; allow $1_cdrecord_t $2:process sigchld; # allow searching for cdrom-drive dev_list_all_dev_nodes($1_cdrecord_t) domain_interactive_fd($1_cdrecord_t) domain_use_interactive_fds($1_cdrecord_t) files_read_etc_files($1_cdrecord_t) term_use_controlling_term($1_cdrecord_t) term_list_ptys($1_cdrecord_t) # allow cdrecord to write the CD storage_raw_write_removable_device($1_cdrecord_t) storage_write_scsi_generic($1_cdrecord_t) libs_use_ld_so($1_cdrecord_t) libs_use_shared_libs($1_cdrecord_t) logging_send_syslog_msg($1_cdrecord_t) miscfiles_read_localization($1_cdrecord_t) # write to the user domain tty. userdom_use_user_terminals($1,$1_cdrecord_t) userdom_use_user_terminals($1,$2) userdom_read_user_home_content_files($1,$1_cdrecord_t) # Handle nfs home dirs tunable_policy(`cdrecord_read_content && use_nfs_home_dirs',` fs_list_auto_mountpoints($1_cdrecord_t) files_list_home($1_cdrecord_t) fs_read_nfs_files($1_cdrecord_t) fs_read_nfs_symlinks($1_cdrecord_t) ',` files_dontaudit_list_home($1_cdrecord_t) fs_dontaudit_list_auto_mountpoints($1_cdrecord_t) fs_dontaudit_read_nfs_files($1_cdrecord_t) fs_dontaudit_list_nfs($1_cdrecord_t) ') # Handle samba home dirs tunable_policy(`cdrecord_read_content && use_samba_home_dirs',` fs_list_auto_mountpoints($1_cdrecord_t) files_list_home($1_cdrecord_t) fs_read_cifs_files($1_cdrecord_t) fs_read_cifs_symlinks($1_cdrecord_t) ',` files_dontaudit_list_home($1_cdrecord_t) fs_dontaudit_list_auto_mountpoints($1_cdrecord_t) fs_dontaudit_read_cifs_files($1_cdrecord_t) fs_dontaudit_list_cifs($1_cdrecord_t) ') # Handle removable media, /tmp, and /home tunable_policy(`cdrecord_read_content',` userdom_list_user_tmp($1,$1_cdrecord_t) userdom_read_user_tmp_files($1,$1_cdrecord_t) userdom_read_user_tmp_symlinks($1,$1_cdrecord_t) userdom_search_user_home_dirs($1,$1_cdrecord_t) userdom_read_user_home_content_files($1,$1_cdrecord_t) userdom_read_user_home_content_symlinks($1,$1_cdrecord_t) ifdef(`enable_mls',` ',` fs_search_removable($1_cdrecord_t) fs_read_removable_files($1_cdrecord_t) fs_read_removable_symlinks($1_cdrecord_t) ') ',` files_dontaudit_list_tmp($1_cdrecord_t) files_dontaudit_list_home($1_cdrecord_t) fs_dontaudit_list_removable($1_cdrecord_t) fs_donaudit_read_removable_files($1_cdrecord_t) userdom_dontaudit_list_user_tmp($1,$1_cdrecord_t) userdom_dontaudit_read_user_tmp_files($1,$1_cdrecord_t) userdom_dontaudit_list_user_home_dirs($1,$1_cdrecord_t) userdom_dontaudit_read_user_home_content_files($1,$1_cdrecord_t) ') # Handle default_t content tunable_policy(`cdrecord_read_content && read_default_t',` files_list_default($1_cdrecord_t) files_read_default_files($1_cdrecord_t) files_read_default_symlinks($1_cdrecord_t) ',` files_dontaudit_read_default_files($1_cdrecord_t) files_dontaudit_list_default($1_cdrecord_t) ') # Handle untrusted content tunable_policy(`cdrecord_read_content && read_untrusted_content',` files_list_tmp($1_cdrecord_t) files_list_home($1_cdrecord_t) userdom_search_user_home_dirs($1,$1_cdrecord_t) userdom_list_user_untrusted_content($1,$1_cdrecord_t) userdom_read_user_untrusted_content_files($1,$1_cdrecord_t) userdom_read_user_untrusted_content_symlinks($1,$1_cdrecord_t) userdom_list_user_tmp_untrusted_content($1,$1_cdrecord_t) userdom_read_user_tmp_untrusted_content_files($1,$1_cdrecord_t) userdom_read_user_tmp_untrusted_content_symlinks($1,$1_cdrecord_t) ',` files_dontaudit_list_tmp($1_cdrecord_t) files_dontaudit_list_home($1_cdrecord_t) userdom_dontaudit_list_user_home_dirs($1,$1_cdrecord_t) userdom_dontaudit_list_user_untrusted_content($1,$1_cdrecord_t) userdom_dontaudit_read_user_untrusted_content_files($1,$1_cdrecord_t) userdom_dontaudit_list_user_tmp_untrusted_content($1,$1_cdrecord_t) userdom_dontaudit_read_user_tmp_untrusted_content_files($1,$1_cdrecord_t) ') tunable_policy(`use_nfs_home_dirs',` files_search_mnt($1_cdrecord_t) fs_read_nfs_files($1_cdrecord_t) fs_read_nfs_symlinks($1_cdrecord_t) ') optional_policy(` resmgr_stream_connect($1_cdrecord_t) ') ')