162 lines
4.3 KiB
Plaintext
162 lines
4.3 KiB
Plaintext
#
|
|
# Macros for X client programs ($2 etc)
|
|
#
|
|
|
|
#
|
|
# Author: Russell Coker <russell@coker.com.au>
|
|
# Based on the work of Stephen Smalley <sds@epoch.ncsc.mil>
|
|
# and Timothy Fraser
|
|
#
|
|
|
|
define(`xsession_domain', `
|
|
|
|
# Connect to xserver
|
|
can_unix_connect($1_t, $2_xserver_t)
|
|
|
|
# /tmp/.ICE_unix
|
|
allow $1_t $2_xserver_tmp_t:dir search;
|
|
allow $1_t $2_xserver_tmp_t:sock_file rw_file_perms;
|
|
|
|
# Stat /tmp/.X0-lock
|
|
allow $1_t $2_xserver_tmp_t:file getattr;
|
|
|
|
# Signal Xserver
|
|
allow $1_t $2_xserver_t:process signal;
|
|
|
|
# Use file descriptors created by each other.
|
|
allow $1_t $2_xserver_t:fd use;
|
|
allow $2_xserver_t $1_t:fd use;
|
|
|
|
# Xserver read/write parent shm
|
|
allow $2_xserver_t $1_t:shm rw_shm_perms;
|
|
allow $2_xserver_t $1_tmpfs_t:file rw_file_perms;
|
|
|
|
# Parent read xserver shm
|
|
allow $1_t $2_xserver_t:shm r_shm_perms;
|
|
allow $1_t $2_xserver_tmpfs_t:file r_file_perms;
|
|
')
|
|
|
|
#
|
|
# x_client_domain(domain_prefix)
|
|
#
|
|
# Define a derived domain for an X program when executed by
|
|
# a user domain.
|
|
#
|
|
# The type declaration for the executable type for this program ($2_exec_t)
|
|
# must be provided separately!
|
|
#
|
|
# The first parameter is the base name for the domain/role (EG user or sysadm)
|
|
# The second parameter is the program name (EG $2)
|
|
# The third parameter is the attributes for the domain (if any)
|
|
#
|
|
define(`x_client_domain',`
|
|
# Derived domain based on the calling user domain and the program.
|
|
type $1_$2_t, domain, nscd_client_domain $3;
|
|
|
|
ifelse(index(`$3', `transitionbool'), -1, `
|
|
domain_auto_trans($1_t, $2_exec_t, $1_$2_t)
|
|
can_exec($1_$2_t, $2_exec_t)
|
|
', `
|
|
# Only do it once
|
|
ifelse($1, user, `
|
|
bool disable_$2 false;
|
|
')
|
|
# Transition from the user domain to the derived domain.
|
|
if (! disable_$2) {
|
|
domain_auto_trans($1_t, $2_exec_t, $1_$2_t)
|
|
can_exec($1_$2_t, $2_exec_t)
|
|
}
|
|
')
|
|
|
|
# The user role is authorized for this domain.
|
|
role $1_r types $1_$2_t;
|
|
|
|
# This domain is granted permissions common to most domains (including can_net)
|
|
can_network($1_$2_t)
|
|
can_ypbind($1_$2_t)
|
|
allow $1_$2_t self:process { fork signal_perms getsched };
|
|
allow $1_$2_t self:unix_dgram_socket create_socket_perms;
|
|
allow $1_$2_t self:unix_stream_socket { connectto create_stream_socket_perms };
|
|
allow $1_$2_t self:fifo_file rw_file_perms;
|
|
allow $1_$2_t etc_runtime_t:file { getattr read };
|
|
allow $1_$2_t etc_t:lnk_file read;
|
|
allow $1_$2_t fs_t:filesystem getattr;
|
|
access_terminal($1_$2_t, $1)
|
|
read_locale($1_$2_t)
|
|
r_dir_file($1_$2_t, readable_t)
|
|
allow $1_$2_t proc_t:dir search;
|
|
allow $1_$2_t proc_t:lnk_file read;
|
|
allow $1_$2_t self:dir search;
|
|
allow $1_$2_t self:lnk_file read;
|
|
read_sysctl($1_$2_t)
|
|
|
|
ifdef(`xauth.te',`
|
|
allow $1_$2_t $1_xauth_home_t:file { getattr read };
|
|
')
|
|
|
|
# Allow the user domain to send any signal to the $2 process.
|
|
allow $1_t $1_$2_t:process signal_perms;
|
|
|
|
# Allow the user domain to read the /proc/PID directory for
|
|
# the $2 process.
|
|
allow $1_t $1_$2_t:dir r_dir_perms;
|
|
allow $1_t $1_$2_t:notdevfile_class_set r_file_perms;
|
|
|
|
# Allow use of /dev/zero by ld.so.
|
|
allow $1_$2_t device_t:dir search;
|
|
allow $1_$2_t zero_device_t:chr_file rw_file_perms;
|
|
allow $1_$2_t zero_device_t:chr_file x_file_perms;
|
|
|
|
# allow using shared libraries and running programs
|
|
uses_shlib($1_$2_t)
|
|
allow $1_$2_t { bin_t sbin_t }:dir search;
|
|
allow $1_$2_t bin_t:lnk_file read;
|
|
can_exec($1_$2_t, { shell_exec_t bin_t })
|
|
allow $1_$2_t etc_t:file { getattr read };
|
|
|
|
# Inherit and use descriptors from gnome-pty-helper.
|
|
ifdef(`gnome-pty-helper.te', `allow $1_$2_t $1_gph_t:fd use;')
|
|
allow $1_$2_t privfd:fd use;
|
|
|
|
# for .xsession-errors
|
|
dontaudit $1_$2_t $1_home_t:file write;
|
|
|
|
# for X over a ssh tunnel
|
|
ifdef(`ssh.te', `
|
|
can_tcp_connect($1_$2_t, sshd_t)
|
|
')
|
|
|
|
# Read the home directory, e.g. for .Xauthority and to get to config files
|
|
allow $1_$2_t home_root_t:dir { search getattr };
|
|
|
|
# Use a separate type for tmpfs/shm pseudo files.
|
|
tmpfs_domain($1_$2)
|
|
|
|
allow $1_$2_t self:shm create_shm_perms;
|
|
|
|
# allow X client to read all font files
|
|
r_dir_file($1_$2_t, fonts_t)
|
|
|
|
# Allow connections to X server.
|
|
ifdef(`xserver.te', `
|
|
allow $1_$2_t tmp_t:dir search;
|
|
|
|
ifdef(`xdm.te', `
|
|
xsession_domain($1_$2, xdm)
|
|
|
|
# for when /tmp/.X11-unix is created by the system
|
|
allow $1_$2_t xdm_t:fifo_file rw_file_perms;
|
|
allow $1_$2_t xdm_tmp_t:dir search;
|
|
allow $1_$2_t xdm_tmp_t:sock_file { read write };
|
|
allow $1_$2_t xdm_t:fd use;
|
|
dontaudit $1_$2_t xdm_t:tcp_socket { read write };
|
|
')
|
|
|
|
ifdef(`startx.te', `
|
|
xsession_domain($1_$2, $1)
|
|
')dnl end startx
|
|
|
|
')dnl end xserver
|
|
|
|
')dnl end x_client macro
|