selinux-policy/strict/domains/program/unused/seuser.te
2005-04-29 17:45:15 +00:00

149 lines
5.1 KiB
Plaintext

#DESC SE Linux User Manager (seuser)
#DEPENDS checkpolicy.te load_policy.te
#
# Authors: don.patterson@tresys.com, mayerf@tresys.com
# Additions: wsalamon@tislabs.com, dac@tresys.com
#
#################################
#
# Rules for the seuser_t domain.
#
# seuser_t is the domain of the seuser application when it is executed.
# seuser_conf_t is the type of the seuser configuration file.
# seuser_exec_t is the type of the seuser executable.
# seuser_tmp_t is the type of the temporary file(s) created by seuser.
#
##############################################
# Define types, and typical rules including
# access to execute and transition
##############################################
# Defined seuser types
type seuser_t, domain, privhome ;
type seuser_conf_t, file_type, sysadmfile ;
type seuser_exec_t, file_type, sysadmfile, exec_type ;
tmp_domain(seuser)
# Authorize roles
role sysadm_r types seuser_t ;
# Allow sysadm_t to run with privilege
domain_auto_trans(sysadm_t, seuser_exec_t, seuser_t)
# Grant the new domain permissions to many common operations
# FIX: Should be more resticted than this.
#every_domain(seuser_t)
allow seuser_t self:process { fork sigchld };
allow seuser_t self:fifo_file read;
allow seuser_t self:unix_stream_socket {create connect};
allow seuser_t self:dir search;
allow seuser_t self:file { read getattr };
allow seuser_t etc_t:dir search;
allow seuser_t etc_t:{lnk_file file} { read getattr};
read_locale(seuser_t)
allow seuser_t { var_run_t var_t}:dir search;
uses_shlib(seuser_t)
allow seuser_t devtty_t:chr_file {read write };
allow seuser_t proc_t:dir search;
allow seuser_t proc_t:{lnk_file file} { getattr read };
allow seuser_t root_t:dir search;
allow seuser_t staff_home_dir_t:dir search;
allow seuser_t home_root_t:dir { getattr search };
allow seuser_t staff_home_dir_t:dir getattr;
allow seuser_t default_t:file {read getattr};
allow seuser_t bin_t:dir { getattr search read} ;
allow seuser_t bin_t:lnk_file { read getattr };
allow seuser_t sbin_t:dir search;
# Inherit and use descriptors from login.
allow seuser_t privfd:fd use;
###############################################
# Use capabilities to self
allow seuser_t self:capability { dac_override setuid setgid } ;
# Grant the seuser domain ability to change passwords for a user.
allow seuser_t self:passwd { passwd chfn chsh } ;
# Read permissions for seuser.conf file
allow seuser_t seuser_conf_t:file r_file_perms ;
###################################################################
# Policy section: Define the ability to change and load policies
###################################################################
# seuser_t domain needs to transition to the checkpolicy and loadpolicy
# domains in order to install and load new policies.
domain_auto_trans(seuser_t, checkpolicy_exec_t, checkpolicy_t)
domain_auto_trans(seuser_t, load_policy_exec_t, load_policy_t)
# allow load_policy and checkpolicy domains access to seuser_tmp_t
# files in order for their stdout/stderr able to be put into
# seuser's tmp files.
#
# Since both these domains carefully try to limit where the
# assoicated program can read from, we won't use the standard
# rw_file_perm macro, but instead only grant the minimum needed
# to redirect output, write and getattr.
allow checkpolicy_t seuser_tmp_t:file { getattr write } ;
allow load_policy_t seuser_tmp_t:file { getattr write } ;
allow useradd_t seuser_tmp_t:file { getattr write } ;
# FIX: Temporarily allow seuser_t permissions for executing programs with a
# bint_t type without changing domains. We have to give seuser_t the following
# access because we use the policy make process to build new plicy.conf files.
# At some point, a new policy management infrastructure should remove the ability
# to modify policy source files with arbitrary progams
#
can_exec(seuser_t, bin_t)
can_exec(seuser_t, shell_exec_t)
# Read/write permission to the login context files in /etc/security
allow seuser_t login_contexts:file create_file_perms ;
# Read/write permission to the policy source and its' directory
allow seuser_t policy_src_t:dir create_dir_perms ;
allow seuser_t policy_src_t:file create_file_perms ;
# Allow search and stat for policy_config_t
allow seuser_t policy_config_t:dir { search getattr } ;
allow seuser_t policy_config_t:file stat_file_perms;
#ifdef(`xserver.te', `
############################################################
# Xserver section - To support our GUI interface,
############################################################
# Permission to create files in /tmp/.X11-Unix
#allow seuser_t sysadm_xserver_tmp_t:dir search ;
#allow seuser_t sysadm_xserver_tmp_t:sock_file write ;
#allow seuser_t user_xserver_tmp_t:dir search ;
#allow seuser_t user_xserver_tmp_t:sock_file write ;
# Permission to establish a Unix stream connection to X server
#can_unix_connect(seuser_t, user_xserver_t)
#can_unix_connect(seuser_t, sysadm_xserver_t)
#')
ifdef(`xdm.te', `
can_unix_connect(seuser_t, xdm_xserver_t)
')
# seuser_t domain needs execute access to the library files so that it can run.
can_exec(seuser_t, lib_t)
# Access ttys
allow seuser_t sysadm_tty_device_t:chr_file rw_file_perms ;
allow seuser_t sysadm_devpts_t:chr_file rw_file_perms ;