selinux-policy/policy/modules/services/dbus.if

## <summary>Desktop messaging bus</summary>

########################################
## <summary>
##	DBUS stub interface.  No access allowed.
## </summary>
## <param name="domain" unused="true">
##	<summary>
##	Domain allowed access
##	</summary>
## </param>
#
interface(`dbus_stub',`
	gen_require(`
		type system_dbusd_t;
		class dbus all_dbus_perms;
	')
')

########################################
## <summary>
##	Role access for dbus
## </summary>
## <param name="role_prefix">
##	<summary>
##	The prefix of the user role (e.g., user
##	is the prefix for user_r).
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role
##	</summary>
## </param>
#
template(`dbus_role_template',`
	gen_require(`
		class dbus { send_msg acquire_svc };

		attribute session_bus_type;
		type system_dbusd_t, session_dbusd_tmp_t, dbusd_exec_t, dbusd_etc_t;
	')

	##############################
	#
	# Delcarations
	#

	type $1_dbusd_t, session_bus_type;
	domain_type($1_dbusd_t)
	domain_entry_file($1_dbusd_t, dbusd_exec_t)
	ubac_constrained($1_dbusd_t)
	role $2 types $1_dbusd_t;

	##############################
	#
	# Local policy
	#

	allow $1_dbusd_t self:process { getattr sigkill signal };
	dontaudit $1_dbusd_t self:process ptrace;
	allow $1_dbusd_t self:file { getattr read write };
	allow $1_dbusd_t self:fifo_file rw_fifo_file_perms;
	allow $1_dbusd_t self:dbus { send_msg acquire_svc };
	allow $1_dbusd_t self:unix_stream_socket create_stream_socket_perms;
	allow $1_dbusd_t self:unix_dgram_socket create_socket_perms;
	allow $1_dbusd_t self:tcp_socket create_stream_socket_perms;
	allow $1_dbusd_t self:netlink_selinux_socket create_socket_perms;

	# For connecting to the bus
	allow $3 $1_dbusd_t:unix_stream_socket connectto;

	# SE-DBus specific permissions
	allow $3 $1_dbusd_t:dbus { send_msg acquire_svc };
	allow $3 system_dbusd_t:dbus { send_msg acquire_svc };

	allow $1_dbusd_t dbusd_etc_t:dir list_dir_perms;
	read_files_pattern($1_dbusd_t, dbusd_etc_t, dbusd_etc_t)
	read_lnk_files_pattern($1_dbusd_t, dbusd_etc_t, dbusd_etc_t)

	manage_dirs_pattern($1_dbusd_t, session_dbusd_tmp_t, session_dbusd_tmp_t)
	manage_files_pattern($1_dbusd_t, session_dbusd_tmp_t, session_dbusd_tmp_t)
	files_tmp_filetrans($1_dbusd_t, session_dbusd_tmp_t, { file dir })

	domtrans_pattern($3, dbusd_exec_t, $1_dbusd_t)
	allow $3 $1_dbusd_t:process { sigkill signal };

	# cjp: this seems very broken
	corecmd_bin_domtrans($1_dbusd_t, $3)
	allow $1_dbusd_t $3:process sigkill;
	allow $3 $1_dbusd_t:fd use;
	allow $3 $1_dbusd_t:fifo_file rw_fifo_file_perms;
	allow $3 $1_dbusd_t:process sigchld;

	kernel_read_system_state($1_dbusd_t)
	kernel_read_kernel_sysctls($1_dbusd_t)

	corecmd_list_bin($1_dbusd_t)
	corecmd_read_bin_symlinks($1_dbusd_t)
	corecmd_read_bin_files($1_dbusd_t)
	corecmd_read_bin_pipes($1_dbusd_t)
	corecmd_read_bin_sockets($1_dbusd_t)

	corenet_all_recvfrom_unlabeled($1_dbusd_t)
	corenet_all_recvfrom_netlabel($1_dbusd_t)
	corenet_tcp_sendrecv_generic_if($1_dbusd_t)
	corenet_tcp_sendrecv_generic_node($1_dbusd_t)
	corenet_tcp_sendrecv_all_ports($1_dbusd_t)
	corenet_tcp_bind_generic_node($1_dbusd_t)
	corenet_tcp_bind_reserved_port($1_dbusd_t)

	dev_read_urand($1_dbusd_t)

 	domain_use_interactive_fds($1_dbusd_t)

	files_read_etc_files($1_dbusd_t)
	files_list_home($1_dbusd_t)
	files_read_usr_files($1_dbusd_t)
	files_dontaudit_search_var($1_dbusd_t)

	fs_getattr_romfs($1_dbusd_t)
	fs_getattr_xattr_fs($1_dbusd_t)
	fs_list_inotifyfs($1_dbusd_t)

	selinux_get_fs_mount($1_dbusd_t)
	selinux_validate_context($1_dbusd_t)
	selinux_compute_access_vector($1_dbusd_t)
	selinux_compute_create_context($1_dbusd_t)
	selinux_compute_relabel_context($1_dbusd_t)
	selinux_compute_user_contexts($1_dbusd_t)

	auth_read_pam_console_data($1_dbusd_t)
	auth_use_nsswitch($1_dbusd_t)

	logging_send_audit_msgs($1_dbusd_t)
	logging_send_syslog_msg($1_dbusd_t)

	miscfiles_read_localization($1_dbusd_t)

	seutil_read_config($1_dbusd_t)
	seutil_read_default_contexts($1_dbusd_t)

	userdom_read_user_home_content_files($1_dbusd_t)

	ifdef(`hide_broken_symptoms', `
		dontaudit $3 $1_dbusd_t:netlink_selinux_socket { read write };
	')

	tunable_policy(`read_default_t',`
		files_list_default($1_dbusd_t)
		files_read_default_files($1_dbusd_t)
		files_read_default_symlinks($1_dbusd_t)
		files_read_default_sockets($1_dbusd_t)
		files_read_default_pipes($1_dbusd_t)
	')

	optional_policy(`
		hal_dbus_chat($1_dbusd_t)
	')

	optional_policy(`
		xserver_use_xdm_fds($1_dbusd_t)
		xserver_rw_xdm_pipes($1_dbusd_t)
	')
')

#######################################
## <summary>
##	Template for creating connections to
##	the system DBUS.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the domain.
##	</summary>
## </param>
#
interface(`dbus_system_bus_client',`
	gen_require(`
		type system_dbusd_t, system_dbusd_t;
		type system_dbusd_var_run_t, system_dbusd_var_lib_t;
		class dbus send_msg;
	')

	# SE-DBus specific permissions
	allow $1 { system_dbusd_t self }:dbus send_msg;

	read_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
	files_search_var_lib($1)

	# For connecting to the bus
	files_search_pids($1)
	stream_connect_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t, system_dbusd_t)
	dbus_read_config($1)
')

#######################################
## <summary>
##	Template for creating connections to
##	a user DBUS.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the domain.
##	</summary>
## </param>
#
interface(`dbus_session_bus_client',`
	gen_require(`
		attribute session_bus_type;
		class dbus send_msg;
	')

	# SE-DBus specific permissions
	allow $1 { session_bus_type self }:dbus send_msg;

	# For connecting to the bus
	allow $1 session_bus_type:unix_stream_socket connectto;
')

########################################
## <summary>
##	Send a message the session DBUS.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`dbus_send_session_bus',`
	gen_require(`
		attribute session_bus_type;
		class dbus send_msg;
	')

	allow $1 session_bus_type:dbus send_msg;
')

########################################
## <summary>
##	Read dbus configuration.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`dbus_read_config',`
	gen_require(`
		type dbusd_etc_t;
	')

	allow $1 dbusd_etc_t:dir list_dir_perms;
	allow $1 dbusd_etc_t:file read_file_perms;
')

########################################
## <summary>
##	Connect to the the system DBUS
##	for service (acquire_svc).
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`dbus_connect_system_bus',`
	gen_require(`
		type system_dbusd_t;
		class dbus acquire_svc;
	')

	allow $1 system_dbusd_t:dbus acquire_svc;
')

########################################
## <summary>
##	Send a message on the system DBUS.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`dbus_send_system_bus',`
	gen_require(`
		type system_dbusd_t;
		class dbus send_msg;
	')

	allow $1 system_dbusd_t:dbus send_msg;
')

########################################
## <summary>
##	Allow unconfined access to the system DBUS.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`dbus_system_bus_unconfined',`
	gen_require(`
		type system_dbusd_t;
		class dbus all_dbus_perms;
	')

	allow $1 system_dbusd_t:dbus *;
')