5341 lines
116 KiB
Plaintext
5341 lines
116 KiB
Plaintext
## <summary>Policy for user domains</summary>
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template containing the most basic rules common to all users.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## The template containing the most basic rules common to all users.
|
|
## </p>
|
|
## <p>
|
|
## This template creates a user domain, types, and
|
|
## rules for the user's tty and pty.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_base_user_template',`
|
|
attribute $1_file_type;
|
|
|
|
type $1_t, userdomain;
|
|
domain_type($1_t)
|
|
corecmd_shell_entry_type($1_t)
|
|
corecmd_bin_entry_type($1_t)
|
|
corecmd_sbin_entry_type($1_t)
|
|
domain_user_exemption_target($1_t)
|
|
role $1_r types $1_t;
|
|
allow system_r $1_r;
|
|
|
|
type $1_devpts_t;
|
|
term_user_pty($1_t,$1_devpts_t)
|
|
files_type($1_devpts_t)
|
|
|
|
type $1_tty_device_t;
|
|
term_tty($1_t,$1_tty_device_t)
|
|
|
|
allow $1_t self:process { signal_perms getsched setsched share getpgid setpgid setcap getsession };
|
|
allow $1_t self:fd use;
|
|
allow $1_t self:fifo_file rw_file_perms;
|
|
allow $1_t self:unix_dgram_socket { create_socket_perms sendto };
|
|
allow $1_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
|
allow $1_t self:shm create_shm_perms;
|
|
allow $1_t self:sem create_sem_perms;
|
|
allow $1_t self:msgq create_msgq_perms;
|
|
allow $1_t self:msg { send receive };
|
|
dontaudit $1_t self:socket create;
|
|
|
|
allow $1_t $1_devpts_t:chr_file { setattr ioctl read getattr lock write append };
|
|
term_create_pty($1_t,$1_devpts_t)
|
|
|
|
allow $1_t $1_tty_device_t:chr_file { setattr rw_file_perms };
|
|
|
|
kernel_read_kernel_sysctls($1_t)
|
|
kernel_dontaudit_list_unlabeled($1_t)
|
|
kernel_dontaudit_getattr_unlabeled_files($1_t)
|
|
kernel_dontaudit_getattr_unlabeled_symlinks($1_t)
|
|
kernel_dontaudit_getattr_unlabeled_pipes($1_t)
|
|
kernel_dontaudit_getattr_unlabeled_sockets($1_t)
|
|
kernel_dontaudit_getattr_unlabeled_blk_files($1_t)
|
|
kernel_dontaudit_getattr_unlabeled_chr_files($1_t)
|
|
|
|
# When the user domain runs ps, there will be a number of access
|
|
# denials when ps tries to search /proc. Do not audit these denials.
|
|
domain_dontaudit_read_all_domains_state($1_t)
|
|
domain_dontaudit_getattr_all_domains($1_t)
|
|
domain_dontaudit_getsession_all_domains($1_t)
|
|
|
|
files_read_etc_files($1_t)
|
|
files_read_etc_runtime_files($1_t)
|
|
files_read_usr_files($1_t)
|
|
# Read directories and files with the readable_t type.
|
|
# This type is a general type for "world"-readable files.
|
|
files_list_world_readable($1_t)
|
|
files_read_world_readable_files($1_t)
|
|
files_read_world_readable_symlinks($1_t)
|
|
files_read_world_readable_pipes($1_t)
|
|
files_read_world_readable_sockets($1_t)
|
|
# old broswer_domain():
|
|
files_dontaudit_list_non_security($1_t)
|
|
files_dontaudit_getattr_non_security_files($1_t)
|
|
files_dontaudit_getattr_non_security_symlinks($1_t)
|
|
files_dontaudit_getattr_non_security_pipes($1_t)
|
|
files_dontaudit_getattr_non_security_sockets($1_t)
|
|
files_dontaudit_getattr_non_security_blk_files($1_t)
|
|
files_dontaudit_getattr_non_security_chr_files($1_t)
|
|
|
|
libs_use_ld_so($1_t)
|
|
libs_use_shared_libs($1_t)
|
|
libs_exec_ld_so($1_t)
|
|
|
|
miscfiles_read_localization($1_t)
|
|
|
|
tunable_policy(`allow_execmem',`
|
|
# Allow loading DSOs that require executable stack.
|
|
allow $1_t self:process execmem;
|
|
')
|
|
|
|
tunable_policy(`allow_execmem && allow_execstack',`
|
|
# Allow making the stack executable via mprotect.
|
|
allow $1_t self:process execstack;
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating a home directory
|
|
## that the user has read-only access.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## The template for creating a home directory
|
|
## that the user has read-only access.
|
|
## </p>
|
|
## <p>
|
|
## This does not allow execute access.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_ro_home_template',`
|
|
# type for contents of home directory
|
|
type $1_home_t, $1_file_type, home_type;
|
|
files_type($1_home_t)
|
|
files_associate_tmp($1_home_t)
|
|
fs_associate_tmpfs($1_home_t)
|
|
|
|
# type of home directory
|
|
type $1_home_dir_t, home_dir_type, home_type;
|
|
files_type($1_home_dir_t)
|
|
files_associate_tmp($1_home_dir_t)
|
|
fs_associate_tmpfs($1_home_dir_t)
|
|
|
|
##############################
|
|
#
|
|
# User home directory file rules
|
|
#
|
|
|
|
allow $1_file_type $1_home_t:filesystem associate;
|
|
|
|
# Rules used to associate a homedir as a mountpoint
|
|
allow $1_home_t self:filesystem associate;
|
|
|
|
##############################
|
|
#
|
|
# Domain access to home dir
|
|
#
|
|
|
|
# read-only home directory
|
|
allow $1_t $1_home_t:file { read_file_perms entrypoint };
|
|
allow $1_t $1_home_t:lnk_file read_file_perms;
|
|
allow $1_t $1_home_t:dir list_dir_perms;
|
|
allow $1_t $1_home_t:sock_file read_file_perms;
|
|
allow $1_t $1_home_t:fifo_file read_file_perms;
|
|
allow $1_t $1_home_dir_t:dir list_dir_perms;
|
|
files_list_home($1_t)
|
|
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_list_nfs_dirs($1_t)
|
|
fs_read_nfs_files($1_t)
|
|
fs_read_nfs_symlinks($1_t)
|
|
fs_read_nfs_named_sockets($1_t)
|
|
fs_read_nfs_named_pipes($1_t)
|
|
',`
|
|
fs_dontaudit_read_nfs_dirs($1_t)
|
|
fs_dontaudit_read_nfs_files($1_t)
|
|
')
|
|
|
|
tunable_policy(`use_samba_home_dirs',`
|
|
fs_list_cifs_dirs($1_t)
|
|
fs_read_cifs_files($1_t)
|
|
fs_read_cifs_symlinks($1_t)
|
|
fs_read_cifs_named_sockets($1_t)
|
|
fs_read_cifs_named_pipes($1_t)
|
|
',`
|
|
fs_dontaudit_list_cifs_dirs($1_t)
|
|
fs_dontaudit_read_cifs_files($1_t)
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating a home directory
|
|
## that the user has full access.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## The template for creating a home directory
|
|
## that the user has full access.
|
|
## </p>
|
|
## <p>
|
|
## This does not allow execute access.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_manage_home_template',`
|
|
# type for contents of home directory
|
|
type $1_home_t, $1_file_type, home_type;
|
|
files_type($1_home_t)
|
|
files_associate_tmp($1_home_t)
|
|
fs_associate_tmpfs($1_home_t)
|
|
|
|
# type of home directory
|
|
type $1_home_dir_t, home_dir_type, home_type;
|
|
files_type($1_home_dir_t)
|
|
files_associate_tmp($1_home_dir_t)
|
|
fs_associate_tmpfs($1_home_dir_t)
|
|
|
|
##############################
|
|
#
|
|
# User home directory file rules
|
|
#
|
|
|
|
allow $1_file_type $1_home_t:filesystem associate;
|
|
|
|
# Rules used to associate a homedir as a mountpoint
|
|
allow $1_home_t self:filesystem associate;
|
|
|
|
##############################
|
|
#
|
|
# Domain access to home dir
|
|
#
|
|
|
|
# full control of the home directory
|
|
allow $1_t $1_home_t:file { manage_file_perms relabelfrom relabelto entrypoint };
|
|
allow $1_t $1_home_t:lnk_file { create_lnk_perms relabelfrom relabelto };
|
|
allow $1_t $1_home_t:dir { manage_dir_perms relabelfrom relabelto };
|
|
allow $1_t $1_home_t:sock_file { manage_file_perms relabelfrom relabelto };
|
|
allow $1_t $1_home_t:fifo_file { manage_file_perms relabelfrom relabelto };
|
|
allow $1_t $1_home_dir_t:dir { manage_dir_perms relabelfrom relabelto };
|
|
type_transition $1_t $1_home_dir_t:{ dir file lnk_file sock_file fifo_file } $1_home_t;
|
|
files_list_home($1_t)
|
|
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_manage_nfs_dirs($1_t)
|
|
fs_manage_nfs_files($1_t)
|
|
fs_manage_nfs_symlinks($1_t)
|
|
fs_manage_nfs_named_sockets($1_t)
|
|
fs_manage_nfs_named_pipes($1_t)
|
|
',`
|
|
fs_dontaudit_manage_nfs_dirs($1_t)
|
|
fs_dontaudit_manage_nfs_files($1_t)
|
|
')
|
|
|
|
tunable_policy(`use_samba_home_dirs',`
|
|
fs_manage_cifs_dirs($1_t)
|
|
fs_manage_cifs_files($1_t)
|
|
fs_manage_cifs_symlinks($1_t)
|
|
fs_manage_cifs_named_sockets($1_t)
|
|
fs_manage_cifs_named_pipes($1_t)
|
|
',`
|
|
fs_dontaudit_manage_cifs_dirs($1_t)
|
|
fs_dontaudit_manage_cifs_files($1_t)
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for allowing the user
|
|
## to execute files in their home directory.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_exec_home_template',`
|
|
can_exec($1_t,$1_home_t)
|
|
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_exec_nfs_files($1_t)
|
|
')
|
|
|
|
tunable_policy(`use_samba_home_dirs',`
|
|
fs_exec_cifs_files($1_t)
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for polyinstantiating
|
|
## a user home directory.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_poly_home_template',`
|
|
ifdef(`enable_polyinstantiation',`
|
|
type_member $1_t $1_home_dir_t:dir $1_home_t;
|
|
|
|
files_poly($1_home_dir_t)
|
|
files_poly_member($1_home_t)
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for full access to the temporary directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## The template for full access to the temporary directories.
|
|
## This creates a derived type for the user
|
|
## temporary type. Execute access is not given.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_manage_tmp_template',`
|
|
type $1_tmp_t, $1_file_type;
|
|
files_tmp_file($1_tmp_t)
|
|
|
|
allow $1_t $1_tmp_t:dir manage_dir_perms;
|
|
allow $1_t $1_tmp_t:file manage_file_perms;
|
|
allow $1_t $1_tmp_t:lnk_file create_lnk_perms;
|
|
allow $1_t $1_tmp_t:sock_file manage_file_perms;
|
|
allow $1_t $1_tmp_t:fifo_file manage_file_perms;
|
|
files_tmp_filetrans($1_t, $1_tmp_t, { dir file lnk_file sock_file fifo_file })
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for execute access to the user temporary files.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_exec_tmp_template',`
|
|
can_exec($1_t,$1_tmp_t)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for a polyinstantiated temporary directory.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_poly_tmp_template',`
|
|
ifdef(`enable_polyinstantiation',`
|
|
files_poly_member_tmp($1_t,$1_tmp_t)
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating a tmpfs type
|
|
## that the user has full access.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## The template for creating a tmpfs type
|
|
## that the user has full access.
|
|
## </p>
|
|
## <p>
|
|
## This does not allow execute access.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_manage_tmpfs_template',`
|
|
type $1_tmpfs_t, $1_file_type;
|
|
files_tmpfs_file($1_tmpfs_t)
|
|
|
|
allow $1_t $1_tmpfs_t:dir rw_dir_perms;
|
|
allow $1_t $1_tmpfs_t:file manage_file_perms;
|
|
allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms;
|
|
allow $1_t $1_tmpfs_t:sock_file manage_file_perms;
|
|
allow $1_t $1_tmpfs_t:fifo_file manage_file_perms;
|
|
fs_tmpfs_filetrans($1_t,$1_tmpfs_t, { dir file lnk_file sock_file fifo_file })
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating a set of types
|
|
## for untrusted content.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_untrusted_content_template',`
|
|
gen_require(`
|
|
attribute $1_file_type;
|
|
attribute untrusted_content_type, untrusted_content_tmp_type;
|
|
type $1_t;
|
|
')
|
|
|
|
# types for network-obtained content
|
|
type $1_untrusted_content_t, $1_file_type, untrusted_content_type; #, customizable
|
|
files_type($1_untrusted_content_t)
|
|
files_poly_member($1_untrusted_content_t)
|
|
|
|
type $1_untrusted_content_tmp_t, $1_file_type, untrusted_content_tmp_type; # customizable
|
|
files_tmp_file($1_untrusted_content_tmp_t)
|
|
|
|
# Allow user to relabel untrusted content
|
|
allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:dir { manage_dir_perms relabelto relabelfrom };
|
|
allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:file { getattr unlink relabelto relabelfrom rename };
|
|
|
|
tunable_policy(`read_untrusted_content',`
|
|
allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:dir list_dir_perms;
|
|
allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:file read_file_perms;
|
|
allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:lnk_file { getattr read };
|
|
',`
|
|
dontaudit $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:dir list_dir_perms;
|
|
dontaudit $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:file read_file_perms;
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template allowing the user to execute
|
|
## generic programs, such as those found in /bin,
|
|
## /sbin, /usr/bin, and /usr/sbin.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_exec_generic_pgms_template',`
|
|
gen_require(`
|
|
type $1_t;
|
|
')
|
|
|
|
corecmd_exec_bin($1_t)
|
|
corecmd_exec_sbin($1_t)
|
|
corecmd_exec_ls($1_t)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template allowing the user basic
|
|
## network permissions
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_basic_networking_template',`
|
|
gen_require(`
|
|
type $1_t;
|
|
')
|
|
|
|
allow $1_t self:tcp_socket create_stream_socket_perms;
|
|
allow $1_t self:udp_socket create_socket_perms;
|
|
|
|
corenet_non_ipsec_sendrecv($1_t)
|
|
corenet_tcp_sendrecv_all_if($1_t)
|
|
corenet_udp_sendrecv_all_if($1_t)
|
|
corenet_tcp_sendrecv_all_nodes($1_t)
|
|
corenet_udp_sendrecv_all_nodes($1_t)
|
|
corenet_tcp_sendrecv_all_ports($1_t)
|
|
corenet_udp_sendrecv_all_ports($1_t)
|
|
corenet_tcp_connect_all_ports($1_t)
|
|
corenet_sendrecv_all_client_packets($1_t)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating a user xwindows client.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_xwindows_client_template',`
|
|
gen_require(`
|
|
type $1_t, $1_tmpfs_t;
|
|
')
|
|
|
|
optional_policy(`
|
|
dev_rw_xserver_misc($1_t)
|
|
dev_rw_power_management($1_t)
|
|
dev_read_input($1_t)
|
|
dev_read_misc($1_t)
|
|
dev_write_misc($1_t)
|
|
# open office is looking for the following
|
|
dev_getattr_agp_dev($1_t)
|
|
dev_dontaudit_rw_dri($1_t)
|
|
# GNOME checks for usb and other devices:
|
|
dev_rw_usbfs($1_t)
|
|
|
|
xserver_user_client_template($1,$1_t,$1_tmpfs_t)
|
|
xserver_xsession_entry_type($1_t)
|
|
xserver_dontaudit_write_log($1_t)
|
|
xserver_stream_connect_xdm($1_t)
|
|
# certain apps want to read xdm.pid file
|
|
xserver_read_xdm_pid($1_t)
|
|
# gnome-session creates socket under /tmp/.ICE-unix/
|
|
xserver_create_xdm_tmp_sockets($1_t)
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for allowing the user to change passwords.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <rolebase/>
|
|
#
|
|
template(`userdom_change_password_template',`
|
|
gen_require(`
|
|
type $1_t, $1_devpts_t, $1_tty_device_t;
|
|
role $1_r;
|
|
')
|
|
|
|
optional_policy(`
|
|
usermanage_run_chfn($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
|
|
usermanage_run_passwd($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for allowing the user to change roles.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_role_change_template',`
|
|
gen_require(`
|
|
role $1_r, $2_r;
|
|
type $1_t, $2_t;
|
|
type $1_devpts_t, $2_devpts_t;
|
|
type $1_tty_device_t, $2_tty_device_t;
|
|
')
|
|
|
|
allow $1_r $2_r;
|
|
type_change $2_t $1_devpts_t:chr_file $2_devpts_t;
|
|
type_change $2_t $1_tty_device_t:chr_file $2_tty_device_t;
|
|
# avoid annoying messages on terminal hangup
|
|
dontaudit $1_t { $2_devpts_t $2_tty_device_t }:chr_file ioctl;
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template containing rules common to unprivileged
|
|
## users and administrative users.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## This template creates a user domain, types, and
|
|
## rules for the user's tty, pty, tmp, and tmpfs files.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_common_user_template',`
|
|
|
|
userdom_base_user_template($1)
|
|
|
|
userdom_manage_home_template($1)
|
|
userdom_exec_home_template($1)
|
|
|
|
userdom_manage_tmp_template($1)
|
|
userdom_exec_tmp_template($1)
|
|
|
|
userdom_manage_tmpfs_template($1)
|
|
|
|
userdom_untrusted_content_template($1)
|
|
|
|
userdom_basic_networking_template($1)
|
|
|
|
userdom_exec_generic_pgms_template($1)
|
|
|
|
userdom_xwindows_client_template($1)
|
|
|
|
userdom_change_password_template($1)
|
|
|
|
##############################
|
|
#
|
|
# User domain Local policy
|
|
#
|
|
|
|
allow $1_t self:capability { setgid chown fowner };
|
|
dontaudit $1_t self:capability { sys_nice fsetid };
|
|
allow $1_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
|
allow $1_t self:process { ptrace setfscreate };
|
|
|
|
# evolution and gnome-session try to create a netlink socket
|
|
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
|
|
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
|
|
|
|
allow $1_t unpriv_userdomain:fd use;
|
|
|
|
kernel_read_system_state($1_t)
|
|
kernel_read_network_state($1_t)
|
|
kernel_read_net_sysctls($1_t)
|
|
# Very permissive allowing every domain to see every type:
|
|
kernel_get_sysvipc_info($1_t)
|
|
# Find CDROM devices:
|
|
kernel_read_device_sysctls($1_t)
|
|
|
|
corenet_udp_bind_all_nodes($1_t)
|
|
corenet_udp_bind_generic_port($1_t)
|
|
|
|
dev_read_sysfs($1_t)
|
|
dev_read_rand($1_t)
|
|
dev_read_urand($1_t)
|
|
dev_write_sound($1_t)
|
|
dev_read_sound($1_t)
|
|
dev_read_sound_mixer($1_t)
|
|
dev_write_sound_mixer($1_t)
|
|
|
|
domain_use_interactive_fds($1_t)
|
|
|
|
files_exec_etc_files($1_t)
|
|
files_search_locks($1_t)
|
|
# Check to see if cdrom is mounted
|
|
files_search_mnt($1_t)
|
|
# cjp: perhaps should cut back on file reads:
|
|
files_read_var_files($1_t)
|
|
files_read_var_symlinks($1_t)
|
|
files_read_generic_spool($1_t)
|
|
files_read_var_lib_files($1_t)
|
|
# Stat lost+found.
|
|
files_getattr_lost_found_dirs($1_t)
|
|
|
|
fs_get_all_fs_quotas($1_t)
|
|
fs_getattr_all_fs($1_t)
|
|
fs_getattr_all_dirs($1_t)
|
|
fs_search_auto_mountpoints($1_t)
|
|
fs_list_inotifyfs($1_t)
|
|
|
|
# cjp: some of this probably can be removed
|
|
selinux_get_fs_mount($1_t)
|
|
selinux_validate_context($1_t)
|
|
selinux_compute_access_vector($1_t)
|
|
selinux_compute_create_context($1_t)
|
|
selinux_compute_relabel_context($1_t)
|
|
selinux_compute_user_contexts($1_t)
|
|
|
|
# for eject
|
|
storage_getattr_fixed_disk_dev($1_t)
|
|
|
|
auth_read_login_records($1_t)
|
|
auth_dontaudit_write_login_records($1_t)
|
|
auth_search_pam_console_data($1_t)
|
|
auth_run_pam($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
|
|
auth_run_utempter($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
|
|
|
|
init_read_utmp($1_t)
|
|
# The library functions always try to open read-write first,
|
|
# then fall back to read-only if it fails.
|
|
init_dontaudit_write_utmp($1_t)
|
|
# Stop warnings about access to /dev/console
|
|
init_dontaudit_use_fds($1_t)
|
|
init_dontaudit_use_script_fds($1_t)
|
|
|
|
libs_exec_lib_files($1_t)
|
|
|
|
logging_dontaudit_getattr_all_logs($1_t)
|
|
|
|
miscfiles_read_man_pages($1_t)
|
|
# for running TeX programs
|
|
miscfiles_read_tetex_data($1_t)
|
|
miscfiles_exec_tetex_data($1_t)
|
|
|
|
seutil_read_file_contexts($1_t)
|
|
seutil_read_default_contexts($1_t)
|
|
seutil_read_config($1_t)
|
|
seutil_run_newrole($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
|
|
# for when the network connection is killed
|
|
# this is needed when a login role can change
|
|
# to this one.
|
|
seutil_dontaudit_signal_newrole($1_t)
|
|
|
|
tunable_policy(`read_default_t',`
|
|
files_list_default($1_t)
|
|
files_read_default_files($1_t)
|
|
files_read_default_symlinks($1_t)
|
|
files_read_default_sockets($1_t)
|
|
files_read_default_pipes($1_t)
|
|
',`
|
|
files_dontaudit_list_default($1_t)
|
|
files_dontaudit_read_default_files($1_t)
|
|
')
|
|
|
|
tunable_policy(`user_direct_mouse',`
|
|
dev_read_mouse($1_t)
|
|
')
|
|
|
|
tunable_policy(`user_ttyfile_stat',`
|
|
term_getattr_all_user_ttys($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
# Allow graphical boot to check battery lifespan
|
|
apm_stream_connect($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
canna_stream_connect($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
cups_stream_connect_ptal($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
dbus_system_bus_client_template($1,$1_t)
|
|
|
|
optional_policy(`
|
|
bluetooth_dbus_chat($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
cups_dbus_chat_config($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
hal_dbus_chat($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
networkmanager_dbus_chat($1_t)
|
|
')
|
|
')
|
|
|
|
optional_policy(`
|
|
inetd_use_fds($1_t)
|
|
inetd_rw_tcp_sockets($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
inn_read_config($1_t)
|
|
inn_read_news_lib($1_t)
|
|
inn_read_news_spool($1_t)
|
|
')
|
|
|
|
# for running depmod as part of the kernel packaging process
|
|
optional_policy(`
|
|
modutils_read_module_config($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
mta_rw_spool($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
nis_use_ypbind($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
tunable_policy(`allow_user_mysql_connect',`
|
|
mysql_stream_connect($1_t)
|
|
')
|
|
')
|
|
|
|
optional_policy(`
|
|
nscd_socket_use($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
# to allow monitoring of pcmcia status
|
|
pcmcia_read_pid($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
quota_dontaudit_getattr_db($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
resmgr_stream_connect($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
rpc_dontaudit_getattr_exports($1_t)
|
|
rpc_manage_nfs_rw_content($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
rpm_read_db($1_t)
|
|
rpm_dontaudit_manage_db($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
samba_stream_connect_winbind($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
slrnpull_search_spool($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
usernetctl_run($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating a unprivileged user.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## This template creates a user domain, types, and
|
|
## rules for the user's tty, pty, home directories,
|
|
## tmp, and tmpfs files.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_unpriv_user_template', `
|
|
##############################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
# Inherit rules for ordinary users.
|
|
userdom_common_user_template($1)
|
|
|
|
typeattribute $1_t unpriv_userdomain;
|
|
domain_interactive_fd($1_t)
|
|
|
|
typeattribute $1_devpts_t user_ptynode;
|
|
typeattribute $1_home_dir_t user_home_dir_type;
|
|
typeattribute $1_home_t user_home_type;
|
|
typeattribute $1_tmp_t user_tmpfile;
|
|
typeattribute $1_tty_device_t user_ttynode;
|
|
|
|
userdom_poly_home_template($1)
|
|
userdom_poly_tmp_template($1)
|
|
|
|
##############################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
# privileged home directory writers
|
|
allow privhome $1_home_t:file manage_file_perms;
|
|
allow privhome $1_home_t:lnk_file create_lnk_perms;
|
|
allow privhome $1_home_t:dir manage_dir_perms;
|
|
allow privhome $1_home_t:sock_file manage_file_perms;
|
|
allow privhome $1_home_t:fifo_file manage_file_perms;
|
|
type_transition privhome $1_home_dir_t:{ dir file lnk_file sock_file fifo_file } $1_home_t;
|
|
|
|
corecmd_exec_all_executables($1_t)
|
|
|
|
# port access is audited even if dac would not have allowed it, so dontaudit it here
|
|
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
|
|
# Need the following rule to allow users to run vpnc
|
|
corenet_tcp_bind_xserver_port($1_t)
|
|
|
|
files_exec_usr_files($1_t)
|
|
# cjp: why?
|
|
files_read_kernel_symbol_table($1_t)
|
|
|
|
ifndef(`enable_mls',`
|
|
fs_exec_noxattr($1_t)
|
|
|
|
tunable_policy(`user_rw_noexattrfile',`
|
|
fs_manage_noxattr_fs_files($1_t)
|
|
fs_manage_noxattr_fs_dirs($1_t)
|
|
# Write floppies
|
|
storage_raw_read_removable_device($1_t)
|
|
storage_raw_write_removable_device($1_t)
|
|
',`
|
|
storage_raw_read_removable_device($1_t)
|
|
')
|
|
')
|
|
|
|
tunable_policy(`user_dmesg',`
|
|
kernel_read_ring_buffer($1_t)
|
|
',`
|
|
kernel_dontaudit_read_ring_buffer($1_t)
|
|
')
|
|
|
|
# Allow users to run TCP servers (bind to ports and accept connection from
|
|
# the same domain and outside users) disabling this forces FTP passive mode
|
|
# and may change other protocols
|
|
tunable_policy(`user_tcp_server',`
|
|
corenet_tcp_bind_all_nodes($1_t)
|
|
corenet_tcp_bind_generic_port($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
kerberos_use($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
loadkeys_run($1_t,$1_r,$1_tty_device_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
netutils_run_ping_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
|
|
netutils_run_traceroute_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
|
|
')
|
|
|
|
# Run pppd in pppd_t by default for user
|
|
optional_policy(`
|
|
ppp_run_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
|
|
')
|
|
|
|
ifdef(`TODO',`
|
|
ifdef(`xdm.te', `
|
|
# this should cause the .xsession-errors file to be written to /tmp
|
|
dontaudit xdm_t $1_home_t:file rw_file_perms;
|
|
')
|
|
|
|
# Do not audit write denials to /etc/ld.so.cache.
|
|
dontaudit $1_t ld_so_cache_t:file write;
|
|
|
|
dontaudit $1_t sysadm_home_t:file { read append };
|
|
') dnl end TODO
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The template for creating an administrative user.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## This template creates a user domain, types, and
|
|
## rules for the user's tty, pty, home directories,
|
|
## tmp, and tmpfs files.
|
|
## </p>
|
|
## <p>
|
|
## The privileges given to administrative users are:
|
|
## <ul>
|
|
## <li>Raw disk access</li>
|
|
## <li>Set all sysctls</li>
|
|
## <li>All kernel ring buffer controls</li>
|
|
## <li>Create, read, write, and delete all files but shadow</li>
|
|
## <li>Manage source and binary format SELinux policy</li>
|
|
## <li>Run insmod</li>
|
|
## </ul>
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., sysadm
|
|
## is the prefix for sysadm_t).
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_admin_user_template',`
|
|
gen_require(`
|
|
class passwd { passwd chfn chsh rootok crontab };
|
|
')
|
|
|
|
##############################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
# Inherit rules for ordinary users.
|
|
userdom_common_user_template($1)
|
|
|
|
typeattribute $1_t privhome;
|
|
domain_obj_id_change_exemption($1_t)
|
|
role system_r types $1_t;
|
|
|
|
ifdef(`direct_sysadm_daemon',`
|
|
domain_system_change_exemption($1_t)
|
|
')
|
|
|
|
typeattribute $1_devpts_t admin_terminal;
|
|
|
|
typeattribute $1_tty_device_t admin_terminal;
|
|
|
|
##############################
|
|
#
|
|
# $1_t local policy
|
|
#
|
|
|
|
allow $1_t self:capability ~sys_module;
|
|
allow $1_t self:process { setexec setfscreate };
|
|
|
|
# Set password information for other users.
|
|
allow $1_t self:passwd { passwd chfn chsh };
|
|
|
|
# Skip authentication when pam_rootok is specified.
|
|
allow $1_t self:passwd rootok;
|
|
|
|
# Manipulate other users crontab.
|
|
allow $1_t self:passwd crontab;
|
|
|
|
allow $1_t self:netlink_audit_socket nlmsg_readpriv;
|
|
|
|
kernel_read_software_raid_state($1_t)
|
|
kernel_getattr_core_if($1_t)
|
|
kernel_getattr_message_if($1_t)
|
|
kernel_change_ring_buffer_level($1_t)
|
|
kernel_clear_ring_buffer($1_t)
|
|
kernel_read_ring_buffer($1_t)
|
|
kernel_get_sysvipc_info($1_t)
|
|
kernel_rw_all_sysctls($1_t)
|
|
# signal unlabeled processes:
|
|
kernel_kill_unlabeled($1_t)
|
|
kernel_signal_unlabeled($1_t)
|
|
kernel_sigstop_unlabeled($1_t)
|
|
kernel_signull_unlabeled($1_t)
|
|
kernel_sigchld_unlabeled($1_t)
|
|
|
|
corenet_tcp_bind_generic_port($1_t)
|
|
# allow setting up tunnels
|
|
corenet_rw_tun_tap_dev($1_t)
|
|
|
|
dev_getattr_generic_blk_files($1_t)
|
|
dev_getattr_generic_chr_files($1_t)
|
|
# for lsof
|
|
dev_getattr_mtrr_dev($1_t)
|
|
# Allow MAKEDEV to work
|
|
dev_create_all_blk_files($1_t)
|
|
dev_create_all_chr_files($1_t)
|
|
dev_delete_all_blk_files($1_t)
|
|
dev_delete_all_chr_files($1_t)
|
|
dev_rename_all_blk_files($1_t)
|
|
dev_rename_all_chr_files($1_t)
|
|
dev_create_generic_symlinks($1_t)
|
|
|
|
domain_setpriority_all_domains($1_t)
|
|
domain_read_all_domains_state($1_t)
|
|
domain_getattr_all_domains($1_t)
|
|
domain_dontaudit_ptrace_all_domains($1_t)
|
|
# signal all domains:
|
|
domain_kill_all_domains($1_t)
|
|
domain_signal_all_domains($1_t)
|
|
domain_signull_all_domains($1_t)
|
|
domain_sigstop_all_domains($1_t)
|
|
domain_sigstop_all_domains($1_t)
|
|
domain_sigchld_all_domains($1_t)
|
|
# for lsof
|
|
domain_getattr_all_sockets($1_t)
|
|
|
|
files_exec_usr_src_files($1_t)
|
|
|
|
fs_getattr_all_fs($1_t)
|
|
fs_set_all_quotas($1_t)
|
|
fs_exec_noxattr($1_t)
|
|
|
|
storage_raw_read_removable_device($1_t)
|
|
storage_raw_write_removable_device($1_t)
|
|
|
|
term_use_all_terms($1_t)
|
|
|
|
auth_getattr_shadow($1_t)
|
|
# Manage almost all files
|
|
auth_manage_all_files_except_shadow($1_t)
|
|
# Relabel almost all files
|
|
auth_relabel_all_files_except_shadow($1_t)
|
|
|
|
init_telinit($1_t)
|
|
|
|
logging_send_syslog_msg($1_t)
|
|
|
|
modutils_domtrans_insmod($1_t)
|
|
|
|
# The following rule is temporary until such time that a complete
|
|
# policy management infrastructure is in place so that an administrator
|
|
# cannot directly manipulate policy files with arbitrary programs.
|
|
seutil_manage_src_policy($1_t)
|
|
# Violates the goal of limiting write access to checkpolicy.
|
|
# But presently necessary for installing the file_contexts file.
|
|
seutil_manage_bin_policy($1_t)
|
|
|
|
tunable_policy(`user_rw_noexattrfile',`
|
|
fs_manage_noxattr_fs_files($1_t)
|
|
fs_manage_noxattr_fs_dirs($1_t)
|
|
',`
|
|
fs_read_noxattr_fs_files($1_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
cron_admin_template($1,$1_t,$1_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
ethereal_admin_template($1,$1_t,$1_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
lpr_admin_template($1,$1_t,$1_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
mta_admin_template($1,$1_t,$1_r)
|
|
')
|
|
|
|
ifdef(`TODO',`
|
|
ifdef(`xserver.te', `
|
|
tunable_policy(`xdm_sysadm_login',`
|
|
allow xdm_t $1_home_t:lnk_file read;
|
|
allow xdm_t $1_home_t:dir search;
|
|
')
|
|
')
|
|
') dnl endif TODO
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change to the generic user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change to the generic user role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_generic_user',`
|
|
ifdef(`strict_policy',`
|
|
userdom_role_change_template($1,user)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in targeted policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change from the generic user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change from the generic user role to
|
|
## the specified role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_from_generic_user',`
|
|
ifdef(`strict_policy',`
|
|
userdom_role_change_template(user,$1)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in targeted policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change to the staff user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change to the staff user role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_staff',`
|
|
ifdef(`strict_policy',`
|
|
userdom_role_change_template($1,staff)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in targeted policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change from the staff user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change from the staff user role to
|
|
## the specified role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_from_staff',`
|
|
ifdef(`strict_policy',`
|
|
userdom_role_change_template(staff,$1)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in targeted policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change to the sysadm user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change to the sysadm user role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_sysadm',`
|
|
ifdef(`strict_policy',`
|
|
userdom_role_change_template($1,sysadm)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in targeted policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change from the sysadm user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change from the sysadm user role to
|
|
## the specified role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_from_sysadm',`
|
|
ifdef(`strict_policy',`
|
|
userdom_role_change_template(sysadm,$1)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in targeted policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change to the secadm user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change to the secadm user role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_secadm',`
|
|
ifdef(`enable_mls',`
|
|
userdom_role_change_template($1,secadm)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in non-MLS policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change from the secadm user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change from the secadm user role to
|
|
## the specified role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_from_secadm',`
|
|
ifdef(`enable_mls',`
|
|
userdom_role_change_template(secadm,$1)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in non-MLS policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change to the auditadm user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change to the auditadm user role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the auditadm role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_auditadm',`
|
|
ifdef(`enable_mls',`
|
|
userdom_role_change_template($1,auditadm)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in non-MLS policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Change from the auditadm user role.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Change from the auditadm user role to
|
|
## the specified role.
|
|
## </p>
|
|
## <p>
|
|
## This is a template to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## The prefix of the user role (e.g., user
|
|
## is the prefix for user_r).
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`userdom_role_change_from_auditadm',`
|
|
ifdef(`enable_mls',`
|
|
userdom_role_change_template(auditadm,$1)
|
|
',`
|
|
refpolicywarn(`$0($*) has no effect in non-MLS policy.')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make the specified type usable in a
|
|
## user home directory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Make the specified type usable in a
|
|
## user home directory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="type">
|
|
## <summary>
|
|
## Type to be used as a file in the
|
|
## user home directory.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_user_home_content',`
|
|
gen_require(`
|
|
attribute $1_file_type;
|
|
')
|
|
|
|
typeattribute $2 $1_file_type;
|
|
files_type($2)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Set the attributes of a user pty.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Set the attributes of a user pty.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_setattr_user_ptys',`
|
|
ifdef(`strict_policy',`
|
|
gen_require(`
|
|
type $1_devpts_t;
|
|
')
|
|
|
|
allow $2 $1_devpts_t:chr_file setattr;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create a user pty.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create a user pty.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_create_user_pty',`
|
|
ifdef(`strict_policy',`
|
|
gen_require(`
|
|
type $1_devpts_t;
|
|
')
|
|
|
|
term_create_pty($2,$1_devpts_t)
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search user home directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Search user home directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_search_user_home_dirs',`
|
|
gen_require(`
|
|
type $1_home_dir_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir { getattr search };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List user home directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## List user home directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_list_user_home_dirs',`
|
|
gen_require(`
|
|
type $1_home_dir_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do a domain transition to the specified
|
|
## domain when executing a program in the
|
|
## user home directory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do a domain transition to the specified
|
|
## domain when executing a program in the
|
|
## user home directory.
|
|
## </p>
|
|
## <p>
|
|
## No interprocess communication (signals, pipes,
|
|
## etc.) is provided by this interface since
|
|
## the domains are not owned by this module.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="source_domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="target_domain">
|
|
## <summary>
|
|
## Domain to transition to.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_user_home_domtrans',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search_dir_perms;
|
|
domain_auto_trans($2,$1_home_t,$3)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to list user home subdirectories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to list user home subdirectories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_list_user_home_dirs',`
|
|
gen_require(`
|
|
type $1_home_dir_t;
|
|
')
|
|
|
|
dontaudit $2 $1_home_dir_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete directories
|
|
## in a user home subdirectory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete directories
|
|
## in a user home subdirectory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_home_content_dirs',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir rw_dir_perms;
|
|
allow $2 $1_home_t:dir manage_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to set the
|
|
## attributes of user home files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to set the
|
|
## attributes of user home files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_setattr_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
dontaudit $2 $1_home_t:file setattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user home files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user home files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir search_dir_perms;
|
|
allow $2 $1_home_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read user home files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to read user home files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_read_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_t;
|
|
')
|
|
|
|
dontaudit $2 $1_home_t:dir r_dir_perms;
|
|
dontaudit $2 $1_home_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to write user home files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to write user home files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_write_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_t;
|
|
')
|
|
|
|
dontaudit $2 $1_home_t:file write;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user home subdirectory symbolic links.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user home subdirectory symbolic links.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_home_content_symlinks',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir search;
|
|
allow $2 $1_home_t:lnk_file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute user home files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Execute user home files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_exec_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir search;
|
|
can_exec($2,$1_home_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to execute user home files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to execute user home files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_exec_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_t;
|
|
')
|
|
|
|
dontaudit $2 $1_home_t:file execute;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete files
|
|
## in a user home subdirectory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete files
|
|
## in a user home subdirectory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_home_content_files',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir rw_dir_perms;
|
|
allow $2 $1_home_t:file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to create, read, write, and delete directories
|
|
## in a user home subdirectory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to create, read, write, and delete directories
|
|
## in a user home subdirectory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_manage_user_home_content_dirs',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
dontaudit $2 $1_home_t:dir manage_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete symbolic links
|
|
## in a user home subdirectory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete symbolic links
|
|
## in a user home subdirectory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_home_content_symlinks',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir rw_dir_perms;
|
|
allow $2 $1_home_t:lnk_file create_lnk_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete named pipes
|
|
## in a user home subdirectory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete named pipes
|
|
## in a user home subdirectory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_home_content_pipes',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir rw_dir_perms;
|
|
allow $2 $1_home_t:fifo_file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete named sockets
|
|
## in a user home subdirectory.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete named sockets
|
|
## in a user home subdirectory.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_home_content_sockets',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir search;
|
|
allow $2 $1_home_t:dir rw_dir_perms;
|
|
allow $2 $1_home_t:sock_file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create objects in a user home directory
|
|
## with an automatic type transition to
|
|
## a specified private type.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create objects in a user home directory
|
|
## with an automatic type transition to
|
|
## a specified private type.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="private_type">
|
|
## <summary>
|
|
## The type of the object to create.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="object_class">
|
|
## <summary>
|
|
## The class of the object to be created. If not
|
|
## specified, file is used.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_user_home_dir_filetrans',`
|
|
gen_require(`
|
|
type $1_home_dir_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir rw_dir_perms;
|
|
type_transition $2 $1_home_dir_t:$4 $3;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create objects in a user home directory
|
|
## with an automatic type transition to
|
|
## the user home file type.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create objects in a user home directory
|
|
## with an automatic type transition to
|
|
## the user home file type.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="object_class">
|
|
## <summary>
|
|
## The class of the object to be created. If not
|
|
## specified, file is used.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_user_home_dir_filetrans_user_home_content',`
|
|
gen_require(`
|
|
type $1_home_dir_t, $1_home_t;
|
|
')
|
|
|
|
files_search_home($2)
|
|
allow $2 $1_home_dir_t:dir rw_dir_perms;
|
|
type_transition $2 $1_home_dir_t:$3 $1_home_t;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Write to user temporary named sockets.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Write to user temporary named sockets.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_write_user_tmp_sockets',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:sock_file write;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List user temporary directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## List user temporary directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_list_user_tmp',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to list user
|
|
## temporary directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to list user
|
|
## temporary directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_list_user_tmp',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_tmp_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to manage users
|
|
## temporary directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to manage users
|
|
## temporary directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_manage_user_tmp_dirs',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_tmp_t:dir manage_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user temporary files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user temporary files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_tmp_files',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir r_dir_perms;
|
|
allow $2 $1_tmp_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read users
|
|
## temporary files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to read users
|
|
## temporary files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_read_user_tmp_files',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_tmp_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to append users
|
|
## temporary files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to append users
|
|
## temporary files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_append_user_tmp_files',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_tmp_t:file append;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write user temporary files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read and write user temporary files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_rw_user_tmp_files',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir r_dir_perms;
|
|
allow $2 $1_tmp_t:file rw_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to manage users
|
|
## temporary files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to manage users
|
|
## temporary files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_manage_user_tmp_files',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_tmp_t:file manage_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user
|
|
## temporary symbolic links.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user
|
|
## temporary symbolic links.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_tmp_symlinks',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir r_dir_perms;
|
|
allow $2 $1_tmp_t:lnk_file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete user
|
|
## temporary directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete user
|
|
## temporary directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_tmp_dirs',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir create_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete user
|
|
## temporary files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete user
|
|
## temporary files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_tmp_files',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir rw_dir_perms;
|
|
allow $2 $1_tmp_t:file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete user
|
|
## temporary symbolic links.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete user
|
|
## temporary symbolic links.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_tmp_symlinks',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir rw_dir_perms;
|
|
allow $2 $1_tmp_t:lnk_file create_lnk_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete user
|
|
## temporary named pipes.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete user
|
|
## temporary named pipes.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_tmp_pipes',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir rw_dir_perms;
|
|
allow $2 $1_tmp_t:fifo_file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete user
|
|
## temporary named sockets.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete user
|
|
## temporary named sockets.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_tmp_sockets',`
|
|
gen_require(`
|
|
type $1_tmp_t;
|
|
')
|
|
|
|
files_search_tmp($2)
|
|
allow $2 $1_tmp_t:dir rw_dir_perms;
|
|
allow $2 $1_tmp_t:sock_file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user tmpfs files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user tmpfs files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_rw_user_tmpfs_files',`
|
|
gen_require(`
|
|
type $1_tmpfs_t;
|
|
')
|
|
|
|
fs_search_tmpfs($2)
|
|
allow $2 $1_tmpfs_t:dir list_dir_perms;
|
|
allow $2 $1_tmpfs_t:file rw_file_perms;
|
|
allow $2 $1_tmpfs_t:lnk_file { getattr read };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List users untrusted directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## List users untrusted directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_list_user_untrusted_content',`
|
|
gen_require(`
|
|
type $1_untrusted_content_t;
|
|
')
|
|
|
|
allow $2 $1_untrusted_content_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to list user
|
|
## untrusted directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to read user
|
|
## untrusted directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_list_user_untrusted_content',`
|
|
gen_require(`
|
|
type $1_untrusted_content_t;
|
|
')
|
|
|
|
dontaudit $2 $1_untrusted_content_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user untrusted files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user untrusted files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_untrusted_content_files',`
|
|
gen_require(`
|
|
type $1_untrusted_content_t;
|
|
')
|
|
|
|
allow $2 $1_untrusted_content_t:dir r_dir_perms;
|
|
allow $2 $1_untrusted_content_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Manage user untrusted files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Create, read, write, and delete untrusted files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_manage_user_untrusted_content_files',`
|
|
gen_require(`
|
|
type $1_untrusted_content_t;
|
|
')
|
|
|
|
allow $2 $1_tmp_t:dir rw_dir_perms;
|
|
allow $2 $1_untrusted_content_tmp_t:file manage_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read users
|
|
## untrusted files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to read users
|
|
## untrusted files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_read_user_untrusted_content_files',`
|
|
gen_require(`
|
|
type $1_untrusted_content_t;
|
|
')
|
|
|
|
dontaudit $2 $1_untrusted_content_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user untrusted symbolic links.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user untrusted symbolic links.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_untrusted_content_symlinks',`
|
|
gen_require(`
|
|
type $1_untrusted_content_t;
|
|
')
|
|
|
|
allow $2 $1_untrusted_content_t:dir r_dir_perms;
|
|
allow $2 $1_untrusted_content_t:lnk_file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List users temporary untrusted directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## List users temporary untrusted directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_list_user_tmp_untrusted_content',`
|
|
gen_require(`
|
|
type $1_untrusted_content_tmp_t;
|
|
')
|
|
|
|
allow $2 $1_untrusted_content_tmp_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to list user
|
|
## temporary untrusted directories.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to list user
|
|
## temporary directories.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_list_user_tmp_untrusted_content',`
|
|
gen_require(`
|
|
type $1_untrusted_content_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_untrusted_content_tmp_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user temporary untrusted files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user temporary untrusted files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_tmp_untrusted_content_files',`
|
|
gen_require(`
|
|
type $1_untrusted_content_tmp_t;
|
|
')
|
|
|
|
allow $2 $1_untrusted_content_tmp_t:dir r_dir_perms;
|
|
allow $2 $1_untrusted_content_tmp_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read users
|
|
## temporary untrusted files.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to read users
|
|
## temporary untrusted files.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_read_user_tmp_untrusted_content_files',`
|
|
gen_require(`
|
|
type $1_untrusted_content_tmp_t;
|
|
')
|
|
|
|
dontaudit $2 $1_untrusted_content_tmp_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read user temporary untrusted symbolic links.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read user temporary untrusted symbolic links.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_read_user_tmp_untrusted_content_symlinks',`
|
|
gen_require(`
|
|
type $1_untrusted_content_tmp_t;
|
|
')
|
|
|
|
allow $2 $1_untrusted_content_tmp_t:dir r_dir_perms;
|
|
allow $2 $1_untrusted_content_tmp_t:lnk_file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all user untrusted content files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_all_untrusted_content',`
|
|
gen_require(`
|
|
attribute untrusted_content_type;
|
|
')
|
|
|
|
allow $1 untrusted_content_type:dir r_dir_perms;
|
|
allow $1 untrusted_content_type:{ file lnk_file } r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all user temporary untrusted content files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_all_tmp_untrusted_content',`
|
|
gen_require(`
|
|
attribute untrusted_content_tmp_type;
|
|
')
|
|
|
|
allow $1 untrusted_content_tmp_type:dir r_dir_perms;
|
|
allow $1 untrusted_content_tmp_type:{ file lnk_file } r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Set the attributes of a user domain tty.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Set the attributes of a user domain tty.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_setattr_user_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_setattr_unallocated_ttys($2)
|
|
',`
|
|
gen_require(`
|
|
type $1_tty_device_t;
|
|
')
|
|
|
|
allow $2 $1_tty_device_t:chr_file setattr;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write a user domain tty.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read and write a user domain tty.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_use_user_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_use_unallocated_ttys($2)
|
|
',`
|
|
gen_require(`
|
|
type $1_tty_device_t;
|
|
')
|
|
|
|
allow $2 $1_tty_device_t:chr_file rw_term_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write a user domain tty and pty.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Read and write a user domain tty and pty.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_use_user_terminals',`
|
|
ifdef(`targeted_policy',`
|
|
term_use_unallocated_ttys($2)
|
|
term_use_generic_ptys($2)
|
|
',`
|
|
gen_require(`
|
|
type $1_tty_device_t, $1_devpts_t;
|
|
')
|
|
|
|
allow $2 $1_tty_device_t:chr_file rw_term_perms;
|
|
allow $2 $1_devpts_t:chr_file rw_term_perms;
|
|
term_list_ptys($2)
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read and write
|
|
## a user domain tty and pty.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Do not audit attempts to read and write
|
|
## a user domain tty and pty.
|
|
## </p>
|
|
## <p>
|
|
## This is a templated interface, and should only
|
|
## be called from a per-userdomain template.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`userdom_dontaudit_use_user_terminals',`
|
|
gen_require(`
|
|
type $1_tty_device_t, $1_devpts_t;
|
|
')
|
|
|
|
dontaudit $2 $1_tty_device_t:chr_file rw_term_perms;
|
|
dontaudit $2 $1_devpts_t:chr_file rw_term_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a shell in all user domains. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_spec_domtrans_all_users',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
corecmd_shell_spec_domtrans($1,userdomain)
|
|
allow $1 userdomain:fd use;
|
|
allow userdomain $1:fd use;
|
|
allow userdomain $1:fifo_file rw_file_perms;
|
|
allow userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute an Xserver session in all unprivileged user domains. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_xsession_spec_domtrans_all_users',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
xserver_xsession_spec_domtrans($1,userdomain)
|
|
allow $1 userdomain:fd use;
|
|
allow userdomain $1:fd use;
|
|
allow userdomain $1:fifo_file rw_file_perms;
|
|
allow userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a shell in all unprivileged user domains. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_spec_domtrans_unpriv_users',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
corecmd_shell_spec_domtrans($1,unpriv_userdomain)
|
|
allow $1 unpriv_userdomain:fd use;
|
|
allow unpriv_userdomain $1:fd use;
|
|
allow unpriv_userdomain $1:fifo_file rw_file_perms;
|
|
allow unpriv_userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute an Xserver session in all unprivileged user domains. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_xsession_spec_domtrans_unpriv_users',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
xserver_xsession_spec_domtrans($1,unpriv_userdomain)
|
|
allow $1 unpriv_userdomain:fd use;
|
|
allow unpriv_userdomain $1:fd use;
|
|
allow unpriv_userdomain $1:fifo_file rw_file_perms;
|
|
allow unpriv_userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Manage unpriviledged user SysV sempaphores.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_unpriv_user_semaphores',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
allow $1 unpriv_userdomain:sem create_sem_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Manage unpriviledged user SysV shared
|
|
## memory segments.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_unpriv_user_shared_mem',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
allow $1 unpriv_userdomain:shm create_shm_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute bin_t in the unprivileged user domains. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_bin_spec_domtrans_unpriv_users',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
corecmd_bin_spec_domtrans($1,unpriv_userdomain)
|
|
|
|
allow $1 unpriv_userdomain:fd use;
|
|
allow unpriv_userdomain $1:fd use;
|
|
allow unpriv_userdomain $1:fifo_file rw_file_perms;
|
|
allow unpriv_userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute generic sbin programs in all unprivileged user
|
|
## domains. This is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sbin_spec_domtrans_unpriv_users',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
corecmd_sbin_spec_domtrans($1,unpriv_userdomain)
|
|
|
|
allow $1 unpriv_userdomain:fd use;
|
|
allow unpriv_userdomain $1:fd use;
|
|
allow unpriv_userdomain $1:fifo_file rw_file_perms;
|
|
allow unpriv_userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute all entrypoint files in unprivileged user
|
|
## domains. This is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_entry_spec_domtrans_unpriv_users',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
domain_entry_file_spec_domtrans($1,unpriv_userdomain)
|
|
|
|
allow $1 unpriv_userdomain:fd use;
|
|
allow unpriv_userdomain $1:fd use;
|
|
allow unpriv_userdomain $1:fifo_file rw_file_perms;
|
|
allow unpriv_userdomain $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a shell in the sysadm domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_shell_domtrans_sysadm',`
|
|
ifdef(`targeted_policy',`
|
|
#cjp: need to doublecheck this one
|
|
unconfined_shell_domtrans($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
corecmd_shell_domtrans($1,sysadm_t)
|
|
|
|
allow $1 sysadm_t:fd use;
|
|
allow sysadm_t $1:fd use;
|
|
allow sysadm_t $1:fifo_file rw_file_perms;
|
|
allow sysadm_t $1:process sigchld;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a generic bin program in the sysadm domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_bin_spec_domtrans_sysadm',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
corecmd_bin_spec_domtrans($1,sysadm_t)
|
|
|
|
allow $1 sysadm_t:fd use;
|
|
allow sysadm_t $1:fd use;
|
|
allow sysadm_t $1:fifo_file rw_file_perms;
|
|
allow sysadm_t $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a generic sbin program in the sysadm domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sbin_spec_domtrans_sysadm',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
corecmd_sbin_spec_domtrans($1,sysadm_t)
|
|
|
|
allow $1 sysadm_t:fd use;
|
|
allow sysadm_t $1:fd use;
|
|
allow sysadm_t $1:fifo_file rw_file_perms;
|
|
allow sysadm_t $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute all entrypoint files in the sysadm domain. This
|
|
## is an explicit transition, requiring the
|
|
## caller to use setexeccon().
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_entry_spec_domtrans_sysadm',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
domain_entry_file_spec_domtrans($1,sysadm_t)
|
|
|
|
allow $1 sysadm_t:fd use;
|
|
allow sysadm_t $1:fd use;
|
|
allow sysadm_t $1:fifo_file rw_file_perms;
|
|
allow sysadm_t $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow sysadm to execute a generic bin program in
|
|
## a specified domain. This is an explicit transition,
|
|
## requiring the caller to use setexeccon().
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Allow sysadm to execute a generic bin program in
|
|
## a specified domain.
|
|
## </p>
|
|
## <p>
|
|
## This is a interface to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to execute in.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sysadm_bin_spec_domtrans_to',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
corecmd_bin_spec_domtrans(sysadm_t,$1)
|
|
|
|
allow sysadm_t $1:fd use;
|
|
allow $1 sysadm_t:fd use;
|
|
allow $1 sysadm_t:fifo_file rw_file_perms;
|
|
allow $1 sysadm_t:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow sysadm to execute a generic sbin program in
|
|
## a specified domain. This is an explicit transition,
|
|
## requiring the caller to use setexeccon().
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Allow sysadm to execute a generic sbin program in
|
|
## a specified domain.
|
|
## </p>
|
|
## <p>
|
|
## This is a interface to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to execute in.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sysadm_sbin_spec_domtrans_to',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
corecmd_sbin_spec_domtrans(sysadm_t, $1)
|
|
|
|
allow sysadm_t $1:fd use;
|
|
allow $1 sysadm_t:fd use;
|
|
allow $1 sysadm_t:fifo_file rw_file_perms;
|
|
allow $1 sysadm_t:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow sysadm to execute all entrypoint files
|
|
## in the specified domain. This is an explicit
|
|
## transition, requiring the caller to use setexeccon().
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Allow sysadm to execute all entrypoint files
|
|
## in the specified domain. This is an explicit
|
|
## transition, requiring the caller to use setexeccon().
|
|
## </p>
|
|
## <p>
|
|
## This is a interface to support third party modules
|
|
## and its use is not allowed in upstream reference
|
|
## policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to execute in.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sysadm_entry_spec_domtrans_to',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
domain_entry_file_spec_domtrans(sysadm_t, $1)
|
|
|
|
allow sysadm_t $1:fd use;
|
|
allow $1 sysadm_t:fd use;
|
|
allow $1 sysadm_t:fifo_file rw_file_perms;
|
|
allow $1 sysadm_t:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search the staff users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_staff_home_dirs',`
|
|
gen_require(`
|
|
type staff_home_dir_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 staff_home_dir_t:dir search;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to search the staff
|
|
## users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_search_staff_home_dirs',`
|
|
gen_require(`
|
|
type staff_home_dir_t;
|
|
')
|
|
|
|
dontaudit $1 staff_home_dir_t:dir search;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete staff
|
|
## home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_staff_home_dirs',`
|
|
ifdef(`targeted_policy',`
|
|
gen_require(`
|
|
type user_home_dir_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir manage_dir_perms;
|
|
',`
|
|
gen_require(`
|
|
type staff_home_dir_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 staff_home_dir_t:dir manage_dir_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to append to the staff
|
|
## users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_append_staff_home_content_files',`
|
|
gen_require(`
|
|
type staff_home_t;
|
|
')
|
|
|
|
dontaudit $1 staff_home_t:file append;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read files in the staff users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_staff_home_content_files',`
|
|
gen_require(`
|
|
type staff_home_dir_t, staff_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 { staff_home_dir_t staff_home_t }:dir r_dir_perms;
|
|
allow $1 staff_home_t:{ file lnk_file } r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send a SIGCHLD signal to sysadm users.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sigchld_sysadm',`
|
|
ifdef(`targeted_policy',`
|
|
unconfined_sigchld($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
allow $1 sysadm_t:process sigchld;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attepts to get the attributes
|
|
## of sysadm ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_getattr_sysadm_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_dontaudit_getattr_unallocated_ttys($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_tty_device_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_tty_device_t:chr_file getattr;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write sysadm ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_sysadm_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_use_unallocated_ttys($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_tty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
term_list_ptys($1)
|
|
allow $1 sysadm_tty_device_t:chr_file rw_term_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to use sysadm ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_sysadm_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_dontaudit_use_unallocated_ttys($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_tty_device_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_tty_device_t:chr_file { read write };
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write sysadm ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_sysadm_ptys',`
|
|
ifdef(`targeted_policy',`
|
|
term_use_generic_ptys($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_devpts_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
term_list_ptys($1)
|
|
allow $1 sysadm_devpts_t:chr_file rw_term_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Dont audit attempts to read and write sysadm ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_sysadm_ptys',`
|
|
ifdef(`targeted_policy',`
|
|
term_dontaudit_use_generic_ptys($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_devpts_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_devpts_t:chr_file { read write };
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write sysadm ttys and ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_sysadm_terms',`
|
|
userdom_use_sysadm_ttys($1)
|
|
userdom_use_sysadm_ptys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to use sysadm ttys and ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_sysadm_terms',`
|
|
ifdef(`targeted_policy',`
|
|
term_dontaudit_use_generic_ptys($1)
|
|
',`
|
|
gen_require(`
|
|
attribute admin_terminal;
|
|
')
|
|
|
|
dontaudit $1 admin_terminal:chr_file { read write };
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Inherit and use sysadm file descriptors
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_sysadm_fds',`
|
|
ifdef(`targeted_policy',`
|
|
unconfined_use_fds($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
allow $1 sysadm_t:fd use;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write sysadm user unnamed pipes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_rw_sysadm_pipes',`
|
|
ifdef(`targeted_policy',`
|
|
#cjp: need to doublecheck this one
|
|
unconfined_rw_pipes($1)
|
|
',`
|
|
gen_require(`
|
|
type sysadm_t;
|
|
')
|
|
|
|
allow $1 sysadm_t:fifo_file rw_file_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of the sysadm users
|
|
## home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_getattr_sysadm_home_dirs',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
allow $1 sysadm_home_dir_t:dir getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to get the
|
|
## attributes of the sysadm users
|
|
## home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
|
|
ifdef(`targeted_policy',`
|
|
gen_require(`
|
|
type user_home_dir_t;
|
|
')
|
|
|
|
dontaudit $1 user_home_dir_t:dir getattr;
|
|
', `
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_home_dir_t:dir getattr;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search the sysadm users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_sysadm_home_dirs',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
allow $1 sysadm_home_dir_t:dir search;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to search the sysadm
|
|
## users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_search_sysadm_home_dirs',`
|
|
ifdef(`targeted_policy',`
|
|
gen_require(`
|
|
type user_home_dir_t;
|
|
')
|
|
|
|
dontaudit $1 user_home_dir_t:dir search_dir_perms;
|
|
',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_home_dir_t:dir search_dir_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List the sysadm users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_list_sysadm_home_dirs',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
allow $1 sysadm_home_dir_t:dir list_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to list the sysadm
|
|
## users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_list_sysadm_home_dirs',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_home_dir_t:dir list_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to search the sysadm
|
|
## users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_read_sysadm_home_content_files',`
|
|
ifdef(`targeted_policy',`
|
|
gen_require(`
|
|
type user_home_dir_t, user_home_t;
|
|
')
|
|
|
|
dontaudit $1 user_home_dir_t:dir search_dir_perms;
|
|
dontaudit $1 user_home_t:dir search_dir_perms;
|
|
dontaudit $1 user_home_t:file r_file_perms;
|
|
',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t, sysadm_home_t;
|
|
')
|
|
|
|
dontaudit $1 sysadm_home_dir_t:dir search_dir_perms;
|
|
dontaudit $1 sysadm_home_t:dir search_dir_perms;
|
|
dontaudit $1 sysadm_home_t:file r_file_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create objects in sysadm home directories
|
|
## with automatic file type transition.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="private type">
|
|
## <summary>
|
|
## The type of the object to be created.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="object_class">
|
|
## <summary>
|
|
## The class of the object to be created.
|
|
## If not specified, file is used.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sysadm_home_dir_filetrans',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t;
|
|
')
|
|
|
|
allow $1 sysadm_home_dir_t:dir rw_dir_perms;
|
|
type_transition $1 sysadm_home_dir_t:$3 $2;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search the sysadm users home sub directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_sysadm_home_content_dirs',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t, sysadm_home_t;
|
|
')
|
|
|
|
allow $1 { sysadm_home_dir_t sysadm_home_t }:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read files in the sysadm users home directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_sysadm_home_content_files',`
|
|
gen_require(`
|
|
type sysadm_home_dir_t, sysadm_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 { sysadm_home_dir_t sysadm_home_t }:dir r_dir_perms;
|
|
allow $1 sysadm_home_t:{ file lnk_file } r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_all_users_home_dirs',`
|
|
gen_require(`
|
|
attribute home_dir_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 home_dir_type:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_list_all_users_home_dirs',`
|
|
gen_require(`
|
|
attribute home_dir_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 home_dir_type:dir list_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_all_users_home_content',`
|
|
gen_require(`
|
|
attribute home_dir_type, home_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 { home_dir_type home_type }:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to search all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_search_all_users_home_content',`
|
|
gen_require(`
|
|
attribute home_dir_type, home_type;
|
|
')
|
|
|
|
dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all files in all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_all_users_home_content_files',`
|
|
gen_require(`
|
|
attribute home_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 home_type:dir r_dir_perms;
|
|
allow $1 home_type:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete all directories
|
|
## in all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_all_users_home_content_dirs',`
|
|
gen_require(`
|
|
attribute home_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 home_type:dir create_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete all files
|
|
## in all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_all_users_home_content_files',`
|
|
gen_require(`
|
|
attribute home_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 home_type:dir rw_dir_perms;
|
|
allow $1 home_type:file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete all symlinks
|
|
## in all users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_all_users_home_content_symlinks',`
|
|
gen_require(`
|
|
attribute home_type;
|
|
')
|
|
|
|
files_list_home($1)
|
|
allow $1 home_type:dir rw_dir_perms;
|
|
allow $1 home_type:lnk_file create_lnk_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make the specified domain a privileged
|
|
## home directory manager.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Make the specified domain a privileged
|
|
## home directory manager. This domain will be
|
|
## able to manage the contents of all users
|
|
## general home directory content, and create
|
|
## files with the correct context.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_priveleged_home_dir_manager',`
|
|
gen_require(`
|
|
attribute privhome;
|
|
')
|
|
|
|
files_list_home($1)
|
|
typeattribute $1 privhome;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send general signals to unprivileged user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_signal_unpriv_users',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
allow $1 unpriv_userdomain:process signal;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Inherit the file descriptors from unprivileged user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_unpriv_users_fds',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
allow $1 unpriv_userdomain:fd use;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to inherit the
|
|
## file descriptors from all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_unpriv_user_fds',`
|
|
gen_require(`
|
|
attribute unpriv_userdomain;
|
|
')
|
|
|
|
dontaudit $1 unpriv_userdomain:fd use;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create generic user home directories
|
|
## with automatic file type transition.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_home_filetrans_generic_user_home_dir',`
|
|
gen_require(`
|
|
type user_home_dir_t;
|
|
')
|
|
|
|
files_home_filetrans($1,user_home_dir_t,dir)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search generic user home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_generic_user_home_dirs',`
|
|
gen_require(`
|
|
type user_home_dir_t;
|
|
')
|
|
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create objects in generic user home directories
|
|
## with automatic file type transition.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="object_class">
|
|
## <summary>
|
|
## The class of the object to be created.
|
|
## If not specified, file is used.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_generic_user_home_dir_filetrans_generic_user_home_content',`
|
|
gen_require(`
|
|
type user_home_dir_t, user_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir rw_dir_perms;
|
|
type_transition $1 user_home_dir_t:$2 user_home_t;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Don't audit search on the user home subdirectory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_search_generic_user_home_dirs',`
|
|
gen_require(`
|
|
type user_home_t;
|
|
')
|
|
|
|
dontaudit $1 user_home_t:dir search;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete
|
|
## subdirectories of generic user
|
|
## home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_generic_user_home_content_dirs',`
|
|
gen_require(`
|
|
type user_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
allow $1 user_home_t:dir create_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read files in generic user home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_generic_user_home_content_files',`
|
|
gen_require(`
|
|
type user_home_t, user_home_dir_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
allow $1 user_home_t:dir r_dir_perms;
|
|
allow $1 user_home_t:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete files
|
|
## in generic user home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_generic_user_home_content_files',`
|
|
gen_require(`
|
|
type user_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
allow $1 user_home_t:dir rw_dir_perms;
|
|
allow $1 user_home_t:file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete symbolic
|
|
## links in generic user home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_generic_user_home_content_symlinks',`
|
|
gen_require(`
|
|
type user_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
allow $1 user_home_t:dir rw_dir_perms;
|
|
allow $1 user_home_t:lnk_file create_lnk_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete named
|
|
## pipes in generic user home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_generic_user_home_content_pipes',`
|
|
gen_require(`
|
|
type user_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
allow $1 user_home_t:dir rw_dir_perms;
|
|
allow $1 user_home_t:fifo_file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete named
|
|
## sockets in generic user home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_generic_user_home_content_sockets',`
|
|
gen_require(`
|
|
type user_home_t;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_t:dir search_dir_perms;
|
|
allow $1 user_home_t:dir rw_dir_perms;
|
|
allow $1 user_home_t:sock_file create_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search all unprivileged users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_search_unpriv_users_home_dirs',`
|
|
gen_require(`
|
|
attribute user_home_dir_type;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_type:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all unprivileged users home directory
|
|
## files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_unpriv_users_home_content_files',`
|
|
gen_require(`
|
|
attribute user_home_dir_type, user_home_type;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_type:dir search_dir_perms;
|
|
allow $1 user_home_type:dir r_dir_perms;
|
|
allow $1 user_home_type:lnk_file { getattr read };
|
|
allow $1 user_home_type:file r_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete directories in
|
|
## unprivileged users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_unpriv_users_home_content_dirs',`
|
|
gen_require(`
|
|
attribute user_home_dir_type, user_home_type;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_type:dir search_dir_perms;
|
|
allow $1 user_home_type:dir manage_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete files in
|
|
## unprivileged users home directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_manage_unpriv_users_home_content_files',`
|
|
gen_require(`
|
|
attribute user_home_dir_type, user_home_type;
|
|
')
|
|
|
|
files_search_home($1)
|
|
allow $1 user_home_dir_type:dir search_dir_perms;
|
|
allow $1 user_home_type:dir rw_dir_perms;
|
|
allow $1 user_home_type:file manage_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Set the attributes of user ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_setattr_unpriv_users_ptys',`
|
|
gen_require(`
|
|
attribute user_ptynode;
|
|
')
|
|
|
|
allow $1 user_ptynode:chr_file setattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write unprivileged user ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_unpriv_users_ptys',`
|
|
ifdef(`targeted_policy',`
|
|
term_use_generic_ptys($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_ptynode;
|
|
')
|
|
|
|
term_search_ptys($1)
|
|
allow $1 user_ptynode:chr_file rw_file_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to use unprivileged
|
|
## user ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_unpriv_users_ptys',`
|
|
ifdef(`targeted_policy',`
|
|
term_dontaudit_use_generic_ptys($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_ptynode;
|
|
')
|
|
|
|
dontaudit $1 user_ptynode:chr_file rw_file_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel files to unprivileged user pty types.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_relabelto_unpriv_users_ptys',`
|
|
gen_require(`
|
|
attribute user_ptynode;
|
|
')
|
|
|
|
allow $1 user_ptynode:chr_file relabelto;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to relabel files from
|
|
## unprivileged user pty types.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_relabelfrom_unpriv_users_ptys',`
|
|
gen_require(`
|
|
attribute user_ptynode;
|
|
')
|
|
|
|
dontaudit $1 user_ptynode:chr_file relabelfrom;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all unprivileged users temporary directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_list_unpriv_users_tmp',`
|
|
ifdef(`targeted_policy',`
|
|
files_list_tmp($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_tmpfile;
|
|
')
|
|
|
|
allow $1 user_tmpfile:dir list_dir_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all unprivileged users temporary files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_unpriv_users_tmp_files',`
|
|
ifdef(`targeted_policy',`
|
|
files_read_generic_tmp_files($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_tmpfile;
|
|
')
|
|
|
|
allow $1 user_tmpfile:file { read getattr };
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read all unprivileged users temporary symbolic links.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_unpriv_users_tmp_symlinks',`
|
|
ifdef(`targeted_policy',`
|
|
files_read_generic_tmp_symlinks($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_tmpfile;
|
|
')
|
|
|
|
allow $1 user_tmpfile:lnk_file { getattr read };
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Write all unprivileged users files in /tmp
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_write_unpriv_users_tmp_files',`
|
|
gen_require(`
|
|
attribute user_tmpfile;
|
|
')
|
|
|
|
allow $1 user_tmpfile:file { getattr write append };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write unprivileged user ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_unpriv_users_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_use_unallocated_ttys($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_ttynode;
|
|
')
|
|
|
|
allow $1 user_ttynode:chr_file rw_file_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to use unprivileged
|
|
## user ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_unpriv_users_ttys',`
|
|
ifdef(`targeted_policy',`
|
|
term_dontaudit_use_unallocated_ttys($1)
|
|
',`
|
|
gen_require(`
|
|
attribute user_ttynode;
|
|
')
|
|
|
|
dontaudit $1 user_ttynode:chr_file rw_file_perms;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read the process state of all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_read_all_users_state',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
allow $1 userdomain:dir search_dir_perms;
|
|
allow $1 userdomain:file r_file_perms;
|
|
kernel_search_proc($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_getattr_all_users',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
allow $1 userdomain:process getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Inherit the file descriptors from all user domains
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_use_all_users_fds',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
allow $1 userdomain:fd use;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to inherit the file
|
|
## descriptors from any user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dontaudit_use_all_users_fds',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
dontaudit $1 userdomain:fd use;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send general signals to all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_signal_all_users',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
allow $1 userdomain:process signal;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send a SIGCHLD signal to all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_sigchld_all_users',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
allow $1 userdomain:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create keys for all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_create_all_users_keys',`
|
|
ifdef(`strict_policy',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
')
|
|
|
|
allow $1 userdomain:key create;
|
|
',`
|
|
unconfined_create_keys($1)
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send a dbus message to all user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_dbus_send_all_users',`
|
|
gen_require(`
|
|
attribute userdomain;
|
|
class dbus send_msg;
|
|
')
|
|
|
|
allow $1 userdomain:dbus send_msg;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Unconfined access to user domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`userdom_unconfined',`
|
|
gen_require(`
|
|
type user_home_dir_t;
|
|
')
|
|
|
|
allow $1 user_home_dir_t:dir create_dir_perms;
|
|
files_home_filetrans($1,user_home_dir_t,dir)
|
|
')
|