rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
88c72f4408
selinux-policy/strict/macros/program/gpg_macros.te
Chris PeBenito 0fbfa546bd initial commit
2005-04-29 17:45:15 +00:00

145 lines
4.1 KiB
Plaintext
Raw Blame History

#
# Macros for gpg and pgp
#
# Author: Russell Coker <russell@coker.com.au>
#
# based on the work of:
# Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser
#
#
# gpg_domain(domain_prefix)
#
# Define a derived domain for the gpg/pgp program when executed by
# a user domain.
#
# The type declaration for the executable type for this program is
# provided separately in domains/program/gpg.te.
#
define(`gpg_domain', `
# Derived domain based on the calling user domain and the program.
type $1_gpg_t, domain, privlog;
type $1_gpg_secret_t, file_type, $1_file_type, sysadmfile;
# Transition from the user domain to the derived domain.
domain_auto_trans($1_t, gpg_exec_t, $1_gpg_t)
can_network($1_gpg_t)
can_ypbind($1_gpg_t)
# for a bug in kmail
dontaudit $1_gpg_t $1_t:unix_stream_socket { getattr read write };
# The user role is authorized for this domain.
role $1_r types $1_gpg_t;
# Legacy
if (allow_gpg_execstack) {
legacy_domain($1_gpg)
allow $1_gpg_t locale_t:file execute;
# Not quite sure why this is needed...
allow $1_gpg_t gpg_exec_t:file execmod;
}
allow $1_t $1_gpg_secret_t:file getattr;
allow $1_gpg_t device_t:dir r_dir_perms;
allow $1_gpg_t { random_device_t urandom_device_t }:chr_file r_file_perms;
allow $1_gpg_t etc_t:file r_file_perms;
allow $1_gpg_t self:unix_stream_socket create_stream_socket_perms;
allow $1_gpg_t self:tcp_socket create_stream_socket_perms;
access_terminal($1_gpg_t, $1)
ifdef(`gnome-pty-helper.te', `allow $1_gpg_t $1_gph_t:fd use;')
# Inherit and use descriptors
allow $1_gpg_t { privfd $1_t }:fd use;
allow { $1_t $1_gpg_t } $1_gpg_t:process signal;
# setrlimit is for ulimit -c 0
allow $1_gpg_t self:process { setrlimit setcap };
# allow ps to show gpg
can_ps($1_t, $1_gpg_t)
uses_shlib($1_gpg_t)
# should not need read access...
allow $1_gpg_t home_root_t:dir { read search };
# use $1_gpg_secret_t for files it creates
# NB we are doing the type transition for directory creation only!
# so ~/.gnupg will be of $1_gpg_secret_t, then files created under it such as
# secring.gpg will be of $1_gpg_secret_t too. But when you use gpg to decrypt
# a file and write output to your home directory it will use user_home_t.
file_type_auto_trans($1_gpg_t, $1_home_dir_t, $1_gpg_secret_t, dir)
rw_dir_create_file($1_gpg_t, $1_gpg_secret_t)
file_type_auto_trans($1_gpg_t, $1_home_dir_t, $1_home_t, file)
create_dir_file($1_gpg_t, $1_home_t)
# allow the usual access to /tmp
file_type_auto_trans($1_gpg_t, tmp_t, $1_tmp_t)
if (use_nfs_home_dirs) {
create_dir_file($1_gpg_t, nfs_t)
}
if (use_samba_home_dirs) {
create_dir_file($1_gpg_t, cifs_t)
}
allow $1_gpg_t self:capability { ipc_lock setuid };
rw_dir_create_file($1_gpg_t, $1_file_type)
allow $1_gpg_t { etc_t usr_t }:dir r_dir_perms;
allow $1_gpg_t fs_t:filesystem getattr;
allow $1_gpg_t usr_t:file r_file_perms;
read_locale($1_gpg_t)
allow $1_t $1_gpg_secret_t:dir rw_dir_perms;
dontaudit $1_gpg_t var_t:dir search;
ifdef(`gpg-agent.te', `gpg_agent_domain($1)')
# for helper programs (which automatically fetch keys)
# Note: this is only tested with the hkp interface. If you use eg the
# mail interface you will likely need additional permissions.
type $1_gpg_helper_t, domain;
role $1_r types $1_gpg_helper_t;
domain_auto_trans($1_gpg_t, gpg_helper_exec_t, $1_gpg_helper_t)
uses_shlib($1_gpg_helper_t)
# allow gpg to fork so it can call the helpers
allow $1_gpg_t self:process { fork sigchld };
allow $1_gpg_t self:fifo_file { getattr read write };
dontaudit $1_gpg_helper_t $1_gpg_secret_t:file read;
if (use_nfs_home_dirs) {
dontaudit $1_gpg_helper_t nfs_t:file { read write };
}
if (use_samba_home_dirs) {
dontaudit $1_gpg_helper_t cifs_t:file { read write };
}
# communicate with the user
allow $1_gpg_helper_t $1_t:fd use;
allow $1_gpg_helper_t $1_t:fifo_file write;
# get keys from the network
can_network_client($1_gpg_helper_t)
allow $1_gpg_helper_t etc_t:file { getattr read };
allow $1_gpg_helper_t urandom_device_t:chr_file read;
allow $1_gpg_helper_t self:unix_stream_socket create_stream_socket_perms;
# for nscd
dontaudit $1_gpg_helper_t var_t:dir search;
ifdef(`xdm.te', `
dontaudit $1_gpg_t xdm_t:fd use;
dontaudit $1_gpg_t xdm_t:fifo_file read;
')
')dnl end gpg_domain definition
Reference in New Issue View Git Blame Copy Permalink