This patch curbs on userdomain file read and/or write permissions
for the firstboot module.
It aims to ensure user data confidentiality.
A boolean has been introduced to revert the previous read/write
behavior.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/firstboot.te | 25 ++++++++++++++++++-------
1 file changed, 18 insertions(+), 7 deletions(-)
--- refpolicy-2.20170204-orig/policy/modules/contrib/firstboot.te 2015-10-19 01:13:41.000000000 +0200
+++ refpolicy-2.20170204/policy/modules/contrib/firstboot.te 2017-04-19 21:15:36.296230570 +0200
@@ -9,6 +9,15 @@ gen_require(`
# Declarations
#
+## <desc>
+## <p>
+## Determine whether firstboot can
+## manage the user home directories
+## and files.
+## </p>
+## </desc>
+gen_tunable(firstboot_enable_home_dirs, false)
+
attribute_role firstboot_roles;
type firstboot_t;
@@ -78,13 +87,15 @@ miscfiles_read_localization(firstboot_t)
sysnet_dns_name_resolve(firstboot_t)
userdom_use_user_terminals(firstboot_t)
-userdom_manage_user_home_content_dirs(firstboot_t)
-userdom_manage_user_home_content_files(firstboot_t)
-userdom_manage_user_home_content_symlinks(firstboot_t)
-userdom_manage_user_home_content_pipes(firstboot_t)
-userdom_manage_user_home_content_sockets(firstboot_t)
-userdom_home_filetrans_user_home_dir(firstboot_t)
-userdom_user_home_dir_filetrans_user_home_content(firstboot_t, { dir file lnk_file fifo_file sock_file })
+
+tunable_policy(`firstboot_enable_home_dirs',`
+ userdom_manage_user_home_content_dirs(firstboot_t)
+ userdom_manage_user_home_content_files(firstboot_t)
+ userdom_manage_user_home_content_pipes(firstboot_t)
+ userdom_manage_user_home_content_sockets(firstboot_t)
+ userdom_manage_user_home_content_symlinks(firstboot_t)
+ userdom_user_home_dir_filetrans_user_home_content(firstboot_t, { dir file lnk_file fifo_file sock_file })
+')
optional_policy(`
dbus_system_bus_client(firstboot_t)