2011-10-23 14:29:47

by sven.vermeulen

[permalink] [raw]
Subject: [refpolicy] [PATCH 0/2] Add links_t domain for the links browser

This patchset adds support for the links browser.


2011-10-23 14:30:28

by sven.vermeulen

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/2] Support the console/graphical links browser


Introduce the links_t domain for the links browser, which is an
ncurses/svgalib/X11 browser (so supports both commandline-only as
well as GUI environments)

Signed-off-by: Sven Vermeulen <[email protected]>
---
links.fc | 6 ++++++
links.if | 36 ++++++++++++++++++++++++++++++++++++
links.te | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 99 insertions(+), 0 deletions(-)
create mode 100644 links.fc
create mode 100644 links.if
create mode 100644 links.te

diff --git a/links.fc b/links.fc
new file mode 100644
index 0000000..5749b58
--- /dev/null
+++ b/links.fc
@@ -0,0 +1,6 @@
+HOME_DIR/\.links(/.*)? gen_context(system_u:object_r:links_home_t,s0)
+
+#
+# /usr
+#
+/usr/bin/links -- gen_context(system_u:object_r:links_exec_t,s0)
diff --git a/links.if b/links.if
new file mode 100644
index 0000000..bf3e20a
--- /dev/null
+++ b/links.if
@@ -0,0 +1,36 @@
+## <summary>Links web browser</summary>
+
+#######################################
+## <summary>
+## The role interface for the links module.
+## </summary>
+## <param name="user_role">
+## <summary>
+## The role associated with the user domain.
+## </summary>
+## </param>
+## <param name="user_domain">
+## <summary>
+## The type of the user domain.
+## </summary>
+## </param>
+#
+interface(`links_role',`
+ gen_require(`
+ type links_t, links_exec_t, links_tmpfs_t, links_home_t;
+ ')
+
+ role $1 types links_t;
+
+ manage_dirs_pattern($2, links_home_t, links_home_t)
+ manage_files_pattern($2, links_home_t, links_home_t)
+ manage_lnk_files_pattern($2, links_home_t, links_home_t)
+
+ relabel_dirs_pattern($2, links_home_t, links_home_t)
+ relabel_files_pattern($2, links_home_t, links_home_t)
+ relabel_lnk_files_pattern($2, links_home_t, links_home_t)
+
+ domtrans_pattern($2, links_exec_t, links_t)
+
+ ps_process_pattern($2, links_t)
+')
diff --git a/links.te b/links.te
new file mode 100644
index 0000000..6289570
--- /dev/null
+++ b/links.te
@@ -0,0 +1,57 @@
+policy_module(links, 1.0.0)
+
+############################
+#
+# Declarations
+#
+
+type links_t;
+type links_exec_t;
+application_domain(links_t, links_exec_t)
+
+type links_home_t;
+typealias links_home_t alias { user_links_home_t staff_links_home_t sysadm_links_home_t };
+userdom_user_home_content(links_home_t)
+
+type links_tmpfs_t;
+typealias links_tmpfs_t alias { user_links_tmpfs_t staff_links_tmpfs_t sysadm_links_tmpfs_t };
+files_tmpfs_file(links_tmpfs_t)
+ubac_constrained(links_tmpfs_t)
+
+############################
+#
+# Policy
+#
+
+allow links_t self:process signal_perms;
+allow links_t self:unix_stream_socket create_stream_socket_perms;
+
+manage_dirs_pattern(links_t, links_home_t, links_home_t)
+manage_files_pattern(links_t, links_home_t, links_home_t)
+manage_lnk_files_pattern(links_t, links_home_t, links_home_t)
+manage_sock_files_pattern(links_t, links_home_t, links_home_t)
+manage_fifo_files_pattern(links_t, links_home_t, links_home_t)
+
+manage_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
+manage_lnk_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
+manage_fifo_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
+manage_sock_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
+fs_tmpfs_filetrans(links_t, links_tmpfs_t, { file lnk_file sock_file fifo_file })
+
+userdom_user_home_dir_filetrans(links_t, links_home_t, dir)
+
+corenet_tcp_connect_http_port(links_t)
+
+domain_use_interactive_fds(links_t)
+
+auth_use_nsswitch(links_t)
+
+miscfiles_read_localization(links_t)
+
+userdom_manage_user_home_content_dirs(links_t)
+userdom_manage_user_home_content_files(links_t)
+userdom_use_user_terminals(links_t)
+
+optional_policy(`
+ xserver_user_x_domain_template(links, links_t, links_tmpfs_t)
+')
--
1.7.3.4

2011-10-23 14:30:55

by sven.vermeulen

[permalink] [raw]
Subject: [refpolicy] [PATCH 2/2] Allow user domains to call links


Grant the links_role to the default user domains (staff, sysadm and the
regular user).

Signed-off-by: Sven Vermeulen <[email protected]>
---
policy/modules/roles/staff.te | 4 ++++
policy/modules/roles/sysadm.te | 4 ++++
policy/modules/roles/unprivuser.te | 4 ++++
3 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index c10c3d6..ae4a59a 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -109,6 +109,10 @@ ifndef(`distro_redhat',`
')

optional_policy(`
+ links_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
lockdev_role(staff_r, staff_t)
')

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 954417f..200e490 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -461,5 +461,9 @@ ifndef(`distro_redhat',`
optional_policy(`
java_role(sysadm_r, sysadm_t)
')
+
+ optional_policy(`
+ links_role(sysadm_r, sysadm_t)
+ ')
')

diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index c576b6c..074155f 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -86,6 +86,10 @@ ifndef(`distro_redhat',`
')

optional_policy(`
+ links_role(user_r, user_t)
+ ')
+
+ optional_policy(`
lockdev_role(user_r, user_t)
')

--
1.7.3.4

2011-11-08 15:08:35

by cpebenito

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/2] Support the console/graphical links browser

On 10/23/11 10:30, Sven Vermeulen wrote:
>
> Introduce the links_t domain for the links browser, which is an
> ncurses/svgalib/X11 browser (so supports both commandline-only as
> well as GUI environments)

A couple small notes inline.

> Signed-off-by: Sven Vermeulen <[email protected]>
> ---
> links.fc | 6 ++++++
> links.if | 36 ++++++++++++++++++++++++++++++++++++
> links.te | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 99 insertions(+), 0 deletions(-)
> create mode 100644 links.fc
> create mode 100644 links.if
> create mode 100644 links.te
>

> diff --git a/links.te b/links.te
> new file mode 100644
> index 0000000..6289570
> --- /dev/null
> +++ b/links.te
> @@ -0,0 +1,57 @@
> +policy_module(links, 1.0.0)
> +
> +############################
> +#
> +# Declarations
> +#
> +
> +type links_t;
> +type links_exec_t;
> +application_domain(links_t, links_exec_t)
> +
> +type links_home_t;
> +typealias links_home_t alias { user_links_home_t staff_links_home_t sysadm_links_home_t };
> +userdom_user_home_content(links_home_t)
> +
> +type links_tmpfs_t;
> +typealias links_tmpfs_t alias { user_links_tmpfs_t staff_links_tmpfs_t sysadm_links_tmpfs_t };
> +files_tmpfs_file(links_tmpfs_t)
> +ubac_constrained(links_tmpfs_t)

The aliases aren't necessary. They only exist in current policies for compatibility reasons. Since this is a new module, there is no compatibility to preserve.

> +############################
> +#
> +# Policy
> +#
> +
> +allow links_t self:process signal_perms;
> +allow links_t self:unix_stream_socket create_stream_socket_perms;
> +
> +manage_dirs_pattern(links_t, links_home_t, links_home_t)
> +manage_files_pattern(links_t, links_home_t, links_home_t)
> +manage_lnk_files_pattern(links_t, links_home_t, links_home_t)
> +manage_sock_files_pattern(links_t, links_home_t, links_home_t)
> +manage_fifo_files_pattern(links_t, links_home_t, links_home_t)
> +
> +manage_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
> +manage_lnk_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
> +manage_fifo_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
> +manage_sock_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t)
> +fs_tmpfs_filetrans(links_t, links_tmpfs_t, { file lnk_file sock_file fifo_file })
> +
> +userdom_user_home_dir_filetrans(links_t, links_home_t, dir)

This can go up with the other links_home_t rules, similar to how you have the above fs_tmpfs_filetrans().

> +
> +corenet_tcp_connect_http_port(links_t)
> +
> +domain_use_interactive_fds(links_t)
> +
> +auth_use_nsswitch(links_t)
> +
> +miscfiles_read_localization(links_t)
> +
> +userdom_manage_user_home_content_dirs(links_t)
> +userdom_manage_user_home_content_files(links_t)

Can this be limited? Is it so users can download files and save them to their home dir? If so, it should be tunable.

> +userdom_use_user_terminals(links_t)
> +
> +optional_policy(`
> + xserver_user_x_domain_template(links, links_t, links_tmpfs_t)
> +')


--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com

2011-11-08 15:11:54

by cpebenito

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/2] Support the console/graphical links browser

On 11/08/11 10:08, Christopher J. PeBenito wrote:
> On 10/23/11 10:30, Sven Vermeulen wrote:
>
> A couple small notes inline.

>> +type links_t;
>> +type links_exec_t;
>> +application_domain(links_t, links_exec_t)
>> +
>> +type links_home_t;
>> +typealias links_home_t alias { user_links_home_t staff_links_home_t sysadm_links_home_t };
>> +userdom_user_home_content(links_home_t)
>> +
>> +type links_tmpfs_t;
>> +typealias links_tmpfs_t alias { user_links_tmpfs_t staff_links_tmpfs_t sysadm_links_tmpfs_t };
>> +files_tmpfs_file(links_tmpfs_t)
>> +ubac_constrained(links_tmpfs_t)
>
> The aliases aren't necessary. They only exist in current policies for compatibility reasons. Since this is a new module, there is no compatibility to preserve.

You should also update to use the new userdom interfaces for apps and tmpfs files, e.g. userdom_user_tmpfs_file().

--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com