Update for the games module and improved integration with pulseaudio.
This patch also introduces a new interface needed by later versions
of a recently posted window manager (wm) patch.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/games.if | 79 +++++++++++++++++++++++++++++++++++++++-
policy/modules/contrib/games.te | 17 ++++++++
2 files changed, 95 insertions(+), 1 deletion(-)
--- refpolicy-git-07122016-orig/policy/modules/contrib/games.if 2016-12-08 16:56:24.204207842 +0100
+++ refpolicy-git-07122016/policy/modules/contrib/games.if 2016-12-08 17:56:49.233100321 +0100
@@ -42,7 +42,6 @@ interface(`games_role',`
########################################
## <summary>
## Read and write games data files.
-## games data.
## </summary>
## <param name="domain">
## <summary>
@@ -58,3 +57,81 @@ interface(`games_rw_data',`
files_search_var_lib($1)
rw_files_pattern($1, games_data_t, games_data_t)
')
+
+########################################
+## <summary>
+## Read games tmpfs files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`games_read_tmpfs_files',`
+ gen_require(`
+ type games_tmpfs_t;
+ ')
+
+ fs_search_tmpfs($1)
+ read_files_pattern($1, games_tmpfs_t, games_tmpfs_t)
+')
+
+########################################
+## <summary>
+## Run a game in the game domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`games_domtrans',`
+ gen_require(`
+ type games_t, games_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1, games_exec_t, games_t)
+')
+
+########################################
+## <summary>
+## Send null signals to games
+## processes.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`games_signull',`
+ gen_require(`
+ type games_t;
+ ')
+
+ allow $1 games_t:process signull;
+')
+
+########################################
+## <summary>
+## Send and receive messages from
+## games over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`games_dbus_chat',`
+ gen_require(`
+ type games_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 games_t:dbus send_msg;
+ allow games_t $1:dbus send_msg;
+')
--- refpolicy-git-07122016-orig/policy/modules/contrib/games.te 2016-12-08 16:56:24.204207842 +0100
+++ refpolicy-git-07122016/policy/modules/contrib/games.te 2016-12-08 17:47:13.726232210 +0100
@@ -95,6 +95,7 @@ optional_policy(`
# Client local policy
#
+allow games_t self:fifo_file rw_file_perms;
allow games_t self:sem create_sem_perms;
allow games_t self:tcp_socket { accept listen };
@@ -137,6 +138,7 @@ dev_read_sound(games_t)
dev_read_input(games_t)
dev_read_mouse(games_t)
dev_read_urand(games_t)
+dev_rw_dri(games_t)
dev_write_sound(games_t)
files_list_var(games_t)
@@ -146,6 +148,9 @@ files_read_etc_files(games_t)
files_read_usr_files(games_t)
files_read_var_files(games_t)
+fs_dontaudit_getattr_xattr_fs(games_t)
+fs_getattr_tmpfs(games_t)
+
init_dontaudit_rw_utmp(games_t)
logging_dontaudit_search_logs(games_t)
@@ -166,10 +171,22 @@ tunable_policy(`allow_execmem',`
')
optional_policy(`
+ dbus_all_session_bus_client(games_t)
+ dbus_connect_all_session_bus(games_t)
+')
+
+optional_policy(`
nscd_use(games_t)
')
optional_policy(`
+ pulseaudio_rw_tmpfs_files(games_t)
+ pulseaudio_signull(games_t)
+ pulseaudio_stream_connect(games_t)
+ pulseaudio_use_fds(games_t)
+')
+
+optional_policy(`
xserver_user_x_domain_template(games, games_t, games_tmpfs_t)
xserver_create_xdm_tmp_sockets(games_t)
xserver_read_xdm_lib_files(games_t)
Update the pulseaudio module for better integration with Gnome games.
This patch requires new interfaces introduced in the games module by
a recently posted patch.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/pulseaudio.te | 5 +++++
1 file changed, 5 insertions(+)
--- refpolicy-git-07122016-orig/policy/modules/contrib/pulseaudio.te 2016-10-29 16:29:19.759327926 +0200
+++ refpolicy-git-07122016/policy/modules/contrib/pulseaudio.te 2016-12-08 16:48:22.182212502 +0100
@@ -192,6 +192,11 @@ optional_policy(`
')
optional_policy(`
+ games_read_tmpfs_files(pulseaudio_t)
+ games_signull(pulseaudio_t)
+')
+
+optional_policy(`
gnome_stream_connect_gconf(pulseaudio_t)
# OIL Runtime Compiler (ORC) optimized code execution
On 12/08/2016 06:09 PM, Guido Trentalancia via refpolicy wrote:
> Update for the games module and improved integration with pulseaudio.
>
> This patch also introduces a new interface needed by later versions
> of a recently posted window manager (wm) patch.
>
It has been a while since i looked at the pulseaudio policy but i
suspect you only need:
pulseaudio_tmpfs_content(games_tmpfs_t)
pulseaudio_run(games_t, games_roles)
The above should take care of everything except
dbus_all_session_bus_client(games_t). It relies heavily on the use of
type attributes.
have a close look at pulseaudio module, and focus on the
pulseaudio_client and pulseaudio_tmpfsfile type attributes
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/games.if | 79 +++++++++++++++++++++++++++++++++++++++-
> policy/modules/contrib/games.te | 17 ++++++++
> 2 files changed, 95 insertions(+), 1 deletion(-)
>
> --- refpolicy-git-07122016-orig/policy/modules/contrib/games.if 2016-12-08 16:56:24.204207842 +0100
> +++ refpolicy-git-07122016/policy/modules/contrib/games.if 2016-12-08 17:56:49.233100321 +0100
> @@ -42,7 +42,6 @@ interface(`games_role',`
> ########################################
> ## <summary>
> ## Read and write games data files.
> -## games data.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -58,3 +57,81 @@ interface(`games_rw_data',`
> files_search_var_lib($1)
> rw_files_pattern($1, games_data_t, games_data_t)
> ')
> +
> +########################################
> +## <summary>
> +## Read games tmpfs files.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`games_read_tmpfs_files',`
> + gen_require(`
> + type games_tmpfs_t;
> + ')
> +
> + fs_search_tmpfs($1)
> + read_files_pattern($1, games_tmpfs_t, games_tmpfs_t)
> +')
> +
> +########################################
> +## <summary>
> +## Run a game in the game domain.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed to transition.
> +## </summary>
> +## </param>
> +#
> +interface(`games_domtrans',`
> + gen_require(`
> + type games_t, games_exec_t;
> + ')
> +
> + corecmd_search_bin($1)
> + domtrans_pattern($1, games_exec_t, games_t)
> +')
> +
> +########################################
> +## <summary>
> +## Send null signals to games
> +## processes.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`games_signull',`
> + gen_require(`
> + type games_t;
> + ')
> +
> + allow $1 games_t:process signull;
> +')
> +
> +########################################
> +## <summary>
> +## Send and receive messages from
> +## games over dbus.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`games_dbus_chat',`
> + gen_require(`
> + type games_t;
> + class dbus send_msg;
> + ')
> +
> + allow $1 games_t:dbus send_msg;
> + allow games_t $1:dbus send_msg;
> +')
> --- refpolicy-git-07122016-orig/policy/modules/contrib/games.te 2016-12-08 16:56:24.204207842 +0100
> +++ refpolicy-git-07122016/policy/modules/contrib/games.te 2016-12-08 17:47:13.726232210 +0100
> @@ -95,6 +95,7 @@ optional_policy(`
> # Client local policy
> #
>
> +allow games_t self:fifo_file rw_file_perms;
> allow games_t self:sem create_sem_perms;
> allow games_t self:tcp_socket { accept listen };
>
> @@ -137,6 +138,7 @@ dev_read_sound(games_t)
> dev_read_input(games_t)
> dev_read_mouse(games_t)
> dev_read_urand(games_t)
> +dev_rw_dri(games_t)
> dev_write_sound(games_t)
>
> files_list_var(games_t)
> @@ -146,6 +148,9 @@ files_read_etc_files(games_t)
> files_read_usr_files(games_t)
> files_read_var_files(games_t)
>
> +fs_dontaudit_getattr_xattr_fs(games_t)
> +fs_getattr_tmpfs(games_t)
> +
> init_dontaudit_rw_utmp(games_t)
>
> logging_dontaudit_search_logs(games_t)
> @@ -166,10 +171,22 @@ tunable_policy(`allow_execmem',`
> ')
>
> optional_policy(`
> + dbus_all_session_bus_client(games_t)
> + dbus_connect_all_session_bus(games_t)
> +')
> +
> +optional_policy(`
> nscd_use(games_t)
> ')
>
> optional_policy(`
> + pulseaudio_rw_tmpfs_files(games_t)
> + pulseaudio_signull(games_t)
> + pulseaudio_stream_connect(games_t)
> + pulseaudio_use_fds(games_t)
> +')
> +
> +optional_policy(`
> xserver_user_x_domain_template(games, games_t, games_tmpfs_t)
> xserver_create_xdm_tmp_sockets(games_t)
> xserver_read_xdm_lib_files(games_t)
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20161208/f02a48bc/attachment-0001.bin
On 12/08/2016 06:10 PM, Guido Trentalancia via refpolicy wrote:
> Update the pulseaudio module for better integration with Gnome games.
>
> This patch requires new interfaces introduced in the games module by
> a recently posted patch.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/pulseaudio.te | 5 +++++
> 1 file changed, 5 insertions(+)
>
> --- refpolicy-git-07122016-orig/policy/modules/contrib/pulseaudio.te 2016-10-29 16:29:19.759327926 +0200
> +++ refpolicy-git-07122016/policy/modules/contrib/pulseaudio.te 2016-12-08 16:48:22.182212502 +0100
> @@ -192,6 +192,11 @@ optional_policy(`
> ')
>
> optional_policy(`
> + games_read_tmpfs_files(pulseaudio_t)
> + games_signull(pulseaudio_t)
> +
You should instead make games_t pulseaudio_client and make games_tmpfs_t
pulseaudio_tmpfsfile
> +optional_policy(`
> gnome_stream_connect_gconf(pulseaudio_t)
>
> # OIL Runtime Compiler (ORC) optimized code execution
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20161208/fa8d42be/attachment.bin
Hello.
On Thu, 08/12/2016 at 18.36 +0100, Dominick Grift via refpolicy wrote:
> On 12/08/2016 06:09 PM, Guido Trentalancia via refpolicy wrote:
> >
> > Update for the games module and improved integration with
> > pulseaudio.
> >
> > This patch also introduces a new interface needed by later versions
> > of a recently posted window manager (wm) patch.
> >
>
> It has been a while since i looked at the pulseaudio policy but i
> suspect you only need:
>
> pulseaudio_tmpfs_content(games_tmpfs_t)
> pulseaudio_run(games_t, games_roles)
The pulseaudio_tmpfs_content() interface does not work. It keeps
creating files with the games_tmpfs_t type...
> The above should take care of everything except
> dbus_all_session_bus_client(games_t). It relies heavily on the use of
> type attributes.
>
> have a close look at pulseaudio module, and focus on the
> pulseaudio_client and pulseaudio_tmpfsfile type attributes
Guido
On 12/09/2016 04:23 PM, Guido Trentalancia via refpolicy wrote:
> Hello.
>
> On Thu, 08/12/2016 at 18.36 +0100, Dominick Grift via refpolicy wrote:
>> On 12/08/2016 06:09 PM, Guido Trentalancia via refpolicy wrote:
>>>
>>> Update for the games module and improved integration with
>>> pulseaudio.
>>>
>>> This patch also introduces a new interface needed by later versions
>>> of a recently posted window manager (wm) patch.
>>>
>>
>> It has been a while since i looked at the pulseaudio policy but i
>> suspect you only need:
>>
>> pulseaudio_tmpfs_content(games_tmpfs_t)
>> pulseaudio_run(games_t, games_roles)
>
> The pulseaudio_tmpfs_content() interface does not work. It keeps
> creating files with the games_tmpfs_t type...
that is how it should behave.
processes sometimes use tmpfs content for various purposes. like for
example games does. So pulseaudio_tmpfs_content() just tells selinux:
games_tmpfs_t is also used for pulseaudio tmpfs files.
this then allows other pulseaudio clients to r/w and delete files with
that type.
Because pa clients need to be able to r/w and delete eachothers files in
/dev/shm
>
>> The above should take care of everything except
>> dbus_all_session_bus_client(games_t). It relies heavily on the use of
>> type attributes.
>>
>> have a close look at pulseaudio module, and focus on the
>> pulseaudio_client and pulseaudio_tmpfsfile type attributes
>
> Guido
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20161209/8599f966/attachment.bin
On Fri, 09/12/2016 at 16.27 +0100, Dominick Grift via refpolicy wrote:
> On 12/09/2016 04:23 PM, Guido Trentalancia via refpolicy wrote:
> >
> > Hello.
> >
> > On Thu, 08/12/2016 at 18.36 +0100, Dominick Grift via refpolicy
> > wrote:
> > >
> > > On 12/08/2016 06:09 PM, Guido Trentalancia via refpolicy wrote:
> > > >
> > > >
> > > > Update for the games module and improved integration with
> > > > pulseaudio.
> > > >
> > > > This patch also introduces a new interface needed by later
> > > > versions
> > > > of a recently posted window manager (wm) patch.
> > > >
> > >
> > > It has been a while since i looked at the pulseaudio policy but i
> > > suspect you only need:
> > >
> > > pulseaudio_tmpfs_content(games_tmpfs_t)
> > > pulseaudio_run(games_t, games_roles)
> >
> > The pulseaudio_tmpfs_content() interface does not work. It keeps
> > creating files with the games_tmpfs_t type...
>
> that is how it should behave.
>
> processes sometimes use tmpfs content for various purposes. like for
> example games does. So pulseaudio_tmpfs_content() just tells selinux:
> games_tmpfs_t is also used for pulseaudio tmpfs files.
>
> this then allows other pulseaudio clients to r/w and delete files
> with
> that type.
>
> Because pa clients need to be able to r/w and delete eachothers files
> in
> /dev/shm
A full file transition to pulseaudio_tmpfs_t is needed instead of
the?pulseaudio_tmpfs_content() interface.
The latter is limited and the games module is showing that.
> > > The above should take care of everything except
> > > dbus_all_session_bus_client(games_t). It relies heavily on the
> > > use of
> > > type attributes.
> > >
> > > have a close look at pulseaudio module, and focus on the
> > > pulseaudio_client and pulseaudio_tmpfsfile type attributes
> >
Guido
On 12/09/2016 05:58 PM, Guido Trentalancia via refpolicy wrote:
> On Fri, 09/12/2016 at 16.27 +0100, Dominick Grift via refpolicy wrote:
>> On 12/09/2016 04:23 PM, Guido Trentalancia via refpolicy wrote:
>>>
>>> Hello.
>>>
>>> On Thu, 08/12/2016 at 18.36 +0100, Dominick Grift via refpolicy
>>> wrote:
>>>>
>>>> On 12/08/2016 06:09 PM, Guido Trentalancia via refpolicy wrote:
>>>>>
>>>>>
>>>>> Update for the games module and improved integration with
>>>>> pulseaudio.
>>>>>
>>>>> This patch also introduces a new interface needed by later
>>>>> versions
>>>>> of a recently posted window manager (wm) patch.
>>>>>
>>>>
>>>> It has been a while since i looked at the pulseaudio policy but i
>>>> suspect you only need:
>>>>
>>>> pulseaudio_tmpfs_content(games_tmpfs_t)
>>>> pulseaudio_run(games_t, games_roles)
>>>
>>> The pulseaudio_tmpfs_content() interface does not work. It keeps
>>> creating files with the games_tmpfs_t type...
>>
>> that is how it should behave.
>>
>> processes sometimes use tmpfs content for various purposes. like for
>> example games does. So pulseaudio_tmpfs_content() just tells selinux:
>> games_tmpfs_t is also used for pulseaudio tmpfs files.
>>
>> this then allows other pulseaudio clients to r/w and delete files
>> with
>> that type.
>>
>> Because pa clients need to be able to r/w and delete eachothers files
>> in
>> /dev/shm
>
> A full file transition to pulseaudio_tmpfs_t is needed instead of
> the pulseaudio_tmpfs_content() interface.
>
> The latter is limited and the games module is showing that.
>
no i think you're missing the point.
These files have random names, and processes that are pulseaudio clients
might themselves maintain tmpfs files with random names as well
so you can not implement name-based type transitions and you don't want
to give "non-pulseaudio clients" access to pulseaudio_tmpfs_t type files
I know this implementation looks weird, but it was given some thought
before it was implemented.
This is something i encourage you do as well: before submitting patches,
make sure that things work out in the bigger sceme of things so that it
does not have to be reverted at a later point in time.
>>>> The above should take care of everything except
>>>> dbus_all_session_bus_client(games_t). It relies heavily on the
>>>> use of
>>>> type attributes.
>>>>
>>>> have a close look at pulseaudio module, and focus on the
>>>> pulseaudio_client and pulseaudio_tmpfsfile type attributes
>>>
>
> Guido
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20161209/21a6ad8c/attachment.bin
On Fri, 09/12/2016 at 17.58 +0100, Guido Trentalancia via refpolicy
wrote:
> On Fri, 09/12/2016 at 16.27 +0100, Dominick Grift via refpolicy
> wrote:
> >
> > On 12/09/2016 04:23 PM, Guido Trentalancia via refpolicy wrote:
> > >
> > >
> > > Hello.
> > >
> > > On Thu, 08/12/2016 at 18.36 +0100, Dominick Grift via refpolicy
> > > wrote:
> > > >
> > > >
> > > > On 12/08/2016 06:09 PM, Guido Trentalancia via refpolicy wrote:
> > > > >
> > > > >
> > > > >
> > > > > Update for the games module and improved integration with
> > > > > pulseaudio.
> > > > >
> > > > > This patch also introduces a new interface needed by later
> > > > > versions
> > > > > of a recently posted window manager (wm) patch.
> > > > >
> > > >
> > > > It has been a while since i looked at the pulseaudio policy but
> > > > i
> > > > suspect you only need:
> > > >
> > > > pulseaudio_tmpfs_content(games_tmpfs_t)
> > > > pulseaudio_run(games_t, games_roles)
> > >
> > > The pulseaudio_tmpfs_content() interface does not work. It keeps
> > > creating files with the games_tmpfs_t type...
> >
> > that is how it should behave.
> >
> > processes sometimes use tmpfs content for various purposes. like
> > for
> > example games does. So pulseaudio_tmpfs_content() just tells
> > selinux:
> > games_tmpfs_t is also used for pulseaudio tmpfs files.
> >
> > this then allows other pulseaudio clients to r/w and delete files
> > with
> > that type.
> >
> > Because pa clients need to be able to r/w and delete eachothers
> > files
> > in
> > /dev/shm
>
> A full file transition to pulseaudio_tmpfs_t is needed instead of
> the?pulseaudio_tmpfs_content() interface.
>
> The latter is limited and the games module is showing that.
I am going to change (v2) the patch as you suggested just to make it
coherent with the rest of the policy.
However, the pulseaudio module needs to be tackled soon because it has
limitations that are showing up...
[cut]
Update for the games module and improved integration with pulseaudio.
This patch introduces a new interface needed by later versions of a
recently posted window manager (wm) patch.
In the second version of this patch, two existing pulseaudio interfaces
are used (pulseaudio_tmpfs_content and pulseaudio_run).
The second part of this patch (2/2, tackling the pulseaudio module
only) remains unchanged.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/games.if | 79 +++++++++++++++++++++++++++++++++++++++-
policy/modules/contrib/games.te | 20 ++++++++++
2 files changed, 98 insertions(+), 1 deletion(-)
diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/games.if refpolicy-git-07122016/policy/modules/contrib/games.if
--- refpolicy-git-07122016-orig/policy/modules/contrib/games.if 2016-12-08 18:23:14.044084368 +0100
+++ refpolicy-git-07122016/policy/modules/contrib/games.if 2016-12-08 22:30:41.355242647 +0100
@@ -42,7 +42,6 @@ interface(`games_role',`
########################################
## <summary>
## Read and write games data files.
-## games data.
## </summary>
## <param name="domain">
## <summary>
@@ -58,3 +57,81 @@ interface(`games_rw_data',`
files_search_var_lib($1)
rw_files_pattern($1, games_data_t, games_data_t)
')
+
+########################################
+## <summary>
+## Read games tmpfs files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`games_read_tmpfs_files',`
+ gen_require(`
+ type games_tmpfs_t;
+ ')
+
+ fs_search_tmpfs($1)
+ read_files_pattern($1, games_tmpfs_t, games_tmpfs_t)
+')
+
+########################################
+## <summary>
+## Run a game in the game domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`games_domtrans',`
+ gen_require(`
+ type games_t, games_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1, games_exec_t, games_t)
+')
+
+########################################
+## <summary>
+## Send null signals to games
+## processes.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`games_signull',`
+ gen_require(`
+ type games_t;
+ ')
+
+ allow $1 games_t:process signull;
+')
+
+########################################
+## <summary>
+## Send and receive messages from
+## games over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`games_dbus_chat',`
+ gen_require(`
+ type games_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 games_t:dbus send_msg;
+ allow games_t $1:dbus send_msg;
+')
diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/games.te refpolicy-git-07122016/policy/modules/contrib/games.te
--- refpolicy-git-07122016-orig/policy/modules/contrib/games.te 2016-12-08 18:23:14.044084368 +0100
+++ refpolicy-git-07122016/policy/modules/contrib/games.te 2016-12-09 17:36:59.751649604 +0100
@@ -42,6 +42,10 @@ typealias games_tmpfs_t alias { user_gam
typealias games_tmpfs_t alias { auditadm_games_tmpfs_t secadm_games_tmpfs_t };
userdom_user_tmpfs_file(games_tmpfs_t)
+optional_policy(`
+ pulseaudio_tmpfs_content(games_tmpfs_t)
+')
+
########################################
#
# Server local policy
@@ -95,6 +99,7 @@ optional_policy(`
# Client local policy
#
+allow games_t self:fifo_file rw_file_perms;
allow games_t self:sem create_sem_perms;
allow games_t self:tcp_socket { accept listen };
@@ -137,6 +142,7 @@ dev_read_sound(games_t)
dev_read_input(games_t)
dev_read_mouse(games_t)
dev_read_urand(games_t)
+dev_rw_dri(games_t)
dev_write_sound(games_t)
files_list_var(games_t)
@@ -146,6 +152,9 @@ files_read_etc_files(games_t)
files_read_usr_files(games_t)
files_read_var_files(games_t)
+fs_dontaudit_getattr_xattr_fs(games_t)
+fs_getattr_tmpfs(games_t)
+
init_dontaudit_rw_utmp(games_t)
logging_dontaudit_search_logs(games_t)
@@ -166,10 +175,21 @@ tunable_policy(`allow_execmem',`
')
optional_policy(`
+ dbus_all_session_bus_client(games_t)
+ dbus_connect_all_session_bus(games_t)
+')
+
+optional_policy(`
nscd_use(games_t)
')
optional_policy(`
+ pulseaudio_run(games_t, games_roles)
+ pulseaudio_rw_tmpfs_files(mozilla_t)
+ pulseaudio_use_fds(mozilla_t)
+')
+
+optional_policy(`
xserver_user_x_domain_template(games, games_t, games_tmpfs_t)
xserver_create_xdm_tmp_sockets(games_t)
xserver_read_xdm_lib_files(games_t)
On Fri, 09/12/2016 at 18.03 +0100, Dominick Grift via refpolicy wrote:
> On 12/09/2016 05:58 PM, Guido Trentalancia via refpolicy wrote:
> >
> > On Fri, 09/12/2016 at 16.27 +0100, Dominick Grift via refpolicy
> > wrote:
> > >
> > > On 12/09/2016 04:23 PM, Guido Trentalancia via refpolicy wrote:
> > > >
> > > >
> > > > Hello.
> > > >
> > > > On Thu, 08/12/2016 at 18.36 +0100, Dominick Grift via refpolicy
> > > > wrote:
> > > > >
> > > > >
> > > > > On 12/08/2016 06:09 PM, Guido Trentalancia via refpolicy
> > > > > wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > > Update for the games module and improved integration with
> > > > > > pulseaudio.
> > > > > >
> > > > > > This patch also introduces a new interface needed by later
> > > > > > versions
> > > > > > of a recently posted window manager (wm) patch.
> > > > > >
> > > > >
> > > > > It has been a while since i looked at the pulseaudio policy
> > > > > but i
> > > > > suspect you only need:
> > > > >
> > > > > pulseaudio_tmpfs_content(games_tmpfs_t)
> > > > > pulseaudio_run(games_t, games_roles)
> > > >
> > > > The pulseaudio_tmpfs_content() interface does not work. It
> > > > keeps
> > > > creating files with the games_tmpfs_t type...
> > >
> > > that is how it should behave.
> > >
> > > processes sometimes use tmpfs content for various purposes. like
> > > for
> > > example games does. So pulseaudio_tmpfs_content() just tells
> > > selinux:
> > > games_tmpfs_t is also used for pulseaudio tmpfs files.
> > >
> > > this then allows other pulseaudio clients to r/w and delete files
> > > with
> > > that type.
> > >
> > > Because pa clients need to be able to r/w and delete eachothers
> > > files
> > > in
> > > /dev/shm
> >
> > A full file transition to pulseaudio_tmpfs_t is needed instead of
> > the pulseaudio_tmpfs_content() interface.
> >
> > The latter is limited and the games module is showing that.
> >
>
> no i think you're missing the point.
>
> These files have random names, and processes that are pulseaudio
> clients
> might themselves maintain tmpfs files with random names as well
>
> so you can not implement name-based type transitions and you don't
> want
> to give "non-pulseaudio clients" access to pulseaudio_tmpfs_t type
> files
What is needed is not name-based file type transitions, just file type
transitions for all tmpfs files, because otherwise they are created
with the games_tmpfs_t type and pulseaudio cannot read them.
This is one limitation of the current pulseaudio module, caused by the
use of pulseaudio_tmpfs_content instead of full file type transition.
> I know this implementation looks weird, but it was given some thought
> before it was implemented.
It's not weird, it is simply ineffective because the random files in
tmpfs are created with other file types and are not relabeled to
pulseaudio_tmpfs_t either.
> This is something i encourage you do as well: before submitting
> patches,
> make sure that things work out in the bigger sceme of things so that
> it
> does not have to be reverted at a later point in time.
The pulseaudio module probably needs to be fixed, so that clients can
benefit of full file transitions in tmp filesystems for their pulse-
shm-* files. This would avoid the need for the second part of this
patch (2/2).
Also, the pulseaudio module probably needs to be fixed at this point so
that pulseaudio_use_fds() and pulseaudio_rw_tmpfs_files() do not need
to be called each time for each client.
More changes might be necessary.
Guido
On 12/09/2016 06:20 PM, Guido Trentalancia via refpolicy wrote:
> On Fri, 09/12/2016 at 18.03 +0100, Dominick Grift via refpolicy wrote:
>> On 12/09/2016 05:58 PM, Guido Trentalancia via refpolicy wrote:
>>>
>>> On Fri, 09/12/2016 at 16.27 +0100, Dominick Grift via refpolicy
>>> wrote:
>>>>
>>>> On 12/09/2016 04:23 PM, Guido Trentalancia via refpolicy wrote:
>>>>>
>>>>>
>>>>> Hello.
>>>>>
>>>>> On Thu, 08/12/2016 at 18.36 +0100, Dominick Grift via refpolicy
>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> On 12/08/2016 06:09 PM, Guido Trentalancia via refpolicy
>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Update for the games module and improved integration with
>>>>>>> pulseaudio.
>>>>>>>
>>>>>>> This patch also introduces a new interface needed by later
>>>>>>> versions
>>>>>>> of a recently posted window manager (wm) patch.
>>>>>>>
>>>>>>
>>>>>> It has been a while since i looked at the pulseaudio policy
>>>>>> but i
>>>>>> suspect you only need:
>>>>>>
>>>>>> pulseaudio_tmpfs_content(games_tmpfs_t)
>>>>>> pulseaudio_run(games_t, games_roles)
>>>>>
>>>>> The pulseaudio_tmpfs_content() interface does not work. It
>>>>> keeps
>>>>> creating files with the games_tmpfs_t type...
>>>>
>>>> that is how it should behave.
>>>>
>>>> processes sometimes use tmpfs content for various purposes. like
>>>> for
>>>> example games does. So pulseaudio_tmpfs_content() just tells
>>>> selinux:
>>>> games_tmpfs_t is also used for pulseaudio tmpfs files.
>>>>
>>>> this then allows other pulseaudio clients to r/w and delete files
>>>> with
>>>> that type.
>>>>
>>>> Because pa clients need to be able to r/w and delete eachothers
>>>> files
>>>> in
>>>> /dev/shm
>>>
>>> A full file transition to pulseaudio_tmpfs_t is needed instead of
>>> the pulseaudio_tmpfs_content() interface.
>>>
>>> The latter is limited and the games module is showing that.
>>>
>>
>> no i think you're missing the point.
>>
>> These files have random names, and processes that are pulseaudio
>> clients
>> might themselves maintain tmpfs files with random names as well
>>
>> so you can not implement name-based type transitions and you don't
>> want
>> to give "non-pulseaudio clients" access to pulseaudio_tmpfs_t type
>> files
>
> What is needed is not name-based file type transitions, just file type
> transitions for all tmpfs files, because otherwise they are created
> with the games_tmpfs_t type and pulseaudio cannot read them.
>
> This is one limitation of the current pulseaudio module, caused by the
> use of pulseaudio_tmpfs_content instead of full file type transition.
>
>> I know this implementation looks weird, but it was given some thought
>> before it was implemented.
>
> It's not weird, it is simply ineffective because the random files in
> tmpfs are created with other file types and are not relabeled to
> pulseaudio_tmpfs_t either.
>
>> This is something i encourage you do as well: before submitting
>> patches,
>> make sure that things work out in the bigger sceme of things so that
>> it
>> does not have to be reverted at a later point in time.
>
> The pulseaudio module probably needs to be fixed, so that clients can
> benefit of full file transitions in tmp filesystems for their pulse-
> shm-* files. This would avoid the need for the second part of this
> patch (2/2).
>
> Also, the pulseaudio module probably needs to be fixed at this point so
> that pulseaudio_use_fds() and pulseaudio_rw_tmpfs_files() do not need
> to be called each time for each client.
>
> More changes might be necessary.
>
I am going to stay out of this from now on. I have my own policy to
worry about.
> Guido
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20161209/b088e4ae/attachment.bin
Update for the games module and integration with pulseaudio.
This patch introduces a new interface needed by later versions of a
recently posted window manager (wm) patch.
This third version of the patch relies on the following recent
change proposals for the pulseaudio module:
[PATCH 1/2] pulseaudio: update server and client permissions
http://oss.tresys.com/pipermail/refpolicy/2016-December/008677.html
and it makes part 2/2 obsolete.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/games.if | 41 +++++++++++++++++++++++++++++++++++++++-
policy/modules/contrib/games.te | 17 ++++++++++++++++
2 files changed, 57 insertions(+), 1 deletion(-)
diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/games.if refpolicy-git-07122016/policy/modules/contrib/games.if
--- refpolicy-git-07122016-orig/policy/modules/contrib/games.if 2016-12-08 18:23:14.044084368 +0100
+++ refpolicy-git-07122016/policy/modules/contrib/games.if 2016-12-09 22:13:38.424448790 +0100
@@ -42,7 +42,6 @@ interface(`games_role',`
########################################
## <summary>
## Read and write games data files.
-## games data.
## </summary>
## <param name="domain">
## <summary>
@@ -58,3 +57,43 @@ interface(`games_rw_data',`
files_search_var_lib($1)
rw_files_pattern($1, games_data_t, games_data_t)
')
+
+########################################
+## <summary>
+## Run a game in the game domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`games_domtrans',`
+ gen_require(`
+ type games_t, games_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1, games_exec_t, games_t)
+')
+
+########################################
+## <summary>
+## Send and receive messages from
+## games over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`games_dbus_chat',`
+ gen_require(`
+ type games_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 games_t:dbus send_msg;
+ allow games_t $1:dbus send_msg;
+')
diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/games.te refpolicy-git-07122016/policy/modules/contrib/games.te
--- refpolicy-git-07122016-orig/policy/modules/contrib/games.te 2016-12-08 18:23:14.044084368 +0100
+++ refpolicy-git-07122016/policy/modules/contrib/games.te 2016-12-09 22:18:09.451695873 +0100
@@ -42,6 +42,10 @@ typealias games_tmpfs_t alias { user_gam
typealias games_tmpfs_t alias { auditadm_games_tmpfs_t secadm_games_tmpfs_t };
userdom_user_tmpfs_file(games_tmpfs_t)
+optional_policy(`
+ pulseaudio_tmpfs_content(games_tmpfs_t)
+')
+
########################################
#
# Server local policy
@@ -95,6 +99,7 @@ optional_policy(`
# Client local policy
#
+allow games_t self:fifo_file rw_file_perms;
allow games_t self:sem create_sem_perms;
allow games_t self:tcp_socket { accept listen };
@@ -137,6 +142,7 @@ dev_read_sound(games_t)
dev_read_input(games_t)
dev_read_mouse(games_t)
dev_read_urand(games_t)
+dev_rw_dri(games_t)
dev_write_sound(games_t)
files_list_var(games_t)
@@ -146,6 +152,8 @@ files_read_etc_files(games_t)
files_read_usr_files(games_t)
files_read_var_files(games_t)
+fs_dontaudit_getattr_xattr_fs(games_t)
+
init_dontaudit_rw_utmp(games_t)
logging_dontaudit_search_logs(games_t)
@@ -166,10 +174,19 @@ tunable_policy(`allow_execmem',`
')
optional_policy(`
+ dbus_all_session_bus_client(games_t)
+ dbus_connect_all_session_bus(games_t)
+')
+
+optional_policy(`
nscd_use(games_t)
')
optional_policy(`
+ pulseaudio_run(games_t, games_roles)
+')
+
+optional_policy(`
xserver_user_x_domain_template(games, games_t, games_tmpfs_t)
xserver_create_xdm_tmp_sockets(games_t)
xserver_read_xdm_lib_files(games_t)