This creates the user cache, config and data home content types and user cache, config and data home content attributes plus relevant dependencies.
Dominick Grift (3):
Create a attribute user_home_content_type and assign it to all types
that are classified userdom_user_home_content()
These two attribute are unused
Implement X Desktop Group
policy/modules/services/xserver.fc | 4 +
policy/modules/services/xserver.if | 533 ++++++++++++++++++++++++++++++++++++
policy/modules/services/xserver.te | 14 +
policy/modules/system/userdomain.if | 101 +++++++
policy/modules/system/userdomain.te | 3 +-
5 files changed, 653 insertions(+), 2 deletions(-)
--
1.7.11.7
Create various interfaces using the user_home_content_type attribute for
tmpreaper
user_home_t, user_tmp_t and user_tmpfs_t are user_home_content_type
(why?) We should probably also create user_tmp_content_type and
user_tmpfs_content_type attributes and assign to userdom_tmp_file and
userdom_tmpfs_file respectively
Signed-off-by: Dominick Grift <[email protected]>
---
policy/modules/system/userdomain.if | 101 ++++++++++++++++++++++++++++++++++++
policy/modules/system/userdomain.te | 2 +
2 files changed, 103 insertions(+)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index b15630a..6d4424b 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1350,9 +1350,12 @@ interface(`userdom_user_application_domain',`
#
interface(`userdom_user_home_content',`
gen_require(`
+ attribute user_home_content_type;
type user_home_t;
')
+ typeattribute $1 user_home_content_type;
+
allow $1 user_home_t:filesystem associate;
files_type($1)
files_poly_member($1)
@@ -1704,6 +1707,25 @@ interface(`userdom_dontaudit_search_user_home_content',`
########################################
## <summary>
+## List all users home content directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_list_all_user_home_content',`
+ gen_require(`
+ attribute user_home_content_type;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 user_home_content_type:dir list_dir_perms;
+')
+
+########################################
+## <summary>
## List contents of users home directory.
## </summary>
## <param name="domain">
@@ -1742,6 +1764,26 @@ interface(`userdom_manage_user_home_content_dirs',`
########################################
## <summary>
+## Delete all user home content directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_delete_all_user_home_content_dirs',`
+ gen_require(`
+ attribute user_home_content_type;
+ type user_home_dir_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ delete_files_pattern($1, { user_home_dir_t user_home_content_type }, user_home_content_type)
+')
+
+########################################
+## <summary>
## Delete directories in a user home subdirectory.
## </summary>
## <param name="domain">
@@ -1760,6 +1802,25 @@ interface(`userdom_delete_user_home_content_dirs',`
########################################
## <summary>
+## Set attributes of all user home content directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_setattr_all_user_home_content_dirs',`
+ gen_require(`
+ attribute user_home_content_type;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 user_home_content_type:dir setattr_dir_perms;
+')
+
+########################################
+## <summary>
## Do not audit attempts to set the
## attributes of user home files.
## </summary>
@@ -1872,6 +1933,26 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
########################################
## <summary>
+## Delete all user home content files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_delete_all_user_home_content_files',`
+ gen_require(`
+ attribute user_home_content_type;
+ type user_home_dir_t;
+ ')
+
+ userdom_search_user_home_content($1)
+ delete_files_pattern($1 { user_home_dir_t user_home_content_type }, user_home_content_type)
+')
+
+########################################
+## <summary>
## Delete files in a user home subdirectory.
## </summary>
## <param name="domain">
@@ -2034,6 +2115,26 @@ interface(`userdom_manage_user_home_content_symlinks',`
########################################
## <summary>
+## Delete all user home content symbolic links.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_delete_all_user_home_content_symlinks',`
+ gen_require(`
+ attribute user_home_content_type;
+ type user_home_dir_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ delete_lnk_files_pattern($1, { user_home_dir_t user_home_content_type }, user_home_content_type)
+')
+
+########################################
+## <summary>
## Delete symbolic links in a user home directory.
## </summary>
## <param name="domain">
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 460d96f..1f2a519 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -59,6 +59,8 @@ attribute unpriv_userdomain;
attribute untrusted_content_type;
attribute untrusted_content_tmp_type;
+attribute user_home_content_type;
+
type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t secadm_home_dir_t auditadm_home_dir_t unconfined_home_dir_t };
fs_associate_tmpfs(user_home_dir_t)
files_type(user_home_dir_t)
--
1.7.11.7
Signed-off-by: Dominick Grift <[email protected]>
---
policy/modules/system/userdomain.te | 3 ---
1 file changed, 3 deletions(-)
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 1f2a519..5cd5f28 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -56,9 +56,6 @@ attribute userdomain;
# unprivileged user domains
attribute unpriv_userdomain;
-attribute untrusted_content_type;
-attribute untrusted_content_tmp_type;
-
attribute user_home_content_type;
type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t secadm_home_dir_t auditadm_home_dir_t unconfined_home_dir_t };
--
1.7.11.7
Creates 3 type attributes for xdg cache (~/.cache), config (~/.config)
and data (~/.local/share user home content and assigns to
xserver_user_cache_home_content(), xserver_user_config_home_content()
and xserver_user_data_home_content() respectively
Creates 3 types for generic xdg user cache, config and data home
content, assigns to them their respective type attributes and
classifieds them user_home_content_type by calling xserver_user_cache,
config, data_home_content
Create the various basic interfaces that will be needed:
1. xserver_create_generic_user_cache, config, data, home_dirs:
This will be used together with
xserver_user_home_(content|dir)_filetrans_cache, config,
data_home_content and allows the caller to create ~/.cache, ~/.config
and ~/.local/share directories. Each XDG aware program needs to be
able to create these.
2. xserver_read|manage_generic_user_cache, config, data_home_content:
By default content is created with a generic type and these broad
interfaces allow the caller to read of manage content with these
generic types
3. xserver_user_cache, config, data_home_content_filetrans:
Allows callers to create specified objects in these location with a
private type
Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
(user_data_home_t)
There is a little issue with user_data_home, this is content for
~/.local/share and as per xdg specification "share" is the user data
root dir instead of ~/.local, that means that the type transition
happens on user home content instead of user home dir. this makes it a
bit more prone to error since all directories named share created by
xserver_restricted_role callers in generic user home content
directories will be created with user_data_home_t. We could consider
using ~/.local instead
Signed-off-by: Dominick Grift <[email protected]>
---
policy/modules/services/xserver.fc | 4 +
policy/modules/services/xserver.if | 533 +++++++++++++++++++++++++++++++++++++
policy/modules/services/xserver.te | 14 +
3 files changed, 551 insertions(+)
diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
index 9393f65..e64ecb2 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -1,6 +1,10 @@
#
# HOME_DIR
#
+
+HOME_DIR/\.cache(/.*)? gen_context(system_u:object_r:user_cache_home_t,s0)
+HOME_DIR/\.config(/.*)? gen_context(system_u:object_r:user_config_home_t,s0)
+HOME_DIR/\.local/share(/.*)? gen_context(system_u:object_r:user_data_home_t,s0)
HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:user_fonts_config_t,s0)
HOME_DIR/\.fonts(/.*)? gen_context(system_u:object_r:user_fonts_t,s0)
HOME_DIR/\.fonts/auto(/.*)? gen_context(system_u:object_r:user_fonts_cache_t,s0)
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 6bf0ecc..c4f7cb4 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -22,6 +22,7 @@ interface(`xserver_restricted_role',`
type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
type iceauth_t, iceauth_exec_t, iceauth_home_t;
type xauth_t, xauth_exec_t, xauth_home_t;
+ type user_cache_home_t, user_config_home_t, user_data_home_t;
')
role $1 types { xserver_t xauth_t iceauth_t };
@@ -34,6 +35,16 @@ interface(`xserver_restricted_role',`
allow xserver_t $2:shm rw_shm_perms;
+ allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
+ allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+ allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:file { manage_file_perms relabel_file_perms };
+ allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+ allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+ userdom_user_home_dir_filetrans($2, user_cache_home_t, dir, ".cache")
+ userdom_user_home_dir_filetrans($2, user_config_home_t, dir, ".config")
+ userdom_user_home_content_filetrans($2, user_data_home_t, dir, "share")
+
allow $2 user_fonts_t:dir list_dir_perms;
allow $2 user_fonts_t:file read_file_perms;
@@ -531,6 +542,72 @@ interface(`xserver_use_user_fonts',`
########################################
## <summary>
+## Make the specified type usable in a
+## user cache home directory.
+## </summary>
+## <param name="type">
+## <summary>
+## Type to be used as a file in the
+## user cache home directory.
+## </summary>
+## </param>
+#
+interface(`xserver_user_cache_home_content',`
+ gen_require(`
+ attribute xserver_user_cache_home_content_type;
+ ')
+
+ typeattribute $1 xserver_user_cache_home_content_type;
+
+ userdom_user_home_content($1)
+')
+
+########################################
+## <summary>
+## Make the specified type usable in a
+## user config home directory.
+## </summary>
+## <param name="type">
+## <summary>
+## Type to be used as a file in the
+## user config home directory.
+## </summary>
+## </param>
+#
+interface(`xserver_user_config_home_content',`
+ gen_require(`
+ attribute xserver_user_config_home_content_type;
+ ')
+
+ typeattribute $1 xserver_user_config_home_content_type;
+
+ userdom_user_home_content($1)
+')
+
+########################################
+## <summary>
+## Make the specified type usable in a
+## user data home directory.
+## </summary>
+## <param name="type">
+## <summary>
+## Type to be used as a file in the
+## user data home directory.
+## </summary>
+## </param>
+#
+interface(`xserver_user_data_home_content',`
+ gen_require(`
+ attribute xserver_user_data_home_content_type;
+ ')
+
+ typeattribute $1 xserver_user_data_home_content_type;
+
+ userdom_user_home_content($1)
+')
+
+########################################
+## <summary>
## Transition to the Xauthority domain.
## </summary>
## <param name="domain">
@@ -1272,6 +1349,462 @@ interface(`xserver_manage_core_devices',`
########################################
## <summary>
+## Create generic user cache home
+## content directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_create_generic_user_cache_home_content_dirs',`
+ gen_require(`
+ type user_cache_home_t;
+ ')
+
+ allow $1 user_cache_home_t:dir create_dir_perms;
+')
+
+########################################
+## <summary>
+## Read generic user cache home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_read_generic_user_cache_home_content',`
+ gen_require(`
+ type user_cache_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 user_cache_home_t:dir list_dir_perms;
+ allow $1 user_cache_home_t:file read_file_perms;
+ allow $1 user_cache_home_t:fifo_file read_fifo_file_perms;
+ allow $1 user_cache_home_t:lnk_file read_lnk_file_perms;
+ allow $1 user_cache_home_t:sock_file read_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## generic user cache home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_manage_generic_user_cache_home_content',`
+ gen_require(`
+ type user_cache_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 user_cache_home_t:dir manage_dir_perms;
+ allow $1 user_cache_home_t:file manage_file_perms;
+ allow $1 user_cache_home_t:fifo_file manage_fifo_file_perms;
+ allow $1 user_cache_home_t:lnk_file manage_lnk_file_perms;
+ allow $1 user_cache_home_t:sock_file manage_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Search generic user cache home
+## content directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_search_generic_user_cache_home_content',`
+ gen_require(`
+ type user_cache_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 user_cache_home_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+## Create specified objects in generic
+## user cache home content directories
+## with a private type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="private_type">
+## <summary>
+## Private file type.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xserver_user_cache_home_content_filetrans',`
+ gen_require(`
+ type user_cache_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ filetrans_pattern($1, user_cache_home_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+## Create specified objects in user home
+## directories with the generic user
+## cache home content type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xserver_user_home_dir_filetrans_user_cache_home_content',`
+ gen_require(`
+ type user_cache_home_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, user_cache_home_t, $2, $3)
+')
+
+########################################
+## <summary>
+## Create generic user config home
+## content directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_create_generic_user_config_home_content_dirs',`
+ gen_require(`
+ type user_config_home_t;
+ ')
+
+ allow $1 user_config_home_t:dir create_dir_perms;
+')
+
+########################################
+## <summary>
+## Read generic user config home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_read_generic_user_config_home_content',`
+ gen_require(`
+ type user_config_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 user_config_home_t:dir list_dir_perms;
+ allow $1 user_config_home_t:file read_file_perms;
+ allow $1 user_config_home_t:fifo_file read_fifo_file_perms;
+ allow $1 user_config_home_t:lnk_file read_lnk_file_perms;
+ allow $1 user_config_home_t:sock_file read_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## generic user config home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_manage_generic_user_config_home_content',`
+ gen_require(`
+ type user_config_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 user_config_home_t:dir manage_dir_perms;
+ allow $1 user_config_home_t:file manage_file_perms;
+ allow $1 user_config_home_t:fifo_file manage_fifo_file_perms;
+ allow $1 user_config_home_t:lnk_file manage_lnk_file_perms;
+ allow $1 user_config_home_t:sock_file manage_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Search generic user config home
+## content directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_search_generic_user_config_home_content',`
+ gen_require(`
+ type user_config_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 user_config_home_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+## Create specified objects in generic
+## user config home content directories
+## with a private type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="private_type">
+## <summary>
+## Private file type.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xserver_user_config_home_content_filetrans',`
+ gen_require(`
+ type user_config_home_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ filetrans_pattern($1, user_config_home_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+## Create specified objects in user home
+## directories with the generic user
+## config home content type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xserver_user_home_dir_filetrans_user_config_home_content',`
+ gen_require(`
+ type user_config_home_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, user_config_home_t, $2, $3)
+')
+
+########################################
+## <summary>
+## Create generic user data home
+## content directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_create_generic_user_data_home_content_dirs',`
+ gen_require(`
+ type user_data_home_t;
+ ')
+
+ allow $1 user_data_home_t:dir create_dir_perms;
+')
+
+########################################
+## <summary>
+## Read generic user data home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_read_generic_user_data_home_content',`
+ gen_require(`
+ type user_data_home_t;
+ ')
+
+ userdom_search_user_home_content($1)
+ allow $1 user_data_home_t:dir list_dir_perms;
+ allow $1 user_data_home_t:file read_file_perms;
+ allow $1 user_data_home_t:fifo_file read_fifo_file_perms;
+ allow $1 user_data_home_t:lnk_file read_lnk_file_perms;
+ allow $1 user_data_home_t:sock_file read_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## generic user data home content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_manage_generic_user_data_home_content',`
+ gen_require(`
+ type user_data_home_t;
+ ')
+
+ userdom_search_user_home_content($1)
+ allow $1 user_data_home_t:dir manage_dir_perms;
+ allow $1 user_data_home_t:file manage_file_perms;
+ allow $1 user_data_home_t:fifo_file manage_fifo_file_perms;
+ allow $1 user_data_home_t:lnk_file manage_lnk_file_perms;
+ allow $1 user_data_home_t:sock_file manage_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Search generic user data home
+## content directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_search_generic_user_data_home_content',`
+ gen_require(`
+ type user_data_home_t;
+ ')
+
+ userdom_search_user_home_content($1)
+ allow $1 user_data_home_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+## Create specified objects in generic
+## user data home content directories
+## with a private type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="private_type">
+## <summary>
+## Private file type.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xserver_user_data_home_content_filetrans',`
+ gen_require(`
+ type user_data_home_t;
+ ')
+
+ userdom_search_user_home_content($1)
+ filetrans_pattern($1, user_data_home_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+## Create specified objects in user home
+## content directories with the generic
+## user data home content type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xserver_user_home_content_filetrans_user_data_home_content',`
+ gen_require(`
+ type user_data_home_t;
+ ')
+
+ userdom_user_home_content_filetrans($1, user_data_home_t, $2, $3)
+')
+
+########################################
+## <summary>
## Interface to provide X object permissions on a given X server to
## an X client domain. Gives the domain complete control over the
## display.
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 9bc86a0..a42f9bc 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
attribute x_domain;
+# X Desktop Group
+attribute xserver_user_cache_home_content_type;
+attribute xserver_user_config_home_content_type;
+attribute xserver_user_data_home_content_type;
+
# X Events
attribute xevent_type;
attribute input_xevent_type;
@@ -106,6 +111,15 @@ type remote_t;
xserver_object_types_template(remote)
xserver_common_x_domain_template(remote, remote_t)
+type user_cache_home_t;
+xserver_user_cache_home_content(user_cache_home_t)
+
+type user_config_home_t;
+xserver_user_config_home_content(user_config_home_t)
+
+type user_data_home_t;
+xserver_user_data_home_content(user_data_home_t)
+
type user_fonts_t;
typealias user_fonts_t alias { staff_fonts_t sysadm_fonts_t };
typealias user_fonts_t alias { auditadm_fonts_t secadm_fonts_t };
--
1.7.11.7
Overall, I'm ok with this, but have a couple questions:
On 11/05/12 06:55, Dominick Grift wrote:
> Creates 3 type attributes for xdg cache (~/.cache), config (~/.config)
> and data (~/.local/share user home content and assigns to
> xserver_user_cache_home_content(), xserver_user_config_home_content()
> and xserver_user_data_home_content() respectively
>
> Creates 3 types for generic xdg user cache, config and data home
> content, assigns to them their respective type attributes and
> classifieds them user_home_content_type by calling xserver_user_cache,
> config, data_home_content
>
> Create the various basic interfaces that will be needed:
>
> 1. xserver_create_generic_user_cache, config, data, home_dirs:
> This will be used together with
> xserver_user_home_(content|dir)_filetrans_cache, config,
> data_home_content and allows the caller to create ~/.cache, ~/.config
> and ~/.local/share directories. Each XDG aware program needs to be
> able to create these.
>
> 2. xserver_read|manage_generic_user_cache, config, data_home_content:
> By default content is created with a generic type and these broad
> interfaces allow the caller to read of manage content with these
> generic types
>
> 3. xserver_user_cache, config, data_home_content_filetrans:
> Allows callers to create specified objects in these location with a
> private type
>
> Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
> ~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
> (user_data_home_t)
I'm not sure that user_data_home_t is the best name. I thought about user_local_home_t, but thats vague too. Sven has been putting forward a patch for this stuff for a while too, and I'm thinking the it might make sense to have xdg in the type names.
> There is a little issue with user_data_home, this is content for
> ~/.local/share and as per xdg specification "share" is the user data
> root dir instead of ~/.local, that means that the type transition
> happens on user home content instead of user home dir. this makes it a
> bit more prone to error since all directories named share created by
> xserver_restricted_role callers in generic user home content
> directories will be created with user_data_home_t. We could consider
> using ~/.local instead
It seems that .local would probably be a better idea, since it keeps errors down. I looked on my system, and all I have in ~/.local is share anyway.
[cut]
> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> index 9bc86a0..a42f9bc 100644
> --- a/policy/modules/services/xserver.te
> +++ b/policy/modules/services/xserver.te
> @@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
>
> attribute x_domain;
>
> +# X Desktop Group
> +attribute xserver_user_cache_home_content_type;
> +attribute xserver_user_config_home_content_type;
> +attribute xserver_user_data_home_content_type;
> +
> # X Events
> attribute xevent_type;
> attribute input_xevent_type;
I'm unclear what the purpose of these attributes will be. Do you expect to have interfaces that work on these?
I've merged the other two patches.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On Nov 26, 2012 5:35 PM, "Christopher J. PeBenito" <[email protected]>
wrote:
> I'm not sure that user_data_home_t is the best name. I thought about
user_local_home_t, but thats vague too. Sven has been putting forward a
patch for this stuff for a while too, and I'm thinking the it might make
sense to have xdg in the type names.
We currently use xdg_<type>_home_t where type refers to the xdg content
type. But prior to the name, a first question would be if we should make
the type declarations part of an existing domain or not.
I currently use a separate module to ease the management.
> It seems that .local would probably be a better idea, since it keeps
errors down. I looked on my system, and all I have in ~/.local is share
anyway.
True, but as Dominick saud, XDG currently defines it as such.
Wkr,
Sven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20121127/6a8eddb0/attachment.html
Are we ready to make a decision yet with regard to the two outstanding
issues?
- best type names? (my preference user_data_home_t, user_config_home_t,
user_cache_home_t)
- should be label ~/.local/share with the xdg data home type or ~/.local
( my preference ~/.local/share)
But i will go with whatever in the end
On Mon, 2012-11-05 at 12:55 +0100, Dominick Grift wrote:
> Creates 3 type attributes for xdg cache (~/.cache), config (~/.config)
> and data (~/.local/share user home content and assigns to
> xserver_user_cache_home_content(), xserver_user_config_home_content()
> and xserver_user_data_home_content() respectively
>
> Creates 3 types for generic xdg user cache, config and data home
> content, assigns to them their respective type attributes and
> classifieds them user_home_content_type by calling xserver_user_cache,
> config, data_home_content
>
> Create the various basic interfaces that will be needed:
>
> 1. xserver_create_generic_user_cache, config, data, home_dirs:
> This will be used together with
> xserver_user_home_(content|dir)_filetrans_cache, config,
> data_home_content and allows the caller to create ~/.cache, ~/.config
> and ~/.local/share directories. Each XDG aware program needs to be
> able to create these.
>
> 2. xserver_read|manage_generic_user_cache, config, data_home_content:
> By default content is created with a generic type and these broad
> interfaces allow the caller to read of manage content with these
> generic types
>
> 3. xserver_user_cache, config, data_home_content_filetrans:
> Allows callers to create specified objects in these location with a
> private type
>
> Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
> ~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
> (user_data_home_t)
>
> There is a little issue with user_data_home, this is content for
> ~/.local/share and as per xdg specification "share" is the user data
> root dir instead of ~/.local, that means that the type transition
> happens on user home content instead of user home dir. this makes it a
> bit more prone to error since all directories named share created by
> xserver_restricted_role callers in generic user home content
> directories will be created with user_data_home_t. We could consider
> using ~/.local instead
>
> Signed-off-by: Dominick Grift <[email protected]>
> ---
> policy/modules/services/xserver.fc | 4 +
> policy/modules/services/xserver.if | 533 +++++++++++++++++++++++++++++++++++++
> policy/modules/services/xserver.te | 14 +
> 3 files changed, 551 insertions(+)
>
> diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
> index 9393f65..e64ecb2 100644
> --- a/policy/modules/services/xserver.fc
> +++ b/policy/modules/services/xserver.fc
> @@ -1,6 +1,10 @@
> #
> # HOME_DIR
> #
> +
> +HOME_DIR/\.cache(/.*)? gen_context(system_u:object_r:user_cache_home_t,s0)
> +HOME_DIR/\.config(/.*)? gen_context(system_u:object_r:user_config_home_t,s0)
> +HOME_DIR/\.local/share(/.*)? gen_context(system_u:object_r:user_data_home_t,s0)
> HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:user_fonts_config_t,s0)
> HOME_DIR/\.fonts(/.*)? gen_context(system_u:object_r:user_fonts_t,s0)
> HOME_DIR/\.fonts/auto(/.*)? gen_context(system_u:object_r:user_fonts_cache_t,s0)
> diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
> index 6bf0ecc..c4f7cb4 100644
> --- a/policy/modules/services/xserver.if
> +++ b/policy/modules/services/xserver.if
> @@ -22,6 +22,7 @@ interface(`xserver_restricted_role',`
> type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
> type iceauth_t, iceauth_exec_t, iceauth_home_t;
> type xauth_t, xauth_exec_t, xauth_home_t;
> + type user_cache_home_t, user_config_home_t, user_data_home_t;
> ')
>
> role $1 types { xserver_t xauth_t iceauth_t };
> @@ -34,6 +35,16 @@ interface(`xserver_restricted_role',`
>
> allow xserver_t $2:shm rw_shm_perms;
>
> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:file { manage_file_perms relabel_file_perms };
> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
> +
> + userdom_user_home_dir_filetrans($2, user_cache_home_t, dir, ".cache")
> + userdom_user_home_dir_filetrans($2, user_config_home_t, dir, ".config")
> + userdom_user_home_content_filetrans($2, user_data_home_t, dir, "share")
> +
> allow $2 user_fonts_t:dir list_dir_perms;
> allow $2 user_fonts_t:file read_file_perms;
>
> @@ -531,6 +542,72 @@ interface(`xserver_use_user_fonts',`
>
> ########################################
> ## <summary>
> +## Make the specified type usable in a
> +## user cache home directory.
> +## </summary>
> +## <param name="type">
> +## <summary>
> +## Type to be used as a file in the
> +## user cache home directory.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_user_cache_home_content',`
> + gen_require(`
> + attribute xserver_user_cache_home_content_type;
> + ')
> +
> + typeattribute $1 xserver_user_cache_home_content_type;
> +
> + userdom_user_home_content($1)
> +')
> +
> +########################################
> +## <summary>
> +## Make the specified type usable in a
> +## user config home directory.
> +## </summary>
> +## <param name="type">
> +## <summary>
> +## Type to be used as a file in the
> +## user config home directory.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_user_config_home_content',`
> + gen_require(`
> + attribute xserver_user_config_home_content_type;
> + ')
> +
> + typeattribute $1 xserver_user_config_home_content_type;
> +
> + userdom_user_home_content($1)
> +')
> +
> +########################################
> +## <summary>
> +## Make the specified type usable in a
> +## user data home directory.
> +## </summary>
> +## <param name="type">
> +## <summary>
> +## Type to be used as a file in the
> +## user data home directory.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_user_data_home_content',`
> + gen_require(`
> + attribute xserver_user_data_home_content_type;
> + ')
> +
> + typeattribute $1 xserver_user_data_home_content_type;
> +
> + userdom_user_home_content($1)
> +')
> +
> +########################################
> +## <summary>
> ## Transition to the Xauthority domain.
> ## </summary>
> ## <param name="domain">
> @@ -1272,6 +1349,462 @@ interface(`xserver_manage_core_devices',`
>
> ########################################
> ## <summary>
> +## Create generic user cache home
> +## content directories.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_create_generic_user_cache_home_content_dirs',`
> + gen_require(`
> + type user_cache_home_t;
> + ')
> +
> + allow $1 user_cache_home_t:dir create_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> +## Read generic user cache home content.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_read_generic_user_cache_home_content',`
> + gen_require(`
> + type user_cache_home_t;
> + ')
> +
> + userdom_search_user_home_dirs($1)
> + allow $1 user_cache_home_t:dir list_dir_perms;
> + allow $1 user_cache_home_t:file read_file_perms;
> + allow $1 user_cache_home_t:fifo_file read_fifo_file_perms;
> + allow $1 user_cache_home_t:lnk_file read_lnk_file_perms;
> + allow $1 user_cache_home_t:sock_file read_sock_file_perms;
> +')
> +
> +########################################
> +## <summary>
> +## Create, read, write, and delete
> +## generic user cache home content.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_manage_generic_user_cache_home_content',`
> + gen_require(`
> + type user_cache_home_t;
> + ')
> +
> + userdom_search_user_home_dirs($1)
> + allow $1 user_cache_home_t:dir manage_dir_perms;
> + allow $1 user_cache_home_t:file manage_file_perms;
> + allow $1 user_cache_home_t:fifo_file manage_fifo_file_perms;
> + allow $1 user_cache_home_t:lnk_file manage_lnk_file_perms;
> + allow $1 user_cache_home_t:sock_file manage_sock_file_perms;
> +')
> +
> +########################################
> +## <summary>
> +## Search generic user cache home
> +## content directories.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_search_generic_user_cache_home_content',`
> + gen_require(`
> + type user_cache_home_t;
> + ')
> +
> + userdom_search_user_home_dirs($1)
> + allow $1 user_cache_home_t:dir search_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> +## Create specified objects in generic
> +## user cache home content directories
> +## with a private type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="private_type">
> +## <summary>
> +## Private file type.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_user_cache_home_content_filetrans',`
> + gen_require(`
> + type user_cache_home_t;
> + ')
> +
> + userdom_search_user_home_dirs($1)
> + filetrans_pattern($1, user_cache_home_t, $2, $3, $4)
> +')
> +
> +########################################
> +## <summary>
> +## Create specified objects in user home
> +## directories with the generic user
> +## cache home content type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_user_home_dir_filetrans_user_cache_home_content',`
> + gen_require(`
> + type user_cache_home_t;
> + ')
> +
> + userdom_user_home_dir_filetrans($1, user_cache_home_t, $2, $3)
> +')
> +
> +########################################
> +## <summary>
> +## Create generic user config home
> +## content directories.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_create_generic_user_config_home_content_dirs',`
> + gen_require(`
> + type user_config_home_t;
> + ')
> +
> + allow $1 user_config_home_t:dir create_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> +## Read generic user config home content.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_read_generic_user_config_home_content',`
> + gen_require(`
> + type user_config_home_t;
> + ')
> +
> + userdom_search_user_home_dirs($1)
> + allow $1 user_config_home_t:dir list_dir_perms;
> + allow $1 user_config_home_t:file read_file_perms;
> + allow $1 user_config_home_t:fifo_file read_fifo_file_perms;
> + allow $1 user_config_home_t:lnk_file read_lnk_file_perms;
> + allow $1 user_config_home_t:sock_file read_sock_file_perms;
> +')
> +
> +########################################
> +## <summary>
> +## Create, read, write, and delete
> +## generic user config home content.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_manage_generic_user_config_home_content',`
> + gen_require(`
> + type user_config_home_t;
> + ')
> +
> + userdom_search_user_home_dirs($1)
> + allow $1 user_config_home_t:dir manage_dir_perms;
> + allow $1 user_config_home_t:file manage_file_perms;
> + allow $1 user_config_home_t:fifo_file manage_fifo_file_perms;
> + allow $1 user_config_home_t:lnk_file manage_lnk_file_perms;
> + allow $1 user_config_home_t:sock_file manage_sock_file_perms;
> +')
> +
> +########################################
> +## <summary>
> +## Search generic user config home
> +## content directories.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_search_generic_user_config_home_content',`
> + gen_require(`
> + type user_config_home_t;
> + ')
> +
> + userdom_search_user_home_dirs($1)
> + allow $1 user_config_home_t:dir search_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> +## Create specified objects in generic
> +## user config home content directories
> +## with a private type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="private_type">
> +## <summary>
> +## Private file type.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_user_config_home_content_filetrans',`
> + gen_require(`
> + type user_config_home_t;
> + ')
> +
> + userdom_search_user_home_dirs($1)
> + filetrans_pattern($1, user_config_home_t, $2, $3, $4)
> +')
> +
> +########################################
> +## <summary>
> +## Create specified objects in user home
> +## directories with the generic user
> +## config home content type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_user_home_dir_filetrans_user_config_home_content',`
> + gen_require(`
> + type user_config_home_t;
> + ')
> +
> + userdom_user_home_dir_filetrans($1, user_config_home_t, $2, $3)
> +')
> +
> +########################################
> +## <summary>
> +## Create generic user data home
> +## content directories.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_create_generic_user_data_home_content_dirs',`
> + gen_require(`
> + type user_data_home_t;
> + ')
> +
> + allow $1 user_data_home_t:dir create_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> +## Read generic user data home content.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_read_generic_user_data_home_content',`
> + gen_require(`
> + type user_data_home_t;
> + ')
> +
> + userdom_search_user_home_content($1)
> + allow $1 user_data_home_t:dir list_dir_perms;
> + allow $1 user_data_home_t:file read_file_perms;
> + allow $1 user_data_home_t:fifo_file read_fifo_file_perms;
> + allow $1 user_data_home_t:lnk_file read_lnk_file_perms;
> + allow $1 user_data_home_t:sock_file read_sock_file_perms;
> +')
> +
> +########################################
> +## <summary>
> +## Create, read, write, and delete
> +## generic user data home content.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_manage_generic_user_data_home_content',`
> + gen_require(`
> + type user_data_home_t;
> + ')
> +
> + userdom_search_user_home_content($1)
> + allow $1 user_data_home_t:dir manage_dir_perms;
> + allow $1 user_data_home_t:file manage_file_perms;
> + allow $1 user_data_home_t:fifo_file manage_fifo_file_perms;
> + allow $1 user_data_home_t:lnk_file manage_lnk_file_perms;
> + allow $1 user_data_home_t:sock_file manage_sock_file_perms;
> +')
> +
> +########################################
> +## <summary>
> +## Search generic user data home
> +## content directories.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_search_generic_user_data_home_content',`
> + gen_require(`
> + type user_data_home_t;
> + ')
> +
> + userdom_search_user_home_content($1)
> + allow $1 user_data_home_t:dir search_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> +## Create specified objects in generic
> +## user data home content directories
> +## with a private type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="private_type">
> +## <summary>
> +## Private file type.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_user_data_home_content_filetrans',`
> + gen_require(`
> + type user_data_home_t;
> + ')
> +
> + userdom_search_user_home_content($1)
> + filetrans_pattern($1, user_data_home_t, $2, $3, $4)
> +')
> +
> +########################################
> +## <summary>
> +## Create specified objects in user home
> +## content directories with the generic
> +## user data home content type.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="object_class">
> +## <summary>
> +## Class of the object being created.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_user_home_content_filetrans_user_data_home_content',`
> + gen_require(`
> + type user_data_home_t;
> + ')
> +
> + userdom_user_home_content_filetrans($1, user_data_home_t, $2, $3)
> +')
> +
> +########################################
> +## <summary>
> ## Interface to provide X object permissions on a given X server to
> ## an X client domain. Gives the domain complete control over the
> ## display.
> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> index 9bc86a0..a42f9bc 100644
> --- a/policy/modules/services/xserver.te
> +++ b/policy/modules/services/xserver.te
> @@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
>
> attribute x_domain;
>
> +# X Desktop Group
> +attribute xserver_user_cache_home_content_type;
> +attribute xserver_user_config_home_content_type;
> +attribute xserver_user_data_home_content_type;
> +
> # X Events
> attribute xevent_type;
> attribute input_xevent_type;
> @@ -106,6 +111,15 @@ type remote_t;
> xserver_object_types_template(remote)
> xserver_common_x_domain_template(remote, remote_t)
>
> +type user_cache_home_t;
> +xserver_user_cache_home_content(user_cache_home_t)
> +
> +type user_config_home_t;
> +xserver_user_config_home_content(user_config_home_t)
> +
> +type user_data_home_t;
> +xserver_user_data_home_content(user_data_home_t)
> +
> type user_fonts_t;
> typealias user_fonts_t alias { staff_fonts_t sysadm_fonts_t };
> typealias user_fonts_t alias { auditadm_fonts_t secadm_fonts_t };
On 11/29/12 08:09, grift wrote:
> Are we ready to make a decision yet with regard to the two outstanding
> issues?
>
> - best type names? (my preference user_data_home_t, user_config_home_t,
> user_cache_home_t)
replace user with xdg, e.g. xdg_config_home_t.
> - should be label ~/.local/share with the xdg data home type or ~/.local
> ( my preference ~/.local/share)
>
> But i will go with whatever in the end
Here's another option to consider:
$HOME/.local -d gen_context(system_u:object_r:xdg_local_home_t,s0)
$HOME/.local/share(/.*)? gen_context(system_u:object_r:xdg_data_home_t,s0)
and then treat xdg_local_home_t similar to user_home_dir_t and filetrans everything under it. Then the named filetrans for ~/.local/share will work right on top of any of the other random dirs that pop up under there.
> On Mon, 2012-11-05 at 12:55 +0100, Dominick Grift wrote:
>> Creates 3 type attributes for xdg cache (~/.cache), config (~/.config)
>> and data (~/.local/share user home content and assigns to
>> xserver_user_cache_home_content(), xserver_user_config_home_content()
>> and xserver_user_data_home_content() respectively
>>
>> Creates 3 types for generic xdg user cache, config and data home
>> content, assigns to them their respective type attributes and
>> classifieds them user_home_content_type by calling xserver_user_cache,
>> config, data_home_content
>>
>> Create the various basic interfaces that will be needed:
>>
>> 1. xserver_create_generic_user_cache, config, data, home_dirs:
>> This will be used together with
>> xserver_user_home_(content|dir)_filetrans_cache, config,
>> data_home_content and allows the caller to create ~/.cache, ~/.config
>> and ~/.local/share directories. Each XDG aware program needs to be
>> able to create these.
>>
>> 2. xserver_read|manage_generic_user_cache, config, data_home_content:
>> By default content is created with a generic type and these broad
>> interfaces allow the caller to read of manage content with these
>> generic types
>>
>> 3. xserver_user_cache, config, data_home_content_filetrans:
>> Allows callers to create specified objects in these location with a
>> private type
>>
>> Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
>> ~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
>> (user_data_home_t)
>>
>> There is a little issue with user_data_home, this is content for
>> ~/.local/share and as per xdg specification "share" is the user data
>> root dir instead of ~/.local, that means that the type transition
>> happens on user home content instead of user home dir. this makes it a
>> bit more prone to error since all directories named share created by
>> xserver_restricted_role callers in generic user home content
>> directories will be created with user_data_home_t. We could consider
>> using ~/.local instead
>>
>> Signed-off-by: Dominick Grift <[email protected]>
>> ---
>> policy/modules/services/xserver.fc | 4 +
>> policy/modules/services/xserver.if | 533 +++++++++++++++++++++++++++++++++++++
>> policy/modules/services/xserver.te | 14 +
>> 3 files changed, 551 insertions(+)
>>
>> diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
>> index 9393f65..e64ecb2 100644
>> --- a/policy/modules/services/xserver.fc
>> +++ b/policy/modules/services/xserver.fc
>> @@ -1,6 +1,10 @@
>> #
>> # HOME_DIR
>> #
>> +
>> +HOME_DIR/\.cache(/.*)? gen_context(system_u:object_r:user_cache_home_t,s0)
>> +HOME_DIR/\.config(/.*)? gen_context(system_u:object_r:user_config_home_t,s0)
>> +HOME_DIR/\.local/share(/.*)? gen_context(system_u:object_r:user_data_home_t,s0)
>> HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:user_fonts_config_t,s0)
>> HOME_DIR/\.fonts(/.*)? gen_context(system_u:object_r:user_fonts_t,s0)
>> HOME_DIR/\.fonts/auto(/.*)? gen_context(system_u:object_r:user_fonts_cache_t,s0)
>> diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
>> index 6bf0ecc..c4f7cb4 100644
>> --- a/policy/modules/services/xserver.if
>> +++ b/policy/modules/services/xserver.if
>> @@ -22,6 +22,7 @@ interface(`xserver_restricted_role',`
>> type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
>> type iceauth_t, iceauth_exec_t, iceauth_home_t;
>> type xauth_t, xauth_exec_t, xauth_home_t;
>> + type user_cache_home_t, user_config_home_t, user_data_home_t;
>> ')
>>
>> role $1 types { xserver_t xauth_t iceauth_t };
>> @@ -34,6 +35,16 @@ interface(`xserver_restricted_role',`
>>
>> allow xserver_t $2:shm rw_shm_perms;
>>
>> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
>> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
>> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:file { manage_file_perms relabel_file_perms };
>> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
>> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
>> +
>> + userdom_user_home_dir_filetrans($2, user_cache_home_t, dir, ".cache")
>> + userdom_user_home_dir_filetrans($2, user_config_home_t, dir, ".config")
>> + userdom_user_home_content_filetrans($2, user_data_home_t, dir, "share")
>> +
>> allow $2 user_fonts_t:dir list_dir_perms;
>> allow $2 user_fonts_t:file read_file_perms;
>>
>> @@ -531,6 +542,72 @@ interface(`xserver_use_user_fonts',`
>>
>> ########################################
>> ## <summary>
>> +## Make the specified type usable in a
>> +## user cache home directory.
>> +## </summary>
>> +## <param name="type">
>> +## <summary>
>> +## Type to be used as a file in the
>> +## user cache home directory.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_cache_home_content',`
>> + gen_require(`
>> + attribute xserver_user_cache_home_content_type;
>> + ')
>> +
>> + typeattribute $1 xserver_user_cache_home_content_type;
>> +
>> + userdom_user_home_content($1)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Make the specified type usable in a
>> +## user config home directory.
>> +## </summary>
>> +## <param name="type">
>> +## <summary>
>> +## Type to be used as a file in the
>> +## user config home directory.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_config_home_content',`
>> + gen_require(`
>> + attribute xserver_user_config_home_content_type;
>> + ')
>> +
>> + typeattribute $1 xserver_user_config_home_content_type;
>> +
>> + userdom_user_home_content($1)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Make the specified type usable in a
>> +## user data home directory.
>> +## </summary>
>> +## <param name="type">
>> +## <summary>
>> +## Type to be used as a file in the
>> +## user data home directory.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_data_home_content',`
>> + gen_require(`
>> + attribute xserver_user_data_home_content_type;
>> + ')
>> +
>> + typeattribute $1 xserver_user_data_home_content_type;
>> +
>> + userdom_user_home_content($1)
>> +')
>> +
>> +########################################
>> +## <summary>
>> ## Transition to the Xauthority domain.
>> ## </summary>
>> ## <param name="domain">
>> @@ -1272,6 +1349,462 @@ interface(`xserver_manage_core_devices',`
>>
>> ########################################
>> ## <summary>
>> +## Create generic user cache home
>> +## content directories.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_create_generic_user_cache_home_content_dirs',`
>> + gen_require(`
>> + type user_cache_home_t;
>> + ')
>> +
>> + allow $1 user_cache_home_t:dir create_dir_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Read generic user cache home content.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_read_generic_user_cache_home_content',`
>> + gen_require(`
>> + type user_cache_home_t;
>> + ')
>> +
>> + userdom_search_user_home_dirs($1)
>> + allow $1 user_cache_home_t:dir list_dir_perms;
>> + allow $1 user_cache_home_t:file read_file_perms;
>> + allow $1 user_cache_home_t:fifo_file read_fifo_file_perms;
>> + allow $1 user_cache_home_t:lnk_file read_lnk_file_perms;
>> + allow $1 user_cache_home_t:sock_file read_sock_file_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Create, read, write, and delete
>> +## generic user cache home content.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_manage_generic_user_cache_home_content',`
>> + gen_require(`
>> + type user_cache_home_t;
>> + ')
>> +
>> + userdom_search_user_home_dirs($1)
>> + allow $1 user_cache_home_t:dir manage_dir_perms;
>> + allow $1 user_cache_home_t:file manage_file_perms;
>> + allow $1 user_cache_home_t:fifo_file manage_fifo_file_perms;
>> + allow $1 user_cache_home_t:lnk_file manage_lnk_file_perms;
>> + allow $1 user_cache_home_t:sock_file manage_sock_file_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Search generic user cache home
>> +## content directories.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_search_generic_user_cache_home_content',`
>> + gen_require(`
>> + type user_cache_home_t;
>> + ')
>> +
>> + userdom_search_user_home_dirs($1)
>> + allow $1 user_cache_home_t:dir search_dir_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Create specified objects in generic
>> +## user cache home content directories
>> +## with a private type.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +## <param name="private_type">
>> +## <summary>
>> +## Private file type.
>> +## </summary>
>> +## </param>
>> +## <param name="object_class">
>> +## <summary>
>> +## Class of the object being created.
>> +## </summary>
>> +## </param>
>> +## <param name="name" optional="true">
>> +## <summary>
>> +## The name of the object being created.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_cache_home_content_filetrans',`
>> + gen_require(`
>> + type user_cache_home_t;
>> + ')
>> +
>> + userdom_search_user_home_dirs($1)
>> + filetrans_pattern($1, user_cache_home_t, $2, $3, $4)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Create specified objects in user home
>> +## directories with the generic user
>> +## cache home content type.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +## <param name="object_class">
>> +## <summary>
>> +## Class of the object being created.
>> +## </summary>
>> +## </param>
>> +## <param name="name" optional="true">
>> +## <summary>
>> +## The name of the object being created.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_home_dir_filetrans_user_cache_home_content',`
>> + gen_require(`
>> + type user_cache_home_t;
>> + ')
>> +
>> + userdom_user_home_dir_filetrans($1, user_cache_home_t, $2, $3)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Create generic user config home
>> +## content directories.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_create_generic_user_config_home_content_dirs',`
>> + gen_require(`
>> + type user_config_home_t;
>> + ')
>> +
>> + allow $1 user_config_home_t:dir create_dir_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Read generic user config home content.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_read_generic_user_config_home_content',`
>> + gen_require(`
>> + type user_config_home_t;
>> + ')
>> +
>> + userdom_search_user_home_dirs($1)
>> + allow $1 user_config_home_t:dir list_dir_perms;
>> + allow $1 user_config_home_t:file read_file_perms;
>> + allow $1 user_config_home_t:fifo_file read_fifo_file_perms;
>> + allow $1 user_config_home_t:lnk_file read_lnk_file_perms;
>> + allow $1 user_config_home_t:sock_file read_sock_file_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Create, read, write, and delete
>> +## generic user config home content.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_manage_generic_user_config_home_content',`
>> + gen_require(`
>> + type user_config_home_t;
>> + ')
>> +
>> + userdom_search_user_home_dirs($1)
>> + allow $1 user_config_home_t:dir manage_dir_perms;
>> + allow $1 user_config_home_t:file manage_file_perms;
>> + allow $1 user_config_home_t:fifo_file manage_fifo_file_perms;
>> + allow $1 user_config_home_t:lnk_file manage_lnk_file_perms;
>> + allow $1 user_config_home_t:sock_file manage_sock_file_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Search generic user config home
>> +## content directories.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_search_generic_user_config_home_content',`
>> + gen_require(`
>> + type user_config_home_t;
>> + ')
>> +
>> + userdom_search_user_home_dirs($1)
>> + allow $1 user_config_home_t:dir search_dir_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Create specified objects in generic
>> +## user config home content directories
>> +## with a private type.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +## <param name="private_type">
>> +## <summary>
>> +## Private file type.
>> +## </summary>
>> +## </param>
>> +## <param name="object_class">
>> +## <summary>
>> +## Class of the object being created.
>> +## </summary>
>> +## </param>
>> +## <param name="name" optional="true">
>> +## <summary>
>> +## The name of the object being created.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_config_home_content_filetrans',`
>> + gen_require(`
>> + type user_config_home_t;
>> + ')
>> +
>> + userdom_search_user_home_dirs($1)
>> + filetrans_pattern($1, user_config_home_t, $2, $3, $4)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Create specified objects in user home
>> +## directories with the generic user
>> +## config home content type.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +## <param name="object_class">
>> +## <summary>
>> +## Class of the object being created.
>> +## </summary>
>> +## </param>
>> +## <param name="name" optional="true">
>> +## <summary>
>> +## The name of the object being created.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_home_dir_filetrans_user_config_home_content',`
>> + gen_require(`
>> + type user_config_home_t;
>> + ')
>> +
>> + userdom_user_home_dir_filetrans($1, user_config_home_t, $2, $3)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Create generic user data home
>> +## content directories.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_create_generic_user_data_home_content_dirs',`
>> + gen_require(`
>> + type user_data_home_t;
>> + ')
>> +
>> + allow $1 user_data_home_t:dir create_dir_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Read generic user data home content.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_read_generic_user_data_home_content',`
>> + gen_require(`
>> + type user_data_home_t;
>> + ')
>> +
>> + userdom_search_user_home_content($1)
>> + allow $1 user_data_home_t:dir list_dir_perms;
>> + allow $1 user_data_home_t:file read_file_perms;
>> + allow $1 user_data_home_t:fifo_file read_fifo_file_perms;
>> + allow $1 user_data_home_t:lnk_file read_lnk_file_perms;
>> + allow $1 user_data_home_t:sock_file read_sock_file_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Create, read, write, and delete
>> +## generic user data home content.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_manage_generic_user_data_home_content',`
>> + gen_require(`
>> + type user_data_home_t;
>> + ')
>> +
>> + userdom_search_user_home_content($1)
>> + allow $1 user_data_home_t:dir manage_dir_perms;
>> + allow $1 user_data_home_t:file manage_file_perms;
>> + allow $1 user_data_home_t:fifo_file manage_fifo_file_perms;
>> + allow $1 user_data_home_t:lnk_file manage_lnk_file_perms;
>> + allow $1 user_data_home_t:sock_file manage_sock_file_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Search generic user data home
>> +## content directories.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_search_generic_user_data_home_content',`
>> + gen_require(`
>> + type user_data_home_t;
>> + ')
>> +
>> + userdom_search_user_home_content($1)
>> + allow $1 user_data_home_t:dir search_dir_perms;
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Create specified objects in generic
>> +## user data home content directories
>> +## with a private type.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +## <param name="private_type">
>> +## <summary>
>> +## Private file type.
>> +## </summary>
>> +## </param>
>> +## <param name="object_class">
>> +## <summary>
>> +## Class of the object being created.
>> +## </summary>
>> +## </param>
>> +## <param name="name" optional="true">
>> +## <summary>
>> +## The name of the object being created.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_data_home_content_filetrans',`
>> + gen_require(`
>> + type user_data_home_t;
>> + ')
>> +
>> + userdom_search_user_home_content($1)
>> + filetrans_pattern($1, user_data_home_t, $2, $3, $4)
>> +')
>> +
>> +########################################
>> +## <summary>
>> +## Create specified objects in user home
>> +## content directories with the generic
>> +## user data home content type.
>> +## </summary>
>> +## <param name="domain">
>> +## <summary>
>> +## Domain allowed access.
>> +## </summary>
>> +## </param>
>> +## <param name="object_class">
>> +## <summary>
>> +## Class of the object being created.
>> +## </summary>
>> +## </param>
>> +## <param name="name" optional="true">
>> +## <summary>
>> +## The name of the object being created.
>> +## </summary>
>> +## </param>
>> +#
>> +interface(`xserver_user_home_content_filetrans_user_data_home_content',`
>> + gen_require(`
>> + type user_data_home_t;
>> + ')
>> +
>> + userdom_user_home_content_filetrans($1, user_data_home_t, $2, $3)
>> +')
>> +
>> +########################################
>> +## <summary>
>> ## Interface to provide X object permissions on a given X server to
>> ## an X client domain. Gives the domain complete control over the
>> ## display.
>> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
>> index 9bc86a0..a42f9bc 100644
>> --- a/policy/modules/services/xserver.te
>> +++ b/policy/modules/services/xserver.te
>> @@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
>>
>> attribute x_domain;
>>
>> +# X Desktop Group
>> +attribute xserver_user_cache_home_content_type;
>> +attribute xserver_user_config_home_content_type;
>> +attribute xserver_user_data_home_content_type;
>> +
>> # X Events
>> attribute xevent_type;
>> attribute input_xevent_type;
>> @@ -106,6 +111,15 @@ type remote_t;
>> xserver_object_types_template(remote)
>> xserver_common_x_domain_template(remote, remote_t)
>>
>> +type user_cache_home_t;
>> +xserver_user_cache_home_content(user_cache_home_t)
>> +
>> +type user_config_home_t;
>> +xserver_user_config_home_content(user_config_home_t)
>> +
>> +type user_data_home_t;
>> +xserver_user_data_home_content(user_data_home_t)
>> +
>> type user_fonts_t;
>> typealias user_fonts_t alias { staff_fonts_t sysadm_fonts_t };
>> typealias user_fonts_t alias { auditadm_fonts_t secadm_fonts_t };
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
> On 11/29/12 08:09, grift wrote:
> > Are we ready to make a decision yet with regard to the two outstanding
> > issues?
> >
> > - best type names? (my preference user_data_home_t, user_config_home_t,
> > user_cache_home_t)
>
> replace user with xdg, e.g. xdg_config_home_t.
>
> > - should be label ~/.local/share with the xdg data home type or ~/.local
> > ( my preference ~/.local/share)
> >
> > But i will go with whatever in the end
>
> Here's another option to consider:
>
> $HOME/.local -d gen_context(system_u:object_r:xdg_local_home_t,s0)
> $HOME/.local/share(/.*)? gen_context(system_u:object_r:xdg_data_home_t,s0)
>
> and then treat xdg_local_home_t similar to user_home_dir_t and filetrans everything under it. Then the named filetrans for ~/.local/share will work right on top of any of the other random dirs that pop up under there.
I understand your reasoning but i am not confident about the type name
"xdg_local_home_t" and i am also not confident that this type should be
declared in the xserver policy module
how about we use local_home_t and declare it in the userdomain module?
> > On Mon, 2012-11-05 at 12:55 +0100, Dominick Grift wrote:
> >> Creates 3 type attributes for xdg cache (~/.cache), config (~/.config)
> >> and data (~/.local/share user home content and assigns to
> >> xserver_user_cache_home_content(), xserver_user_config_home_content()
> >> and xserver_user_data_home_content() respectively
> >>
> >> Creates 3 types for generic xdg user cache, config and data home
> >> content, assigns to them their respective type attributes and
> >> classifieds them user_home_content_type by calling xserver_user_cache,
> >> config, data_home_content
> >>
> >> Create the various basic interfaces that will be needed:
> >>
> >> 1. xserver_create_generic_user_cache, config, data, home_dirs:
> >> This will be used together with
> >> xserver_user_home_(content|dir)_filetrans_cache, config,
> >> data_home_content and allows the caller to create ~/.cache, ~/.config
> >> and ~/.local/share directories. Each XDG aware program needs to be
> >> able to create these.
> >>
> >> 2. xserver_read|manage_generic_user_cache, config, data_home_content:
> >> By default content is created with a generic type and these broad
> >> interfaces allow the caller to read of manage content with these
> >> generic types
> >>
> >> 3. xserver_user_cache, config, data_home_content_filetrans:
> >> Allows callers to create specified objects in these location with a
> >> private type
> >>
> >> Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
> >> ~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
> >> (user_data_home_t)
> >>
> >> There is a little issue with user_data_home, this is content for
> >> ~/.local/share and as per xdg specification "share" is the user data
> >> root dir instead of ~/.local, that means that the type transition
> >> happens on user home content instead of user home dir. this makes it a
> >> bit more prone to error since all directories named share created by
> >> xserver_restricted_role callers in generic user home content
> >> directories will be created with user_data_home_t. We could consider
> >> using ~/.local instead
> >>
> >> Signed-off-by: Dominick Grift <[email protected]>
> >> ---
> >> policy/modules/services/xserver.fc | 4 +
> >> policy/modules/services/xserver.if | 533 +++++++++++++++++++++++++++++++++++++
> >> policy/modules/services/xserver.te | 14 +
> >> 3 files changed, 551 insertions(+)
> >>
> >> diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
> >> index 9393f65..e64ecb2 100644
> >> --- a/policy/modules/services/xserver.fc
> >> +++ b/policy/modules/services/xserver.fc
> >> @@ -1,6 +1,10 @@
> >> #
> >> # HOME_DIR
> >> #
> >> +
> >> +HOME_DIR/\.cache(/.*)? gen_context(system_u:object_r:user_cache_home_t,s0)
> >> +HOME_DIR/\.config(/.*)? gen_context(system_u:object_r:user_config_home_t,s0)
> >> +HOME_DIR/\.local/share(/.*)? gen_context(system_u:object_r:user_data_home_t,s0)
> >> HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:user_fonts_config_t,s0)
> >> HOME_DIR/\.fonts(/.*)? gen_context(system_u:object_r:user_fonts_t,s0)
> >> HOME_DIR/\.fonts/auto(/.*)? gen_context(system_u:object_r:user_fonts_cache_t,s0)
> >> diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
> >> index 6bf0ecc..c4f7cb4 100644
> >> --- a/policy/modules/services/xserver.if
> >> +++ b/policy/modules/services/xserver.if
> >> @@ -22,6 +22,7 @@ interface(`xserver_restricted_role',`
> >> type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
> >> type iceauth_t, iceauth_exec_t, iceauth_home_t;
> >> type xauth_t, xauth_exec_t, xauth_home_t;
> >> + type user_cache_home_t, user_config_home_t, user_data_home_t;
> >> ')
> >>
> >> role $1 types { xserver_t xauth_t iceauth_t };
> >> @@ -34,6 +35,16 @@ interface(`xserver_restricted_role',`
> >>
> >> allow xserver_t $2:shm rw_shm_perms;
> >>
> >> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
> >> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> >> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:file { manage_file_perms relabel_file_perms };
> >> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> >> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
> >> +
> >> + userdom_user_home_dir_filetrans($2, user_cache_home_t, dir, ".cache")
> >> + userdom_user_home_dir_filetrans($2, user_config_home_t, dir, ".config")
> >> + userdom_user_home_content_filetrans($2, user_data_home_t, dir, "share")
> >> +
> >> allow $2 user_fonts_t:dir list_dir_perms;
> >> allow $2 user_fonts_t:file read_file_perms;
> >>
> >> @@ -531,6 +542,72 @@ interface(`xserver_use_user_fonts',`
> >>
> >> ########################################
> >> ## <summary>
> >> +## Make the specified type usable in a
> >> +## user cache home directory.
> >> +## </summary>
> >> +## <param name="type">
> >> +## <summary>
> >> +## Type to be used as a file in the
> >> +## user cache home directory.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_cache_home_content',`
> >> + gen_require(`
> >> + attribute xserver_user_cache_home_content_type;
> >> + ')
> >> +
> >> + typeattribute $1 xserver_user_cache_home_content_type;
> >> +
> >> + userdom_user_home_content($1)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Make the specified type usable in a
> >> +## user config home directory.
> >> +## </summary>
> >> +## <param name="type">
> >> +## <summary>
> >> +## Type to be used as a file in the
> >> +## user config home directory.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_config_home_content',`
> >> + gen_require(`
> >> + attribute xserver_user_config_home_content_type;
> >> + ')
> >> +
> >> + typeattribute $1 xserver_user_config_home_content_type;
> >> +
> >> + userdom_user_home_content($1)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Make the specified type usable in a
> >> +## user data home directory.
> >> +## </summary>
> >> +## <param name="type">
> >> +## <summary>
> >> +## Type to be used as a file in the
> >> +## user data home directory.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_data_home_content',`
> >> + gen_require(`
> >> + attribute xserver_user_data_home_content_type;
> >> + ')
> >> +
> >> + typeattribute $1 xserver_user_data_home_content_type;
> >> +
> >> + userdom_user_home_content($1)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> ## Transition to the Xauthority domain.
> >> ## </summary>
> >> ## <param name="domain">
> >> @@ -1272,6 +1349,462 @@ interface(`xserver_manage_core_devices',`
> >>
> >> ########################################
> >> ## <summary>
> >> +## Create generic user cache home
> >> +## content directories.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_create_generic_user_cache_home_content_dirs',`
> >> + gen_require(`
> >> + type user_cache_home_t;
> >> + ')
> >> +
> >> + allow $1 user_cache_home_t:dir create_dir_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Read generic user cache home content.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_read_generic_user_cache_home_content',`
> >> + gen_require(`
> >> + type user_cache_home_t;
> >> + ')
> >> +
> >> + userdom_search_user_home_dirs($1)
> >> + allow $1 user_cache_home_t:dir list_dir_perms;
> >> + allow $1 user_cache_home_t:file read_file_perms;
> >> + allow $1 user_cache_home_t:fifo_file read_fifo_file_perms;
> >> + allow $1 user_cache_home_t:lnk_file read_lnk_file_perms;
> >> + allow $1 user_cache_home_t:sock_file read_sock_file_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Create, read, write, and delete
> >> +## generic user cache home content.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_manage_generic_user_cache_home_content',`
> >> + gen_require(`
> >> + type user_cache_home_t;
> >> + ')
> >> +
> >> + userdom_search_user_home_dirs($1)
> >> + allow $1 user_cache_home_t:dir manage_dir_perms;
> >> + allow $1 user_cache_home_t:file manage_file_perms;
> >> + allow $1 user_cache_home_t:fifo_file manage_fifo_file_perms;
> >> + allow $1 user_cache_home_t:lnk_file manage_lnk_file_perms;
> >> + allow $1 user_cache_home_t:sock_file manage_sock_file_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Search generic user cache home
> >> +## content directories.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_search_generic_user_cache_home_content',`
> >> + gen_require(`
> >> + type user_cache_home_t;
> >> + ')
> >> +
> >> + userdom_search_user_home_dirs($1)
> >> + allow $1 user_cache_home_t:dir search_dir_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Create specified objects in generic
> >> +## user cache home content directories
> >> +## with a private type.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="private_type">
> >> +## <summary>
> >> +## Private file type.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="object_class">
> >> +## <summary>
> >> +## Class of the object being created.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="name" optional="true">
> >> +## <summary>
> >> +## The name of the object being created.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_cache_home_content_filetrans',`
> >> + gen_require(`
> >> + type user_cache_home_t;
> >> + ')
> >> +
> >> + userdom_search_user_home_dirs($1)
> >> + filetrans_pattern($1, user_cache_home_t, $2, $3, $4)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Create specified objects in user home
> >> +## directories with the generic user
> >> +## cache home content type.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="object_class">
> >> +## <summary>
> >> +## Class of the object being created.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="name" optional="true">
> >> +## <summary>
> >> +## The name of the object being created.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_home_dir_filetrans_user_cache_home_content',`
> >> + gen_require(`
> >> + type user_cache_home_t;
> >> + ')
> >> +
> >> + userdom_user_home_dir_filetrans($1, user_cache_home_t, $2, $3)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Create generic user config home
> >> +## content directories.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_create_generic_user_config_home_content_dirs',`
> >> + gen_require(`
> >> + type user_config_home_t;
> >> + ')
> >> +
> >> + allow $1 user_config_home_t:dir create_dir_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Read generic user config home content.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_read_generic_user_config_home_content',`
> >> + gen_require(`
> >> + type user_config_home_t;
> >> + ')
> >> +
> >> + userdom_search_user_home_dirs($1)
> >> + allow $1 user_config_home_t:dir list_dir_perms;
> >> + allow $1 user_config_home_t:file read_file_perms;
> >> + allow $1 user_config_home_t:fifo_file read_fifo_file_perms;
> >> + allow $1 user_config_home_t:lnk_file read_lnk_file_perms;
> >> + allow $1 user_config_home_t:sock_file read_sock_file_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Create, read, write, and delete
> >> +## generic user config home content.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_manage_generic_user_config_home_content',`
> >> + gen_require(`
> >> + type user_config_home_t;
> >> + ')
> >> +
> >> + userdom_search_user_home_dirs($1)
> >> + allow $1 user_config_home_t:dir manage_dir_perms;
> >> + allow $1 user_config_home_t:file manage_file_perms;
> >> + allow $1 user_config_home_t:fifo_file manage_fifo_file_perms;
> >> + allow $1 user_config_home_t:lnk_file manage_lnk_file_perms;
> >> + allow $1 user_config_home_t:sock_file manage_sock_file_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Search generic user config home
> >> +## content directories.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_search_generic_user_config_home_content',`
> >> + gen_require(`
> >> + type user_config_home_t;
> >> + ')
> >> +
> >> + userdom_search_user_home_dirs($1)
> >> + allow $1 user_config_home_t:dir search_dir_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Create specified objects in generic
> >> +## user config home content directories
> >> +## with a private type.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="private_type">
> >> +## <summary>
> >> +## Private file type.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="object_class">
> >> +## <summary>
> >> +## Class of the object being created.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="name" optional="true">
> >> +## <summary>
> >> +## The name of the object being created.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_config_home_content_filetrans',`
> >> + gen_require(`
> >> + type user_config_home_t;
> >> + ')
> >> +
> >> + userdom_search_user_home_dirs($1)
> >> + filetrans_pattern($1, user_config_home_t, $2, $3, $4)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Create specified objects in user home
> >> +## directories with the generic user
> >> +## config home content type.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="object_class">
> >> +## <summary>
> >> +## Class of the object being created.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="name" optional="true">
> >> +## <summary>
> >> +## The name of the object being created.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_home_dir_filetrans_user_config_home_content',`
> >> + gen_require(`
> >> + type user_config_home_t;
> >> + ')
> >> +
> >> + userdom_user_home_dir_filetrans($1, user_config_home_t, $2, $3)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Create generic user data home
> >> +## content directories.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_create_generic_user_data_home_content_dirs',`
> >> + gen_require(`
> >> + type user_data_home_t;
> >> + ')
> >> +
> >> + allow $1 user_data_home_t:dir create_dir_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Read generic user data home content.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_read_generic_user_data_home_content',`
> >> + gen_require(`
> >> + type user_data_home_t;
> >> + ')
> >> +
> >> + userdom_search_user_home_content($1)
> >> + allow $1 user_data_home_t:dir list_dir_perms;
> >> + allow $1 user_data_home_t:file read_file_perms;
> >> + allow $1 user_data_home_t:fifo_file read_fifo_file_perms;
> >> + allow $1 user_data_home_t:lnk_file read_lnk_file_perms;
> >> + allow $1 user_data_home_t:sock_file read_sock_file_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Create, read, write, and delete
> >> +## generic user data home content.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_manage_generic_user_data_home_content',`
> >> + gen_require(`
> >> + type user_data_home_t;
> >> + ')
> >> +
> >> + userdom_search_user_home_content($1)
> >> + allow $1 user_data_home_t:dir manage_dir_perms;
> >> + allow $1 user_data_home_t:file manage_file_perms;
> >> + allow $1 user_data_home_t:fifo_file manage_fifo_file_perms;
> >> + allow $1 user_data_home_t:lnk_file manage_lnk_file_perms;
> >> + allow $1 user_data_home_t:sock_file manage_sock_file_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Search generic user data home
> >> +## content directories.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_search_generic_user_data_home_content',`
> >> + gen_require(`
> >> + type user_data_home_t;
> >> + ')
> >> +
> >> + userdom_search_user_home_content($1)
> >> + allow $1 user_data_home_t:dir search_dir_perms;
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Create specified objects in generic
> >> +## user data home content directories
> >> +## with a private type.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="private_type">
> >> +## <summary>
> >> +## Private file type.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="object_class">
> >> +## <summary>
> >> +## Class of the object being created.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="name" optional="true">
> >> +## <summary>
> >> +## The name of the object being created.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_data_home_content_filetrans',`
> >> + gen_require(`
> >> + type user_data_home_t;
> >> + ')
> >> +
> >> + userdom_search_user_home_content($1)
> >> + filetrans_pattern($1, user_data_home_t, $2, $3, $4)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> +## Create specified objects in user home
> >> +## content directories with the generic
> >> +## user data home content type.
> >> +## </summary>
> >> +## <param name="domain">
> >> +## <summary>
> >> +## Domain allowed access.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="object_class">
> >> +## <summary>
> >> +## Class of the object being created.
> >> +## </summary>
> >> +## </param>
> >> +## <param name="name" optional="true">
> >> +## <summary>
> >> +## The name of the object being created.
> >> +## </summary>
> >> +## </param>
> >> +#
> >> +interface(`xserver_user_home_content_filetrans_user_data_home_content',`
> >> + gen_require(`
> >> + type user_data_home_t;
> >> + ')
> >> +
> >> + userdom_user_home_content_filetrans($1, user_data_home_t, $2, $3)
> >> +')
> >> +
> >> +########################################
> >> +## <summary>
> >> ## Interface to provide X object permissions on a given X server to
> >> ## an X client domain. Gives the domain complete control over the
> >> ## display.
> >> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> >> index 9bc86a0..a42f9bc 100644
> >> --- a/policy/modules/services/xserver.te
> >> +++ b/policy/modules/services/xserver.te
> >> @@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
> >>
> >> attribute x_domain;
> >>
> >> +# X Desktop Group
> >> +attribute xserver_user_cache_home_content_type;
> >> +attribute xserver_user_config_home_content_type;
> >> +attribute xserver_user_data_home_content_type;
> >> +
> >> # X Events
> >> attribute xevent_type;
> >> attribute input_xevent_type;
> >> @@ -106,6 +111,15 @@ type remote_t;
> >> xserver_object_types_template(remote)
> >> xserver_common_x_domain_template(remote, remote_t)
> >>
> >> +type user_cache_home_t;
> >> +xserver_user_cache_home_content(user_cache_home_t)
> >> +
> >> +type user_config_home_t;
> >> +xserver_user_config_home_content(user_config_home_t)
> >> +
> >> +type user_data_home_t;
> >> +xserver_user_data_home_content(user_data_home_t)
> >> +
> >> type user_fonts_t;
> >> typealias user_fonts_t alias { staff_fonts_t sysadm_fonts_t };
> >> typealias user_fonts_t alias { auditadm_fonts_t secadm_fonts_t };
> >
> >
> > _______________________________________________
> > refpolicy mailing list
> > refpolicy at oss.tresys.com
> > http://oss.tresys.com/mailman/listinfo/refpolicy
> >
>
>
On Thu, 2012-11-29 at 15:16 +0100, grift wrote:
> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
> > On 11/29/12 08:09, grift wrote:
> > > Are we ready to make a decision yet with regard to the two outstanding
> > > issues?
> > >
> > > - best type names? (my preference user_data_home_t, user_config_home_t,
> > > user_cache_home_t)
> >
> > replace user with xdg, e.g. xdg_config_home_t.
> >
> > > - should be label ~/.local/share with the xdg data home type or ~/.local
> > > ( my preference ~/.local/share)
> > >
> > > But i will go with whatever in the end
> >
> > Here's another option to consider:
> >
> > $HOME/.local -d gen_context(system_u:object_r:xdg_local_home_t,s0)
> > $HOME/.local/share(/.*)? gen_context(system_u:object_r:xdg_data_home_t,s0)
> >
> > and then treat xdg_local_home_t similar to user_home_dir_t and filetrans everything under it. Then the named filetrans for ~/.local/share will work right on top of any of the other random dirs that pop up under there.
>
> I understand your reasoning but i am not confident about the type name
> "xdg_local_home_t" and i am also not confident that this type should be
> declared in the xserver policy module
>
> how about we use local_home_t and declare it in the userdomain module?
Anyways i am fine with your solution. its not such a big deal
I will rewrite this patch with the improvements
> > > On Mon, 2012-11-05 at 12:55 +0100, Dominick Grift wrote:
> > >> Creates 3 type attributes for xdg cache (~/.cache), config (~/.config)
> > >> and data (~/.local/share user home content and assigns to
> > >> xserver_user_cache_home_content(), xserver_user_config_home_content()
> > >> and xserver_user_data_home_content() respectively
> > >>
> > >> Creates 3 types for generic xdg user cache, config and data home
> > >> content, assigns to them their respective type attributes and
> > >> classifieds them user_home_content_type by calling xserver_user_cache,
> > >> config, data_home_content
> > >>
> > >> Create the various basic interfaces that will be needed:
> > >>
> > >> 1. xserver_create_generic_user_cache, config, data, home_dirs:
> > >> This will be used together with
> > >> xserver_user_home_(content|dir)_filetrans_cache, config,
> > >> data_home_content and allows the caller to create ~/.cache, ~/.config
> > >> and ~/.local/share directories. Each XDG aware program needs to be
> > >> able to create these.
> > >>
> > >> 2. xserver_read|manage_generic_user_cache, config, data_home_content:
> > >> By default content is created with a generic type and these broad
> > >> interfaces allow the caller to read of manage content with these
> > >> generic types
> > >>
> > >> 3. xserver_user_cache, config, data_home_content_filetrans:
> > >> Allows callers to create specified objects in these location with a
> > >> private type
> > >>
> > >> Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
> > >> ~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
> > >> (user_data_home_t)
> > >>
> > >> There is a little issue with user_data_home, this is content for
> > >> ~/.local/share and as per xdg specification "share" is the user data
> > >> root dir instead of ~/.local, that means that the type transition
> > >> happens on user home content instead of user home dir. this makes it a
> > >> bit more prone to error since all directories named share created by
> > >> xserver_restricted_role callers in generic user home content
> > >> directories will be created with user_data_home_t. We could consider
> > >> using ~/.local instead
> > >>
> > >> Signed-off-by: Dominick Grift <[email protected]>
> > >> ---
> > >> policy/modules/services/xserver.fc | 4 +
> > >> policy/modules/services/xserver.if | 533 +++++++++++++++++++++++++++++++++++++
> > >> policy/modules/services/xserver.te | 14 +
> > >> 3 files changed, 551 insertions(+)
> > >>
> > >> diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
> > >> index 9393f65..e64ecb2 100644
> > >> --- a/policy/modules/services/xserver.fc
> > >> +++ b/policy/modules/services/xserver.fc
> > >> @@ -1,6 +1,10 @@
> > >> #
> > >> # HOME_DIR
> > >> #
> > >> +
> > >> +HOME_DIR/\.cache(/.*)? gen_context(system_u:object_r:user_cache_home_t,s0)
> > >> +HOME_DIR/\.config(/.*)? gen_context(system_u:object_r:user_config_home_t,s0)
> > >> +HOME_DIR/\.local/share(/.*)? gen_context(system_u:object_r:user_data_home_t,s0)
> > >> HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:user_fonts_config_t,s0)
> > >> HOME_DIR/\.fonts(/.*)? gen_context(system_u:object_r:user_fonts_t,s0)
> > >> HOME_DIR/\.fonts/auto(/.*)? gen_context(system_u:object_r:user_fonts_cache_t,s0)
> > >> diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
> > >> index 6bf0ecc..c4f7cb4 100644
> > >> --- a/policy/modules/services/xserver.if
> > >> +++ b/policy/modules/services/xserver.if
> > >> @@ -22,6 +22,7 @@ interface(`xserver_restricted_role',`
> > >> type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
> > >> type iceauth_t, iceauth_exec_t, iceauth_home_t;
> > >> type xauth_t, xauth_exec_t, xauth_home_t;
> > >> + type user_cache_home_t, user_config_home_t, user_data_home_t;
> > >> ')
> > >>
> > >> role $1 types { xserver_t xauth_t iceauth_t };
> > >> @@ -34,6 +35,16 @@ interface(`xserver_restricted_role',`
> > >>
> > >> allow xserver_t $2:shm rw_shm_perms;
> > >>
> > >> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:dir { manage_dir_perms relabel_dir_perms };
> > >> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
> > >> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:file { manage_file_perms relabel_file_perms };
> > >> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
> > >> + allow $2 { user_cache_home_t user_config_home_t user_data_home_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
> > >> +
> > >> + userdom_user_home_dir_filetrans($2, user_cache_home_t, dir, ".cache")
> > >> + userdom_user_home_dir_filetrans($2, user_config_home_t, dir, ".config")
> > >> + userdom_user_home_content_filetrans($2, user_data_home_t, dir, "share")
> > >> +
> > >> allow $2 user_fonts_t:dir list_dir_perms;
> > >> allow $2 user_fonts_t:file read_file_perms;
> > >>
> > >> @@ -531,6 +542,72 @@ interface(`xserver_use_user_fonts',`
> > >>
> > >> ########################################
> > >> ## <summary>
> > >> +## Make the specified type usable in a
> > >> +## user cache home directory.
> > >> +## </summary>
> > >> +## <param name="type">
> > >> +## <summary>
> > >> +## Type to be used as a file in the
> > >> +## user cache home directory.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_cache_home_content',`
> > >> + gen_require(`
> > >> + attribute xserver_user_cache_home_content_type;
> > >> + ')
> > >> +
> > >> + typeattribute $1 xserver_user_cache_home_content_type;
> > >> +
> > >> + userdom_user_home_content($1)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Make the specified type usable in a
> > >> +## user config home directory.
> > >> +## </summary>
> > >> +## <param name="type">
> > >> +## <summary>
> > >> +## Type to be used as a file in the
> > >> +## user config home directory.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_config_home_content',`
> > >> + gen_require(`
> > >> + attribute xserver_user_config_home_content_type;
> > >> + ')
> > >> +
> > >> + typeattribute $1 xserver_user_config_home_content_type;
> > >> +
> > >> + userdom_user_home_content($1)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Make the specified type usable in a
> > >> +## user data home directory.
> > >> +## </summary>
> > >> +## <param name="type">
> > >> +## <summary>
> > >> +## Type to be used as a file in the
> > >> +## user data home directory.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_data_home_content',`
> > >> + gen_require(`
> > >> + attribute xserver_user_data_home_content_type;
> > >> + ')
> > >> +
> > >> + typeattribute $1 xserver_user_data_home_content_type;
> > >> +
> > >> + userdom_user_home_content($1)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> ## Transition to the Xauthority domain.
> > >> ## </summary>
> > >> ## <param name="domain">
> > >> @@ -1272,6 +1349,462 @@ interface(`xserver_manage_core_devices',`
> > >>
> > >> ########################################
> > >> ## <summary>
> > >> +## Create generic user cache home
> > >> +## content directories.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_create_generic_user_cache_home_content_dirs',`
> > >> + gen_require(`
> > >> + type user_cache_home_t;
> > >> + ')
> > >> +
> > >> + allow $1 user_cache_home_t:dir create_dir_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Read generic user cache home content.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_read_generic_user_cache_home_content',`
> > >> + gen_require(`
> > >> + type user_cache_home_t;
> > >> + ')
> > >> +
> > >> + userdom_search_user_home_dirs($1)
> > >> + allow $1 user_cache_home_t:dir list_dir_perms;
> > >> + allow $1 user_cache_home_t:file read_file_perms;
> > >> + allow $1 user_cache_home_t:fifo_file read_fifo_file_perms;
> > >> + allow $1 user_cache_home_t:lnk_file read_lnk_file_perms;
> > >> + allow $1 user_cache_home_t:sock_file read_sock_file_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Create, read, write, and delete
> > >> +## generic user cache home content.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_manage_generic_user_cache_home_content',`
> > >> + gen_require(`
> > >> + type user_cache_home_t;
> > >> + ')
> > >> +
> > >> + userdom_search_user_home_dirs($1)
> > >> + allow $1 user_cache_home_t:dir manage_dir_perms;
> > >> + allow $1 user_cache_home_t:file manage_file_perms;
> > >> + allow $1 user_cache_home_t:fifo_file manage_fifo_file_perms;
> > >> + allow $1 user_cache_home_t:lnk_file manage_lnk_file_perms;
> > >> + allow $1 user_cache_home_t:sock_file manage_sock_file_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Search generic user cache home
> > >> +## content directories.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_search_generic_user_cache_home_content',`
> > >> + gen_require(`
> > >> + type user_cache_home_t;
> > >> + ')
> > >> +
> > >> + userdom_search_user_home_dirs($1)
> > >> + allow $1 user_cache_home_t:dir search_dir_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Create specified objects in generic
> > >> +## user cache home content directories
> > >> +## with a private type.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="private_type">
> > >> +## <summary>
> > >> +## Private file type.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="object_class">
> > >> +## <summary>
> > >> +## Class of the object being created.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="name" optional="true">
> > >> +## <summary>
> > >> +## The name of the object being created.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_cache_home_content_filetrans',`
> > >> + gen_require(`
> > >> + type user_cache_home_t;
> > >> + ')
> > >> +
> > >> + userdom_search_user_home_dirs($1)
> > >> + filetrans_pattern($1, user_cache_home_t, $2, $3, $4)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Create specified objects in user home
> > >> +## directories with the generic user
> > >> +## cache home content type.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="object_class">
> > >> +## <summary>
> > >> +## Class of the object being created.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="name" optional="true">
> > >> +## <summary>
> > >> +## The name of the object being created.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_home_dir_filetrans_user_cache_home_content',`
> > >> + gen_require(`
> > >> + type user_cache_home_t;
> > >> + ')
> > >> +
> > >> + userdom_user_home_dir_filetrans($1, user_cache_home_t, $2, $3)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Create generic user config home
> > >> +## content directories.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_create_generic_user_config_home_content_dirs',`
> > >> + gen_require(`
> > >> + type user_config_home_t;
> > >> + ')
> > >> +
> > >> + allow $1 user_config_home_t:dir create_dir_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Read generic user config home content.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_read_generic_user_config_home_content',`
> > >> + gen_require(`
> > >> + type user_config_home_t;
> > >> + ')
> > >> +
> > >> + userdom_search_user_home_dirs($1)
> > >> + allow $1 user_config_home_t:dir list_dir_perms;
> > >> + allow $1 user_config_home_t:file read_file_perms;
> > >> + allow $1 user_config_home_t:fifo_file read_fifo_file_perms;
> > >> + allow $1 user_config_home_t:lnk_file read_lnk_file_perms;
> > >> + allow $1 user_config_home_t:sock_file read_sock_file_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Create, read, write, and delete
> > >> +## generic user config home content.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_manage_generic_user_config_home_content',`
> > >> + gen_require(`
> > >> + type user_config_home_t;
> > >> + ')
> > >> +
> > >> + userdom_search_user_home_dirs($1)
> > >> + allow $1 user_config_home_t:dir manage_dir_perms;
> > >> + allow $1 user_config_home_t:file manage_file_perms;
> > >> + allow $1 user_config_home_t:fifo_file manage_fifo_file_perms;
> > >> + allow $1 user_config_home_t:lnk_file manage_lnk_file_perms;
> > >> + allow $1 user_config_home_t:sock_file manage_sock_file_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Search generic user config home
> > >> +## content directories.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_search_generic_user_config_home_content',`
> > >> + gen_require(`
> > >> + type user_config_home_t;
> > >> + ')
> > >> +
> > >> + userdom_search_user_home_dirs($1)
> > >> + allow $1 user_config_home_t:dir search_dir_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Create specified objects in generic
> > >> +## user config home content directories
> > >> +## with a private type.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="private_type">
> > >> +## <summary>
> > >> +## Private file type.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="object_class">
> > >> +## <summary>
> > >> +## Class of the object being created.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="name" optional="true">
> > >> +## <summary>
> > >> +## The name of the object being created.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_config_home_content_filetrans',`
> > >> + gen_require(`
> > >> + type user_config_home_t;
> > >> + ')
> > >> +
> > >> + userdom_search_user_home_dirs($1)
> > >> + filetrans_pattern($1, user_config_home_t, $2, $3, $4)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Create specified objects in user home
> > >> +## directories with the generic user
> > >> +## config home content type.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="object_class">
> > >> +## <summary>
> > >> +## Class of the object being created.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="name" optional="true">
> > >> +## <summary>
> > >> +## The name of the object being created.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_home_dir_filetrans_user_config_home_content',`
> > >> + gen_require(`
> > >> + type user_config_home_t;
> > >> + ')
> > >> +
> > >> + userdom_user_home_dir_filetrans($1, user_config_home_t, $2, $3)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Create generic user data home
> > >> +## content directories.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_create_generic_user_data_home_content_dirs',`
> > >> + gen_require(`
> > >> + type user_data_home_t;
> > >> + ')
> > >> +
> > >> + allow $1 user_data_home_t:dir create_dir_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Read generic user data home content.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_read_generic_user_data_home_content',`
> > >> + gen_require(`
> > >> + type user_data_home_t;
> > >> + ')
> > >> +
> > >> + userdom_search_user_home_content($1)
> > >> + allow $1 user_data_home_t:dir list_dir_perms;
> > >> + allow $1 user_data_home_t:file read_file_perms;
> > >> + allow $1 user_data_home_t:fifo_file read_fifo_file_perms;
> > >> + allow $1 user_data_home_t:lnk_file read_lnk_file_perms;
> > >> + allow $1 user_data_home_t:sock_file read_sock_file_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Create, read, write, and delete
> > >> +## generic user data home content.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_manage_generic_user_data_home_content',`
> > >> + gen_require(`
> > >> + type user_data_home_t;
> > >> + ')
> > >> +
> > >> + userdom_search_user_home_content($1)
> > >> + allow $1 user_data_home_t:dir manage_dir_perms;
> > >> + allow $1 user_data_home_t:file manage_file_perms;
> > >> + allow $1 user_data_home_t:fifo_file manage_fifo_file_perms;
> > >> + allow $1 user_data_home_t:lnk_file manage_lnk_file_perms;
> > >> + allow $1 user_data_home_t:sock_file manage_sock_file_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Search generic user data home
> > >> +## content directories.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_search_generic_user_data_home_content',`
> > >> + gen_require(`
> > >> + type user_data_home_t;
> > >> + ')
> > >> +
> > >> + userdom_search_user_home_content($1)
> > >> + allow $1 user_data_home_t:dir search_dir_perms;
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Create specified objects in generic
> > >> +## user data home content directories
> > >> +## with a private type.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="private_type">
> > >> +## <summary>
> > >> +## Private file type.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="object_class">
> > >> +## <summary>
> > >> +## Class of the object being created.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="name" optional="true">
> > >> +## <summary>
> > >> +## The name of the object being created.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_data_home_content_filetrans',`
> > >> + gen_require(`
> > >> + type user_data_home_t;
> > >> + ')
> > >> +
> > >> + userdom_search_user_home_content($1)
> > >> + filetrans_pattern($1, user_data_home_t, $2, $3, $4)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> +## Create specified objects in user home
> > >> +## content directories with the generic
> > >> +## user data home content type.
> > >> +## </summary>
> > >> +## <param name="domain">
> > >> +## <summary>
> > >> +## Domain allowed access.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="object_class">
> > >> +## <summary>
> > >> +## Class of the object being created.
> > >> +## </summary>
> > >> +## </param>
> > >> +## <param name="name" optional="true">
> > >> +## <summary>
> > >> +## The name of the object being created.
> > >> +## </summary>
> > >> +## </param>
> > >> +#
> > >> +interface(`xserver_user_home_content_filetrans_user_data_home_content',`
> > >> + gen_require(`
> > >> + type user_data_home_t;
> > >> + ')
> > >> +
> > >> + userdom_user_home_content_filetrans($1, user_data_home_t, $2, $3)
> > >> +')
> > >> +
> > >> +########################################
> > >> +## <summary>
> > >> ## Interface to provide X object permissions on a given X server to
> > >> ## an X client domain. Gives the domain complete control over the
> > >> ## display.
> > >> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> > >> index 9bc86a0..a42f9bc 100644
> > >> --- a/policy/modules/services/xserver.te
> > >> +++ b/policy/modules/services/xserver.te
> > >> @@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
> > >>
> > >> attribute x_domain;
> > >>
> > >> +# X Desktop Group
> > >> +attribute xserver_user_cache_home_content_type;
> > >> +attribute xserver_user_config_home_content_type;
> > >> +attribute xserver_user_data_home_content_type;
> > >> +
> > >> # X Events
> > >> attribute xevent_type;
> > >> attribute input_xevent_type;
> > >> @@ -106,6 +111,15 @@ type remote_t;
> > >> xserver_object_types_template(remote)
> > >> xserver_common_x_domain_template(remote, remote_t)
> > >>
> > >> +type user_cache_home_t;
> > >> +xserver_user_cache_home_content(user_cache_home_t)
> > >> +
> > >> +type user_config_home_t;
> > >> +xserver_user_config_home_content(user_config_home_t)
> > >> +
> > >> +type user_data_home_t;
> > >> +xserver_user_data_home_content(user_data_home_t)
> > >> +
> > >> type user_fonts_t;
> > >> typealias user_fonts_t alias { staff_fonts_t sysadm_fonts_t };
> > >> typealias user_fonts_t alias { auditadm_fonts_t secadm_fonts_t };
> > >
> > >
> > > _______________________________________________
> > > refpolicy mailing list
> > > refpolicy at oss.tresys.com
> > > http://oss.tresys.com/mailman/listinfo/refpolicy
> > >
> >
> >
>
>
On 11/29/12 09:16, grift wrote:
> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
>> On 11/29/12 08:09, grift wrote:
>>> Are we ready to make a decision yet with regard to the two outstanding
>>> issues?
>>>
>>> - best type names? (my preference user_data_home_t, user_config_home_t,
>>> user_cache_home_t)
>>
>> replace user with xdg, e.g. xdg_config_home_t.
>>
>>> - should be label ~/.local/share with the xdg data home type or ~/.local
>>> ( my preference ~/.local/share)
>>>
>>> But i will go with whatever in the end
>>
>> Here's another option to consider:
>>
>> $HOME/.local -d gen_context(system_u:object_r:xdg_local_home_t,s0)
>> $HOME/.local/share(/.*)? gen_context(system_u:object_r:xdg_data_home_t,s0)
>>
>> and then treat xdg_local_home_t similar to user_home_dir_t and filetrans everything under it. Then the named filetrans for ~/.local/share will work right on top of any of the other random dirs that pop up under there.
>
> I understand your reasoning but i am not confident about the type name
> "xdg_local_home_t" and i am also not confident that this type should be
> declared in the xserver policy module
>
> how about we use local_home_t and declare it in the userdomain module?
I'm unclear why you disagree. It seems to make sense that 1. this standard is defined by the X desktop group, so xdg doesn't seem so bad to have in the type name. 2. I don't think it makes sense in userdomain because this standard applies to X desktops, so if you don't have an xserver, theres no need for these definitions.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On Fri, 2012-11-30 at 09:35 -0500, Christopher J. PeBenito wrote:
> On 11/29/12 09:16, grift wrote:
> > On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
> >> On 11/29/12 08:09, grift wrote:
> >>> Are we ready to make a decision yet with regard to the two outstanding
> >>> issues?
> >>>
> >>> - best type names? (my preference user_data_home_t, user_config_home_t,
> >>> user_cache_home_t)
> >>
> >> replace user with xdg, e.g. xdg_config_home_t.
> >>
> >>> - should be label ~/.local/share with the xdg data home type or ~/.local
> >>> ( my preference ~/.local/share)
> >>>
> >>> But i will go with whatever in the end
> >>
> >> Here's another option to consider:
> >>
> >> $HOME/.local -d gen_context(system_u:object_r:xdg_local_home_t,s0)
> >> $HOME/.local/share(/.*)? gen_context(system_u:object_r:xdg_data_home_t,s0)
> >>
> >> and then treat xdg_local_home_t similar to user_home_dir_t and filetrans everything under it. Then the named filetrans for ~/.local/share will work right on top of any of the other random dirs that pop up under there.
> >
> > I understand your reasoning but i am not confident about the type name
> > "xdg_local_home_t" and i am also not confident that this type should be
> > declared in the xserver policy module
> >
> > how about we use local_home_t and declare it in the userdomain module?
>
> I'm unclear why you disagree. It seems to make sense that 1. this standard is defined by the X desktop group, so xdg doesn't seem so bad to have in the type name. 2. I don't think it makes sense in userdomain because this standard applies to X desktops, so if you don't have an xserver, theres no need for these definitions.
>
As far as i can see ~/.local is not part of the X desktop group although
it depends on it for ~/.local/share (data dir)
userdomain might indeed not be a optimal alternative place to declare a
type for .local but i am not confident that xserver is either.
What i understand is , is that ~/.local is "a place where users can
install apps with a prefix inside $HOME"
I imagine one could have a headless server without X or the xserver
policy and still use ~/.local to "install apps with a prefix inside
$HOME"
But that is my view and i do not mind going your way. It is not such a
big deal.
My patch v3 declares xdg_local_home_t is xserver module
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/30/2012 12:01 PM, grift wrote:
> On Fri, 2012-11-30 at 09:35 -0500, Christopher J. PeBenito wrote:
>> On 11/29/12 09:16, grift wrote:
>>> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
>>>> On 11/29/12 08:09, grift wrote:
>>>>> Are we ready to make a decision yet with regard to the two
>>>>> outstanding issues?
>>>>>
>>>>> - best type names? (my preference user_data_home_t,
>>>>> user_config_home_t, user_cache_home_t)
>>>>
>>>> replace user with xdg, e.g. xdg_config_home_t.
>>>>
>>>>> - should be label ~/.local/share with the xdg data home type or
>>>>> ~/.local ( my preference ~/.local/share)
>>>>>
>>>>> But i will go with whatever in the end
>>>>
>>>> Here's another option to consider:
>>>>
>>>> $HOME/.local -d gen_context(system_u:object_r:xdg_local_home_t,s0)
>>>> $HOME/.local/share(/.*)?
>>>> gen_context(system_u:object_r:xdg_data_home_t,s0)
>>>>
>>>> and then treat xdg_local_home_t similar to user_home_dir_t and
>>>> filetrans everything under it. Then the named filetrans for
>>>> ~/.local/share will work right on top of any of the other random dirs
>>>> that pop up under there.
>>>
>>> I understand your reasoning but i am not confident about the type name
>>> "xdg_local_home_t" and i am also not confident that this type should
>>> be declared in the xserver policy module
>>>
>>> how about we use local_home_t and declare it in the userdomain module?
>>
>> I'm unclear why you disagree. It seems to make sense that 1. this
>> standard is defined by the X desktop group, so xdg doesn't seem so bad to
>> have in the type name. 2. I don't think it makes sense in userdomain
>> because this standard applies to X desktops, so if you don't have an
>> xserver, theres no need for these definitions.
>>
>
> As far as i can see ~/.local is not part of the X desktop group although it
> depends on it for ~/.local/share (data dir)
>
> userdomain might indeed not be a optimal alternative place to declare a
> type for .local but i am not confident that xserver is either.
>
> What i understand is , is that ~/.local is "a place where users can install
> apps with a prefix inside $HOME"
>
> I imagine one could have a headless server without X or the xserver policy
> and still use ~/.local to "install apps with a prefix inside $HOME"
>
> But that is my view and i do not mind going your way. It is not such a big
> deal.
>
> My patch v3 declares xdg_local_home_t is xserver module
>
> _______________________________________________ refpolicy mailing list
> refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy
>
python uses ~/.local
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlC5EbQACgkQrlYvE4MpobMxagCgz1940l6WUbb5Aq61IkiZM20U
ACUAoJgCkYldMwTkAyPr5LNA+Jhsd5sP
=vMke
-----END PGP SIGNATURE-----
On 11/30/2012 3:06 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/30/2012 12:01 PM, grift wrote:
>> On Fri, 2012-11-30 at 09:35 -0500, Christopher J. PeBenito wrote:
>>> On 11/29/12 09:16, grift wrote:
>>>> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
>>>>> On 11/29/12 08:09, grift wrote:
>>>>>> Are we ready to make a decision yet with regard to the two
>>>>>> outstanding issues?
>>>>>>
>>>>>> - best type names? (my preference user_data_home_t,
>>>>>> user_config_home_t, user_cache_home_t)
>>>>>
>>>>> replace user with xdg, e.g. xdg_config_home_t.
>>>>>
>>>>>> - should be label ~/.local/share with the xdg data home type or
>>>>>> ~/.local ( my preference ~/.local/share)
>>>>>>
>>>>>> But i will go with whatever in the end
>>>>>
>>>>> Here's another option to consider:
>>>>>
>>>>> $HOME/.local -d gen_context(system_u:object_r:xdg_local_home_t,s0)
>>>>> $HOME/.local/share(/.*)?
>>>>> gen_context(system_u:object_r:xdg_data_home_t,s0)
>>>>>
>>>>> and then treat xdg_local_home_t similar to user_home_dir_t and
>>>>> filetrans everything under it. Then the named filetrans for
>>>>> ~/.local/share will work right on top of any of the other random dirs
>>>>> that pop up under there.
>>>>
>>>> I understand your reasoning but i am not confident about the type name
>>>> "xdg_local_home_t" and i am also not confident that this type should
>>>> be declared in the xserver policy module
>>>>
>>>> how about we use local_home_t and declare it in the userdomain module?
>>>
>>> I'm unclear why you disagree. It seems to make sense that 1. this
>>> standard is defined by the X desktop group, so xdg doesn't seem so bad to
>>> have in the type name. 2. I don't think it makes sense in userdomain
>>> because this standard applies to X desktops, so if you don't have an
>>> xserver, theres no need for these definitions.
>>>
>>
>> As far as i can see ~/.local is not part of the X desktop group although it
>> depends on it for ~/.local/share (data dir)
>>
>> userdomain might indeed not be a optimal alternative place to declare a
>> type for .local but i am not confident that xserver is either.
>>
>> What i understand is , is that ~/.local is "a place where users can install
>> apps with a prefix inside $HOME"
>>
>> I imagine one could have a headless server without X or the xserver policy
>> and still use ~/.local to "install apps with a prefix inside $HOME"
>>
>> But that is my view and i do not mind going your way. It is not such a big
>> deal.
>>
>> My patch v3 declares xdg_local_home_t is xserver module
>>
>>
> python uses ~/.local
Yuck. Well I guess that makes local_home_t make sense for ~/.local and xdg_data_home_t for ~/.local/data. Then local_home_t could be declared in userdomain.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On Thu, 2012-12-06 at 23:53 -0500, Christopher J. PeBenito wrote:
> On 11/30/2012 3:06 PM, Daniel J Walsh wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On 11/30/2012 12:01 PM, grift wrote:
> >> On Fri, 2012-11-30 at 09:35 -0500, Christopher J. PeBenito wrote:
> >>> On 11/29/12 09:16, grift wrote:
> >>>> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
> >>>>> On 11/29/12 08:09, grift wrote:
> >>>>>> Are we ready to make a decision yet with regard to the two
> >>>>>> outstanding issues?
> >>>>>>
> >>>>>> - best type names? (my preference user_data_home_t,
> >>>>>> user_config_home_t, user_cache_home_t)
> >>>>>
> >>>>> replace user with xdg, e.g. xdg_config_home_t.
> >>>>>
> >>>>>> - should be label ~/.local/share with the xdg data home type or
> >>>>>> ~/.local ( my preference ~/.local/share)
> >>>>>>
> >>>>>> But i will go with whatever in the end
> >>>>>
> >>>>> Here's another option to consider:
> >>>>>
> >>>>> $HOME/.local -d gen_context(system_u:object_r:xdg_local_home_t,s0)
> >>>>> $HOME/.local/share(/.*)?
> >>>>> gen_context(system_u:object_r:xdg_data_home_t,s0)
> >>>>>
> >>>>> and then treat xdg_local_home_t similar to user_home_dir_t and
> >>>>> filetrans everything under it. Then the named filetrans for
> >>>>> ~/.local/share will work right on top of any of the other random dirs
> >>>>> that pop up under there.
> >>>>
> >>>> I understand your reasoning but i am not confident about the type name
> >>>> "xdg_local_home_t" and i am also not confident that this type should
> >>>> be declared in the xserver policy module
> >>>>
> >>>> how about we use local_home_t and declare it in the userdomain module?
> >>>
> >>> I'm unclear why you disagree. It seems to make sense that 1. this
> >>> standard is defined by the X desktop group, so xdg doesn't seem so bad to
> >>> have in the type name. 2. I don't think it makes sense in userdomain
> >>> because this standard applies to X desktops, so if you don't have an
> >>> xserver, theres no need for these definitions.
> >>>
> >>
> >> As far as i can see ~/.local is not part of the X desktop group although it
> >> depends on it for ~/.local/share (data dir)
> >>
> >> userdomain might indeed not be a optimal alternative place to declare a
> >> type for .local but i am not confident that xserver is either.
> >>
> >> What i understand is , is that ~/.local is "a place where users can install
> >> apps with a prefix inside $HOME"
> >>
> >> I imagine one could have a headless server without X or the xserver policy
> >> and still use ~/.local to "install apps with a prefix inside $HOME"
> >>
> >> But that is my view and i do not mind going your way. It is not such a big
> >> deal.
> >>
> >> My patch v3 declares xdg_local_home_t is xserver module
> >>
> >>
> > python uses ~/.local
>
> Yuck. Well I guess that makes local_home_t make sense for ~/.local and xdg_data_home_t for ~/.local/data. Then local_home_t could be declared in userdomain.
>
Agreed on the point above
Another different point with regard to the actual XDG types. Would you
oppose a separate policy module called xdg?
I prefer that over using xserver policy module
My concern is mainly because of the xdg runtime dir. It is not directly
related to xserver.
If we use a separate policy module for the xdg types then we have a
little insurance that we do not run into any unneeded dependencies in
the future.
On 12/11/2012 7:35 AM, grift wrote:
> On Thu, 2012-12-06 at 23:53 -0500, Christopher J. PeBenito wrote:
>> On 11/30/2012 3:06 PM, Daniel J Walsh wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On 11/30/2012 12:01 PM, grift wrote:
>>>> On Fri, 2012-11-30 at 09:35 -0500, Christopher J. PeBenito wrote:
>>>>> On 11/29/12 09:16, grift wrote:
>>>>>> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
>>>>>>> On 11/29/12 08:09, grift wrote:
>>>>>>>> Are we ready to make a decision yet with regard to the two
>>>>>>>> outstanding issues?
>>>>>>>>
>>>>>>>> - best type names? (my preference user_data_home_t,
>>>>>>>> user_config_home_t, user_cache_home_t)
>>>>>>>
>>>>>>> replace user with xdg, e.g. xdg_config_home_t.
>>>>>>>
>>>>>>>> - should be label ~/.local/share with the xdg data home type or
>>>>>>>> ~/.local ( my preference ~/.local/share)
>>>>>>>>
>>>>>>>> But i will go with whatever in the end
>>>>>>>
>>>>>>> Here's another option to consider:
>>>>>>>
>>>>>>> $HOME/.local -d gen_context(system_u:object_r:xdg_local_home_t,s0)
>>>>>>> $HOME/.local/share(/.*)?
>>>>>>> gen_context(system_u:object_r:xdg_data_home_t,s0)
>>>>>>>
>>>>>>> and then treat xdg_local_home_t similar to user_home_dir_t and
>>>>>>> filetrans everything under it. Then the named filetrans for
>>>>>>> ~/.local/share will work right on top of any of the other random dirs
>>>>>>> that pop up under there.
>>>>>>
>>>>>> I understand your reasoning but i am not confident about the type name
>>>>>> "xdg_local_home_t" and i am also not confident that this type should
>>>>>> be declared in the xserver policy module
>>>>>>
>>>>>> how about we use local_home_t and declare it in the userdomain module?
>>>>>
>>>>> I'm unclear why you disagree. It seems to make sense that 1. this
>>>>> standard is defined by the X desktop group, so xdg doesn't seem so bad to
>>>>> have in the type name. 2. I don't think it makes sense in userdomain
>>>>> because this standard applies to X desktops, so if you don't have an
>>>>> xserver, theres no need for these definitions.
>>>>>
>>>>
>>>> As far as i can see ~/.local is not part of the X desktop group although it
>>>> depends on it for ~/.local/share (data dir)
>>>>
>>>> userdomain might indeed not be a optimal alternative place to declare a
>>>> type for .local but i am not confident that xserver is either.
>>>>
>>>> What i understand is , is that ~/.local is "a place where users can install
>>>> apps with a prefix inside $HOME"
>>>>
>>>> I imagine one could have a headless server without X or the xserver policy
>>>> and still use ~/.local to "install apps with a prefix inside $HOME"
>>>>
>>>> But that is my view and i do not mind going your way. It is not such a big
>>>> deal.
>>>>
>>>> My patch v3 declares xdg_local_home_t is xserver module
>>>>
>>>>
>>> python uses ~/.local
>>
>> Yuck. Well I guess that makes local_home_t make sense for ~/.local and xdg_data_home_t for ~/.local/data. Then local_home_t could be declared in userdomain.
>>
>
> Agreed on the point above
>
> Another different point with regard to the actual XDG types. Would you
> oppose a separate policy module called xdg?
>
> I prefer that over using xserver policy module
>
> My concern is mainly because of the xdg runtime dir. It is not directly
> related to xserver.
>
> If we use a separate policy module for the xdg types then we have a
> little insurance that we do not run into any unneeded dependencies in
> the future.
I think it depends on the cleanliness of the implementation. Can you do a partial implementation, say implement the support for one of the types?
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On Tue, 2012-12-11 at 09:31 -0500, Christopher J. PeBenito wrote:
> On 12/11/2012 7:35 AM, grift wrote:
> > On Thu, 2012-12-06 at 23:53 -0500, Christopher J. PeBenito wrote:
> >> On 11/30/2012 3:06 PM, Daniel J Walsh wrote:
> >>> -----BEGIN PGP SIGNED MESSAGE-----
> >>> Hash: SHA1
> >>>
> >>> On 11/30/2012 12:01 PM, grift wrote:
> >>>> On Fri, 2012-11-30 at 09:35 -0500, Christopher J. PeBenito wrote:
> >>>>> On 11/29/12 09:16, grift wrote:
> >>>>>> On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote:
> >>>>>>> On 11/29/12 08:09, grift wrote:
> >>>>>>>> Are we ready to make a decision yet with regard to the two
> >>>>>>>> outstanding issues?
> >>>>>>>>
> >>>>>>>> - best type names? (my preference user_data_home_t,
> >>>>>>>> user_config_home_t, user_cache_home_t)
> >>>>>>>
> >>>>>>> replace user with xdg, e.g. xdg_config_home_t.
> >>>>>>>
> >>>>>>>> - should be label ~/.local/share with the xdg data home type or
> >>>>>>>> ~/.local ( my preference ~/.local/share)
> >>>>>>>>
> >>>>>>>> But i will go with whatever in the end
> >>>>>>>
> >>>>>>> Here's another option to consider:
> >>>>>>>
> >>>>>>> $HOME/.local -d gen_context(system_u:object_r:xdg_local_home_t,s0)
> >>>>>>> $HOME/.local/share(/.*)?
> >>>>>>> gen_context(system_u:object_r:xdg_data_home_t,s0)
> >>>>>>>
> >>>>>>> and then treat xdg_local_home_t similar to user_home_dir_t and
> >>>>>>> filetrans everything under it. Then the named filetrans for
> >>>>>>> ~/.local/share will work right on top of any of the other random dirs
> >>>>>>> that pop up under there.
> >>>>>>
> >>>>>> I understand your reasoning but i am not confident about the type name
> >>>>>> "xdg_local_home_t" and i am also not confident that this type should
> >>>>>> be declared in the xserver policy module
> >>>>>>
> >>>>>> how about we use local_home_t and declare it in the userdomain module?
> >>>>>
> >>>>> I'm unclear why you disagree. It seems to make sense that 1. this
> >>>>> standard is defined by the X desktop group, so xdg doesn't seem so bad to
> >>>>> have in the type name. 2. I don't think it makes sense in userdomain
> >>>>> because this standard applies to X desktops, so if you don't have an
> >>>>> xserver, theres no need for these definitions.
> >>>>>
> >>>>
> >>>> As far as i can see ~/.local is not part of the X desktop group although it
> >>>> depends on it for ~/.local/share (data dir)
> >>>>
> >>>> userdomain might indeed not be a optimal alternative place to declare a
> >>>> type for .local but i am not confident that xserver is either.
> >>>>
> >>>> What i understand is , is that ~/.local is "a place where users can install
> >>>> apps with a prefix inside $HOME"
> >>>>
> >>>> I imagine one could have a headless server without X or the xserver policy
> >>>> and still use ~/.local to "install apps with a prefix inside $HOME"
> >>>>
> >>>> But that is my view and i do not mind going your way. It is not such a big
> >>>> deal.
> >>>>
> >>>> My patch v3 declares xdg_local_home_t is xserver module
> >>>>
> >>>>
> >>> python uses ~/.local
> >>
> >> Yuck. Well I guess that makes local_home_t make sense for ~/.local and xdg_data_home_t for ~/.local/data. Then local_home_t could be declared in userdomain.
> >>
> >
> > Agreed on the point above
> >
> > Another different point with regard to the actual XDG types. Would you
> > oppose a separate policy module called xdg?
> >
> > I prefer that over using xserver policy module
> >
> > My concern is mainly because of the xdg runtime dir. It is not directly
> > related to xserver.
> >
> > If we use a separate policy module for the xdg types then we have a
> > little insurance that we do not run into any unneeded dependencies in
> > the future.
>
> I think it depends on the cleanliness of the implementation. Can you do a partial implementation, say implement the support for one of the types?
>
yes sure i do not see why not (that is if understand you correctly)
i will in the near future prepare a patch so that you can see what i
have in mind and then you can decide later)
better take our time and make the right decision