From: domg472@gmail.com (Dominick Grift) Date: Wed, 12 Aug 2009 20:58:03 +0200 Subject: [refpolicy] Basic policy for KDE and Konqueror In-Reply-To: <200908121440.21006.Nicky726@gmail.com> References: <200908121440.21006.Nicky726@gmail.com> Message-ID: <1250103483.19221.31.camel@notebook2.grift.internal> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 2009-08-12 at 14:40 +0200, Nicky726 wrote: > Hello, > > as a part of my bachellor thesis I've made basic policy for KDE namely > Konqueror web browser. The resulting source files are enclosed to this e-mail. > > As KDE is complicated and interconnected environment, I chosed to create a > general module for KDE. The should be any rules concerning shared parts of KDE > policy. As an example may be context of ~/.kde, where configuration is stored, > and access rules of this files... > > Than for every aplication which is to be confined, there should be one module > depending on the base KDE policy module. I choosed to confine Konqueror. > > I tested this policy on Fedora 10 with KDE 4.2.4 and up-to-date. > > I understand that policy I created is probabaly very rough and needs many > refinements. Would you please comment it, so I can make it better and maybe > actually useful for some people? > > Thanks for your time, Hi, i will give you my personal view on some of your policies. Be aware that i am a hobbyist so i might be wrong about some of this: kde.fc remove the file context specification for objects in /tmp and links to objects in /tmp. /tmp is a filesystem for temporary objects. file context specifications are to ensure that objects stay labeled properly. http://domg444.blogspot.com/2007/11/why-files-with-incompatible-types-in.html kde.te Not much there: use userdom_user_home_content for content in $home instead of files_type How is kde going to be able to interact with and manage the objects it owns in $home and $tmp? konqueror.te A .te file may not have require blocks. use calls to shared policy instead. this is a user app and should be run using the users role instead of system_r. You should use a role template or a per role template instead (refer to mozilla.if mozilla_role() for example) konqueror is a permissive domain (permissive konqueror_t) this is not good (permissive domain are for troubleshooting/development only) use the userdom_user_home_content(konqueror_home_t) instead of files_type() for objects in $home. you should not need the files_tmp_filetrans for kde object in tmp management. kde owns it and kde creates it. the process that creates it owns it. so if konqueror_t creates files there then its owns them. allowing konqueror to run bin_t isnt a big deal no need to dontaudit it. keep you dontaudits to a minimum. corecmd_exec_bin() use proper dbus interfaces (not dbus unconfined) the konqueror_run interface calles should be replaced by konqueror_role() calls. These calls do not belong there but they belong in the user domain policy. There are also some style issues. Today i ported 3 user app policies to rawhide. these are policies for simple text based applications. please have a look at the 3 policies and compare them to eachother. See if you can find the similarities and try to apply it to your policy. http://82.197.205.60/~dgrift/stuff/modules/rawhide12/irssi.te http://82.197.205.60/~dgrift/stuff/modules/rawhide12/irssi.if http://82.197.205.60/~dgrift/stuff/modules/rawhide12/irssi.fc http://82.197.205.60/~dgrift/stuff/modules/rawhide12/elinks.te http://82.197.205.60/~dgrift/stuff/modules/rawhide12/elinks.if http://82.197.205.60/~dgrift/stuff/modules/rawhide12/elinks.fc http://82.197.205.60/~dgrift/stuff/modules/rawhide12/mutt.te http://82.197.205.60/~dgrift/stuff/modules/rawhide12/mutt.if http://82.197.205.60/~dgrift/stuff/modules/rawhide12/mutt.fc you can also join us on irc.freenode.org at #selinux and #fedora-selinux ill be happy to answer any questions that i can. hth > > Ond?ej Vadinsk? > (Nicky726) > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090812/194cdc50/attachment.bin