From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 14 Aug 2009 13:37:02 -0400 Subject: [refpolicy] Basic policy for KDE and Konqueror In-Reply-To: <200908121440.21006.Nicky726@gmail.com> References: <200908121440.21006.Nicky726@gmail.com> Message-ID: <1250271422.27712.83.camel@gorn.columbia.tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 2009-08-12 at 14:40 +0200, Nicky726 wrote: > as a part of my bachellor thesis I've made basic policy for KDE namely > Konqueror web browser. The resulting source files are enclosed to this e-mail. > > As KDE is complicated and interconnected environment, I chosed to create a > general module for KDE. The should be any rules concerning shared parts of KDE > policy. As an example may be context of ~/.kde, where configuration is stored, > and access rules of this files... > > Than for every aplication which is to be confined, there should be one module > depending on the base KDE policy module. I choosed to confine Konqueror. > > I tested this policy on Fedora 10 with KDE 4.2.4 and up-to-date. > > I understand that policy I created is probabaly very rough and needs many > refinements. Would you please comment it, so I can make it better and maybe > actually useful for some people? The use of types is generally good. Depending on your security goals you may want more separation for users/roles. For example you could use TE: user_kde_home_t, staff_kde_home_t, etc. or UBAC: ubac_confined(kde_home_t). Without these, only DAC separates the users/roles. If you're looking to get these into upstream refpolicy, you need to follow the reference policy style. Having require blocks such as these: optional_policy(` gen_require(` type staff_t; type staff_devpts_t; type staff_tty_device_t; role staff_r; ') konqueror_run(staff_t, staff_r, { staff_tty_device_t staff_devpts_t }) ') is not acceptable in refpolicy. In addition, the interface calls in in the konqueror.te need to be reorganized. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150