From: dominick.grift@gmail.com (Dominick Grift) Date: Sun, 09 Oct 2011 13:38:50 +0200 Subject: [refpolicy] [PATCH/RFC v2] Introduce XDG type definition In-Reply-To: <20111007193513.GA24187@siphos.be> References: <20111007193513.GA24187@siphos.be> Message-ID: <1318160330.12362.32.camel@edge13.mydomain.internal> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, 2011-10-07 at 21:35 +0200, Sven Vermeulen wrote: snip > Some questions I still have: > - Are the "xdg_read_" interfaces still needed? First few runs > on my system here show that most (all?) need "xdg_read_all_" If you do not need an interface then no need to add it. But only call the "read_all" interfaces if it really needs to read all (which is almost never, except ofcourse the user domain) confined applications need specific access. > - Is the naming "xdg_read_all_" okay? Or does it need to be > something like "xdg_read_all__files"? in my view you need to be more specific if its reading files only then _files if its all content then _content if its dirs only then _dirs etc some examples: xdg_read_generic_cache_home_content (read any cache home content) xdg_read_all_cache_home_files (read all cache home files only) xdg_list_generic_data_home (read data home dirs only) > - I called the attributes "xdg__type", like > "xdg_data_home_type" and not "xdg_data_type" since this is specifically > for the end user location types. I am not aware of the need for non-home > components (like xdg_data_type) as these are generally labeled as usr_t or > similar (which is okay) yes better to be more specific. xdg_*_home_type is good imho > Comments always appreciated. Also when I'm playing the wrong ball here ;-) > > +++ > > The XDG Base Directory specification is an open specification for > dealing with user data in a desktop environment. It is published on > http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html > and in use by many applications. > > In this patch, we introduce the xdg-specific types and give the standard > interfaces for dealing with these types. We also provide a typeattribute > for each of the xdg-specific locations, allowing applications that > create files therein to mark these files as the appropriate xdg type. > > I opted for a separate module instead of userdomain since it is > targeting desktop users more than servers. > > Signed-off-by: Sven Vermeulen > --- > xdg.fc | 8 + > xdg.if | 472 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > xdg.te | 30 ++++ > 3 files changed, 510 insertions(+), 0 deletions(-) > create mode 100644 xdg.fc > create mode 100644 xdg.if > create mode 100644 xdg.te > > diff --git a/xdg.fc b/xdg.fc > new file mode 100644 > index 0000000..d6ba4da > --- /dev/null > +++ b/xdg.fc > @@ -0,0 +1,8 @@ > +HOME_DIR/\.cache(/.*)? gen_context(system_u:object_r:xdg_cache_home_t,s0) > +HOME_DIR/\.config(/.*)? gen_context(system_u:object_r:xdg_config_home_t,s0) > +HOME_DIR/\.local/share(/.*)? gen_context(system_u:object_r:xdg_data_home_t,s0) > + > +# > +# /run > +# > +/run/user/USER(/.*)? gen_context(system_u:object_r:xdg_runtime_home_t,s0) > diff --git a/xdg.if b/xdg.if > new file mode 100644 > index 0000000..3cddcc0 > --- /dev/null > +++ b/xdg.if > @@ -0,0 +1,472 @@ > +## Policy for xdg desktop standard > + > +######################################## > +## > +## Mark the selected type as an xdg_data_home_type > +## > +## > +## > +## Type to give the xdg_data_home_type attribute to > +## > +## > +# > +interface(`xdg_data_home_content',` > + gen_require(` > + attribute xdg_data_home_type; > + ') > + > + typeattribute $1 xdg_data_home_type; > + > + userdom_user_home_content($1) > +') > + > +######################################## > +## > +## Create objects in an xdg_data_home directory > +## with an automatic type transition to > +## a specified private type. > +## > +## > +## > +## Domain allowed access. > +## > +## > +## > +## > +## The type of the object to create. > +## > +## > +## > +## > +## The class of the object to be created. > +## > +## > +# > +interface(`xdg_data_home_filetrans',` > + gen_require(` > + type xdg_data_home_t; > + ') > + > + filetrans_pattern($1, xdg_data_home_t, $2, $3) > +') > + > + > +######################################## > +## > +## Mark the selected type as an xdg_cache_home_type > +## > +## > +## > +## Type to give the xdg_cache_home_type attribute to > +## > +## > +# > +interface(`xdg_cache_home_content',` > + gen_require(` > + attribute xdg_cache_home_type; > + ') > + > + typeattribute $1 xdg_cache_home_type; > + > + userdom_user_home_content($1) > +') > + > +######################################## > +## > +## Create objects in an xdg_cache_home directory > +## with an automatic type transition to > +## a specified private type. > +## > +## > +## > +## Domain allowed access. > +## > +## > +## > +## > +## The type of the object to create. > +## > +## > +## > +## > +## The class of the object to be created. > +## > +## > +# > +interface(`xdg_cache_home_filetrans',` > + gen_require(` > + type xdg_cache_home_t; > + ') > + userdom_search_user_home_dirs($1) > + filetrans_pattern($1, xdg_cache_home_t, $2, $3) > +') > + > + > +######################################## > +## > +## Mark the selected type as an xdg_config_home_type > +## > +## > +## > +## Type to give the xdg_config_home_type attribute to > +## > +## > +# > +interface(`xdg_config_home_content',` > + gen_require(` > + attribute xdg_config_home_type; > + ') > + > + typeattribute $1 xdg_config_home_type; > + > + userdom_user_home_content($1) > +') > + > +######################################## > +## > +## Create objects in an xdg_config_home directory > +## with an automatic type transition to > +## a specified private type. > +## > +## > +## > +## Domain allowed access. > +## > +## > +## > +## > +## The type of the object to create. > +## > +## > +## > +## > +## The class of the object to be created. > +## > +## > +# > +interface(`xdg_config_home_filetrans',` > + gen_require(` > + type xdg_config_home_t; > + ') > + userdom_search_user_home_dirs($1) > + filetrans_pattern($1, xdg_config_home_t, $2, $3) > +') > + > +######################################## > +## > +## Mark the selected type as an xdg_runtime_home_type > +## > +## > +## > +## Type to give the xdg_runtime_home_type attribute to > +## > +## > +# > +interface(`xdg_runtime_home_content',` > + gen_require(` > + attribute xdg_runtime_home_type; > + ') > + > + typeattribute $1 xdg_runtime_home_type; > + > + userdom_user_home_content($1) > +') > + > +######################################## > +## > +## Create objects in an xdg_runtime_home directory > +## with an automatic type transition to > +## a specified private type. > +## > +## > +## > +## Domain allowed access. > +## > +## > +## > +## > +## The type of the object to create. > +## > +## > +## > +## > +## The class of the object to be created. > +## > +## > +# > +interface(`xdg_runtime_home_filetrans',` > + gen_require(` > + type xdg_runtime_home_t; > + ') > + userdom_search_user_home_dirs($1) > + filetrans_pattern($1, xdg_runtime_home_t, $2, $3) > +') > + > + > +######################################## > +## > +## Read the xdg cache home files > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xdg_read_cache_home',` xdg_read_generic_cache_home_files > + gen_require(` > + type xdg_cache_home_t; > + ') > + > + read_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) > + why list? userdom_search_user_home_dirs($1) > + userdom_list_user_home_dirs($1) > +') > + > +######################################## > +## > +## Read all xdg_cache_home_type files > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xdg_read_all_cache_home',` xdg_read_all_cache_home_files() > + gen_require(` > + attribute xdg_cache_home_type; > + ') > + > + read_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) > + why list? > > + userdom_list_user_home_dirs($1) > +') > + > +######################################## > +## > +## Manage the xdg cache home files > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xdg_manage_cache_home',` xdg_manage_generic_cache_home_content > + gen_require(` > + type xdg_cache_home_t; > + ') > + > + manage_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) > + manage_dirs_pattern($1, xdg_cache_home_t, xdg_cache_home_t) manage_lnk_files_pattern() manage_fifo_files_pattern() > + why list? > > + userdom_list_user_home_dirs($1) > +') > + > +######################################## > +## > +## Read the xdg config home files > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xdg_read_config_home',` xdg_read_generic_config_home_files() > + gen_require(` > + type xdg_config_home_t; > + ') > + > + read_files_pattern($1, xdg_config_home_t, xdg_config_home_t) > + userdom_search_user_home_dirs($1) > + userdom_list_user_home_dirs($1) > +') > + > +######################################## > +## > +## Read all xdg_config_home_type files > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xdg_read_all_config_home',` xdg_read_all_config_home_files() > + gen_require(` > + attribute xdg_config_home_type; > + ') > + > + read_files_pattern($1, xdg_config_home_type, xdg_config_home_type) > + why list? > + userdom_list_user_home_dirs($1) > +') > + > + > +######################################## > +## > +## Manage the xdg config home files > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xdg_manage_config_home',` xdg_manage_generic_config_home_content() > + gen_require(` > + type xdg_config_home_t; > + ') > + > + manage_files_pattern($1, xdg_config_home_t, xdg_config_home_t) > + manage_dirs_pattern($1, xdg_config_home_t, xdg_config_home_t) manage_lnk_files_pattern() manage_fifo_files_pattern() > + userdom_search_user_home_dirs() > + userdom_list_user_home_dirs($1) > +') > + > +######################################## > +## > +## Read the xdg data home files > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xdg_read_data_home',` xdg_read_generic_data_home_files() > + gen_require(` > + type xdg_data_home_t; > + ') > + > + read_files_pattern($1, xdg_data_home_t, xdg_data_home_t) > + why list? > > + userdom_list_user_home_dirs($1) > +') > + > +######################################## > +## > +## Read all xdg_data_home_type files > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xdg_read_all_data_home',` xdg_read_all_data_home_files() > + gen_require(` > + attribute xdg_data_home_type; > + ') > + > + read_files_pattern($1, xdg_data_home_type, xdg_data_home_type) > + why list? > > + userdom_list_user_home_dirs($1) > +') > + > +######################################## > +## > +## Manage the xdg data home files > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xdg_manage_data_home',` xdg_manage_all_data_home_content() > + gen_require(` > + type xdg_data_home_t; > + ') > + > + manage_files_pattern($1, xdg_data_home_t, xdg_data_home_t) > + manage_dirs_pattern($1, xdg_data_home_t, xdg_data_home_t) > + manage_lnk_files_pattern() manage_fifo_files_pattern() why list? > + userdom_list_user_home_dirs($1) > +') > + > +######################################## > +## > +## Read the xdg runtime home files > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xdg_read_runtime_home',` xdg_read_generic_runtime_home_files() > + gen_require(` > + type xdg_runtime_home_t; > + ') > + > + read_files_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t) > + why list? (besides , caller does not need to search user_home_dir_t to get to /run/user/$USER files_search_pids($1) might be more appropriate (we need to find a good label for /run/user) > > + userdom_list_user_home_dirs($1) > +') > + > +######################################## > +## > +## Read all xdg_runtime_home_type files > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xdg_read_all_runtime_home',` xdg_read_all_runtime_home_files() > + gen_require(` > + attribute xdg_runtime_home_type; > + ') > + > + read_files_pattern($1, xdg_runtime_home_type, xdg_runtime_home_type) > + no need for this > > + userdom_list_user_home_dirs($1) > +') > + > +######################################## > +## > +## Manage the xdg runtime home files > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xdg_manage_runtime_home',` xdg_manage_generic_runtime_home_content() > + gen_require(` > + type xdg_runtime_home_t; > + ') > + > + manage_files_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t) > + manage_dirs_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t) > + manage_lnk_files_pattern() manage_fifo_files_pattern() > no need for this > + userdom_list_user_home_dirs($1) > +') > + > +####################################### > +## > +## Allow the userdomain full administrative rights on the xdg_* locations > +## > +## > +## > +## The user domain > +## > +## > +## > +# just use xdm_manage_all_*_home_content() besides i do not believe that pebenito want to give users full access to all xdg content types from one single place rather call specific interfaces from the various role templates. only give user domains access to manage generic content by default(from /roles/ layer) so for example in staff.te there could be: optional_policy(` xdg_manage_generic_data_home_content(staff_t) xdg_manage_generic_cache_home_content(staff_t) xdg_manage_generic_config_home_content(staff_t) xdg_manage_generic_runtime_home_content(staff_t) ') then all private xdg content types will be dealt with in the various confined applications' role templates > +interface(`xdg_admin',` > + gen_require(` > + attribute xdg_cache_home_type, xdg_config_home_type, xdg_data_home_type; > + ') > + > + # full control over the xdg_* directories > + admin_pattern($1, xdg_cache_home_type) > + admin_pattern($1, xdg_config_home_type) > + admin_pattern($1, xdg_data_home_type) > +') > + > diff --git a/xdg.te b/xdg.te > new file mode 100644 > index 0000000..087eef8 > --- /dev/null > +++ b/xdg.te > @@ -0,0 +1,30 @@ > +policy_module(xdg, 1.0.0) > + > +######################################## > +# > +# Declarations > +# > + > +attribute xdg_data_home_type; > + > +attribute xdg_config_home_type; > + > +attribute xdg_cache_home_type; > + > +attribute xdg_runtime_home_type; > + > +type xdg_data_home_t; > +xdg_data_home_content(xdg_data_home_t) > this is not needed xdg_data_home_content already calls userdom_user_home_content() +userdom_user_home_content(xdg_data_home_t) > + > +type xdg_config_home_t; > +xdg_config_home_content(xdg_config_home_t) > not needed: +userdom_user_home_content(xdg_config_home_t) > + > +type xdg_cache_home_t; > +xdg_cache_home_content(xdg_cache_home_t) > not needed: +userdom_user_home_content(xdg_cache_home_t) > + > +type xdg_runtime_home_t; > +xdg_runtime_home_content(xdg_runtime_home_t) > not needed: +userdom_user_home_content(xdg_runtime_home_t)