From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 8 Nov 2011 10:08:35 -0500 Subject: [refpolicy] [PATCH 1/2] Support the console/graphical links browser In-Reply-To: <20111023143028.GB17397@siphos.be> References: <20111023142947.GA17397@siphos.be> <20111023143028.GB17397@siphos.be> Message-ID: <4EB945F3.6000805@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 10/23/11 10:30, Sven Vermeulen wrote: > > Introduce the links_t domain for the links browser, which is an > ncurses/svgalib/X11 browser (so supports both commandline-only as > well as GUI environments) A couple small notes inline. > Signed-off-by: Sven Vermeulen > --- > links.fc | 6 ++++++ > links.if | 36 ++++++++++++++++++++++++++++++++++++ > links.te | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > 3 files changed, 99 insertions(+), 0 deletions(-) > create mode 100644 links.fc > create mode 100644 links.if > create mode 100644 links.te > > diff --git a/links.te b/links.te > new file mode 100644 > index 0000000..6289570 > --- /dev/null > +++ b/links.te > @@ -0,0 +1,57 @@ > +policy_module(links, 1.0.0) > + > +############################ > +# > +# Declarations > +# > + > +type links_t; > +type links_exec_t; > +application_domain(links_t, links_exec_t) > + > +type links_home_t; > +typealias links_home_t alias { user_links_home_t staff_links_home_t sysadm_links_home_t }; > +userdom_user_home_content(links_home_t) > + > +type links_tmpfs_t; > +typealias links_tmpfs_t alias { user_links_tmpfs_t staff_links_tmpfs_t sysadm_links_tmpfs_t }; > +files_tmpfs_file(links_tmpfs_t) > +ubac_constrained(links_tmpfs_t) The aliases aren't necessary. They only exist in current policies for compatibility reasons. Since this is a new module, there is no compatibility to preserve. > +############################ > +# > +# Policy > +# > + > +allow links_t self:process signal_perms; > +allow links_t self:unix_stream_socket create_stream_socket_perms; > + > +manage_dirs_pattern(links_t, links_home_t, links_home_t) > +manage_files_pattern(links_t, links_home_t, links_home_t) > +manage_lnk_files_pattern(links_t, links_home_t, links_home_t) > +manage_sock_files_pattern(links_t, links_home_t, links_home_t) > +manage_fifo_files_pattern(links_t, links_home_t, links_home_t) > + > +manage_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t) > +manage_lnk_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t) > +manage_fifo_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t) > +manage_sock_files_pattern(links_t, links_tmpfs_t, links_tmpfs_t) > +fs_tmpfs_filetrans(links_t, links_tmpfs_t, { file lnk_file sock_file fifo_file }) > + > +userdom_user_home_dir_filetrans(links_t, links_home_t, dir) This can go up with the other links_home_t rules, similar to how you have the above fs_tmpfs_filetrans(). > + > +corenet_tcp_connect_http_port(links_t) > + > +domain_use_interactive_fds(links_t) > + > +auth_use_nsswitch(links_t) > + > +miscfiles_read_localization(links_t) > + > +userdom_manage_user_home_content_dirs(links_t) > +userdom_manage_user_home_content_files(links_t) Can this be limited? Is it so users can download files and save them to their home dir? If so, it should be tunable. > +userdom_use_user_terminals(links_t) > + > +optional_policy(` > + xserver_user_x_domain_template(links, links_t, links_tmpfs_t) > +') -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com