From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Sun, 13 Nov 2011 10:21:36 +0100 Subject: [refpolicy] [PATCH v3 1/3] Initial policy for the mutt e-mail client In-Reply-To: <20111113092044.GA577@siphos.be> References: <20111113092044.GA577@siphos.be> Message-ID: <20111113092136.GB577@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The mutt e-mail client is a terminal-based e-mail client. It is rich in features (with many additional feature-patches lurking on the internet) so it is assumed that this policy will grow in the future. Signed-off-by: Sven Vermeulen --- mutt.fc | 10 +++++++ mutt.if | 66 ++++++++++++++++++++++++++++++++++++++++++++ mutt.te | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 169 insertions(+), 0 deletions(-) create mode 100644 mutt.fc create mode 100644 mutt.if create mode 100644 mutt.te diff --git a/mutt.fc b/mutt.fc new file mode 100644 index 0000000..9d64529 --- /dev/null +++ b/mutt.fc @@ -0,0 +1,10 @@ +HOME_DIR/\.mutt(/.*)? gen_context(system_u:object_r:mutt_home_t,s0) +HOME_DIR/\.muttrc -- gen_context(system_u:object_r:mutt_conf_t,s0) +HOME_DIR/\.mutt_cache -- gen_context(system_u:object_r:mutt_home_t,s0) +HOME_DIR/\.mutt_certificates -- gen_context(system_u:object_r:mutt_home_t,s0) + +/etc/Muttrc -- gen_context(system_u:object_r:mutt_etc_t,s0) +/etc/Muttrc\.local -- gen_context(system_u:object_r:mutt_etc_t,s0) +/etc/mutt(/.*)? gen_context(system_u:object_r:mutt_etc_t,s0) + +/usr/bin/mutt -- gen_context(system_u:object_r:mutt_exec_t,s0) diff --git a/mutt.if b/mutt.if new file mode 100644 index 0000000..0921851 --- /dev/null +++ b/mutt.if @@ -0,0 +1,66 @@ +## Mutt e-mail client + +####################################### +## +## The role for using the mutt application. +## +## +## +## The role associated with the user domain. +## +## +## +## +## The user domain. +## +## +# +interface(`mutt_role',` + gen_require(` + type mutt_t, mutt_exec_t, mutt_home_t, mutt_conf_t, mutt_etc_t; + type mutt_tmp_t; + ') + + role $1 types mutt_t; + + domtrans_pattern($2, mutt_exec_t, mutt_t) + + allow $2 mutt_t:process { ptrace signal_perms }; + + manage_dirs_pattern($2, mutt_home_t, mutt_home_t) + manage_files_pattern($2, mutt_home_t, mutt_home_t) + relabel_dirs_pattern($2, mutt_home_t, mutt_home_t) + relabel_files_pattern($2, mutt_home_t, mutt_home_t) + + manage_dirs_pattern($2, mutt_conf_t, mutt_conf_t) + manage_files_pattern($2, mutt_conf_t, mutt_conf_t) + relabel_dirs_pattern($2, mutt_conf_t, mutt_conf_t) + relabel_files_pattern($2, mutt_conf_t, mutt_conf_t) + + relabel_dirs_pattern($2, mutt_tmp_t, mutt_tmp_t) + relabel_files_pattern($2, mutt_tmp_t, mutt_tmp_t) + + ps_process_pattern($2, mutt_t) +') + +####################################### +## +## Allow other domains to handle mutt's temporary files (used for instance +## for e-mail drafts) +## +## +## +## The domain that is allowed read/write access to the temporary files +## +## +# +interface(`mutt_rw_tmp_files',` + gen_require(` + type mutt_tmp_t; + ') + + # The use of rw_files_pattern here is not needed, since this incurs the open privilege as well + allow $1 mutt_tmp_t:dir search_dir_perms; + allow $1 mutt_tmp_t:file { read write }; + files_search_tmp($1) +') diff --git a/mutt.te b/mutt.te new file mode 100644 index 0000000..fc11aa5 --- /dev/null +++ b/mutt.te @@ -0,0 +1,93 @@ +policy_module(mutt, 1.0.0) + +############################ +# +# Declarations +# + +## +##

+## Be able to manage user files (needed to support attachment handling) +##

+## +gen_tunable(mutt_manage_user_content, false) + +type mutt_t; +type mutt_exec_t; +application_domain(mutt_t, mutt_exec_t) +ubac_constrained(mutt_t) + +type mutt_conf_t; +userdom_user_home_content(mutt_conf_t) + +type mutt_etc_t; +files_config_file(mutt_etc_t) + +type mutt_home_t; +userdom_user_home_content(mutt_home_t) + +type mutt_tmp_t; +userdom_user_tmp_file(mutt_tmp_t) + +############################ +# +# Local Policy Rules +# + +allow mutt_t self:process signal_perms; +allow mutt_t self:fifo_file rw_fifo_file_perms; + +read_files_pattern(mutt_t, mutt_conf_t, mutt_conf_t) + +read_files_pattern(mutt_t, mutt_etc_t, mutt_etc_t) + +manage_dirs_pattern(mutt_t, mutt_home_t, mutt_home_t) +manage_files_pattern(mutt_t, mutt_home_t, mutt_home_t) +userdom_user_home_dir_filetrans(mutt_t, mutt_home_t, { dir file }) + +manage_dirs_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t) +manage_files_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t) +files_tmp_filetrans(mutt_t, mutt_tmp_t, { file dir }) + +kernel_read_system_state(mutt_t) + +corecmd_exec_bin(mutt_t) +corecmd_exec_shell(mutt_t) + +corenet_all_recvfrom_netlabel(mutt_t) +corenet_all_recvfrom_unlabeled(mutt_t) +corenet_sendrecv_pop_client_packets(mutt_t) +corenet_sendrecv_smtp_client_packets(mutt_t) +corenet_tcp_bind_generic_node(mutt_t) +corenet_tcp_connect_pop_port(mutt_t) +corenet_tcp_connect_smtp_port(mutt_t) +corenet_tcp_sendrecv_generic_if(mutt_t) +corenet_tcp_sendrecv_generic_node(mutt_t) +corenet_tcp_sendrecv_pop_port(mutt_t) +corenet_tcp_sendrecv_smtp_port(mutt_t) + +dev_read_rand(mutt_t) +dev_read_urand(mutt_t) + +domain_use_interactive_fds(mutt_t) + +files_read_usr_files(mutt_t) + +auth_use_nsswitch(mutt_t) + +miscfiles_read_localization(mutt_t) + +userdom_manage_xdg_cache_home(mutt_t) +userdom_read_xdg_config_home(mutt_t) +userdom_search_user_home_content(mutt_t) +userdom_use_user_terminals(mutt_t) + +optional_policy(` + gpg_domtrans(mutt_t) +') + +tunable_policy(`mutt_manage_user_content',` + # Needed for handling attachments + userdom_manage_user_home_content_files(mutt_t) + userdom_manage_user_home_content_dirs(mutt_t) +') -- 1.7.3.4