From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 26 Nov 2012 11:35:23 -0500
Subject: [refpolicy] [PATCH 3/3] Implement X Desktop Group
In-Reply-To: <1352116515-21046-4-git-send-email-dominick.grift@gmail.com>
References: <1352116515-21046-1-git-send-email-dominick.grift@gmail.com>
	<1352116515-21046-4-git-send-email-dominick.grift@gmail.com>
Message-ID: <50B39A4B.6000905@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Overall, I'm ok with this, but have a couple questions:

On 11/05/12 06:55, Dominick Grift wrote:
> Creates 3 type attributes for xdg cache (~/.cache), config (~/.config)
> and data (~/.local/share user home content and assigns to
> xserver_user_cache_home_content(), xserver_user_config_home_content()
> and xserver_user_data_home_content() respectively
> 
> Creates 3 types for generic xdg user cache, config and data home
> content, assigns to them their respective type attributes and
> classifieds them user_home_content_type by calling xserver_user_cache,
> config, data_home_content
> 
> Create the various basic interfaces that will be needed:
> 
> 1. xserver_create_generic_user_cache, config, data, home_dirs:
>    This will be used together with
>    xserver_user_home_(content|dir)_filetrans_cache, config,
>    data_home_content and allows the caller to create ~/.cache, ~/.config
>    and ~/.local/share directories. Each XDG aware program needs to be
>    able to create these.
> 
> 2. xserver_read|manage_generic_user_cache, config, data_home_content:
>    By default content is created with a generic type and these broad
>    interfaces allow the caller to read of manage content with these
>    generic types
> 
> 3. xserver_user_cache, config, data_home_content_filetrans:
>    Allows callers to create specified objects in these location with a
>    private type
> 
> Add file context specifications for ~/.cache(/.*)? (user_cache_home_t),
> ~/.config(/.*)? (user_config_home_t) and ~/.local/share(/.*)?
> (user_data_home_t)

I'm not sure that user_data_home_t is the best name.  I thought about user_local_home_t, but thats vague too.  Sven has been putting forward a patch for this stuff for a while too, and I'm thinking the it might make sense to have xdg in the type names.  

> There is a little issue with user_data_home, this is content for
> ~/.local/share and as per xdg specification "share" is the user data
> root dir instead of ~/.local, that means that the type transition
> happens on user home content instead of user home dir. this makes it a
> bit more prone to error since all directories named share created by
> xserver_restricted_role callers in generic user home content
> directories will be created with user_data_home_t. We could consider
> using ~/.local instead

It seems that .local would probably be a better idea, since it keeps errors down.  I looked on my system, and all I have in ~/.local is share anyway.

[cut]
> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> index 9bc86a0..a42f9bc 100644
> --- a/policy/modules/services/xserver.te
> +++ b/policy/modules/services/xserver.te
> @@ -49,6 +49,11 @@ gen_tunable(xserver_object_manager, false)
>  
>  attribute x_domain;
>  
> +# X Desktop Group
> +attribute xserver_user_cache_home_content_type;
> +attribute xserver_user_config_home_content_type;
> +attribute xserver_user_data_home_content_type;
> +
>  # X Events
>  attribute xevent_type;
>  attribute input_xevent_type;

I'm unclear what the purpose of these attributes will be.  Do you expect to have interfaces that work on these?

I've merged the other two patches.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com