From: dac.override@gmail.com (Dominick Grift) Date: Sat, 26 Nov 2016 14:53:11 +0100 Subject: [refpolicy] [PATCH] Apache OpenOffice module In-Reply-To: <1480113700.5692.4.camel@trentalancia.net> References: <1480113700.5692.4.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 11/25/2016 11:41 PM, Guido Trentalancia via refpolicy wrote: > This is a minimal patch that I am testing to support Apache OpenOffice > with its own module. > > The file contexts (and initial tests) are based on the default > installation path for version 4 of the office suite. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/openoffice.fc | 30 ++++++++++++ > policy/modules/contrib/openoffice.if | 48 ++++++++++++++++++++ > policy/modules/contrib/openoffice.te | 83 +++++++++++++++++++++++++++++++++++ > policy/modules/roles/staff.te | 4 + > policy/modules/roles/sysadm.te | 4 + > policy/modules/roles/unprivuser.te | 4 + > policy/modules/services/xserver.if | 19 ++++++++ > policy/modules/system/libraries.fc | 2 > 8 files changed, 194 insertions(+) > > diff -pruN refpolicy-git-25112016-orig/policy/modules/contrib/openoffice.fc refpolicy-git-25112016/policy/modules/contrib/openoffice.fc > --- refpolicy-git-25112016-orig/policy/modules/contrib/openoffice.fc 1970-01-01 01:00:00.000000000 +0100 > +++ refpolicy-git-25112016/policy/modules/contrib/openoffice.fc 2016-11-25 23:24:38.338111736 +0100 > @@ -0,0 +1,30 @@ > +HOME_DIR/\.openoffice(/.*)? gen_context(system_u:object_r:ooffice_home_t,s0) > + > +/opt/openoffice4/program/cde-open-url -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/gnome-open-url -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/gnome-open-url.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/javaldx -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/kde-open-url -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/open-url -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/pagein -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/regcomp.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/regmerge -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/regview -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/sbase -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/scalc -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/sdraw -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/senddoc -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/simpress -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/smath -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/soffice -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/soffice\.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/spadmin -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/spadmin.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/startup.sh -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/swriter -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/uno.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/unoinfo -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/unopkg -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/unopkg.bin -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/unpack_update -- gen_context(system_u:object_r:ooffice_exec_t,s0) > +/opt/openoffice4/program/uri-encode -- gen_context(system_u:object_r:ooffice_exec_t,s0) escape the periods consistently to avoid regex confusion > diff -pruN refpolicy-git-25112016-orig/policy/modules/contrib/openoffice.if refpolicy-git-25112016/policy/modules/contrib/openoffice.if > --- refpolicy-git-25112016-orig/policy/modules/contrib/openoffice.if 1970-01-01 01:00:00.000000000 +0100 > +++ refpolicy-git-25112016/policy/modules/contrib/openoffice.if 2016-11-25 23:24:38.339111745 +0100 > @@ -0,0 +1,48 @@ > +## Openoffice suite. > + > +############################################################ > +## > +## Role access for openoffice. > +## > +## > +## > +## Role allowed access. > +## > +## > +## > +## > +## User domain for the role. > +## > +## > +# > +interface(`ooffice_role',` > + gen_require(` > + attribute_role ooffice_roles; > + type ooffice_t, ooffice_exec_t; > + ') > + > + roleattribute $1 ooffice_roles; > + > + domtrans_pattern($2, ooffice_exec_t, ooffice_t) > + > + allow $2 ooffice_t:process { ptrace signal_perms }; > + ps_process_pattern($2, ooffice_t) > +') > + > +######################################## > +## > +## Run openoffice in its own domain. > +## > +## > +## > +## Domain allowed to transition. > +## > +## > +# > +interface(`ooffice_domtrans',` > + gen_require(` > + type ooffice_t, ooffice_exec_t; > + ') > + > + domtrans_pattern($1, ooffice_exec_t, ooffice_t) > +') > diff -pruN refpolicy-git-25112016-orig/policy/modules/contrib/openoffice.te refpolicy-git-25112016/policy/modules/contrib/openoffice.te > --- refpolicy-git-25112016-orig/policy/modules/contrib/openoffice.te 1970-01-01 01:00:00.000000000 +0100 > +++ refpolicy-git-25112016/policy/modules/contrib/openoffice.te 2016-11-25 23:27:00.726425482 +0100 > @@ -0,0 +1,83 @@ > +policy_module(openoffice, 1.0.0) > + > +############################## > +# > +# Declarations > +# > + > +attribute_role ooffice_roles; > + > +type ooffice_t; > +type ooffice_exec_t; > +userdom_user_application_domain(ooffice_t, ooffice_exec_t) > +role ooffice_roles types ooffice_t; > + > +type ooffice_home_t; > +userdom_user_home_content(ooffice_home_t) > + > +type ooffice_tmp_t; > +files_tmp_file(ooffice_tmp_t) > + > +############################## > +# > +# Openoffice local policy > +# > + > +allow ooffice_t self:process { execmem signal }; > +allow ooffice_t self:shm create_shm_perms; > +allow ooffice_t self:udp_socket create_socket_perms; the above indicated that it is probably an nss client (auth_use_nsswitch()) > +allow ooffice_t self:unix_stream_socket connectto; > + > +allow ooffice_t ooffice_home_t:dir manage_dir_perms; > +allow ooffice_t ooffice_home_t:file manage_file_perms; > +allow ooffice_t ooffice_home_t:lnk_file manage_lnk_file_perms; lacking a auto type transition rule (userdom_user_home_dir_filetrans()) > + > +manage_dirs_pattern(ooffice_t, ooffice_tmp_t, ooffice_tmp_t) > +manage_files_pattern(ooffice_t, ooffice_tmp_t, ooffice_tmp_t) > +manage_sock_files_pattern(ooffice_t, ooffice_tmp_t, ooffice_tmp_t) > +files_tmp_filetrans(ooffice_t, ooffice_tmp_t, { dir file sock_file }) > + > +rw_fifo_files_pattern(ooffice_t, ooffice_t, ooffice_t) allow ooffice_t self rw_fifo_file_perms; (there are no dirs with type ooffice_t other than the ones in /proc) > + > +can_exec(ooffice_t, ooffice_exec_t) > + > +corecmd_exec_bin(ooffice_t) > +corecmd_exec_shell(ooffice_t) > + > +dev_read_sysfs(ooffice_t) > +dev_read_urand(ooffice_t) > + > +files_read_etc_files(ooffice_t) > +files_read_usr_files(ooffice_t) > + > +fs_getattr_xattr_fs(ooffice_t) > + > +miscfiles_read_fonts(ooffice_t) > +miscfiles_read_localization(ooffice_t) > + > +sysnet_read_config(ooffice_t) this is also part of the nss client stuff i mentioned above. Looks like it is getting ready to do some dns resolving > + > +userdom_manage_user_home_content_dirs(ooffice_t) > +userdom_manage_user_home_content_files(ooffice_t) > +userdom_manage_user_home_content_symlinks(ooffice_t) > +userdom_search_user_home_content(ooffice_t) redundant because the first three already provide the functionality that the fourth provides. > + > +optional_policy(` > + cups_read_config(ooffice_t) > + cups_stream_connect(ooffice_t) > +') > + > +optional_policy(` > + dbus_all_session_bus_client(ooffice_t) > +') > + > +optional_policy(` > + hostname_exec(ooffice_t) > +') > + > +optional_policy(` > + xserver_read_user_iceauth(ooffice_t) > + xserver_read_user_xauth(ooffice_t) > + xserver_read_xdm_tmp_files(ooffice_t) > + xserver_stream_connect(ooffice_t) > +') > diff -pruN refpolicy-git-25112016-orig/policy/modules/roles/staff.te refpolicy-git-25112016/policy/modules/roles/staff.te > --- refpolicy-git-25112016-orig/policy/modules/roles/staff.te 2016-10-29 16:29:13.453156183 +0200 > +++ refpolicy-git-25112016/policy/modules/roles/staff.te 2016-11-25 23:24:38.339111745 +0100 > @@ -141,6 +141,10 @@ ifndef(`distro_redhat',` > ') > > optional_policy(` > + ooffice_role(staff_r, staff_t) > + ') > + > + optional_policy(` > pyzor_role(staff_r, staff_t) > ') > > diff -pruN refpolicy-git-25112016-orig/policy/modules/roles/sysadm.te refpolicy-git-25112016/policy/modules/roles/sysadm.te > --- refpolicy-git-25112016-orig/policy/modules/roles/sysadm.te 2016-10-29 16:29:13.454156211 +0200 > +++ refpolicy-git-25112016/policy/modules/roles/sysadm.te 2016-11-25 23:24:38.340111754 +0100 > @@ -721,6 +721,10 @@ optional_policy(` > ') > > optional_policy(` > + ooffice_role(sysadm_r, sysadm_t) > +') > + > +optional_policy(` > openct_admin(sysadm_t, sysadm_r) > ') > > diff -pruN refpolicy-git-25112016-orig/policy/modules/roles/unprivuser.te refpolicy-git-25112016/policy/modules/roles/unprivuser.te > --- refpolicy-git-25112016-orig/policy/modules/roles/unprivuser.te 2016-10-29 16:29:13.454156211 +0200 > +++ refpolicy-git-25112016/policy/modules/roles/unprivuser.te 2016-11-25 23:24:38.340111754 +0100 > @@ -114,6 +114,10 @@ ifndef(`distro_redhat',` > ') > > optional_policy(` > + ooffice_role(user_r, user_t) > + ') > + > + optional_policy(` > postgresql_role(user_r, user_t) > ') > > diff -pruN refpolicy-git-25112016-orig/policy/modules/services/xserver.if refpolicy-git-25112016/policy/modules/services/xserver.if > --- refpolicy-git-25112016-orig/policy/modules/services/xserver.if 2016-08-14 22:10:42.752848860 +0200 > +++ refpolicy-git-25112016/policy/modules/services/xserver.if 2016-11-25 23:24:38.338111736 +0100 > @@ -602,6 +602,25 @@ interface(`xserver_read_user_xauth',` > > ######################################## > ## > +## Read all users .ICEauthority. > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`xserver_read_user_iceauth',` > + gen_require(` > + type iceauth_home_t; > + ') > + > + allow $1 iceauth_home_t:file read_file_perms; > + userdom_search_user_home_dirs($1) > +') > + > +######################################## > +## > ## Set the attributes of the X windows console named pipes. > ## > ## > diff -pruN refpolicy-git-25112016-orig/policy/modules/system/libraries.fc refpolicy-git-25112016/policy/modules/system/libraries.fc > --- refpolicy-git-25112016-orig/policy/modules/system/libraries.fc 2016-08-14 21:24:48.961382244 +0200 > +++ refpolicy-git-25112016/policy/modules/system/libraries.fc 2016-11-25 23:24:38.338111736 +0100 > @@ -52,6 +52,8 @@ ifdef(`distro_redhat',` > /opt/(.*/)?jre.*/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) > /opt/(.*/)?jre/.+\.jar -- gen_context(system_u:object_r:lib_t,s0) > > +/opt/openoffice4/program/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:lib_t,s0) > + > /opt/(.*/)?/RealPlayer/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) > # despite the extensions, they are actually libs > /opt/Acrobat[5-9]/Reader/intellinux/plugins/.*\.api -- gen_context(system_u:object_r:lib_t,s0) > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > I am personally of the opinion that this module probably will not cut it in the end. Basically because it's too limited, especially considering that it uses dbus. However i will leave that judgement to others, and instead i stick to shallow reviewing, ignoring any issue of structure that i see. -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20161126/00a88905/attachment.bin