From: guido@trentalancia.net (Guido Trentalancia) Date: Fri, 02 Dec 2016 14:44:07 +0100 Subject: [refpolicy] [PATCH v2] xserver: remove unneeded user content permissions In-Reply-To: <1480604438.3101.0.camel@trentalancia.net> References: <1480604438.3101.0.camel@trentalancia.net> Message-ID: <1480686247.12925.1.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Remove unneeded permissions to read user content from the xserver module (xserver and xdm domains). Signed-off-by: Guido Trentalancia --- policy/modules/services/xserver.fc | 1 + policy/modules/services/xserver.if | 19 +++++++++++++++++++ policy/modules/services/xserver.te | 15 +++++++-------- 3 files changed, 27 insertions(+), 8 deletions(-) diff -pruN refpolicy-git-25112016-orig/policy/modules/services/xserver.fc refpolicy-git-25112016/policy/modules/services/xserver.fc --- refpolicy-git-25112016-orig/policy/modules/services/xserver.fc 2016-08-14 22:10:42.751848845 +0200 +++ refpolicy-git-25112016/policy/modules/services/xserver.fc 2016-12-02 13:51:29.831384654 +0100 @@ -1,6 +1,7 @@ # # HOME_DIR # +HOME_DIR/\.dmrc -- gen_context(system_u:object_r:dmrc_home_t,s0) HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:user_fonts_config_t,s0) HOME_DIR/\.fonts(/.*)? gen_context(system_u:object_r:user_fonts_t,s0) HOME_DIR/\.fonts/auto(/.*)? gen_context(system_u:object_r:user_fonts_cache_t,s0) diff -pruN refpolicy-git-25112016-orig/policy/modules/services/xserver.if refpolicy-git-25112016/policy/modules/services/xserver.if --- refpolicy-git-25112016-orig/policy/modules/services/xserver.if 2016-12-02 14:16:59.538175791 +0100 +++ refpolicy-git-25112016/policy/modules/services/xserver.if 2016-12-02 13:52:42.491965282 +0100 @@ -621,6 +621,25 @@ interface(`xserver_read_user_iceauth',` ######################################## ## +## Read all users .dmrc. +## +## +## +## Domain allowed access. +## +## +# +interface(`xserver_read_user_dmrc',` + gen_require(` + type dmrc_home_t; + ') + + allow $1 dmrc_home_t:file read_file_perms; + userdom_search_user_home_dirs($1) +') + +######################################## +## ## Set the attributes of the X windows console named pipes. ## ## diff -pruN refpolicy-git-25112016-orig/policy/modules/services/xserver.te refpolicy-git-25112016/policy/modules/services/xserver.te --- refpolicy-git-25112016-orig/policy/modules/services/xserver.te 2016-10-29 16:29:13.454156211 +0200 +++ refpolicy-git-25112016/policy/modules/services/xserver.te 2016-12-02 14:38:12.002579001 +0100 @@ -211,6 +211,9 @@ corecmd_executable_file(xsession_exec_t) type xserver_log_t; logging_log_file(xserver_log_t) +type dmrc_home_t; +userdom_user_home_content(dmrc_home_t) + ifdef(`enable_mcs',` init_ranged_domain(xdm_t, xdm_exec_t, s0 - mcs_systemhigh) init_ranged_daemon_domain(xdm_t, xdm_exec_t, s0 - mcs_systemhigh) @@ -467,12 +470,14 @@ sysnet_read_config(xdm_t) userdom_dontaudit_use_unpriv_user_fds(xdm_t) userdom_create_all_users_keys(xdm_t) -# for .dmrc -userdom_read_user_home_content_files(xdm_t) # Search /proc for any user domain processes. userdom_read_all_users_state(xdm_t) userdom_signal_all_users(xdm_t) +# for .dmrc: this was used by the Gnome Display Manager (gdm) +# and it is now obsolete in Gnome3 +xserver_read_user_dmrc(xdm_t) + xserver_rw_session(xdm_t, xdm_tmpfs_t) xserver_unconfined(xdm_t) @@ -843,12 +848,6 @@ corenet_tcp_bind_vnc_port(xserver_t) init_use_fds(xserver_t) -# FIXME: After per user fonts are properly working -# xserver_t may no longer have any reason -# to read ROLE_home_t - examine this in more detail -# (xauth?) -userdom_read_user_home_content_files(xserver_t) - tunable_policy(`use_nfs_home_dirs',` fs_manage_nfs_dirs(xserver_t) fs_manage_nfs_files(xserver_t)