From: guido@trentalancia.net (Guido Trentalancia) Date: Thu, 20 Apr 2017 03:02:01 +0200 Subject: [refpolicy] [PATCH 18/33] mozilla: curb on userdom permissions Message-ID: <1492650121.14733.88.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This patch curbs on userdomain file read and/or write permissions for the mozilla application module. It aims to ensure user data confidentiality. A boolean has been introduced to revert the previous read/write behavior. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/mozilla.te | 46 ++++++++++++++++++++++++++++++++------ 1 file changed, 39 insertions(+), 7 deletions(-) --- refpolicy-2.20170204-orig/policy/modules/contrib/mozilla.te 2017-04-20 01:03:00.654437447 +0200 +++ refpolicy-2.20170204/policy/modules/contrib/mozilla.te 2017-04-20 00:16:29.709448857 +0200 @@ -6,6 +6,15 @@ policy_module(mozilla, 2.11.0) # ## +###

+### Determine whether mozilla can +### manage the user home directories +### and files. +###

+###
+gen_tunable(mozilla_enable_home_dirs, false) + +## ##

## Determine whether mozilla can ## make its stack executable. @@ -112,6 +121,10 @@ allow mozilla_t mozilla_plugin_rw_t:dir allow mozilla_t mozilla_plugin_rw_t:file read_file_perms; allow mozilla_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms; +userdom_user_home_dir_filetrans_user_cache(mozilla_t, dir, ".cache") +userdom_user_home_dir_filetrans_user_config(mozilla_t, dir, ".config") +userdom_user_home_dir_filetrans_user_data(mozilla_t, dir, ".local") + stream_connect_pattern(mozilla_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t) can_exec(mozilla_t, { mozilla_exec_t mozilla_plugin_rw_t mozilla_plugin_home_t }) @@ -196,12 +209,17 @@ userdom_use_user_ptys(mozilla_t) userdom_manage_user_tmp_dirs(mozilla_t) userdom_manage_user_tmp_files(mozilla_t) -userdom_manage_user_home_content_dirs(mozilla_t) -userdom_manage_user_home_content_files(mozilla_t) -userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file }) +userdom_manage_user_cache(mozilla_t) +userdom_manage_user_config(mozilla_t) +userdom_manage_user_data(mozilla_t) +userdom_manage_user_downloads(mozilla_t) + +userdom_search_user_home_dirs(mozilla_t) userdom_write_user_tmp_sockets(mozilla_t) +userdom_user_cache_filetrans(mozilla_t, mozilla_home_t, { dir file }) + mozilla_run_plugin(mozilla_t, mozilla_roles) mozilla_run_plugin_config(mozilla_t, mozilla_roles) @@ -224,6 +242,15 @@ tunable_policy(`allow_execmem',` allow mozilla_t self:process execmem; ') +tunable_policy(`mozilla_enable_home_dirs',` + userdom_manage_user_home_content_dirs(mozilla_t) + userdom_manage_user_home_content_files(mozilla_t) + userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file }) +',` + userdom_dontaudit_manage_user_home_content_dirs(mozilla_t) + userdom_dontaudit_manage_user_home_content_files(mozilla_t) +') + tunable_policy(`mozilla_execstack',` allow mozilla_t self:process { execmem execstack }; ') @@ -500,10 +527,6 @@ miscfiles_dontaudit_setattr_fonts_cache_ userdom_manage_user_tmp_dirs(mozilla_plugin_t) userdom_manage_user_tmp_files(mozilla_plugin_t) -userdom_manage_user_home_content_dirs(mozilla_plugin_t) -userdom_manage_user_home_content_files(mozilla_plugin_t) -userdom_user_home_dir_filetrans_user_home_content(mozilla_plugin_t, { dir file }) - userdom_write_user_tmp_sockets(mozilla_plugin_t) userdom_dontaudit_use_user_terminals(mozilla_plugin_t) @@ -523,6 +546,15 @@ tunable_policy(`allow_execmem',` allow mozilla_plugin_t self:process execmem; ') +tunable_policy(`mozilla_enable_home_dirs',` + userdom_manage_user_home_content_dirs(mozilla_plugin_t) + userdom_manage_user_home_content_files(mozilla_plugin_t) + userdom_user_home_dir_filetrans_user_home_content(mozilla_plugin_t, { dir file }) +',` + userdom_dontaudit_manage_user_home_content_dirs(mozilla_plugin_t) + userdom_dontaudit_manage_user_home_content_files(mozilla_plugin_t) +') + tunable_policy(`mozilla_execstack',` allow mozilla_plugin_t self:process { execmem execstack }; ')