From: guido@trentalancia.net (Guido Trentalancia)
Date: Thu, 20 Apr 2017 03:05:11 +0200 (CEST)
Subject: [refpolicy] [PATCH 21/33] openoffice: curb on userdom permissions
Message-ID: <1229612665.164528.1492650311242@pim.register.it>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch curbs on userdomain file read and/or write permissions
for the openoffice application module.

It aims to ensure user data confidentiality.

A boolean has been introduced to revert the previous read/write
behavior.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/openoffice.te |   34 +++++++++++++++++++++++++++++-----
 1 file changed, 29 insertions(+), 5 deletions(-)

--- refpolicy-2.20170204-orig/policy/modules/contrib/openoffice.te	2017-02-04 19:30:31.000000000 +0100
+++ refpolicy-2.20170204/policy/modules/contrib/openoffice.te	2017-04-20 00:18:27.689448374 +0200
@@ -27,6 +27,15 @@ gen_tunable(openoffice_allow_update, tru
 ## </desc>
 gen_tunable(openoffice_allow_email, false)
 
+## <desc>
+##	<p>
+##	Determine whether openoffice can
+##	manage the user home directories
+##	and files.
+##	</p>
+## </desc>
+gen_tunable(openoffice_enable_home_dirs, false)
+
 attribute_role ooffice_roles;
 
 type ooffice_t;
@@ -84,11 +93,13 @@ ooffice_dontaudit_exec_tmp_files(ooffice
 sysnet_dns_name_resolve(ooffice_t)
 
 userdom_dontaudit_exec_user_home_content_files(ooffice_t)
+
+userdom_manage_user_cache(ooffice_t)
+userdom_manage_user_config(ooffice_t)
+userdom_manage_user_data(ooffice_t)
+userdom_manage_user_downloads(ooffice_t)
+
 userdom_read_user_tmp_files(ooffice_t)
-userdom_manage_user_home_content_dirs(ooffice_t)
-userdom_manage_user_home_content_files(ooffice_t)
-userdom_manage_user_home_content_symlinks(ooffice_t)
-userdom_user_home_dir_filetrans_user_home_content(ooffice_t, { dir file lnk_file fifo_file sock_file })
 
 tunable_policy(`openoffice_allow_update',`
 	corenet_tcp_connect_http_port(ooffice_t)
@@ -100,6 +111,16 @@ tunable_policy(`openoffice_allow_email',
 	corenet_sendrecv_smtp_client_packets(ooffice_t)
 ')
 
+tunable_policy(`openoffice_enable_home_dirs',`
+	userdom_manage_user_home_content_dirs(ooffice_t)
+	userdom_manage_user_home_content_files(ooffice_t)
+	userdom_manage_user_home_content_symlinks(ooffice_t)
+	userdom_user_home_dir_filetrans_user_home_content(ooffice_t, { dir file lnk_file })
+',`
+	userdom_dontaudit_manage_user_home_content_dirs(ooffice_t)
+	userdom_dontaudit_manage_user_home_content_files(ooffice_t)
+')
+
 optional_policy(`
 	cups_read_config(ooffice_t)
 	cups_stream_connect(ooffice_t)
@@ -111,7 +132,10 @@ optional_policy(`
 
 optional_policy(`
 	evolution_domtrans(ooffice_t)
-	evolution_read_home_files(ooffice_t)
+
+	tunable_policy(`openoffice_enable_home_dirs',`
+		evolution_read_home_files(ooffice_t)
+	')
 ')
 
 optional_policy(`