From: dac.override@gmail.com (Dominick Grift) Date: Sun, 14 May 2017 12:53:26 +0200 Subject: [refpolicy] [PATCH 2/2] contrib: new libmtp module In-Reply-To: References: <1494710143.22209.3.camel@trentalancia.net> Message-ID: <20170514105326.GA14123@julius.enp8s0.d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, May 14, 2017 at 12:46:21AM +0200, Christian G?ttsche via refpolicy wrote: > 2017-05-13 23:15 GMT+02:00 Guido Trentalancia via refpolicy > : > > This is the contrib part of the policy needed to support libmtp (an > > Initiator implementation of the Media Transfer Protocol). > > > > Signed-off-by: Guido Trentalancia > > --- > > policy/modules/contrib/libmtp.fc | 3 + > > policy/modules/contrib/libmtp.if | 30 +++++++++++++++++++ > > policy/modules/contrib/libmtp.te | 61 +++++++++++++++++++++++++++++++++++++++ > > 3 files changed, 94 insertions(+) > > > > --- a/policy/modules/contrib/libmtp.fc 1970-01-01 01:00:00.000000000 +0100 > > +++ b/policy/modules/contrib/libmtp.fc 2017-05-13 21:37:57.529042530 +0200 > > @@ -0,0 +1,3 @@ > > +HOME_DIR/\.mtpz-data -- gen_context(system_u:object_r:libmtp_home_t,s0) > > + > > +/usr/bin/mtp-(.*)? -- gen_context(system_u:object_r:libmtp_exec_t,s0) > > This regex seems a bit odd to me. > Maybe "/usr/bin/mtp-[^/]+" or "/usr/bin/mtp(-.+)?" > > > --- a/policy/modules/contrib/libmtp.if 1970-01-01 01:00:00.000000000 +0100 > > +++ b/policy/modules/contrib/libmtp.if 2017-05-13 21:21:58.102046453 +0200 > > @@ -0,0 +1,30 @@ > > +## libmtp: An Initiatior implementation of the Media Transfer Protocol (MTP). > > + > > +########################################################### > > +## > > +## Role access for libmtp. > > +## > > +## > > +## > > +## Role allowed access. > > +## > > +## > > +## > > +## > > +## User domain for the role. > > +## > > +## > > +# > > +interface(`libmtp_role',` > > + gen_require(` > > + attribute_role libmtp_roles; > > + type libmtp_t, libmtp_exec_t; > > + ') > > + > > + roleattribute $1 libmtp_roles; > > + > > + domtrans_pattern($2, libmtp_exec_t, libmtp_t) > > + > > + allow $2 libmtp_t:process { ptrace signal_perms }; > > + ps_process_pattern($2, libmtp_t) > > admin_process_pattern > > > +') > > --- a/policy/modules/contrib/libmtp.te 1970-01-01 01:00:00.000000000 +0100 > > +++ b/policy/modules/contrib/libmtp.te 2017-05-13 23:05:11.151021134 +0200 > > @@ -0,0 +1,61 @@ > > +policy_module(libmtp, 1.0.0) > > + > > +############################## > > +# > > +# Declarations > > +# > > + > > +## > > +##

> > +## Determine whether libmtp can > > +## manage the user home directories > > +## and files. > > +##

> > +##
> > +gen_tunable(libmtp_enable_home_dirs, false) > > + > > +attribute_role libmtp_roles; > > + > > +type libmtp_t; > > +type libmtp_exec_t; > > +userdom_user_application_domain(libmtp_t, libmtp_exec_t) > > +role libmtp_roles types libmtp_t; > > + > > +type libmtp_home_t; > > +userdom_user_home_content(libmtp_home_t) > > + > > +############################## > > +# > > +# libmtp local policy > > +# > > + > > +allow libmtp_t self:capability2 wake_alarm; > > curious question: does the application really need this or might this > be related to https://github.com/SELinuxProject/selinux-kernel/issues/28 > > > + > > +allow libmtp_t self:netlink_kobject_uevent_socket create_socket_perms; > > +allow libmtp_t self:fifo_file rw_fifo_file_perms; > > + > > +allow libmtp_t libmtp_home_t:dir manage_dir_perms; > > +allow libmtp_t libmtp_home_t:file manage_file_perms; > > +allow libmtp_t libmtp_home_t:lnk_file manage_lnk_file_perms; > > +userdom_user_home_dir_filetrans(libmtp_t, libmtp_home_t, file, ".mtpz-data") everything indicates that it only creates a file , so why permit it to create dirs and lnk files as well? > > + > > +dev_read_sysfs(libmtp_t) > > +dev_rw_generic_usb_dev(libmtp_t) > > + > > +files_read_etc_files(libmtp_t) > > + > > +locallogin_use_fds(libmtp_t) > > for console applications, I am using domain_use_interactive_fds to > include newrole_t and others > > > + > > +miscfiles_read_localization(libmtp_t) > > + > > +userdom_use_user_terminals(libmtp_t) > > userdom_use_inherited_user_terminlas ? > > > + > > +tunable_policy(`libmtp_enable_home_dirs',` > > + userdom_manage_user_home_content_dirs(libmtp_t) > > + userdom_manage_user_home_content_files(libmtp_t) > > + userdom_user_home_dir_filetrans_user_home_content(libmtp_t, { dir file lnk_file }) here youre specifying a type transition for a link file but libmtp_t is not allowed to create user home content lnk files > > +') > > + > > +optional_policy(` > > + udev_read_pid_files(libmtp_t) > > +') > > _______________________________________________ > > refpolicy mailing list > > refpolicy at oss.tresys.com > > http://oss.tresys.com/mailman/listinfo/refpolicy > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 659 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20170514/deb8e4df/attachment-0001.bin