From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Mon, 22 May 2017 18:11:44 +0200 Subject: [refpolicy] [PATCH 08/19] Enhance thunderbird domain with XDG privilege sets In-Reply-To: <20170522161155.9648-1-sven.vermeulen@siphos.be> References: <20170522161155.9648-1-sven.vermeulen@siphos.be> Message-ID: <20170522161155.9648-9-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Thunderbird makes use of the ~/.cache/thunderbird location for its application cache data. The other XDG main locations do not seem to be used actively, although it does require read access on the ~/.local/share location. The standard manage rights on the user content are removed and replaced with the tunable blocks. Manage rights on the temporary user files is retained as it is used for drafting e-mails. Signed-off-by: Sven Vermeulen --- thunderbird.te | 43 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/thunderbird.te b/thunderbird.te index 9e75bdf..bae9add 100644 --- a/thunderbird.te +++ b/thunderbird.te @@ -5,6 +5,35 @@ policy_module(thunderbird, 2.5.1) # Declarations # +## +##

+## Grant the thunderbird domains read access to generic user content +##

+## +gen_tunable(`thunderbird_read_generic_user_content', true) + +## +##

+## Grant the thunderbird domains read access to all user content +##

+## +gen_tunable(`thunderbird_read_all_user_content', false) + +## +##

+## Grant the thunderbird domains manage rights on generic user content +##

+## +gen_tunable(`thunderbird_manage_generic_user_content', false) + +## +##

+## Grant the thunderbird domains manage rights on all user content +##

+## +gen_tunable(`thunderbird_manage_all_user_content', false) + + attribute_role thunderbird_roles; type thunderbird_t; @@ -24,6 +53,9 @@ typealias thunderbird_tmpfs_t alias { user_thunderbird_tmpfs_t staff_thunderbird typealias thunderbird_tmpfs_t alias { auditadm_thunderbird_tmpfs_t secadm_thunderbird_tmpfs_t }; userdom_user_tmpfs_file(thunderbird_tmpfs_t) +type thunderbird_xdg_cache_home_t; +xdg_cache_home_content(thunderbird_xdg_cache_home_t) + optional_policy(` wm_application_domain(thunderbird_t, thunderbird_exec_t) ') @@ -51,6 +83,10 @@ manage_fifo_files_pattern(thunderbird_t, thunderbird_tmpfs_t, thunderbird_tmpfs_ manage_sock_files_pattern(thunderbird_t, thunderbird_tmpfs_t, thunderbird_tmpfs_t) fs_tmpfs_filetrans(thunderbird_t, thunderbird_tmpfs_t,{ dir file lnk_file sock_file fifo_file }) +manage_files_pattern(thunderbird_t, thunderbird_xdg_cache_home_t, thunderbird_xdg_cache_home_t) +manage_dirs_pattern(thunderbird_t, thunderbird_xdg_cache_home_t, thunderbird_xdg_cache_home_t) +xdg_cache_home_filetrans(thunderbird_t, thunderbird_xdg_cache_home_t, dir, "thunderbird") + kernel_read_network_state(thunderbird_t) kernel_read_net_sysctls(thunderbird_t) kernel_read_system_state(thunderbird_t) @@ -105,13 +141,12 @@ miscfiles_read_fonts(thunderbird_t) miscfiles_read_localization(thunderbird_t) userdom_write_user_tmp_sockets(thunderbird_t) - userdom_manage_user_tmp_dirs(thunderbird_t) userdom_manage_user_tmp_files(thunderbird_t) +userdom_user_content_access_template(thunderbird, thunderbird_t) -userdom_manage_user_home_content_dirs(thunderbird_t) -userdom_manage_user_home_content_files(thunderbird_t) -userdom_user_home_dir_filetrans_user_home_content(thunderbird_t, { dir file }) +xdg_read_data_home_files(thunderbird_t) +xdg_manage_downloads(thunderbird_t) xserver_user_x_domain_template(thunderbird, thunderbird_t, thunderbird_tmpfs_t) xserver_read_xdm_tmp_files(thunderbird_t) -- 2.13.0