From: pebenito@ieee.org (Chris PeBenito)
Date: Mon, 22 May 2017 19:41:51 -0400
Subject: [refpolicy] [PATCH 3/4] helper interfaces to read/manage all
 user content
In-Reply-To: <20170522161139.9602-4-sven.vermeulen@siphos.be>
References: <20170522161139.9602-1-sven.vermeulen@siphos.be>
	<20170522161139.9602-4-sven.vermeulen@siphos.be>
Message-ID: <84388eb1-7d13-9634-382c-edb902580fd6@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 05/22/2017 12:11 PM, Sven Vermeulen via refpolicy wrote:
> To facilitate handling user home content (through the
> user_home_content_type attribute) the following interfaces are provided:
>
> - userdom_read_all_user_home_content
> - userdom_manage_all_user_home_content
>
> Domains that are granted these privileges are able to read (or manage)
> all user home content, so not only the generic one (user_home_t) but all
> types that have been assigned the user_home_content_type attribute.
>
> Such interfaces are needed because beforehand, all resources were
> assigned the generic user_home_t type. With the introduction of the more
> fine-grained types (as part of the XDG definition set) the existing
> privileges (under the userdom_read_user_home_content_* and
> userdom_manage_user_home_content_* interfaces) are no longer sufficient.

The files might have been user_home_t, but by using these interfaces, 
you get even more access, since there is more than xdg_* user home content.


> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/system/userdomain.if | 44 +++++++++++++++++++++++++++++++++++++
>  1 file changed, 44 insertions(+)
>
> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
> index a8996839..160f3bbf 100644
> --- a/policy/modules/system/userdomain.if
> +++ b/policy/modules/system/userdomain.if
> @@ -2019,6 +2019,50 @@ interface(`userdom_dontaudit_read_user_home_content_files',`
>
>  ########################################
>  ## <summary>
> +##	Read all user home content, including application-specific resources.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access
> +##	</summary>
> +## </param>
> +#
> +interface(`userdom_read_all_user_home_content',`
> +	gen_require(`
> +		attribute user_home_content_type;
> +	')
> +
> +	list_dirs_pattern($1, user_home_content_type, user_home_content_type)
> +	read_files_pattern($1, user_home_content_type, user_home_content_type)
> +	read_lnk_files_pattern($1, user_home_content_type, user_home_content_type)
> +	read_fifo_files_pattern($1, user_home_content_type, user_home_content_type)
> +	read_sock_files_pattern($1, user_home_cntent_type, user_home_content_type)
> +')
> +
> +########################################
> +## <summary>
> +##	Manage all user home content, including application-specific resources.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access
> +##	</summary>
> +## </param>
> +#
> +interface(`userdom_manage_all_user_home_content',`
> +	gen_require(`
> +		attribute user_home_content_type:
> +	')
> +
> +	manage_dirs_pattern($1, user_home_content_type, user_home_content_type)
> +	manage_files_pattern($1, user_home_content_type, user_home_content_type)
> +	manage_lnk_files_pattern($1, user_home_content_type, user_home_content_type)
> +	manage_fifo_files_pattern($1, user_home_content_type, user_home_content_type)
> +	manage_sock_files_pattern($1, user_home_content_type, user_home_content_type)
> +')
> +
> +########################################
> +## <summary>
>  ##	Do not audit attempts to append user home files.
>  ## </summary>
>  ## <param name="domain">
>


-- 
Chris PeBenito