From: pebenito@ieee.org (Chris PeBenito)
Date: Wed, 27 Sep 2017 19:44:38 -0400
Subject: [refpolicy] [PATCH 4/4] tunable-managed user content access
 template
In-Reply-To: <CAPzO=NxDe8x2diusGHO_9qT8rx_TZ9TJ=+Qp7N_eqepMoir94A@mail.gmail.com>
References: <20170522161139.9602-1-sven.vermeulen@siphos.be>
	<20170522161139.9602-5-sven.vermeulen@siphos.be>
	<a3f3a0d7-d4b4-e459-4feb-a18f2c923172@ieee.org>
	<CAPzO=NxDe8x2diusGHO_9qT8rx_TZ9TJ=+Qp7N_eqepMoir94A@mail.gmail.com>
Message-ID: <77758c49-a12a-0518-fd3f-2fd5deea802f@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/27/2017 02:18 PM, Sven Vermeulen via refpolicy wrote:
> Sorry for the (very) late answer, I somehow missed this feedback and I
> am currently rebase'ing and updating the patchset to match the
> comments and found that this is still an open issue (the other changes
> you suggested I agree on and have a 2nd patch ready).
> 
> On Tue, May 23, 2017 at 1:57 AM, Chris PeBenito via refpolicy
> <refpolicy@oss.tresys.com> wrote:
>>> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
>>> index 160f3bbf..6f844726 100644
>>> --- a/policy/modules/system/userdomain.if
>>> +++ b/policy/modules/system/userdomain.if
>>> @@ -144,6 +144,81 @@ template(`userdom_base_user_template',`
>>>
>>>   #######################################
>>>   ## <summary>
>>> +##   Template for handling user content through standard tunables
>>> +## </summary>
>>> +## <desc>
>>> +##   <p>
>>> +##   This template generates the tunable blocks for accessing
>>> +##   end user content, either the generic one (user_home_t)
>>> +##   or the complete one (based on user_home_content_type).
>>> +##   </p>
>>> +##   <p>
>>> +##   It calls the *_read_generic_user_content,
>>> +##   *_read_all_user_content, *_manage_generic_user_content, and
>>> +##   *_manage_all_user_content booleans.
>>> +##   </p>
>>> +## </desc>
>>> +## <param name="prefix">
>>> +##   <summary>
>>> +##   The application domain prefix to use, meant for the boolean
>>> +##   calls
>>> +##   </summary>
>>> +## </param>
>>> +## <param name="domain">
>>> +##   <summary>
>>> +##   The application domain which is granted the necessary privileges
>>> +##   </summary>
>>> +## </param>
>>> +## <rolebase/>
>>> +#
>>> +template(`userdom_user_content_access_template',`
>>
>> I don't think userdomain is the right place for this.  This is a new
>> abstraction intended mainly for application use, so it might make more
>> sense for this to actually go in the application module.
> 
> I understand the intention of the use, but the owner of the rules is
> the user domain. It is about granting access to various user content
> types, which are declared in the userdomain module. Hence, the
> userdomain interface should be positioned, not?

Since I had to re-review the patch to remember what I meant, I actually 
changed my mind.  Here is fine.


-- 
Chris PeBenito