From: pebenito@ieee.org (Chris PeBenito)
Date: Tue, 7 Nov 2017 20:48:44 -0500
Subject: [refpolicy] [PATCH 1/2 v5] base: create a type for SSL private
 keys
In-Reply-To: <1509921136.10385.2.camel@trentalancia.com>
References: <1509848939.10522.8.camel@trentalancia.com>
	<1509850532.13615.1.camel@trentalancia.com>
	<1509851209.13615.5.camel@trentalancia.com>
	<1509856984.22353.1.camel@trentalancia.com>
	<1509921136.10385.2.camel@trentalancia.com>
Message-ID: <f719b6c0-4412-8feb-fadc-6a9f0d7bbb50@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 11/05/2017 05:32 PM, Guido Trentalancia via refpolicy wrote:
> Reserve the ssl_privkey_t file label for SSL private keys (e.g.
> files in /etc/pki/*/private/).
> 
> Create and use appropriate interfaces for such new scenario (so
> that SSL private keys are protected).

Perhaps I'm just being too pedantic, but no one uses SSL, so why not use 
TLS in the type name?


> This part (1/2) refers to the base policy changes.
> 
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> ---
>   policy/modules/system/miscfiles.fc |    1
>   policy/modules/system/miscfiles.if |  104 +++++++++++++++++++++++++++++++++++++
>   policy/modules/system/miscfiles.te |    7 ++
>   3 files changed, 112 insertions(+)
> 
> diff -pru a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
> --- a/policy/modules/system/miscfiles.fc	2017-11-04 20:14:02.301932938 +0100
> +++ b/policy/modules/system/miscfiles.fc	2017-11-05 21:21:46.574498652 +0100
> @@ -12,6 +12,7 @@ ifdef(`distro_gentoo',`
>   /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0)
>   /etc/localtime		--	gen_context(system_u:object_r:locale_t,s0)
>   /etc/pki(/.*)?			gen_context(system_u:object_r:cert_t,s0)
> +/etc/pki/.*/private(/.*)?	gen_context(system_u:object_r:ssl_privkey_t,s0)
>   /etc/ssl(/.*)?			gen_context(system_u:object_r:cert_t,s0)
>   /etc/timezone		--	gen_context(system_u:object_r:locale_t,s0)
>   
> diff -pru a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
> --- a/policy/modules/system/miscfiles.if	2017-09-29 19:01:28.001455758 +0200
> +++ b/policy/modules/system/miscfiles.if	2017-11-05 21:46:31.113492583 +0100
> @@ -46,6 +46,51 @@ interface(`miscfiles_cert_type',`
>   
>   ########################################
>   ## <summary>
> +##	Make the specified type usable
> +##	as a SSL private key file.
> +## </summary>
> +## <desc>
> +##	<p>
> +##	Make the specified type usable for SSL private key files.
> +##	This will also make the type usable for files, making
> +##	calls to files_type() redundant.  Failure to use this interface
> +##	for a temporary file may result in problems with
> +##	SSL private key management tools.
> +##	</p>
> +##	<p>
> +##	Related interfaces:
> +##	</p>
> +##	<ul>
> +##		<li>files_type()</li>
> +##	</ul>
> +##	<p>
> +##	Example:
> +##	</p>
> +##	<p>
> +##	type mysslprivkeyfile_t;
> +##	ssl_privkey_type(mysslprivkeyfile_t)
> +##	allow mydomain_t mysslprivkeyfile_t:file read_file_perms;
> +##	files_search_etc(mydomain_t)
> +##	</p>
> +## </desc>
> +## <param name="type">
> +##	<summary>
> +##	Type to be used for files.
> +##	</summary>
> +## </param>
> +## <infoflow type="none"/>
> +#
> +interface(`miscfiles_ssl_privkey_type',`
> +	gen_require(`
> +		attribute ssl_privkey_type;
> +	')
> +
> +	typeattribute $1 ssl_privkey_type;
> +	files_type($1)
> +')
> +
> +########################################
> +## <summary>
>   ##	Read all SSL certificates.
>   ## </summary>
>   ## <param name="domain">
> @@ -125,6 +170,65 @@ interface(`miscfiles_manage_generic_cert
>   ')
>   
>   ########################################
> +## <summary>
> +##	Read SSL private keys.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +## <rolecap/>
> +#
> +interface(`miscfiles_read_ssl_privkey',`

This should have "generic privkeys" in the interface name (and below), 
since other private keys would have different types.


> +	gen_require(`
> +		type ssl_privkey_t;
> +	')
> +
> +	allow $1 ssl_privkey_t:dir list_dir_perms;
> +	read_files_pattern($1, ssl_privkey_t, ssl_privkey_t)
> +	read_lnk_files_pattern($1, ssl_privkey_t, ssl_privkey_t)
> +')
> +
> +########################################
> +## <summary>
> +##	Manage SSL private keys.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`miscfiles_manage_ssl_privkey_dirs',`
> +	gen_require(`
> +		type ssl_privkey_t;
> +	')
> +
> +	manage_dirs_pattern($1, ssl_privkey_t, ssl_privkey_t)
> +')
> +
> +########################################
> +## <summary>
> +##	Manage SSL private keys.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +## <rolecap/>
> +#
> +interface(`miscfiles_manage_ssl_privkey_files',`
> +	gen_require(`
> +		type ssl_privkey_t;
> +	')
> +
> +	manage_files_pattern($1, ssl_privkey_t, ssl_privkey_t)
> +	read_lnk_files_pattern($1, ssl_privkey_t, ssl_privkey_t)
> +')
> +
> +########################################
>   ## <summary>
>   ##	Read fonts.
>   ## </summary>
> diff -pru a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te
> --- a/policy/modules/system/miscfiles.te	2017-11-04 20:14:02.301932938 +0100
> +++ b/policy/modules/system/miscfiles.te	2017-11-05 23:22:06.926469134 +0100
> @@ -6,6 +6,7 @@ policy_module(miscfiles, 1.13.2)
>   #
>   
>   attribute cert_type;
> +attribute ssl_privkey_type;
>   
>   #
>   # cert_t is the type of files in the system certs directories.
> @@ -14,6 +15,12 @@ type cert_t;
>   miscfiles_cert_type(cert_t)
>   
>   #
> +# ssl_privkey_t is the type of files for the SSL private keys.
> +#
> +type ssl_privkey_t;
> +miscfiles_ssl_privkey_type(ssl_privkey_t)
> +
> +#
>   # fonts_t is the type of various font
>   # files in /usr
>   #



-- 
Chris PeBenito