From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Sun, 25 Mar 2018 13:56:59 +0200 Subject: [refpolicy] [PATCH v3 04/19] Enhance mozilla domain with XDG privilege sets In-Reply-To: <20180325115714.5610-1-sven.vermeulen@siphos.be> References: <20180325115714.5610-1-sven.vermeulen@siphos.be> Message-ID: <20180325115714.5610-5-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The mozilla-style browsers, such as Firefox, should not by default have manage rights on end user content. These privileges are now moved under the support of the booleans (mozilla_{read,manage}_{generic,all}_user_content), with read access being enabled by default on the generic user content. The browsers are granted manage rights on the Downloads/ location through the xdg_manage_downloads() privileges. Additionally, these browsers do use the ~/.cache/mozilla location for their user-specific application cache data. Hence, the mozilla_xdg_cache_t type is introduced and the necessary privileges are provided for the mozilla- and mozilla plugin domains. Changes since v1: - Moved tunable definition inside template Signed-off-by: Sven Vermeulen --- mozilla.fc | 1 + mozilla.te | 18 ++++++++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/mozilla.fc b/mozilla.fc index e5d2fa7..3a60e5e 100644 --- a/mozilla.fc +++ b/mozilla.fc @@ -1,3 +1,4 @@ +HOME_DIR/\.cache/mozilla(/.*)? gen_context(system_u:object_r:mozilla_xdg_cache_t,s0) HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) HOME_DIR/\.mozilla/plugins(/.*)? gen_context(system_u:object_r:mozilla_plugin_home_t,s0) diff --git a/mozilla.te b/mozilla.te index bc45d50..36ff6fb 100644 --- a/mozilla.te +++ b/mozilla.te @@ -71,6 +71,9 @@ optional_policy(` pulseaudio_tmpfs_content(mozilla_tmpfs_t) ') +type mozilla_xdg_cache_t; +xdg_cache_content(mozilla_xdg_cache_t) + ######################################## # # Local policy @@ -115,6 +118,10 @@ allow mozilla_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms; stream_connect_pattern(mozilla_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t) +manage_files_pattern(mozilla_t, mozilla_xdg_cache_t, mozilla_xdg_cache_t) +manage_dirs_pattern(mozilla_t, mozilla_xdg_cache_t, mozilla_xdg_cache_t) +xdg_cache_filetrans(mozilla_t, mozilla_xdg_cache_t, dir, "mozilla") + can_exec(mozilla_t, { mozilla_exec_t mozilla_plugin_rw_t mozilla_plugin_home_t }) kernel_read_kernel_sysctls(mozilla_t) @@ -199,8 +206,7 @@ userdom_use_user_ptys(mozilla_t) userdom_manage_user_tmp_dirs(mozilla_t) userdom_manage_user_tmp_files(mozilla_t) -userdom_manage_user_home_content_dirs(mozilla_t) -userdom_manage_user_home_content_files(mozilla_t) +userdom_user_content_access_template(mozilla, { mozilla_t mozilla_plugin_t }) userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file }) userdom_write_user_tmp_sockets(mozilla_t) @@ -208,6 +214,10 @@ userdom_write_user_tmp_sockets(mozilla_t) mozilla_run_plugin(mozilla_t, mozilla_roles) mozilla_run_plugin_config(mozilla_t, mozilla_roles) +xdg_read_config_files(mozilla_t) +xdg_read_data_files(mozilla_t) +xdg_manage_downloads(mozilla_t) + xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t) xserver_dontaudit_read_xdm_tmp_files(mozilla_t) xserver_dontaudit_getattr_xdm_tmp_sockets(mozilla_t) @@ -505,14 +515,14 @@ miscfiles_dontaudit_setattr_fonts_cache_dirs(mozilla_plugin_t) userdom_manage_user_tmp_dirs(mozilla_plugin_t) userdom_manage_user_tmp_files(mozilla_plugin_t) -userdom_manage_user_home_content_dirs(mozilla_plugin_t) -userdom_manage_user_home_content_files(mozilla_plugin_t) userdom_user_home_dir_filetrans_user_home_content(mozilla_plugin_t, { dir file }) userdom_write_user_tmp_sockets(mozilla_plugin_t) userdom_dontaudit_use_user_terminals(mozilla_plugin_t) +xdg_read_config_files(mozilla_plugin_t) + ifndef(`enable_mls',` fs_list_dos(mozilla_plugin_t) fs_read_dos_files(mozilla_plugin_t) -- 2.16.1