2017-04-20 01:02:01

by guido

[permalink] [raw]
Subject: [refpolicy] [PATCH 18/33] mozilla: curb on userdom permissions

This patch curbs on userdomain file read and/or write permissions
for the mozilla application module.

It aims to ensure user data confidentiality.

A boolean has been introduced to revert the previous read/write
behavior.

Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/mozilla.te | 46 ++++++++++++++++++++++++++++++++------
1 file changed, 39 insertions(+), 7 deletions(-)

--- refpolicy-2.20170204-orig/policy/modules/contrib/mozilla.te 2017-04-20 01:03:00.654437447 +0200
+++ refpolicy-2.20170204/policy/modules/contrib/mozilla.te 2017-04-20 00:16:29.709448857 +0200
@@ -6,6 +6,15 @@ policy_module(mozilla, 2.11.0)
#

## <desc>
+### <p>
+### Determine whether mozilla can
+### manage the user home directories
+### and files.
+### </p>
+### </desc>
+gen_tunable(mozilla_enable_home_dirs, false)
+
+## <desc>
## <p>
## Determine whether mozilla can
## make its stack executable.
@@ -112,6 +121,10 @@ allow mozilla_t mozilla_plugin_rw_t:dir
allow mozilla_t mozilla_plugin_rw_t:file read_file_perms;
allow mozilla_t mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;

+userdom_user_home_dir_filetrans_user_cache(mozilla_t, dir, ".cache")
+userdom_user_home_dir_filetrans_user_config(mozilla_t, dir, ".config")
+userdom_user_home_dir_filetrans_user_data(mozilla_t, dir, ".local")
+
stream_connect_pattern(mozilla_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t)

can_exec(mozilla_t, { mozilla_exec_t mozilla_plugin_rw_t mozilla_plugin_home_t })
@@ -196,12 +209,17 @@ userdom_use_user_ptys(mozilla_t)
userdom_manage_user_tmp_dirs(mozilla_t)
userdom_manage_user_tmp_files(mozilla_t)

-userdom_manage_user_home_content_dirs(mozilla_t)
-userdom_manage_user_home_content_files(mozilla_t)
-userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file })
+userdom_manage_user_cache(mozilla_t)
+userdom_manage_user_config(mozilla_t)
+userdom_manage_user_data(mozilla_t)
+userdom_manage_user_downloads(mozilla_t)
+
+userdom_search_user_home_dirs(mozilla_t)

userdom_write_user_tmp_sockets(mozilla_t)

+userdom_user_cache_filetrans(mozilla_t, mozilla_home_t, { dir file })
+
mozilla_run_plugin(mozilla_t, mozilla_roles)
mozilla_run_plugin_config(mozilla_t, mozilla_roles)

@@ -224,6 +242,15 @@ tunable_policy(`allow_execmem',`
allow mozilla_t self:process execmem;
')

+tunable_policy(`mozilla_enable_home_dirs',`
+ userdom_manage_user_home_content_dirs(mozilla_t)
+ userdom_manage_user_home_content_files(mozilla_t)
+ userdom_user_home_dir_filetrans_user_home_content(mozilla_t, { dir file })
+',`
+ userdom_dontaudit_manage_user_home_content_dirs(mozilla_t)
+ userdom_dontaudit_manage_user_home_content_files(mozilla_t)
+')
+
tunable_policy(`mozilla_execstack',`
allow mozilla_t self:process { execmem execstack };
')
@@ -500,10 +527,6 @@ miscfiles_dontaudit_setattr_fonts_cache_
userdom_manage_user_tmp_dirs(mozilla_plugin_t)
userdom_manage_user_tmp_files(mozilla_plugin_t)

-userdom_manage_user_home_content_dirs(mozilla_plugin_t)
-userdom_manage_user_home_content_files(mozilla_plugin_t)
-userdom_user_home_dir_filetrans_user_home_content(mozilla_plugin_t, { dir file })
-
userdom_write_user_tmp_sockets(mozilla_plugin_t)

userdom_dontaudit_use_user_terminals(mozilla_plugin_t)
@@ -523,6 +546,15 @@ tunable_policy(`allow_execmem',`
allow mozilla_plugin_t self:process execmem;
')

+tunable_policy(`mozilla_enable_home_dirs',`
+ userdom_manage_user_home_content_dirs(mozilla_plugin_t)
+ userdom_manage_user_home_content_files(mozilla_plugin_t)
+ userdom_user_home_dir_filetrans_user_home_content(mozilla_plugin_t, { dir file })
+',`
+ userdom_dontaudit_manage_user_home_content_dirs(mozilla_plugin_t)
+ userdom_dontaudit_manage_user_home_content_files(mozilla_plugin_t)
+')
+
tunable_policy(`mozilla_execstack',`
allow mozilla_plugin_t self:process { execmem execstack };
')