]>
Commit | Line | Data |
---|---|---|
57869a68 | 1 | ## <module name="userdomain"> |
490639cd | 2 | ## <summary>Policy for user domains</summary> |
b16c6b8c CP |
3 | |
4 | ######################################## | |
5 | # | |
6 | # Base user domain template | |
7 | # | |
8 | # This is common to user and admin domain | |
9 | ||
10 | define(`base_user_domain',` | |
11 | ||
0c73cd25 CP |
12 | attribute $1_file_type; |
13 | ||
14 | type $1_t, userdomain; | |
c9428d33 CP |
15 | domain_type($1_t) |
16 | corecmd_shell_entry_type($1_t) | |
0c73cd25 CP |
17 | role $1_r types $1_t; |
18 | allow system_r $1_r; | |
19 | ||
20 | # user pseudoterminal | |
21 | type $1_devpts_t; | |
0fd9dc55 | 22 | term_user_pty($1_t,$1_devpts_t) |
0c73cd25 CP |
23 | |
24 | # type for contents of home directory | |
25 | type $1_home_t, $1_file_type, home_type; | |
c9428d33 | 26 | files_file_type($1_home_t) |
0c73cd25 CP |
27 | |
28 | # type of home directory | |
29 | type $1_home_dir_t, home_dir_type, home_type; | |
c9428d33 | 30 | files_file_type($1_home_t) |
0c73cd25 CP |
31 | |
32 | type $1_tmp_t, $1_file_type; | |
c9428d33 | 33 | files_tmp_file($1_tmp_t) |
0c73cd25 CP |
34 | |
35 | type $1_tmpfs_t; | |
c9428d33 | 36 | files_tmpfs_file($1_tmpfs_t) |
0c73cd25 CP |
37 | |
38 | type $1_tty_device_t; | |
0fd9dc55 | 39 | term_tty($1_t,$1_tty_device_t) |
0c73cd25 CP |
40 | |
41 | ############################## | |
42 | # | |
43 | # Local policy | |
44 | # | |
45 | ||
46 | allow $1_t self:capability { setgid chown fowner }; | |
47 | dontaudit $1_t self:capability { sys_nice fsetid }; | |
48 | allow $1_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem dyntransition }; | |
49 | allow $1_t self:process { ptrace setfscreate }; | |
50 | allow $1_t self:fd use; | |
cc41a97c CP |
51 | allow $1_t self:fifo_file rw_file_perms; |
52 | allow $1_t self:unix_dgram_socket create_socket_perms; | |
0fd9dc55 | 53 | allow $1_t self:unix_stream_socket create_stream_socket_perms; |
0c73cd25 CP |
54 | allow $1_t self:unix_dgram_socket sendto; |
55 | allow $1_t self:unix_stream_socket connectto; | |
cc41a97c CP |
56 | allow $1_t self:shm create_shm_perms; |
57 | allow $1_t self:sem create_sem_perms; | |
58 | allow $1_t self:msgq create_msgq_perms; | |
0c73cd25 CP |
59 | allow $1_t self:msg { send receive }; |
60 | dontaudit $1_t self:socket create; | |
61 | # Irrelevant until we have labeled networking. | |
62 | #allow $1_t self:udp_socket { sendto recvfrom }; | |
63 | ||
64 | # evolution and gnome-session try to create a netlink socket | |
65 | dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown }; | |
66 | dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write }; | |
67 | ||
68 | # execute files in the home directory | |
cc41a97c | 69 | allow $1_t $1_home_t:file { rx_file_perms execute_no_trans }; |
0c73cd25 CP |
70 | |
71 | # full control of the home directory | |
cc41a97c CP |
72 | allow $1_t $1_home_t:file { create_file_perms relabelfrom relabelto }; |
73 | allow $1_t $1_home_t:lnk_file { create_lnk_perms relabelfrom relabelto }; | |
74 | allow $1_t $1_home_t:dir { create_dir_perms relabelfrom relabelto }; | |
75 | allow $1_t $1_home_t:sock_file { create_file_perms relabelfrom relabelto }; | |
76 | allow $1_t $1_home_t:fifo_file { create_file_perms relabelfrom relabelto }; | |
77 | allow $1_t $1_home_dir_t:dir create_dir_perms; | |
78 | type_transition $1_t $1_home_dir_t:{ dir notdevfile_class_set } $1_home_t; | |
0c73cd25 | 79 | |
cc41a97c | 80 | allow $1_t $1_tmp_t:file { rx_file_perms execute_no_trans }; |
0c73cd25 CP |
81 | |
82 | # Bind to a Unix domain socket in /tmp. | |
83 | # cjp: this is combination is not checked and should be removed | |
84 | allow $1_t $1_tmp_t:unix_stream_socket name_bind; | |
85 | ||
cc41a97c CP |
86 | allow $1_t $1_tmpfs_t:dir rw_dir_perms; |
87 | allow $1_t $1_tmpfs_t:file create_file_perms; | |
88 | allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms; | |
89 | allow $1_t $1_tmpfs_t:sock_file create_file_perms; | |
90 | allow $1_t $1_tmpfs_t:fifo_file create_file_perms; | |
0fd9dc55 | 91 | fs_create_tmpfs_data($1_t,$1_tmpfs_t, { dir notdevfile_class_set } ) |
0c73cd25 | 92 | |
cc41a97c | 93 | allow $1_t $1_tty_device_t:chr_file { setattr rw_file_perms }; |
0c73cd25 CP |
94 | |
95 | allow $1_t unpriv_userdomain:fd use; | |
96 | ||
97 | # Instantiate derived domains for a number of programs. | |
98 | # These derived domains encode both information about the calling | |
99 | # user domain and the program, and allow us to maintain separation | |
100 | # between different instances of the program being run by different | |
101 | # user domains. | |
102 | per_userdomain_templates($1) | |
103 | ||
104 | kernel_read_kernel_sysctl($1_t) | |
5e0da6a0 | 105 | selinux_get_fs_mount($1_t) |
0c73cd25 CP |
106 | # Very permissive allowing every domain to see every type: |
107 | kernel_get_sysvipc_info($1_t) | |
108 | # Find CDROM devices: | |
109 | kernel_read_device_sysctl($1_t) | |
110 | # GNOME checks for usb and other devices: | |
8bd67899 | 111 | dev_rw_usbfs($1_t) |
0fd9dc55 CP |
112 | |
113 | corenet_tcp_sendrecv_all_if($1_t) | |
114 | corenet_raw_sendrecv_all_if($1_t) | |
115 | corenet_udp_sendrecv_all_if($1_t) | |
116 | corenet_tcp_sendrecv_all_nodes($1_t) | |
117 | corenet_raw_sendrecv_all_nodes($1_t) | |
118 | corenet_udp_sendrecv_all_nodes($1_t) | |
119 | corenet_tcp_sendrecv_all_ports($1_t) | |
120 | corenet_udp_sendrecv_all_ports($1_t) | |
121 | corenet_tcp_bind_all_nodes($1_t) | |
122 | corenet_udp_bind_all_nodes($1_t) | |
0c73cd25 | 123 | # allow port_t name binding for UDP because it is not very usable otherwise |
0fd9dc55 | 124 | corenet_udp_bind_generic_port($1_t) |
0c73cd25 | 125 | |
f0c985ca KM |
126 | dev_read_input($1_t) |
127 | dev_read_misc($1_t) | |
128 | dev_write_misc($1_t) | |
129 | dev_write_snd_dev($1_t) | |
130 | dev_read_snd_dev($1_t) | |
131 | dev_read_snd_mixer_dev($1_t) | |
132 | dev_write_snd_mixer_dev($1_t) | |
133 | dev_read_rand($1_t) | |
134 | dev_read_urand($1_t) | |
0c73cd25 | 135 | # open office is looking for the following |
f0c985ca KM |
136 | dev_getattr_agp_dev($1_t) |
137 | dev_dontaudit_rw_dri_dev($1_t) | |
0c73cd25 | 138 | |
763c441e | 139 | fs_get_all_fs_quotas($1_t) |
0fd9dc55 | 140 | fs_getattr_all_fs($1_t) |
0c73cd25 CP |
141 | |
142 | # for eject | |
0fd9dc55 | 143 | storage_getattr_fixed_disk($1_t) |
0c73cd25 | 144 | |
c9428d33 CP |
145 | auth_read_login_records($1_t) |
146 | auth_dontaudit_write_login_records($1_t) | |
147 | auth_run_pam($1_t,$1_r,{ $1_tty_device_t $1_devpts_t }) | |
148 | auth_run_utempter($1_t,$1_r,{ $1_tty_device_t $1_devpts_t }) | |
0c73cd25 | 149 | |
c9428d33 CP |
150 | corecmd_exec_bin($1_t) |
151 | corecmd_exec_sbin($1_t) | |
152 | corecmd_exec_ls($1_t) | |
0c73cd25 | 153 | |
c9428d33 CP |
154 | domain_exec_all_entry_files($1_t) |
155 | domain_use_wide_inherit_fd($1_t) | |
0c73cd25 | 156 | |
c9428d33 CP |
157 | files_exec_generic_etc_files($1_t) |
158 | files_read_usr_src($1_t) | |
0c73cd25 CP |
159 | |
160 | # Caused by su - init scripts | |
c9428d33 | 161 | init_dontaudit_use_script_pty($1_t) |
0c73cd25 | 162 | |
c9428d33 CP |
163 | libs_use_ld_so($1_t) |
164 | libs_use_shared_libs($1_t) | |
165 | libs_exec_ld_so($1_t) | |
166 | libs_exec_lib_files($1_t) | |
0c73cd25 | 167 | |
c9428d33 | 168 | logging_dontaudit_getattr_all_logs($1_t) |
0c73cd25 CP |
169 | |
170 | miscfiles_read_localization($1_t) | |
c9428d33 | 171 | miscfiles_rw_man_cache($1_t) |
0c73cd25 | 172 | |
5e0da6a0 | 173 | seutil_run_newrole($1_t,$1_r,{ $1_devpts_t $1_tty_device_t }) |
0c73cd25 | 174 | |
c9428d33 | 175 | mta_rw_spool($1_t) |
0c73cd25 | 176 | |
34c8fabe | 177 | tunable_policy(`allow_execmem',` |
0c73cd25 CP |
178 | # Allow loading DSOs that require executable stack. |
179 | allow $1_t self:process execmem; | |
34c8fabe | 180 | ') |
0c73cd25 | 181 | |
34c8fabe | 182 | tunable_policy(`use_nfs_home_dirs',` |
0fd9dc55 | 183 | fs_manage_nfs_dirs($1_t) |
763c441e | 184 | fs_manage_nfs_files($1_t) |
0fd9dc55 | 185 | fs_manage_nfs_symlinks($1_t) |
763c441e CP |
186 | fs_manage_nfs_named_sockets($1_t) |
187 | fs_manage_nfs_named_pipes($1_t) | |
188 | fs_execute_nfs_files($1_t) | |
34c8fabe | 189 | ') |
0c73cd25 | 190 | |
34c8fabe | 191 | tunable_policy(`use_samba_home_dirs',` |
0fd9dc55 CP |
192 | fs_manage_cifs_dirs($1_t) |
193 | fs_manage_cifs_files($1_t) | |
194 | fs_manage_cifs_symlinks($1_t) | |
195 | fs_manage_cifs_named_sockets($1_t) | |
196 | fs_manage_cifs_named_pipes($1_t) | |
197 | fs_execute_cifs_files($1_t) | |
34c8fabe | 198 | ') |
0c73cd25 | 199 | |
34c8fabe | 200 | tunable_policy(`user_direct_mouse',` |
f0c985ca | 201 | dev_read_mouse($1_t) |
34c8fabe | 202 | ') |
0c73cd25 | 203 | |
34c8fabe | 204 | tunable_policy(`user_ttyfile_stat',` |
0fd9dc55 | 205 | term_getattr_all_user_ttys($1_t) |
34c8fabe | 206 | ') |
0c73cd25 CP |
207 | |
208 | optional_policy(`usermanage.te',` | |
c9428d33 CP |
209 | usermanage_run_chfn($1_t,$1_r,{ $1_devpts_t $1_tty_device_t }) |
210 | usermanage_run_passwd($1_t,$1_r,{ $1_devpts_t $1_tty_device_t }) | |
0c73cd25 CP |
211 | ') |
212 | ||
213 | ifdef(`TODO',` | |
214 | ||
215 | # When the user domain runs ps, there will be a number of access | |
216 | # denials when ps tries to search /proc. Do not audit these denials. | |
217 | dontaudit $1_t domain:dir r_dir_perms; | |
218 | dontaudit $1_t domain:notdevfile_class_set r_file_perms; | |
219 | dontaudit $1_t domain:process { getattr getsession }; | |
220 | # | |
221 | # Cups daemon running as user tries to write /etc/printcap | |
222 | # | |
223 | dontaudit $1_t usr_t:file setattr; | |
224 | ||
225 | # Access the power device. | |
cc41a97c | 226 | allow $1_t power_device_t:chr_file rw_file_perms; |
0c73cd25 CP |
227 | |
228 | # Check to see if cdrom is mounted | |
229 | allow $1_t mnt_t:dir { getattr search }; | |
230 | ||
231 | # | |
232 | # Added to allow reading of cdrom | |
233 | # | |
234 | allow $1_t rpc_pipefs_t:dir getattr; | |
235 | allow $1_t nfsd_fs_t:dir getattr; | |
236 | allow $1_t binfmt_misc_fs_t:dir getattr; | |
237 | ||
238 | # /initrd is left mounted, various programs try to look at it | |
239 | dontaudit $1_t ramfs_t:dir getattr; | |
240 | ||
3eed1090 | 241 | tunable_policy(`read_default_t',` |
0c73cd25 CP |
242 | allow $1_t default_t:dir r_dir_perms; |
243 | allow $1_t default_t:notdevfile_class_set r_file_perms; | |
3eed1090 | 244 | ') |
0c73cd25 CP |
245 | |
246 | # | |
247 | # Running ifconfig as a user generates the following | |
248 | # | |
249 | dontaudit $1_t sysctl_net_t:dir search; | |
250 | ||
251 | dontaudit $1_t default_context_t:dir search; | |
252 | ||
253 | r_dir_file($1_t, usercanread) | |
254 | ||
255 | can_ypbind($1_t) | |
256 | ||
3eed1090 | 257 | tunable_policy(`allow_execmod',` |
0c73cd25 CP |
258 | # Allow text relocations on system shared libraries, e.g. libGL. |
259 | allow $1_t texrel_shlib_t:file execmod; | |
3eed1090 | 260 | ') |
0c73cd25 CP |
261 | |
262 | allow $1_t fs_type:dir getattr; | |
263 | ||
264 | # old "file_browse_domain": | |
265 | # Regular files/directories that are not security sensitive | |
266 | dontaudit $1_t file_type - secure_file_type:dir_file_class_set getattr; | |
267 | dontaudit $1_t file_type - secure_file_type:dir { read search }; | |
268 | # /dev | |
269 | dontaudit $1_t dev_fs:dir_file_class_set getattr; | |
270 | dontaudit $1_t dev_fs:dir { read search }; | |
271 | # /proc | |
272 | dontaudit $1_t sysctl_t:dir_file_class_set getattr; | |
273 | dontaudit $1_t proc_fs:dir { read search }; | |
274 | ||
cc41a97c | 275 | allow $1_t autofs_t:dir { getattr search }; |
0c73cd25 CP |
276 | |
277 | can_exec($1_t, { removable_t noexattrfile } ) | |
3eed1090 CP |
278 | |
279 | tunable_policy(`user_rw_noexattrfile',` | |
0c73cd25 CP |
280 | create_dir_file($1_t, noexattrfile) |
281 | create_dir_file($1_t, removable_t) | |
282 | # Write floppies | |
283 | allow $1_t removable_device_t:blk_file rw_file_perms; | |
284 | allow $1_t usbtty_device_t:chr_file write; | |
3eed1090 | 285 | ',` |
0c73cd25 CP |
286 | r_dir_file($1_t, noexattrfile) |
287 | r_dir_file($1_t, removable_t) | |
288 | allow $1_t removable_device_t:blk_file r_file_perms; | |
3eed1090 CP |
289 | ') |
290 | ||
0c73cd25 CP |
291 | allow $1_t usbtty_device_t:chr_file read; |
292 | ||
293 | can_exec($1_t, noexattrfile) | |
294 | ||
295 | # for running TeX programs | |
296 | r_dir_file($1_t, tetex_data_t) | |
297 | can_exec($1_t, tetex_data_t) | |
298 | ||
299 | # Run programs developed by other users in the same domain. | |
300 | ||
301 | can_resmgrd_connect($1_t) | |
302 | ||
303 | can_ypbind($1_t) | |
304 | ||
305 | allow $1_t var_lock_t:dir search; | |
306 | ||
307 | # Grant permissions to access the system DBus | |
308 | ifdef(`dbusd.te', ` | |
309 | dbusd_client(system, $1) | |
310 | can_network_server_tcp($1_dbusd_t) | |
311 | allow $1_dbusd_t reserved_port_t:tcp_socket name_bind; | |
312 | ||
313 | allow $1_t system_dbusd_t:dbus { send_msg acquire_svc }; | |
314 | dbusd_client($1, $1) | |
315 | allow $1_t $1_dbusd_t:dbus { send_msg acquire_svc }; | |
316 | dbusd_domain($1) | |
317 | ifdef(`hald.te', ` | |
318 | allow $1_t hald_t:dbus send_msg; | |
319 | allow hald_t $1_t:dbus send_msg; | |
320 | ') | |
321 | ') | |
322 | ||
323 | # Gnome pannel binds to the following | |
324 | ifdef(`cups.te', ` | |
cc41a97c | 325 | allow $1_t { cupsd_etc_t cupsd_rw_etc_t }:file r_file_perms; |
0c73cd25 CP |
326 | ') |
327 | ||
328 | # Connect to inetd. | |
329 | ifdef(`inetd.te', ` | |
330 | can_tcp_connect($1_t, inetd_t) | |
331 | can_udp_send($1_t, inetd_t) | |
332 | can_udp_send(inetd_t, $1_t) | |
333 | ') | |
334 | ||
335 | # Connect to portmap. | |
336 | ifdef(`portmap.te', `can_tcp_connect($1_t, portmap_t)') | |
337 | ||
338 | # Inherit and use sockets from inetd | |
339 | ifdef(`inetd.te', ` | |
340 | allow $1_t inetd_t:fd use; | |
341 | allow $1_t inetd_t:tcp_socket rw_stream_socket_perms; | |
342 | ') | |
343 | ||
344 | ifdef(`xserver.te', ` | |
345 | # for /tmp/.ICE-unix | |
346 | file_type_auto_trans($1_t, xdm_xserver_tmp_t, $1_tmp_t, sock_file) | |
347 | allow $1_t xserver_misc_device_t:{ chr_file blk_file } rw_file_perms; | |
348 | ') | |
349 | ||
350 | ifdef(`xdm.te', ` | |
351 | # Connect to the X server run by the X Display Manager. | |
352 | can_unix_connect($1_t, xdm_t) | |
353 | allow $1_t xdm_tmp_t:sock_file rw_file_perms; | |
354 | allow $1_t xdm_tmp_t:dir r_dir_perms; | |
cc41a97c | 355 | allow $1_t xdm_tmp_t:file r_file_perms; |
0c73cd25 CP |
356 | allow $1_t xdm_xserver_tmp_t:sock_file { read write }; |
357 | allow $1_t xdm_xserver_tmp_t:dir search; | |
358 | allow $1_t xdm_xserver_t:unix_stream_socket connectto; | |
359 | # certain apps want to read xdm.pid file | |
360 | r_dir_file($1_t, xdm_var_run_t) | |
cc41a97c | 361 | allow $1_t xdm_var_lib_t:file r_file_perms; |
0c73cd25 CP |
362 | allow xdm_t $1_home_dir_t:dir getattr; |
363 | ifdef(`xauth.te', ` | |
364 | file_type_auto_trans(xdm_t, $1_home_dir_t, $1_xauth_home_t, file) | |
365 | ') | |
366 | ||
367 | # for shared memory | |
368 | allow xdm_xserver_t $1_tmpfs_t:file { read write }; | |
369 | ||
370 | ') | |
371 | ||
372 | ifdef(`rpcd.te', ` | |
373 | create_dir_file($1_t, nfsd_rw_t) | |
374 | ') | |
375 | ||
376 | ifdef(`cardmgr.te', ` | |
377 | # to allow monitoring of pcmcia status | |
cc41a97c | 378 | allow $1_t cardmgr_var_run_t:file r_file_perms; |
0c73cd25 CP |
379 | ') |
380 | ||
381 | # | |
382 | # Allow graphical boot to check battery lifespan | |
383 | # | |
384 | ifdef(`apmd.te', ` | |
385 | allow $1_t apmd_t:unix_stream_socket connectto; | |
386 | allow $1_t apmd_var_run_t:sock_file write; | |
387 | ') | |
388 | ||
389 | ifdef(`automount.te', ` | |
cc41a97c | 390 | allow $1_t autofs_t:dir { getattr search }; |
0c73cd25 CP |
391 | ') |
392 | ||
393 | ifdef(`pamconsole.te', ` | |
394 | allow $1_t pam_var_console_t:dir search; | |
395 | ') | |
396 | ||
397 | ') dnl endif TODO | |
b16c6b8c CP |
398 | |
399 | ')dnl end base_user_domain macro | |
400 | ||
401 | ######################################## | |
402 | # | |
403 | # User domain template | |
404 | # | |
405 | ||
406 | define(`user_domain_template', ` | |
0c73cd25 CP |
407 | ############################## |
408 | # | |
409 | # Declarations | |
410 | # | |
b16c6b8c | 411 | |
0c73cd25 CP |
412 | # Inherit rules for ordinary users. |
413 | base_user_domain($1) | |
b16c6b8c | 414 | |
0c73cd25 | 415 | typeattribute $1_t unpriv_userdomain; #, web_client_domain, nscd_client_domain; |
c9428d33 | 416 | domain_wide_inherit_fd($1_t) |
b16c6b8c | 417 | |
0c73cd25 CP |
418 | #typeattribute $1_devpts_t userpty_type, user_tty_type; |
419 | #typeattribute $1_home_dir_t user_home_dir_type; | |
420 | #typeattribute $1_home_t user_home_type; | |
b16c6b8c | 421 | |
0c73cd25 | 422 | #typeattribute $1_tmp_t, user_tmpfile; |
b16c6b8c | 423 | |
0c73cd25 | 424 | #typeattribute $1_tty_device_t user_tty_type; |
b16c6b8c | 425 | |
0c73cd25 CP |
426 | ############################## |
427 | # | |
428 | # Local policy | |
429 | # | |
430 | ||
431 | allow $1_t $1_devpts_t:chr_file { setattr ioctl read getattr lock write append }; | |
0fd9dc55 | 432 | term_create_pty($1_t,$1_devpts_t) |
0c73cd25 CP |
433 | |
434 | # Rules used to associate a homedir as a mountpoint | |
435 | allow $1_home_t self:filesystem associate; | |
436 | allow $1_file_type $1_home_t:filesystem associate; | |
437 | ||
438 | # user temporary files | |
cc41a97c CP |
439 | allow $1_t $1_tmp_t:file create_file_perms; |
440 | allow $1_t $1_tmp_t:lnk_file create_lnk_perms; | |
441 | allow $1_t $1_tmp_t:dir create_dir_perms; | |
442 | allow $1_t $1_tmp_t:sock_file create_file_perms; | |
443 | allow $1_t $1_tmp_t:fifo_file create_file_perms; | |
c9428d33 | 444 | files_create_tmp_files($1_t, $1_tmp_t, { dir notdevfile_class_set }) |
0c73cd25 CP |
445 | |
446 | # privileged home directory writers | |
cc41a97c CP |
447 | allow privhome $1_home_t:file create_file_perms; |
448 | allow privhome $1_home_t:lnk_file create_lnk_perms; | |
449 | allow privhome $1_home_t:dir create_dir_perms; | |
450 | allow privhome $1_home_t:sock_file create_file_perms; | |
451 | allow privhome $1_home_t:fifo_file create_file_perms; | |
452 | type_transition privhome $1_home_dir_t:{ dir notdevfile_class_set } $1_home_t; | |
0c73cd25 CP |
453 | |
454 | kernel_read_system_state($1_t) | |
455 | kernel_read_network_state($1_t) | |
8bd67899 | 456 | dev_read_sysfs($1_t) |
0c73cd25 CP |
457 | |
458 | # cjp: why? | |
459 | bootloader_read_kernel_symbol_table($1_t) | |
460 | ||
461 | # port access is audited even if dac would not have allowed it, so dontaudit it here | |
0fd9dc55 | 462 | corenet_dontaudit_tcp_bind_all_reserved_ports($1_t) |
0c73cd25 | 463 | |
c9428d33 CP |
464 | files_read_generic_etc_files($1_t) |
465 | files_list_home($1_t) | |
466 | files_read_usr_files($1_t) | |
0c73cd25 | 467 | |
c9428d33 | 468 | init_read_script_pid($1_t) |
0c73cd25 CP |
469 | # The library functions always try to open read-write first, |
470 | # then fall back to read-only if it fails. | |
c9428d33 | 471 | init_dontaudit_write_script_pid($1_t) |
0c73cd25 | 472 | # Stop warnings about access to /dev/console |
c9428d33 CP |
473 | init_dontaudit_use_fd($1_t) |
474 | init_dontaudit_use_script_fd($1_t) | |
0c73cd25 CP |
475 | |
476 | miscfiles_read_man_pages($1_t) | |
477 | ||
5e0da6a0 | 478 | seutil_read_config($1_t) |
0c73cd25 CP |
479 | # Allow users to execute checkpolicy without a domain transition |
480 | # so it can be used without privilege to write real binary policy file | |
5e0da6a0 | 481 | seutil_exec_checkpol($1_t) |
0c73cd25 | 482 | |
34c8fabe | 483 | tunable_policy(`user_dmesg',` |
0c73cd25 | 484 | kernel_read_ring_buffer($1_t) |
34c8fabe | 485 | ',` |
0fd9dc55 | 486 | kernel_dontaudit_read_ring_buffer($1_t) |
34c8fabe | 487 | ') |
0c73cd25 CP |
488 | |
489 | # Allow users to run TCP servers (bind to ports and accept connection from | |
490 | # the same domain and outside users) disabling this forces FTP passive mode | |
491 | # and may change other protocols | |
34c8fabe | 492 | tunable_policy(`user_tcp_server',` |
0fd9dc55 | 493 | corenet_tcp_bind_generic_port($1_t) |
34c8fabe | 494 | ') |
0c73cd25 CP |
495 | |
496 | # for running depmod as part of the kernel packaging process | |
497 | optional_policy(`modutils.te',` | |
c9428d33 | 498 | modutils_read_module_conf($1_t) |
0c73cd25 CP |
499 | ') |
500 | ||
501 | optional_policy(`selinux.te',` | |
502 | # for when the network connection is killed | |
5e0da6a0 | 503 | seutil_dontaudit_newrole_signal($1_t) |
0c73cd25 CP |
504 | ') |
505 | ||
506 | # Need the following rule to allow users to run vpnc | |
507 | optional_policy(`xserver.te', ` | |
508 | corenetwork_bind_tcp_on_xserver_port($1_t) | |
509 | ') | |
510 | ||
511 | ifdef(`TODO',` | |
512 | ||
513 | dontaudit $1_t boot_t:lnk_file read; | |
514 | dontaudit $1_t boot_t:file read; | |
515 | ||
516 | can_kerberos($1_t) | |
517 | ||
518 | # do not audit read on disk devices | |
519 | dontaudit $1_t { removable_device_t fixed_disk_device_t }:blk_file read; | |
520 | ||
521 | ifdef(`xdm.te', ` | |
522 | allow xdm_t $1_home_t:lnk_file read; | |
523 | allow xdm_t $1_home_t:dir search; | |
524 | # | |
525 | # Changing this to dontaudit should cause the .xsession-errors file to be written to /tmp | |
526 | # | |
527 | dontaudit xdm_t $1_home_t:file rw_file_perms; | |
528 | ') | |
529 | ||
530 | ifdef(`ftpd.te', ` | |
3eed1090 | 531 | tunable_policy(`ftp_home_dir',` |
0c73cd25 | 532 | file_type_auto_trans(ftpd_t, $1_home_dir_t, $1_home_t) |
3eed1090 | 533 | ') |
0c73cd25 CP |
534 | ') |
535 | ||
3eed1090 | 536 | tunable_policy(`read_default_t',` |
0c73cd25 CP |
537 | allow $1 default_t:dir r_dir_perms; |
538 | allow $1 default_t:notdevfile_class_set r_file_perms; | |
3eed1090 | 539 | ') |
0c73cd25 CP |
540 | |
541 | can_exec($1_t, usr_t) | |
542 | ||
543 | # Read directories and files with the readable_t type. | |
544 | # This type is a general type for "world"-readable files. | |
545 | allow $1_t readable_t:dir r_dir_perms; | |
546 | allow $1_t readable_t:notdevfile_class_set r_file_perms; | |
547 | ||
548 | # Stat lost+found. | |
549 | allow $1_t lost_found_t:dir getattr; | |
550 | ||
551 | # Read /var, /var/spool, /var/run. | |
552 | allow $1_t var_t:dir r_dir_perms; | |
553 | allow $1_t var_t:notdevfile_class_set r_file_perms; | |
554 | allow $1_t var_spool_t:dir r_dir_perms; | |
555 | allow $1_t var_spool_t:notdevfile_class_set r_file_perms; | |
556 | allow $1_t var_run_t:dir r_dir_perms; | |
557 | allow $1_t var_run_t:{ file lnk_file } r_file_perms; | |
558 | allow $1_t var_lib_t:dir r_dir_perms; | |
559 | allow $1_t var_lib_t:file { getattr read }; | |
560 | ||
561 | # Allow users to rw usb devices | |
3eed1090 | 562 | tunable_policy(`user_rw_usb',` |
0c73cd25 | 563 | rw_dir_create_file($1_t,usbdevfs_t) |
3eed1090 | 564 | ',` |
0c73cd25 | 565 | r_dir_file($1_t,usbdevfs_t) |
3eed1090 | 566 | ') |
0c73cd25 CP |
567 | |
568 | # Do not audit write denials to /etc/ld.so.cache. | |
569 | dontaudit $1_t ld_so_cache_t:file write; | |
570 | ||
571 | dontaudit $1_t sysadm_home_t:file { read append }; | |
572 | ||
573 | ifdef(`syslogd.te', ` | |
574 | # Some programs that are left in $1_t will try to connect | |
575 | # to syslogd, but we do not want to let them generate log messages. | |
576 | # Do not audit. | |
577 | dontaudit $1_t devlog_t:sock_file { read write }; | |
578 | dontaudit $1_t syslogd_t:unix_dgram_socket sendto; | |
579 | ') | |
580 | ||
581 | allow $1_t initrc_t:fifo_file write; | |
582 | ||
583 | ifdef(`user_can_mount', ` | |
584 | # | |
585 | # Allow users to mount file systems like floppies and cdrom | |
586 | # | |
587 | mount_domain($1, $1_mount, `, fs_domain') | |
588 | r_dir_file($1_t, mnt_t) | |
589 | allow $1_mount_t device_t:lnk_file read; | |
590 | allow $1_mount_t removable_device_t:blk_file read; | |
591 | allow $1_mount_t iso9660_t:filesystem relabelfrom; | |
592 | allow $1_mount_t removable_t:filesystem { mount relabelto }; | |
593 | allow $1_mount_t removable_t:dir mounton; | |
594 | ifdef(`xdm.te', ` | |
595 | allow $1_mount_t xdm_t:fd use; | |
596 | allow $1_mount_t xdm_t:fifo_file { read write }; | |
597 | ') | |
598 | ') | |
599 | ||
600 | ') dnl end TODO | |
b16c6b8c | 601 | ') |
4d8ddf9a CP |
602 | |
603 | ######################################## | |
604 | # | |
605 | # Admin domain template | |
606 | # | |
607 | define(`admin_domain_template',` | |
0c73cd25 CP |
608 | ############################## |
609 | # | |
610 | # Declarations | |
611 | # | |
612 | ||
613 | # Inherit rules for ordinary users. | |
614 | base_user_domain($1) | |
615 | ||
616 | typeattribute $1_t privhome; #, admin, web_client_domain, nscd_client_domain; | |
8bd67899 | 617 | domain_obj_id_change_exempt($1_t) |
0c73cd25 CP |
618 | role system_r types $1_t; |
619 | ||
620 | #ifdef(`direct_sysadm_daemon', `, priv_system_role') | |
621 | #; dnl end of sysadm_t type declaration | |
622 | ||
623 | typeattribute $1_devpts_t admin_terminal; | |
624 | ||
625 | typeattribute $1_tty_device_t admin_terminal; | |
626 | ||
627 | ############################## | |
628 | # | |
629 | # $1_t local policy | |
630 | # | |
631 | ||
632 | allow $1_t self:capability ~sys_module; | |
633 | allow $1_t self:process { setexec setfscreate }; | |
634 | ||
635 | # Set password information for other users. | |
636 | allow $1_t self:passwd { passwd chfn chsh }; | |
637 | ||
638 | # Skip authentication when pam_rootok is specified. | |
639 | allow $1_t self:passwd rootok; | |
640 | ||
641 | # Manipulate other users crontab. | |
642 | allow $1_t self:passwd crontab; | |
643 | ||
644 | # for the administrator to run TCP servers directly | |
645 | allow $1_t self:tcp_socket { acceptfrom connectto recvfrom }; | |
646 | ||
647 | allow $1_t $1_devpts_t:chr_file { setattr ioctl read getattr lock write append }; | |
0fd9dc55 | 648 | term_create_pty($1_t,$1_devpts_t) |
0c73cd25 | 649 | |
cc41a97c CP |
650 | allow $1_t $1_tmp_t:dir create_dir_perms; |
651 | allow $1_t $1_tmp_t:file create_file_perms; | |
652 | allow $1_t $1_tmp_t:lnk_file create_file_perms; | |
653 | allow $1_t $1_tmp_t:fifo_file create_file_perms; | |
654 | allow $1_t $1_tmp_t:sock_file create_file_perms; | |
c9428d33 | 655 | files_create_tmp_files($1_t, $1_tmp_t, { dir notdevfile_class_set }) |
0c73cd25 CP |
656 | |
657 | kernel_read_system_state($1_t) | |
658 | kernel_read_network_state($1_t) | |
659 | kernel_read_software_raid_state($1_t) | |
0fd9dc55 CP |
660 | kernel_getattr_core($1_t) |
661 | kernel_getattr_message_if($1_t) | |
0c73cd25 CP |
662 | kernel_change_ring_buffer_level($1_t) |
663 | kernel_clear_ring_buffer($1_t) | |
664 | kernel_read_ring_buffer($1_t) | |
665 | kernel_get_sysvipc_info($1_t) | |
0fd9dc55 | 666 | kernel_rw_all_sysctl($1_t) |
5e0da6a0 CP |
667 | selinux_set_enforce_mode($1_t) |
668 | selinux_set_boolean($1_t) | |
669 | selinux_set_parameters($1_t) | |
0c73cd25 | 670 | # Get security policy decisions: |
5e0da6a0 CP |
671 | selinux_get_fs_mount($1_t) |
672 | selinux_validate_context($1_t) | |
673 | selinux_compute_access_vector($1_t) | |
674 | selinux_compute_create_context($1_t) | |
675 | selinux_compute_relabel_context($1_t) | |
676 | selinux_compute_user_contexts($1_t) | |
0c73cd25 | 677 | # signal unlabeled processes: |
0fd9dc55 CP |
678 | kernel_kill_unlabeled($1_t) |
679 | kernel_signal_unlabeled($1_t) | |
680 | kernel_sigstop_unlabeled($1_t) | |
681 | kernel_signull_unlabeled($1_t) | |
682 | kernel_sigchld_unlabeled($1_t) | |
0c73cd25 | 683 | |
0fd9dc55 | 684 | corenet_tcp_bind_generic_port($1_t) |
0c73cd25 | 685 | |
f0c985ca KM |
686 | dev_getattr_generic_blk_file($1_t) |
687 | dev_getattr_generic_chr_file($1_t) | |
688 | dev_getattr_all_blk_files($1_t) | |
689 | dev_getattr_all_chr_files($1_t) | |
0c73cd25 | 690 | |
0fd9dc55 CP |
691 | fs_getattr_all_fs($1_t) |
692 | fs_set_all_quotas($1_t) | |
0c73cd25 CP |
693 | |
694 | storage_raw_read_removable_device($1_t) | |
695 | storage_raw_write_removable_device($1_t) | |
696 | ||
0fd9dc55 CP |
697 | term_use_console($1_t) |
698 | term_use_unallocated_tty($1_t) | |
699 | term_use_all_user_ptys($1_t) | |
700 | term_use_all_user_ttys($1_t) | |
0c73cd25 CP |
701 | |
702 | # Manage almost all files | |
c9428d33 | 703 | auth_manage_all_files_except_shadow($1_t) |
0c73cd25 | 704 | # Relabel almost all files |
c9428d33 | 705 | auth_relabel_all_files_except_shadow($1_t) |
0c73cd25 | 706 | |
c9428d33 CP |
707 | domain_setpriority_all_domains($1_t) |
708 | domain_read_all_domains_state($1_t) | |
0c73cd25 CP |
709 | # signal all domains: |
710 | domain_kill_all_domains($1_t) | |
711 | domain_signal_all_domains($1_t) | |
712 | domain_signull_all_domains($1_t) | |
713 | domain_sigstop_all_domains($1_t) | |
714 | domain_sigstop_all_domains($1_t) | |
715 | domain_sigchld_all_domains($1_t) | |
716 | ||
c9428d33 | 717 | files_exec_usr_files($1_t) |
0c73cd25 | 718 | |
c9428d33 | 719 | init_use_initctl($1_t) |
0c73cd25 | 720 | |
c9428d33 | 721 | logging_send_syslog_msg($1_t) |
0c73cd25 | 722 | |
c9428d33 | 723 | modutils_domtrans_insmod($1_t) |
0c73cd25 | 724 | |
5e0da6a0 | 725 | seutil_read_config($1_t) |
0c73cd25 CP |
726 | # The following rule is temporary until such time that a complete |
727 | # policy management infrastructure is in place so that an administrator | |
728 | # cannot directly manipulate policy files with arbitrary programs. | |
5e0da6a0 | 729 | seutil_manage_src_pol($1_t) |
0c73cd25 CP |
730 | # Violates the goal of limiting write access to checkpolicy. |
731 | # But presently necessary for installing the file_contexts file. | |
5e0da6a0 | 732 | seutil_manage_binary_pol($1_t) |
0c73cd25 CP |
733 | |
734 | optional_policy(`cron.te',` | |
735 | cron_admin_template($1) | |
736 | ') | |
737 | ||
738 | ifdef(`TODO',` | |
739 | ||
740 | # Let admin stat the shadow file. | |
741 | allow $1_t shadow_t:file getattr; | |
742 | ||
743 | # for lsof | |
744 | allow $1_t mtrr_device_t:file getattr; | |
745 | ||
746 | allow $1_t serial_device:chr_file setattr; | |
747 | ||
748 | # allow setting up tunnels | |
749 | allow $1_t tun_tap_device_t:chr_file rw_file_perms; | |
750 | ||
751 | allow $1_t ptyfile:chr_file getattr; | |
752 | ||
753 | # Run programs from staff home directories. | |
754 | # Not ideal, but typical if users want to login as both sysadm_t or staff_t. | |
755 | can_exec($1_t, staff_home_t) | |
756 | ||
757 | # Run admin programs that require different permissions in their own domain. | |
758 | # These rules were moved into the appropriate program domain file. | |
759 | ||
760 | ifdef(`startx.te', ` | |
761 | ifdef(`xserver.te', ` | |
762 | # Create files in /tmp/.X11-unix with our X servers derived | |
763 | # tmp type rather than user_xserver_tmp_t. | |
764 | file_type_auto_trans($1_xserver_t, xserver_tmpfile, $1_xserver_tmp_t, sock_file) | |
765 | ') | |
766 | ') | |
767 | ||
768 | ifdef(`xdm.te', ` | |
769 | ifdef(`xauth.te', ` | |
3eed1090 | 770 | tunable_policy(`xdm_sysadm_login',` |
0c73cd25 CP |
771 | allow xdm_t $1_home_t:lnk_file read; |
772 | allow xdm_t $1_home_t:dir search; | |
3eed1090 | 773 | ') |
0c73cd25 CP |
774 | allow $1_t xdm_t:fifo_file rw_file_perms; |
775 | ') | |
776 | ') | |
777 | ||
778 | # | |
779 | # A user who is authorized for sysadm_t may nonetheless have | |
780 | # a home directory labeled with user_home_t if the user is expected | |
781 | # to login in either user_t or sysadm_t. Hence, the derived domains | |
782 | # for programs need to be able to access user_home_t. | |
783 | # | |
4d8ddf9a | 784 | |
0c73cd25 CP |
785 | # Allow our gph domain to write to .xsession-errors. |
786 | ifdef(`gnome-pty-helper.te', ` | |
787 | allow $1_gph_t user_home_dir_type:dir rw_dir_perms; | |
788 | allow $1_gph_t user_home_type:file create_file_perms; | |
789 | ') | |
4d8ddf9a | 790 | |
0c73cd25 CP |
791 | # for the administrator to run TCP servers directly |
792 | allow $1_t kernel_t:tcp_socket recvfrom; | |
4d8ddf9a | 793 | |
0c73cd25 CP |
794 | # Connect data port to ftpd. |
795 | ifdef(`ftpd.te', `can_tcp_connect(ftpd_t, $1_t)') | |
4d8ddf9a | 796 | |
0c73cd25 CP |
797 | # Connect second port to rshd. |
798 | ifdef(`rshd.te', `can_tcp_connect(rshd_t, $1_t)') | |
799 | ||
800 | # Allow MAKEDEV to work | |
801 | allow $1_t device_t:dir rw_dir_perms; | |
802 | allow $1_t device_type:{ blk_file chr_file } { create unlink rename }; | |
803 | allow $1_t device_t:lnk_file { create read }; | |
4d8ddf9a | 804 | |
0c73cd25 CP |
805 | # for lsof |
806 | allow $1_t domain:socket_class_set getattr; | |
807 | allow $1_t eventpollfs_t:file getattr; | |
808 | ') dnl endif TODO | |
4d8ddf9a | 809 | ') |
490639cd | 810 | |
4bf4ed9e | 811 | ######################################## |
c9428d33 | 812 | ## <interface name="userdom_spec_domtrans_all_users"> |
4bf4ed9e CP |
813 | ## <description> |
814 | ## Execute a shell in all user domains. This | |
815 | ## is an explicit transition, requiring the | |
816 | ## caller to use setexeccon(). | |
817 | ## </description> | |
818 | ## <parameter name="domain"> | |
819 | ## The type of the process performing this action. | |
820 | ## </parameter> | |
4bf4ed9e CP |
821 | ## </interface> |
822 | # | |
c9428d33 | 823 | define(`userdom_spec_domtrans_all_users',` |
fa7bea8f | 824 | gen_require(`$0'_depend) |
c9428d33 | 825 | corecmd_shell_spec_domtrans($1,userdomain) |
4bf4ed9e CP |
826 | ') |
827 | ||
c9428d33 | 828 | define(`userdom_spec_domtrans_all_users_depend',` |
0c73cd25 | 829 | type sysadm_t; |
4bf4ed9e CP |
830 | ') |
831 | ||
d490eb6b | 832 | ######################################## |
c9428d33 | 833 | ## <interface name="userdom_shell_domtrans_sysadm"> |
d490eb6b CP |
834 | ## <description> |
835 | ## Execute a shell in the sysadm domain. | |
836 | ## </description> | |
837 | ## <parameter name="domain"> | |
838 | ## The type of the process performing this action. | |
839 | ## </parameter> | |
d490eb6b CP |
840 | ## </interface> |
841 | # | |
c9428d33 | 842 | define(`userdom_shell_domtrans_sysadm',` |
fa7bea8f | 843 | gen_require(`$0'_depend) |
0c73cd25 | 844 | |
c9428d33 | 845 | corecmd_domtrans_shell($1,sysadm_t) |
d490eb6b CP |
846 | ') |
847 | ||
c9428d33 | 848 | define(`userdom_shell_domtrans_sysadm_depend',` |
0c73cd25 | 849 | type sysadm_t; |
d490eb6b CP |
850 | ') |
851 | ||
daa0e0b0 | 852 | ######################################## |
c9428d33 | 853 | ## <interface name="userdom_use_sysadm_terms"> |
daa0e0b0 CP |
854 | ## <description> |
855 | ## Read and write administrative users | |
856 | ## physical and pseudo terminals. | |
857 | ## </description> | |
858 | ## <parameter name="domain"> | |
859 | ## The type of the process performing this action. | |
860 | ## </parameter> | |
daa0e0b0 | 861 | ## </interface> |
490639cd | 862 | # |
c9428d33 | 863 | define(`userdom_use_sysadm_terms',` |
fa7bea8f | 864 | gen_require(`$0'_depend) |
0c73cd25 | 865 | |
f0c985ca | 866 | dev_list_all_dev_nodes($1) |
0fd9dc55 | 867 | term_list_ptys($1) |
0c73cd25 | 868 | allow $1 admin_terminal:chr_file { getattr read write ioctl }; |
daa0e0b0 CP |
869 | ') |
870 | ||
c9428d33 | 871 | define(`userdom_use_sysadm_terms_depend',` |
0c73cd25 CP |
872 | attribute admin_terminal; |
873 | ||
874 | class chr_file { getattr read write ioctl }; | |
daa0e0b0 CP |
875 | ') |
876 | ||
763c441e | 877 | ######################################## |
c9428d33 | 878 | ## <interface name="userdom_dontaudit_use_sysadm_terms"> |
763c441e CP |
879 | ## <description> |
880 | ## Do not audit attempts to use admin ttys and ptys. | |
881 | ## </description> | |
882 | ## <parameter name="domain"> | |
883 | ## The type of the process performing this action. | |
884 | ## </parameter> | |
763c441e CP |
885 | ## </interface> |
886 | # | |
c9428d33 | 887 | define(`userdom_dontaudit_use_sysadm_terms',` |
fa7bea8f | 888 | gen_require(`$0'_depend) |
763c441e CP |
889 | |
890 | dontaudit $1 admin_terminal:chr_file { read write }; | |
891 | ') | |
892 | ||
c9428d33 | 893 | define(`userdom_dontaudit_use_sysadm_terms_depend',` |
763c441e CP |
894 | attribute admin_terminal; |
895 | ||
896 | class chr_file { read write }; | |
897 | ') | |
898 | ||
4bf4ed9e | 899 | ######################################## |
c9428d33 | 900 | ## <interface name="userdom_search_all_users_home"> |
4bf4ed9e CP |
901 | ## <description> |
902 | ## Search all users home directories. | |
903 | ## </description> | |
904 | ## <parameter name="domain"> | |
905 | ## The type of the process performing this action. | |
906 | ## </parameter> | |
4bf4ed9e CP |
907 | ## </interface> |
908 | # | |
c9428d33 | 909 | define(`userdom_search_all_users_home',` |
fa7bea8f | 910 | gen_require(`$0'_depend) |
0c73cd25 | 911 | |
c9428d33 | 912 | files_list_home($1) |
0c73cd25 | 913 | allow $1 { home_dir_type home_type }:dir search; |
4bf4ed9e CP |
914 | ') |
915 | ||
c9428d33 | 916 | define(`userdom_search_all_users_home_depend',` |
0c73cd25 CP |
917 | attribute home_dir_type, home_type; |
918 | ||
919 | class dir search; | |
4bf4ed9e CP |
920 | ') |
921 | ||
daa0e0b0 | 922 | ######################################## |
c9428d33 | 923 | ## <interface name="userdom_read_all_user_data"> |
daa0e0b0 | 924 | ## <description> |
4bf4ed9e | 925 | ## Read all files in all users home directories. |
daa0e0b0 CP |
926 | ## </description> |
927 | ## <parameter name="domain"> | |
928 | ## The type of the process performing this action. | |
929 | ## </parameter> | |
daa0e0b0 CP |
930 | ## </interface> |
931 | # | |
c9428d33 | 932 | define(`userdom_read_all_user_data',` |
fa7bea8f | 933 | gen_require(`$0'_depend) |
0c73cd25 | 934 | |
c9428d33 | 935 | files_list_home($1) |
cc41a97c | 936 | allow $1 home_type:dir r_dir_perms; |
0fd9dc55 | 937 | allow $1 home_type:file r_file_perms; |
daa0e0b0 CP |
938 | ') |
939 | ||
c9428d33 | 940 | define(`userdom_read_all_user_data_depend',` |
0c73cd25 CP |
941 | attribute home_type; |
942 | ||
cc41a97c CP |
943 | class dir r_dir_perms; |
944 | class file r_file_perms; | |
daa0e0b0 CP |
945 | ') |
946 | ||
947 | ######################################## | |
c9428d33 | 948 | ## <interface name="userdom_use_all_user_fd"> |
490639cd CP |
949 | ## <description> |
950 | ## Inherit the file descriptors from all user domains | |
951 | ## </description> | |
952 | ## <parameter name="domain"> | |
953 | ## The type of the process performing this action. | |
954 | ## </parameter> | |
490639cd CP |
955 | ## </interface> |
956 | # | |
c9428d33 | 957 | define(`userdom_use_all_user_fd',` |
fa7bea8f | 958 | gen_require(`$0'_depend) |
0c73cd25 CP |
959 | |
960 | allow $1 userdomain:fd use; | |
490639cd CP |
961 | ') |
962 | ||
c9428d33 | 963 | define(`userdom_use_all_user_fd_depend',` |
0c73cd25 CP |
964 | attribute userdomain; |
965 | ||
966 | class fd use; | |
490639cd CP |
967 | ') |
968 | ||
4bf4ed9e | 969 | ######################################## |
c9428d33 | 970 | ## <interface name="userdom_signal_all_users"> |
4bf4ed9e CP |
971 | ## <description> |
972 | ## Send general signals to all user domains. | |
973 | ## </description> | |
974 | ## <parameter name="domain"> | |
975 | ## The type of the process performing this action. | |
976 | ## </parameter> | |
4bf4ed9e CP |
977 | ## </interface> |
978 | # | |
c9428d33 | 979 | define(`userdom_signal_all_users',` |
fa7bea8f | 980 | gen_require(`$0'_depend) |
0c73cd25 CP |
981 | |
982 | allow $1 userdomain:process signal; | |
4bf4ed9e CP |
983 | ') |
984 | ||
c9428d33 | 985 | define(`userdom_signal_all_users_depend',` |
0c73cd25 CP |
986 | attribute userdomain; |
987 | ||
988 | class process signal; | |
4bf4ed9e CP |
989 | ') |
990 | ||
daa0e0b0 | 991 | ######################################## |
c9428d33 | 992 | ## <interface name="userdom_use_unpriv_users_fd"> |
daa0e0b0 CP |
993 | ## <description> |
994 | ## Inherit the file descriptors from all user domains. | |
995 | ## </description> | |
996 | ## <parameter name="domain"> | |
997 | ## The type of the process performing this action. | |
998 | ## </parameter> | |
daa0e0b0 CP |
999 | ## </interface> |
1000 | # | |
c9428d33 | 1001 | define(`userdom_use_unpriv_users_fd',` |
fa7bea8f | 1002 | gen_require(`$0'_depend) |
0c73cd25 CP |
1003 | |
1004 | allow $1 unpriv_userdomain:fd use; | |
daa0e0b0 CP |
1005 | ') |
1006 | ||
c9428d33 | 1007 | define(`userdom_use_unpriv_users_fd_depend',` |
0c73cd25 CP |
1008 | attribute unpriv_userdomain; |
1009 | ||
1010 | class fd use; | |
daa0e0b0 CP |
1011 | ') |
1012 | ||
1013 | ######################################## | |
c9428d33 | 1014 | ## <interface name="userdom_dontaudit_use_unpriv_user_fd"> |
daa0e0b0 CP |
1015 | ## <description> |
1016 | ## Do not audit attempts to inherit the | |
1017 | ## file descriptors from all user domains. | |
1018 | ## </description> | |
1019 | ## <parameter name="domain"> | |
1020 | ## The type of the process performing this action. | |
1021 | ## </parameter> | |
daa0e0b0 CP |
1022 | ## </interface> |
1023 | # | |
c9428d33 | 1024 | define(`userdom_dontaudit_use_unpriv_user_fd',` |
fa7bea8f | 1025 | gen_require(`$0'_depend) |
0c73cd25 CP |
1026 | |
1027 | dontaudit $1 unpriv_userdomain:fd use; | |
daa0e0b0 CP |
1028 | ') |
1029 | ||
c9428d33 | 1030 | define(`userdom_dontaudit_use_unpriv_user_fd_depend',` |
0c73cd25 CP |
1031 | attribute unpriv_userdomain; |
1032 | ||
1033 | class fd use; | |
daa0e0b0 CP |
1034 | ') |
1035 | ||
490639cd | 1036 | ## </module> |