Changeset 2723
- Timestamp:
- 06/19/08 12:49:08 (2 months ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/rbacsep/policy/modules/services/xserver.if
r2710 r2723 505 505 506 506 interface(`xserver_role',` 507 typeattribute $2 x_userdomain; 508 507 509 domtrans_pattern($2, xserver_exec_t, xserver_t) 508 510 allow xserver_t $2:process signal; … … 586 588 ####################################### 587 589 ## <summary> 588 ## Template for creating sessions on a 589 ## prefix X server, with read-only 590 ## Create sessions on the X server, with read-only 590 591 ## access to the X server shared 591 592 ## memory segments. 592 593 ## </summary> 593 ## <param name="prefix">594 ## <summary>595 ## The prefix of the domain (e.g., user596 ## is the prefix for user_t).597 ## </summary>598 ## </param>599 594 ## <param name="domain"> 600 595 ## <summary> … … 608 603 ## </param> 609 604 # 610 template(`xserver_ro_session_template',`611 gen_require(` 612 type $1_xserver_t, $1_xserver_tmp_t, $1_xserver_tmpfs_t;605 interface(`xserver_ro_session',` 606 gen_require(` 607 type xserver_t, xserver_tmp_t, xserver_tmpfs_t; 613 608 ') 614 609 615 610 # Xserver read/write client shm 616 allow $1_xserver_t $2:fd use;617 allow $1_xserver_t $2:shm rw_shm_perms;618 allow $1_xserver_t $3:file rw_file_perms;611 allow xserver_t $1:fd use; 612 allow xserver_t $1:shm rw_shm_perms; 613 allow xserver_t $2:file rw_file_perms; 619 614 620 615 # Connect to xserver 621 allow $ 2 $1_xserver_t:unix_stream_socket connectto;622 allow $ 2 $1_xserver_t:process signal;616 allow $1 xserver_t:unix_stream_socket connectto; 617 allow $1 xserver_t:process signal; 623 618 624 619 # Read /tmp/.X0-lock 625 allow $ 2 $1_xserver_tmp_t:file { getattr read };620 allow $1 xserver_tmp_t:file { getattr read }; 626 621 627 622 # Client read xserver shm 628 allow $ 2 $1_xserver_t:fd use;629 allow $ 2 $1_xserver_t:shm r_shm_perms;630 allow $ 2 $1_xserver_tmpfs_t:file read_file_perms;623 allow $1 xserver_t:fd use; 624 allow $1 xserver_t:shm r_shm_perms; 625 allow $1 xserver_tmpfs_t:file read_file_perms; 631 626 ') 632 627 633 628 ####################################### 634 629 ## <summary> 635 ## Template for creating sessions on a 636 ## prefix X server, with read and write 630 ## Create sessions on the X server, with read and write 637 631 ## access to the X server shared 638 632 ## memory segments. 639 633 ## </summary> 640 ## <param name="prefix">641 ## <summary>642 ## The prefix of the domain (e.g., user643 ## is the prefix for user_t).644 ## </summary>645 ## </param>646 634 ## <param name="domain"> 647 635 ## <summary> … … 655 643 ## </param> 656 644 # 657 template(`xserver_rw_session_template',`658 gen_require(` 659 type $1_xserver_t, $1_xserver_tmpfs_t;660 ') 661 662 xserver_ro_session _template($1,$2,$3)663 allow $ 2 $1_xserver_t:shm rw_shm_perms;664 allow $ 2 $1_xserver_tmpfs_t:file rw_file_perms;645 interface(`xserver_rw_session',` 646 gen_require(` 647 type xserver_t, xserver_tmpfs_t; 648 ') 649 650 xserver_ro_session($1,$2) 651 allow $1 xserver_t:shm rw_shm_perms; 652 allow $1 xserver_tmpfs_t:file rw_file_perms; 665 653 ') 666 654 667 655 ####################################### 668 656 ## <summary> 669 ## Template for creatingfull client sessions657 ## Create full client sessions 670 658 ## on a user X server. 671 659 ## </summary> 672 ## <param name="prefix">673 ## <summary>674 ## The prefix of the domain (e.g., user675 ## is the prefix for user_t).676 ## </summary>677 ## </param>678 660 ## <param name="domain"> 679 661 ## <summary> … … 687 669 ## </param> 688 670 # 689 template(`xserver_user_client_template',`671 interface(`xserver_user_client',` 690 672 # refpolicywarn(`$0() has been deprecated, please use xserver_user_x_domain_template instead.') 691 673 gen_require(` 692 674 type xdm_t, xdm_tmp_t; 693 type $1_xauth_home_t, $1_iceauth_home_t, $1_xserver_t, $1_xserver_tmpfs_t;694 ') 695 696 allow $ 2self:shm create_shm_perms;697 allow $ 2self:unix_dgram_socket create_socket_perms;698 allow $ 2self:unix_stream_socket { connectto create_stream_socket_perms };675 type xauth_home_t, iceauth_home_t, xserver_t, xserver_tmpfs_t; 676 ') 677 678 allow $1 self:shm create_shm_perms; 679 allow $1 self:unix_dgram_socket create_socket_perms; 680 allow $1 self:unix_stream_socket { connectto create_stream_socket_perms }; 699 681 700 682 # Read .Xauthority file 701 allow $ 2 $1_xauth_home_t:file { getattr read };702 allow $ 2 $1_iceauth_home_t:file { getattr read };683 allow $1 xauth_home_t:file { getattr read }; 684 allow $1 iceauth_home_t:file { getattr read }; 703 685 704 686 # for when /tmp/.X11-unix is created by the system 705 allow $ 2xdm_t:fd use;706 allow $ 2xdm_t:fifo_file { getattr read write ioctl };707 allow $ 2xdm_tmp_t:dir search;708 allow $ 2xdm_tmp_t:sock_file { read write };709 dontaudit $ 2xdm_t:tcp_socket { read write };687 allow $1 xdm_t:fd use; 688 allow $1 xdm_t:fifo_file { getattr read write ioctl }; 689 allow $1 xdm_tmp_t:dir search; 690 allow $1 xdm_tmp_t:sock_file { read write }; 691 dontaudit $1 xdm_t:tcp_socket { read write }; 710 692 711 693 # Allow connections to X server. 712 files_search_tmp($ 2)713 714 miscfiles_read_fonts($ 2)715 716 userdom_search_user_home_dirs($1 ,$2)694 files_search_tmp($1) 695 696 miscfiles_read_fonts($1) 697 698 userdom_search_user_home_dirs($1) 717 699 # for .xsession-errors 718 userdom_dontaudit_write_user_home_content_files($1,$2) 719 720 xserver_ro_session_template(xdm,$2,$3) 721 xserver_rw_session_template($1,$2,$3) 722 xserver_use_user_fonts($1,$2) 723 724 xserver_read_xdm_tmp_files($2) 700 userdom_dontaudit_write_user_home_content_files($1) 701 702 xserver_ro_session($1,$2) 703 xserver_use_user_fonts($1) 704 705 xserver_read_xdm_tmp_files($1) 725 706 726 707 # Client write xserver shm 727 708 tunable_policy(`allow_write_xshm',` 728 allow $ 2 $1_xserver_t:shm rw_shm_perms;729 allow $ 2 $1_xserver_tmpfs_t:file rw_file_perms;709 allow $1 xserver_t:shm rw_shm_perms; 710 allow $1 xserver_tmpfs_t:file rw_file_perms; 730 711 ') 731 712 ') … … 737 718 ## X client application. 738 719 ## </summary> 739 ## <param name="user">740 ## <summary>741 ## The prefix of the X server domain (e.g., user742 ## is the prefix for user_t).743 ## </summary>744 ## </param>745 720 ## <param name="prefix"> 746 721 ## <summary> … … 757 732 template(`xserver_common_x_domain_template',` 758 733 gen_require(` 759 type $1_rootwindow_t, std_xext_t, shmem_xext_t;734 type rootwindow_t, std_xext_t, shmem_xext_t; 760 735 type xproperty_t, info_xproperty_t, clipboard_xproperty_t; 761 736 type input_xevent_t, focus_xevent_t, property_xevent_t, manage_xevent_t; … … 766 741 attribute xproperty_type; 767 742 attribute xevent_type, xextension_type; 768 attribute $1_x_domain, $1_input_xevent_type;743 attribute input_xevent_type; 769 744 770 745 class x_drawable all_x_drawable_perms; … … 791 766 792 767 # Type attributes 793 typeattribute $ 3 $1_x_domain,x_domain;768 typeattribute $2 x_domain; 794 769 795 770 # Types for properties 796 type $ 2_xproperty_t alias $2_default_xproperty_t, xproperty_type;771 type $1_xproperty_t alias $1_default_xproperty_t, xproperty_type; 797 772 798 773 # Types for events 799 type $ 2_input_xevent_t, $1_input_xevent_type, xevent_type;800 type $ 2_property_xevent_t, xevent_type;801 type $ 2_focus_xevent_t, xevent_type;802 type $ 2_manage_xevent_t, xevent_type;803 type $ 2_default_xevent_t, xevent_type;804 type $ 2_client_xevent_t, xevent_type;774 type $1_input_xevent_t, input_xevent_type, xevent_type; 775 type $1_property_xevent_t, xevent_type; 776 type $1_focus_xevent_t, xevent_type; 777 type $1_manage_xevent_t, xevent_type; 778 type $1_default_xevent_t, xevent_type; 779 type $1_client_xevent_t, xevent_type; 805 780 806 781 ############################## … … 812 787 # everyone can get the input focus of everyone else 813 788 # this is a fundamental brokenness in the X protocol 814 allow $ 3{ x_domain x_server_domain }:x_device getfocus;789 allow $2 { x_domain x_server_domain }:x_device getfocus; 815 790 # everyone can grab the server 816 791 # everyone does it, it is basically a free DOS attack 817 allow $ 3x_server_domain:x_server grab;792 allow $2 x_server_domain:x_server grab; 818 793 # everyone can get the font path, etc. 819 794 # this could leak out sensitive information 820 allow $ 3x_server_domain:x_server getattr;795 allow $2 x_server_domain:x_server getattr; 821 796 # everyone can do override-redirect windows. 822 797 # this could be used to spoof labels 823 allow $ 3self:x_drawable override;798 allow $2 self:x_drawable override; 824 799 # everyone can receive management events on the root window 825 800 # allows to know when new windows appear, among other things 826 allow $ 3manage_xevent_t:x_event receive;801 allow $2 manage_xevent_t:x_event receive; 827 802 828 803 # X Server 829 804 # can read server-owned resources 830 allow $ 3x_server_domain:x_resource read;805 allow $2 x_server_domain:x_resource read; 831 806 # can mess with own clients 832 allow $ 3self:x_client { manage destroy };807 allow $2 self:x_client { manage destroy }; 833 808 834 809 # X Protocol Extensions 835 allow $ 3std_xext_t:x_extension { query use };836 allow $ 3shmem_xext_t:x_extension { query use };837 dontaudit $ 3xextension_type:x_extension { query use };810 allow $2 std_xext_t:x_extension { query use }; 811 allow $2 shmem_xext_t:x_extension { query use }; 812 dontaudit $2 xextension_type:x_extension { query use }; 838 813 839 814 # X Properties 840 815 # can read and write client properties 841 allow $ 3 $2_xproperty_t:x_property { create destroy read write append };816 allow $2 $1_xproperty_t:x_property { create destroy read write append }; 842 817 type_transition $3 xproperty_t:x_property $2_xproperty_t; 843 818 # can read and write cut buffers 844 allow $ 3clipboard_xproperty_t:x_property { create read write append };819 allow $2 clipboard_xproperty_t:x_property { create read write append }; 845 820 # can read info properties 846 allow $ 3info_xproperty_t:x_property read;821 allow $2 info_xproperty_t:x_property read; 847 822 # can change properties of root window 848 allow $ 3 $1_rootwindow_t:x_drawable { list_property get_property set_property };823 allow $2 rootwindow_t:x_drawable { list_property get_property set_property }; 849 824 # can change properties of own windows 850 allow $ 3self:x_drawable { list_property get_property set_property };825 allow $2 self:x_drawable { list_property get_property set_property }; 851 826 852 827 # X Windows 853 828 # operations allowed on root windows 854 allow $ 3 $1_rootwindow_t:x_drawable { getattr list_child add_child remove_child send receive };829 allow $2 rootwindow_t:x_drawable { getattr list_child add_child remove_child send receive }; 855 830 # operations allowed on my windows 856 allow $ 3self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };857 type_transition $ 3 $1_rootwindow_t:x_drawable $3;831 allow $2 self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive }; 832 type_transition $2 rootwindow_t:x_drawable $2; 858 833 859 834 # X Colormaps 860 835 # can use the default colormap 861 allow $ 3 $1_rootwindow_t:x_colormap { read use add_color };836 allow $2 rootwindow_t:x_colormap { read use add_color }; 862 837 863 838 # X Input 864 839 # can receive own events 865 allow $ 3 $2_input_xevent_t:{ x_event x_synthetic_event } receive;866 allow $ 3 $2_property_xevent_t:{ x_event x_synthetic_event } receive;867 allow $ 3 $2_focus_xevent_t:{ x_event x_synthetic_event } receive;868 allow $ 3 $2_manage_xevent_t:{ x_event x_synthetic_event } receive;869 allow $ 3 $2_default_xevent_t:{ x_event x_synthetic_event } receive;870 allow $ 3 $2_client_xevent_t:{ x_event x_synthetic_event } receive;871 type_transition $ 3 input_xevent_t:x_event $2_input_xevent_t;872 type_transition $ 3 property_xevent_t:x_event $2_property_xevent_t;873 type_transition $ 3 focus_xevent_t:x_event $2_focus_xevent_t;874 type_transition $ 3 manage_xevent_t:x_event $2_manage_xevent_t;875 type_transition $ 3 client_xevent_t:x_event $2_client_xevent_t;876 type_transition $ 3 xevent_t:x_event $2_default_xevent_t;840 allow $2 $1_input_xevent_t:{ x_event x_synthetic_event } receive; 841 allow $2 $1_property_xevent_t:{ x_event x_synthetic_event } receive; 842 allow $2 $1_focus_xevent_t:{ x_event x_synthetic_event } receive; 843 allow $2 $1_manage_xevent_t:{ x_event x_synthetic_event } receive; 844 allow $2 $1_default_xevent_t:{ x_event x_synthetic_event } receive; 845 allow $2 $1_client_xevent_t:{ x_event x_synthetic_event } receive; 846 type_transition $2 input_xevent_t:x_event $1_input_xevent_t; 847 type_transition $2 property_xevent_t:x_event $1_property_xevent_t; 848 type_transition $2 focus_xevent_t:x_event $1_focus_xevent_t; 849 type_transition $2 manage_xevent_t:x_event $1_manage_xevent_t; 850 type_transition $2 client_xevent_t:x_event $1_client_xevent_t; 851 type_transition $2 xevent_t:x_event $1_default_xevent_t; 877 852 # can receive certain root window events 878 allow $ 3focus_xevent_t:x_event receive;879 allow $ 3property_xevent_t:x_event receive;880 allow $ 3client_xevent_t:x_synthetic_event receive;881 allow $ 3manage_xevent_t:x_synthetic_event receive;853 allow $2 focus_xevent_t:x_event receive; 854 allow $2 property_xevent_t:x_event receive; 855 allow $2 client_xevent_t:x_synthetic_event receive; 856 allow $2 manage_xevent_t:x_synthetic_event receive; 882 857 # can send ICCCM events to myself 883 allow $ 3 $2_manage_xevent_t:x_synthetic_event send;858 allow $2 $1_manage_xevent_t:x_synthetic_event send; 884 859 # can send ICCCM events to the root window 885 allow $ 3manage_xevent_t:x_synthetic_event send;886 allow $ 3client_xevent_t:x_synthetic_event send;860 allow $2 manage_xevent_t:x_synthetic_event send; 861 allow $2 client_xevent_t:x_synthetic_event send; 887 862 888 863 # X Selections 889 864 # can use the clipboard 890 allow $ 3clipboard_xselection_t:x_selection { getattr setattr read };865 allow $2 clipboard_xselection_t:x_selection { getattr setattr read }; 891 866 # can query all other selections 892 allow $ 3xselection_t:x_selection { getattr read };867 allow $2 xselection_t:x_selection { getattr read }; 893 868 894 869 # Other X Objects 895 870 # can create and use cursors 896 allow $ 3self:x_cursor *;871 allow $2 self:x_cursor *; 897 872 # can create and use graphics contexts 898 allow $ 3self:x_gc *;873 allow $2 self:x_gc *; 899 874 # can create and use colormaps 900 allow $ 3self:x_colormap *;875 allow $2 self:x_colormap *; 901 876 # can read and write own objects 902 allow $ 3self:x_resource { read write };877 allow $2 self:x_resource { read write }; 903 878 904 879 tunable_policy(`! xserver_object_manager',` 905 # should be xserver_unconfined($ 3),880 # should be xserver_unconfined($2), 906 881 # but typeattribute doesnt work in conditionals 907 882 gen_require(` 908 attribute x_ server_domain, x_domain;883 attribute x_domain; 909 884 attribute xproperty_type, xselection_type; 910 885 attribute xextension_type, xevent_type; 911 attribute rootwindow_type; 912 913 type remote_xclient_t; 886 887 type xserver_t, rootwindow_t, remote_xclient_t; 914 888 ') 915 allow $3 x_server_domain:x_server *; 916 allow $3 { x_domain rootwindow_type }:x_drawable *; 917 allow $3 x_server_domain:x_screen *; 918 allow $3 x_domain:x_gc *; 919 allow $3 { x_domain rootwindow_type }:x_colormap *; 920 allow $3 xproperty_type:x_property *; 921 allow $3 xselection_type:x_selection *; 922 allow $3 x_domain:x_cursor *; 923 allow $3 { x_domain remote_xclient_t }:x_client *; 924 allow $3 { x_domain x_server_domain }:x_device *; 925 allow $3 xextension_type:x_extension *; 926 allow $3 { x_domain x_server_domain }:x_resource *; 927 allow $3 xevent_type:{ x_event x_synthetic_event } *; 889 890 allow $2 xserver_t:x_server *; 891 allow $2 { x_domain rootwindow_t }:x_drawable *; 892 allow $2 xserver_t:x_screen *; 893 allow $2 x_domain:x_gc *; 894 allow $2 { x_domain rootwindow_t }:x_colormap *; 895 allow $2 xproperty_type:x_property *; 896 allow $2 xselection_type:x_selection *; 897 allow $2 x_domain:x_cursor *; 898 allow $2 { x_domain remote_xclient_t }:x_client *; 899 allow $2 { x_domain xserver_t }:x_device *; 900 allow $2 xextension_type:x_extension *; 901 allow $2 { x_domain xserver_t }:x_resource *; 902 allow $2 xevent_type:{ x_event x_synthetic_event } *; 928 903 ') 929 904 ') … … 935 910 ## X client application. 936 911 ## </summary> 937 ## <param name="user">938 ## <summary>939 ## The prefix of the X server domain (e.g., user940 ## is the prefix for user_t).941 ## </summary>942 ## </param>943 912 ## <param name="prefix"> 944 913 ## <summary> … … 961 930 gen_require(` 962 931 type xdm_t, xdm_tmp_t; 963 type $1_xauth_home_t, $1_iceauth_home_t, $1_xserver_t, $1_xserver_tmpfs_t;964 ') 965 966 allow $ 3self:shm create_shm_perms;967 allow $ 3self:unix_dgram_socket create_socket_perms;968 allow $ 3self:unix_stream_socket { connectto create_stream_socket_perms };932 type xauth_home_t, iceauth_home_t, xserver_t, xserver_tmpfs_t; 933 ') 934 935 allow $2 self:shm create_shm_perms; 936 allow $2 self:unix_dgram_socket create_socket_perms; 937 allow $2 self:unix_stream_socket { connectto create_stream_socket_perms }; 969 938 970 939 # Read .Xauthority file 971 allow $ 3 $1_xauth_home_t:file { getattr read };972 allow $ 3 $1_iceauth_home_t:file { getattr read };940 allow $2 xauth_home_t:file { getattr read }; 941 allow $2 iceauth_home_t:file { getattr read }; 973 942 974 943 # for when /tmp/.X11-unix is created by the system 975 allow $ 3xdm_t:fd use;976 allow $ 3xdm_t:fifo_file { getattr read write ioctl };977 allow $ 3xdm_tmp_t:dir search;978 allow $ 3xdm_tmp_t:sock_file { read write };979 dontaudit $ 3xdm_t:tcp_socket { read write };944 allow $2 xdm_t:fd use; 945 allow $2 xdm_t:fifo_file { getattr read write ioctl }; 946 allow $2 xdm_tmp_t:dir search; 947 allow $2 xdm_tmp_t:sock_file { read write }; 948 dontaudit $2 xdm_t:tcp_socket { read write }; 980 949 981 950 # Allow connections to X server. 982 files_search_tmp($ 3)983 984 miscfiles_read_fonts($ 3)985 986 userdom_search_user_home_dirs($ 1,$3)951 files_search_tmp($2) 952 953 miscfiles_read_fonts($2) 954 955 userdom_search_user_home_dirs($2) 987 956 # for .xsession-errors 988 userdom_dontaudit_write_user_home_content_files($1,$3) 989 990 xserver_ro_session_template(xdm,$3,$4) 991 xserver_rw_session_template($1,$3,$4) 992 xserver_use_user_fonts($1,$3) 993 994 xserver_read_xdm_tmp_files($3) 957 userdom_dontaudit_write_user_home_content_files($2) 958 959 xserver_ro_session($2,$3) 960 xserver_use_user_fonts($2) 961 962 xserver_read_xdm_tmp_files($2) 995 963 996 964 # X object manager 997 xserver_common_x_domain_template($1,$2 ,$3)965 xserver_common_x_domain_template($1,$2) 998 966 999 967 # Client write xserver shm 1000 968 tunable_policy(`allow_write_xshm',` 1001 allow $ 3 $1_xserver_t:shm rw_shm_perms;1002 allow $ 3 $1_xserver_tmpfs_t:file rw_file_perms;969 allow $2 xserver_t:shm rw_shm_perms; 970 allow $2 xserver_tmpfs_t:file rw_file_perms; 1003 971 ') 1004 972 ') … … 1019 987 ## </p> 1020 988 ## </desc> 1021 ## <param name="userdomain_prefix"> 1022 ## <summary> 1023 ## The prefix of the user domain (e.g., user 1024 ## is the prefix for user_t). 1025 ## </summary> 1026 ## </param> 1027 ## <param name="domain"> 1028 ## <summary> 1029 ## Domain allowed access. 1030 ## </summary> 1031 ## </param> 1032 # 1033 template(`xserver_use_user_fonts',` 1034 gen_require(` 1035 type $1_fonts_t, $1_fonts_cache_t, $1_fonts_config_t; 989 ## <param name="domain"> 990 ## <summary> 991 ## Domain allowed access. 992 ## </summary> 993 ## </param> 994 # 995 interface(`xserver_use_user_fonts',` 996 gen_require(` 997 type user_fonts_t, user_fonts_cache_t, user_fonts_config_t; 1036 998 ') 1037 999 1038 1000 # Read per user fonts 1039 allow $ 2 $1_fonts_t:dir list_dir_perms;1040 allow $ 2 $1_fonts_t:file read_file_perms;1001 allow $1 user_fonts_t:dir list_dir_perms; 1002 allow $1 user_fonts_t:file read_file_perms; 1041 1003 1042 1004 # Manipulate the global font cache 1043 manage_dirs_pattern($ 2,$1_fonts_cache_t,$1_fonts_cache_t)1044 manage_files_pattern($ 2,$1_fonts_cache_t,$1_fonts_cache_t)1005 manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t) 1006 manage_files_pattern($1, user_fonts_cache_t, user_fonts_cache_t) 1045 1007 1046 1008 # Read per user font config 1047 allow $2 $1_fonts_config_t:dir list_dir_perms; 1048 allow $2 $1_fonts_config_t:file read_file_perms; 1049 1050 userdom_search_user_home_dirs($1,$2) 1051 ') 1052 1053 ######################################## 1054 ## <summary> 1055 ## Transition to a user Xauthority domain. 1056 ## </summary> 1057 ## <desc> 1058 ## <p> 1059 ## Transition to a user Xauthority domain. 1060 ## </p> 1061 ## <p> 1062 ## This is a templated interface, and should only 1063 ## be called from a per-userdomain template. 1064 ## </p> 1065 ## </desc> 1066 ## <param name="userdomain_prefix"> 1067 ## <summary> 1068 ## The prefix of the user domain (e.g., user 1069 ## is the prefix for user_t). 1070 ## </summary> 1071 ## </param> 1072 ## <param name="domain"> 1073 ## <summary> 1074 ## Domain allowed access. 1075 ## </summary> 1076 ## </param> 1077 # 1078 template(`xserver_domtrans_user_xauth',` 1079 gen_require(` 1080 type $1_xauth_t, xauth_exec_t; 1081 ') 1082 1083 domtrans_pattern($2, xauth_exec_t, $1_xauth_t) 1084 ') 1085 1086 ######################################## 1087 ## <summary> 1088 ## Transition to a user Xauthority domain. 1089 ## </summary> 1090 ## <desc> 1091 ## <p> 1092 ## Transition to a user Xauthority domain. 1093 ## </p> 1094 ## <p> 1095 ## This is a templated interface, and should only 1096 ## be called from a per-userdomain template. 1097 ## </p> 1098 ## </desc> 1099 ## <param name="userdomain_prefix"> 1100 ## <summary> 1101 ## The prefix of the user domain (e.g., user 1102 ## is the prefix for user_t). 1103 ## </summary> 1104 ## </param> 1105 ## <param name="domain"> 1106 ## <summary> 1107 ## Domain allowed access. 1108 ## </summary> 1109 ## </param> 1110 # 1111 template(`xserver_user_home_dir_filetrans_user_xauth',` 1112 gen_require(` 1113 type $1_xauth_home_t; 1114 ') 1115 1116 userdom_user_home_dir_filetrans($1, $2, $1_xauth_home_t, file) 1009 allow $1 user_fonts_config_t:dir list_dir_perms; 1010 allow $1 user_fonts_config_t:file read_file_perms; 1011 1012 userdom_search_user_home_dirs($1) 1013 ') 1014 1015 ######################################## 1016 ## <summary> 1017 ## Transition to the Xauthority domain. 1018 ## </summary> 1019 ## <param name="domain"> 1020 ## <summary> 1021 ## Domain allowed access. 1022 ## </summary> 1023 ## </param> 1024 # 1025 interface(`xserver_domtrans_xauth',` 1026 gen_require(` 1027 type xauth_t, xauth_exec_t; 1028 ') 1029 1030 domtrans_pattern($1, xauth_exec_t, xauth_t) 1031 ') 1032 1033 ######################################## 1034 ## <summary> 1035 ## Create a Xauthority file in the user home directory. 1036 ## </summary> 1037 ## <param name="domain"> 1038 ## <summary> 1039 ## Domain allowed access. 1040 ## </summary> 1041 ## </param> 1042 # 1043 interface(`xserver_user_home_dir_filetrans_user_xauth',` 1044 gen_require(` 1045 type xauth_home_t; 1046 ') 1047 1048 userdom_user_home_dir_filetrans($1, xauth_home_t, file) 1117 1049 ') 1118 1050 … … 1129 1061 # 1130 1062 interface(`xserver_use_all_users_fonts',` 1131 gen_require(` 1132 attribute fonts_type, fonts_cache_type, fonts_config_type; 1133 ') 1134 1135 # Read per user fonts 1136 allow $1 fonts_type:dir list_dir_perms; 1137 allow $1 fonts_type:file read_file_perms; 1138 1139 # Manipulate the global font cache 1140 manage_dirs_pattern($1,fonts_cache_type,fonts_cache_type) 1141 manage_files_pattern($1,fonts_cache_type,fonts_cache_type) 1142 1143 # Read per user font config 1144 allow $1 fonts_config_type:dir list_dir_perms; 1145 allow $1 fonts_config_type:file read_file_perms; 1146 1147 userdom_search_all_users_home_dirs($1) 1063 refpolicywarn(`$0() has been deprecated, please use xserver_use_user_fonts.') 1064 xserver_use_user_fonts($1) 1148 1065 ') 1149 1066 … … 1159 1076 # 1160 1077 interface(`xserver_read_all_users_xauth',` 1161 gen_require(` 1162 attribute xauth_home_type; 1163 ') 1164 1165 allow $1 xauth_home_type:file read_file_perms; 1166 userdom_search_all_users_home_dirs($1) 1078 refpolicywarn(`$0() and/or $1 needs to be exempt on files.') 1079 gen_require(` 1080 type xauth_home_t; 1081 ') 1082 1083 allow $1 xauth_home_t:file read_file_perms; 1084 userdom_search_user_home_dirs($1) 1167 1085 ') 1168 1086 … … 1391 1309 1392 1310 allow $1 xdm_var_lib_t:file { getattr read }; 1393 ')1394 1395 ########################################1396 ## <summary>1397 ## Execute the X server in the XDM X server domain.1398 ## </summary>1399 ## <param name="domain">1400 ## <summary>1401 ## Domain allowed access.1402 ## </summary>1403 ## </param>1404 #1405 interface(`xserver_domtrans_xdm_xserver',`1406 gen_require(`1407 type xdm_xserver_t, xserver_exec_t;1408 ')1409 1410 allow $1 xdm_xserver_t:process siginh;1411 domtrans_pattern($1,xserver_exec_t,xdm_xserver_t)1412 1311 ') 1413 1312 … … 1558 1457 ## </param> 1559 1458 # 1560 interface(`xserver_read_xdm_xserver_tmp_files',`1561 gen_require(`1562 type xdm_xserver_tmp_t;1563 ')1564 1565 allow $1 xdm_xserver_tmp_t:file { getattr read };1566 ')1567 1568 ########################################1569 ## <summary>1570 ## Read xdm temporary files.1571 ## </summary>1572 ## <param name="domain">1573 ## <summary>1574 ## Domain to not audit1575 ## </summary>1576 ## </param>1577 #1578 1459 interface(`xserver_read_xdm_tmp_files',` 1579 1460 gen_require(` … … 1661 1542 ######################################## 1662 1543 ## <summary> 1663 ## Signal XDM X servers 1544 ## Execute the X server in the X server domain. 1545 ## </summary> 1546 ## <param name="domain"> 1547 ## <summary> 1548 ## Domain allowed access. 1549 ## </summary> 1550 ## </param> 1551 # 1552 interface(`xserver_domtrans',` 1553 gen_require(` 1554 type xserver_t, xserver_exec_t; 1555 ') 1556 1557 allow $1 xserver_t:process siginh; 1558 domtrans_pattern($1, xserver_exec_t, xserver_t) 1559 ') 1560 1561 ######################################## 1562 ## <summary> 1563 ## Signal X servers 1664 1564 ## </summary> 1665 1565 ## <param name="domain"> … … 1669 1569 ## </param> 1670 1570 # 1671 interface(`xserver_signal _xdm_xserver',`1672 gen_require(` 1673 type x dm_xserver_t;1674 ') 1675 1676 allow $1 x dm_xserver_t:process signal;1677 ') 1678 1679 ######################################## 1680 ## <summary> 1681 ## Kill X DM Xservers1571 interface(`xserver_signal',` 1572 gen_require(` 1573 type xserver_t; 1574 ') 1575 1576 allow $1 xserver_t:process signal; 1577 ') 1578 1579 ######################################## 1580 ## <summary> 1581 ## Kill X servers 1682 1582 ## </summary> 1683 1583 ## <param name="domain"> … … 1687 1587 ## </param> 1688 1588 # 1689 interface(`xserver_kill _xdm_xserver',`1690 gen_require(` 1691 type x dm_xserver_t;1692 ') 1693 1694 allow $1 x dm_xserver_t:process sigkill;1589 interface(`xserver_kill',` 1590 gen_require(` 1591 type xserver_t; 1592 ') 1593 1594 allow $1 xserver_t:process sigkill; 1695 1595 ') 1696 1596 … … 1698 1598 ## <summary> 1699 1599 ## Do not audit attempts to read and write to 1700 ## a XDM X server socket.1600 ## X server sockets. 1701 1601 ## </summary> 1702 1602 ## <param name="domain"> … … 1706 1606 ## </param> 1707 1607 # 1708 interface(`xserver_dontaudit_rw_ xdm_xserver_tcp_sockets',`1709 gen_require(` 1710 type x dm_xserver_t;1711 ') 1712 1713 dontaudit $1 x dm_xserver_t:tcp_socket { read write };1714 ') 1715 1716 ######################################## 1717 ## <summary> 1718 ## Do not audit attempts to read and write xdm_xserver1608 interface(`xserver_dontaudit_rw_tcp_sockets',` 1609 gen_require(` 1610 type xserver_t; 1611 ') 1612 1613 dontaudit $1 xserver_t:tcp_socket { read write }; 1614 ') 1615 1616 ######################################## 1617 ## <summary> 1618 ## Do not audit attempts to read and write X server 1719 1619 ## unix domain stream sockets. 1720 1620 ## </summary> … … 1725 1625 ## </param> 1726 1626 # 1727 interface(`xserver_dontaudit_rw_ xdm_stream_sockets',`1728 gen_require(` 1729 type x dm_xserver_t;1730 ') 1731 1732 dontaudit $1 x dm_xserver_t:unix_stream_socket { read write };1733 ') 1734 1735 ######################################## 1736 ## <summary> 1737 ## Connect to xdm_xserver over a unix domain1627 interface(`xserver_dontaudit_rw_stream_sockets',` 1628 gen_require(` 1629 type xserver_t; 1630 ') 1631 1632 dontaudit $1 xserver_t:unix_stream_socket { read write }; 1633 ') 1634 1635 ######################################## 1636 ## <summary> 1637 ## Connect to the X server over a unix domain 1738 1638 ## stream socket. 1739 1639 ## </summary> … … 1744 1644 ## </param> 1745 1645 # 1746 interface(`xserver_stream_connect _xdm_xserver',`1747 gen_require(` 1748 type x dm_xserver_t, xdm_xserver_tmp_t;1646 interface(`xserver_stream_connect',` 1647 gen_require(` 1648 type xserver_t, xserver_tmp_t; 1749 1649 ') 1750 1650 1751 1651 files_search_tmp($1) 1752 stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t) 1652 stream_connect_pattern($1, xserver_tmp_t, xserver_tmp_t, xserver_t) 1653 ') 1654 1655 ######################################## 1656 ## <summary> 1657 ## Read X server temporary files. 1658 ## </summary> 1659 ## <param name="domain"> 1660 ## <summary> 1661 ## Domain to not audit 1662 ## </summary> 1663 ## </param> 1664 # 1665 interface(`xserver_read_xserver_tmp_files',` 1666 gen_require(` 1667 type xserver_tmp_t; 1668 ') 1669 1670 allow $1 xserver_tmp_t:file { getattr read }; 1671 files_search_tmp($1) 1753 1672 ') 1754 1673 branches/rbacsep/policy/modules/services/xserver.te
r2720 r2723 29 29 gen_tunable(xserver_object_manager,false) 30 30 31 attribute fonts_type; 32 attribute fonts_cache_type; 33 attribute fonts_config_type; 34 attribute xauth_home_type; 35 36 # Domains 31 attribute input_xevent_type; 37 32 attribute xserver_unconfined_type; 38 attribute x_server_domain;39 40 # Per-object attributes41 attribute rootwindow_type;42 33 attribute x_domain; 34 attribute x_userdomain 43 35 attribute xproperty_type; 44 36 attribute xselection_type; … … 137 129 138 130 # Type for the executable used to start the X server, e.g. Xwrapper. 139 type xserver_t , x_server_domain;131 type xserver_t; 140 132 type xserver_exec_t; 141 133 xserver_common_x_domain_template(xdm,xdm,xdm_t) … … 154 146 type xserver_log_t; 155 147 logging_log_file(xserver_log_t) 148 149 # basic object manager rules for user domains 150 xserver_common_x_domain_template(user, x_userdomain) 156 151 157 152 ifdef(`enable_mcs',` … … 555 550 allow xserver_t self:udp_socket create_socket_perms; 556 551 552 # Device rules 553 allow x_domain xserver_t:x_device { read getattr use setattr setfocus grab bell }; 554 555 allow xserver_t { input_xevent_t input_xevent_type }:x_event send; 556 557 557 domtrans_pattern(xserver_t, xauth_exec_t, xauth_t) 558 558 … … 792 792 ') 793 793 794 ##############################795 #796 # User X object manager local policy797 #798 attribute $1_input_xevent_type;799 800 # Device rules801 allow x_domain xserver_t:x_device { read getattr use setattr setfocus grab bell };802 803 allow xserver_t { input_xevent_t $1_input_xevent_type }:x_event send;804 805 xserver_common_x_domain_template($1,$1,$2)806 ')807 808 794 ######################################## 809 795 # … … 811 797 # 812 798 813 allow xserver_unconfined_type x _server_domain:x_server *;814 allow xserver_unconfined_type { x_domain rootwindow_t ype}:x_drawable *;815 allow xserver_unconfined_type x _server_domain:x_screen *;799 allow xserver_unconfined_type xserver_t:x_server *; 800 allow xserver_unconfined_type { x_domain rootwindow_t }:x_drawable *; 801 allow xserver_unconfined_type xserver_t:x_screen *; 816 802 allow xserver_unconfined_type x_domain:x_gc *; 817 allow xserver_unconfined_type { x_domain rootwindow_t ype}:x_colormap *;803 allow xserver_unconfined_type { x_domain rootwindow_t }:x_colormap *; 818 804 allow xserver_unconfined_type xproperty_type:x_property *; 819 805 allow xserver_unconfined_type xselection_type:x_selection *; 820 806 allow xserver_unconfined_type x_domain:x_cursor *; 821 807 allow xserver_unconfined_type { x_domain remote_xclient_t }:x_client *; 822 allow xserver_unconfined_type { x_domain x _server_domain}:x_device *;808 allow xserver_unconfined_type { x_domain xserver_t }:x_device *; 823 809 allow xserver_unconfined_type xextension_type:x_extension *; 824 allow xserver_unconfined_type { x_domain x _server_domain}:x_resource *;810 allow xserver_unconfined_type { x_domain xserver_t }:x_resource *; 825 811 allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *; 826 812