# Content access macros

# FIXME: After nested booleans are supported, replace NFS/CIFS

# w/ read_network_home, and write_network_home macros from global

# FIXME: If true/false constant booleans are supported, replace

# ugly $3 ifdefs with if(true), if(false)...

# FIXME: Do we want write to imply read?

############################################################

# read_content(domain, role_prefix, bool_prefix)

#

# Allow the given domain to read content.

# Content may be trusted or untrusted,

# Reading anything is subject to a controlling boolean based on bool_prefix.

# Reading untrusted content is additionally subject to read_untrusted_content

# Reading default_t is additionally subject to read_default_t

define(`read_content', `

# Declare controlling boolean

ifelse($3, `', `', `

ifdef(`$3_read_content_defined', `', `

define(`$3_read_content_defined')

bool $3_read_content false;

') dnl ifdef 

') dnl ifelse

# Handle nfs home dirs

ifelse($3, `', 

`if (use_nfs_home_dirs) { ', 

`if ($3_read_content && use_nfs_home_dirs) {')

allow $1 { autofs_t home_root_t }:dir { read search getattr };

r_dir_file($1, nfs_t)

} else {

dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };

dontaudit $1 nfs_t:file r_file_perms;

dontaudit $1 nfs_t:dir r_dir_perms;

}

# Handle samba home dirs

ifelse($3, `',

`if (use_samba_home_dirs) { ',

`if ($3_read_content && use_samba_home_dirs) {')

allow $1 { autofs_t home_root_t }:dir { read search getattr };

r_dir_file($1, cifs_t)

} else {

dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };

dontaudit $1 cifs_t:file r_file_perms;

dontaudit $1 cifs_t:dir r_dir_perms;

}

# Handle removable media, /tmp, and /home

ifelse($3, `', `', 

`if ($3_read_content) {')

allow $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };

r_dir_file($1, { $2_tmp_t $2_home_t } )

ifdef(`mls_policy', `', `

r_dir_file($1, removable_t)

')

ifelse($3, `', `', 

`} else {

dontaudit $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };

dontaudit $1 { removable_t $2_tmp_t $2_home_t }:dir r_dir_perms;

dontaudit $1 { removable_t $2_tmp_t $2_home_t }:file r_file_perms;

}') 

# Handle default_t content

ifelse($3, `',

`if (read_default_t) { ',

`if ($3_read_content && read_default_t) {')

r_dir_file($1, default_t)

} else {

dontaudit $1 default_t:file r_file_perms;

dontaudit $1 default_t:dir r_dir_perms;

} 

# Handle untrusted content

ifelse($3, `',

`if (read_untrusted_content) { ',

`if ($3_read_content && read_untrusted_content) {')

allow $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };

r_dir_file($1, { $2_untrusted_content_t $2_untrusted_content_tmp_t })

} else {

dontaudit $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };

dontaudit $1 { $2_untrusted_content_t $2_untrusted_content_tmp_t }:dir r_dir_perms;

dontaudit $1 { $2_untrusted_content_t $2_untrusted_content_tmp_t }:file r_file_perms;

}

') dnl read_content

#################################################

# write_trusted(domain, role_prefix, bool_prefix)

#

# Allow the given domain to write trusted content.

# This is subject to a controlling boolean based

# on bool_prefix.

define(`write_trusted', `

# Declare controlling boolean

ifelse($3, `', `', `

ifdef(`$3_write_content_defined', `', `

define(`$3_write_content_defined')

bool $3_write_content false;

') dnl ifdef

') dnl ifelse

# Handle nfs homedirs

ifelse($3, `',

`if (use_nfs_home_dirs) { ',

`if ($3_write_content && use_nfs_home_dirs) {')

allow $1 { autofs_t home_root_t }:dir { read search getattr };

create_dir_file($1, nfs_t)

} else {

dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };

dontaudit $1 nfs_t:file create_file_perms;

dontaudit $1 nfs_t:dir create_dir_perms;

}

# Handle samba homedirs

ifelse($3, `',

`if (use_samba_home_dirs) { ',

`if ($3_write_content && use_samba_home_dirs) {')

allow $1 { autofs_t home_root_t }:dir { read search getattr };

create_dir_file($1, cifs_t)

} else {

dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };

dontaudit $1 cifs_t:file create_file_perms;

dontaudit $1 cifs_t:dir create_dir_perms;

}

# Handle /tmp and /home

ifelse($3, `', `', 

`if ($3_write_content) {') 

allow $1 home_root_t:dir { read getattr search };

file_type_auto_trans($1, tmp_t, $2_tmp_t, { dir file });

file_type_auto_trans($1, $2_home_dir_t, $2_home_t, { dir file });

ifelse($3, `', `', 

`} else {

dontaudit $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };

dontaudit $1 { $2_tmp_t $2_home_t }:file create_file_perms;

dontaudit $1 { $2_tmp_t $2_home_t }:dir create_dir_perms;

}')

') dnl write_trusted

#########################################

# write_untrusted(domain, role_prefix)

#

# Allow the given domain to write untrusted content. 

# This is subject to the global boolean write_untrusted.

define(`write_untrusted', `

# Handle nfs homedirs

if (write_untrusted_content && use_nfs_home_dirs) {

allow $1 { autofs_t home_root_t }:dir { read search getattr };

create_dir_file($1, nfs_t)

} else {

dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };

dontaudit $1 nfs_t:file create_file_perms;

dontaudit $1 nfs_t:dir create_dir_perms;

}

# Handle samba homedirs

if (write_untrusted_content && use_samba_home_dirs) {

allow $1 { autofs_t home_root_t }:dir { read search getattr };

create_dir_file($1, cifs_t)

} else {

dontaudit $1 { autofs_t home_root_t }:dir { read search getattr };

dontaudit $1 cifs_t:file create_file_perms;

dontaudit $1 cifs_t:dir create_dir_perms;

}

# Handle /tmp and /home

if (write_untrusted_content) {

allow $1 home_root_t:dir { read getattr search };

file_type_auto_trans($1, { tmp_t $2_tmp_t }, $2_untrusted_content_tmp_t, { dir file })

file_type_auto_trans($1, { $2_home_dir_t $2_home_t }, $2_untrusted_content_t, { dir file })

} else {

dontaudit $1 { tmp_t home_root_t $2_home_dir_t }:dir { read getattr search };

dontaudit $1 { $2_tmp_t $2_home_t }:file create_file_perms;

dontaudit $1 { $2_tmp_t $2_home_t }:dir create_dir_perms;

}

') dnl write_untrusted