Blob Blame History Raw
## <summary>
## Core policy for shells, and generic programs
## in /bin, /sbin, /usr/bin, and /usr/sbin.
## </summary>
## <required val="true">
##	Contains the base bin and sbin directory types
##	which need to be searched for the kernel to
##	run init.
## </required>

########################################
## <summary>
##	Create a aliased type to generic bin files.
## </summary>
## <desc>
##	<p>
##	Create a aliased type to generic bin files.
##	</p>
##	<p>
##	This is added to support targeted policy.  Its
##	use should be limited.  It has no effect
##	on the strict policy.
##	</p>
## </desc>
## <param name="domain">
##	Alias type for bin_t.
## </param>
interface(`corecmd_bin_alias',`
	ifdef(`targeted_policy',`
		gen_require(`
			type bin_t;
		')

		typealias bin_t alias $1;
	',`
		errprint(`Warning: $0($1) has no effect in strict policy.'__endline__)
	')
')

########################################
## <summary>
##	Make the shell an entrypoint for the specified domain.
## </summary>
## <param name="domain">
##	The domain for which the shell is an entrypoint.
## </param>
interface(`corecmd_shell_entry_type',`
	gen_require(`
		type shell_exec_t;
	')

	domain_entry_file($1,shell_exec_t)
')

########################################
#
# corecmd_search_bin(domain)
#
interface(`corecmd_search_bin',`
	gen_require(`
		type bin_t;
		class dir search;
	')

	allow $1 bin_t:dir search;
')

########################################
#
# corecmd_list_bin(domain)
#
interface(`corecmd_list_bin',`
	gen_require(`
		type bin_t;
		class dir r_dir_perms;
	')

	allow $1 bin_t:dir r_dir_perms;
')

########################################
## <summary>
##	Get the attributes of files in bin directories.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`corecmd_getattr_bin_file',`
	gen_require(`
		type bin_t;
		class file getattr;
	')

	allow $1 bin_t:file getattr;
')

########################################
## <summary>
##	Read files in bin directories.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`corecmd_read_bin_file',`
	gen_require(`
		type bin_t;
		class dir search;
		class file r_file_perms;
	')

	allow $1 bin_t:dir search;
	allow $1 bin_t:file r_file_perms;
')

########################################
## <summary>
##	Read symbolic links in bin directories.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`corecmd_read_bin_symlink',`
	gen_require(`
		type bin_t;
		class dir search;
		class lnk_file r_file_perms;
	')

	allow $1 bin_t:dir search;
	allow $1 bin_t:lnk_file r_file_perms;
')

########################################
## <summary>
##	Read pipes in bin directories.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`corecmd_read_bin_pipe',`
	gen_require(`
		type bin_t;
		class dir search;
		class fifo_file r_file_perms;
	')

	allow $1 bin_t:dir search;
	allow $1 bin_t:fifo_file r_file_perms;
')

########################################
## <summary>
##	Read named sockets in bin directories.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`corecmd_read_bin_socket',`
	gen_require(`
		type bin_t;
		class dir search;
		class sock_file r_file_perms;
	')

	allow $1 bin_t:dir search;
	allow $1 bin_t:sock_file r_file_perms;
')

########################################
#
# corecmd_exec_bin(domain)
#
interface(`corecmd_exec_bin',`
	gen_require(`
		type bin_t;
		class dir r_dir_perms;
		class lnk_file r_file_perms;
	')

	allow $1 bin_t:dir r_dir_perms;
	allow $1 bin_t:lnk_file r_file_perms;
	can_exec($1,bin_t)

')

########################################
## <summary>
##	Create, read, write, and delete bin files.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`corecmd_manage_bin_files',`
	gen_require(`
		type bin_t;
	')

	allow $1 bin_t:dir rw_dir_perms;
	allow $1 bin_t:file manage_file_perms;
')

########################################
## <summary>
##	Relabel to and from the bin type.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`corecmd_relabel_bin_files',`
	gen_require(`
		type bin_t;
	')

	allow $1 bin_t:dir search_dir_perms;
	allow $1 bin_t:file { relabelfrom relabelto };
')

########################################
## <summary>
##	Mmap a bin file as executable.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`corecmd_mmap_bin_files',`
	gen_require(`
		type bin_t;
	')

	allow $1 bin_t:dir search_dir_perms;
	allow $1 bin_t:file { getattr read execute };
')

########################################
## <summary>
##	Execute a file in a bin directory
##	in the specified domain.
## </summary>
## <desc>
##	<p>
##	Execute a file in a bin directory
##	in the specified domain.  This allows
##	the specified domain to execute any file
##	on these filesystems in the specified
##	domain.  This is not suggested.
##	</p>
##	<p>
##	No interprocess communication (signals, pipes,
##	etc.) is provided by this interface since
##	the domains are not owned by this module.
##	</p>
##	<p>
##	This interface was added to handle
##	the ssh-agent policy.
##	</p>
## </desc>
## <param name="domain">
##	Domain allowed access.
## </param>
## <param name="target_domain">
##	The type of the new process.
## </param>
#
interface(`corecmd_bin_domtrans',`
	gen_require(`
		type bin_t;
		class dir search;
		class lnk_file { getattr read };
	')

	allow $1 bin_t:dir search;
	allow $1 bin_t:lnk_file { getattr read };

	domain_auto_trans($1,bin_t,$2)
')

########################################
#
# corecmd_search_sbin(domain)
#
interface(`corecmd_search_sbin',`
	gen_require(`
		type sbin_t;
	')

	allow $1 sbin_t:dir search_dir_perms;
')

########################################
## <summary>
##	Do not audit attempts to search
##	sbin directories.
## </summary>
## <param name="domain">
##	Domain to not audit.
## </param>
#
interface(`corecmd_dontaudit_search_sbin',`
	gen_require(`
		type sbin_t;
	')

	dontaudit $1 sbin_t:dir search_dir_perms;
')

########################################
#
# corecmd_list_sbin(domain)
#
interface(`corecmd_list_sbin',`
	gen_require(`
		type sbin_t;
		class dir r_dir_perms;
	')

	allow $1 sbin_t:dir r_dir_perms;
')

########################################
#
# corecmd_getattr_sbin_file(domain)
#
interface(`corecmd_getattr_sbin_file',`
	gen_require(`
		type sbin_t;
		class file getattr;
	')

	allow $1 sbin_t:file getattr;
')

########################################
#
# corecmd_dontaudit_getattr_sbin_file(domain)
#
interface(`corecmd_dontaudit_getattr_sbin_file',`
	gen_require(`
		type sbin_t;
		class file getattr;
	')

	dontaudit $1 sbin_t:file getattr;
')

########################################
## <summary>
##	Read files in sbin directories.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`corecmd_read_sbin_file',`
	gen_require(`
		type sbin_t;
		class dir search;
		class file r_file_perms;
	')

	allow $1 sbin_t:dir search;
	allow $1 sbin_t:file r_file_perms;
')

########################################
## <summary>
##	Read symbolic links in sbin directories.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`corecmd_read_sbin_symlink',`
	gen_require(`
		type sbin_t;
		class dir search;
		class lnk_file r_file_perms;
	')

	allow $1 sbin_t:dir search;
	allow $1 sbin_t:lnk_file r_file_perms;
')

########################################
## <summary>
##	Read named pipes in sbin directories.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`corecmd_read_sbin_pipe',`
	gen_require(`
		type sbin_t;
		class dir search;
		class fifo_file r_file_perms;
	')

	allow $1 sbin_t:dir search;
	allow $1 sbin_t:fifo_file r_file_perms;
')

########################################
## <summary>
##	Read named sockets in sbin directories.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`corecmd_read_sbin_socket',`
	gen_require(`
		type sbin_t;
		class dir search;
		class sock_file r_file_perms;
	')

	allow $1 sbin_t:dir search;
	allow $1 sbin_t:sock_file r_file_perms;
')

########################################
#
# corecmd_exec_sbin(domain)
#
interface(`corecmd_exec_sbin',`
	gen_require(`
		type sbin_t;
		class dir r_dir_perms;
		class lnk_file r_file_perms;
	')

	allow $1 sbin_t:dir r_dir_perms;
	allow $1 sbin_t:lnk_file r_file_perms;
	can_exec($1,sbin_t)
')

########################################
## <summary>
##	Create, read, write, and delete sbin files.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
# cjp: added for prelink
interface(`corecmd_manage_sbin_files',`
	gen_require(`
		type sbin_t;
	')

	allow $1 sbin_t:dir rw_dir_perms;
	allow $1 sbin_t:file manage_file_perms;
')

########################################
## <summary>
##	Relabel to and from the sbin type.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
# cjp: added for prelink
interface(`corecmd_relabel_sbin_files',`
	gen_require(`
		type sbin_t;
	')

	allow $1 sbin_t:dir search_dir_perms;
	allow $1 sbin_t:file { relabelfrom relabelto };
')

########################################
## <summary>
##	Mmap a sbin file as executable.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
# cjp: added for prelink
interface(`corecmd_mmap_sbin_files',`
	gen_require(`
		type sbin_t;
	')

	allow $1 sbin_t:dir search_dir_perms;
	allow $1 sbin_t:file { getattr read execute };
')

########################################
## <summary>
##	Execute a file in a sbin directory
##	in the specified domain.
## </summary>
## <desc>
##	<p>
##	Execute a file in a sbin directory
##	in the specified domain.  This allows
##	the specified domain to execute any file
##	on these filesystems in the specified
##	domain.  This is not suggested.
##	</p>
##	<p>
##	No interprocess communication (signals, pipes,
##	etc.) is provided by this interface since
##	the domains are not owned by this module.
##	</p>
##	<p>
##	This interface was added to handle
##	the ssh-agent policy.
##	</p>
## </desc>
## <param name="domain">
##	Domain allowed access.
## </param>
## <param name="target_domain">
##	The type of the new process.
## </param>
#
interface(`corecmd_sbin_domtrans',`
	gen_require(`
		type sbin_t;
		class dir search;
		class lnk_file { getattr read };
	')

	allow $1 sbin_t:dir search;
	allow $1 sbin_t:lnk_file { getattr read };

	domain_auto_trans($1,sbin_t,$2)
')

########################################
## <summary>
##	Check if a shell is executable (DAC-wise).
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`corecmd_check_exec_shell',`
	gen_require(`
		type bin_t, shell_exec_t;
	')

	allow $1 bin_t:dir r_dir_perms;
	allow $1 bin_t:lnk_file r_file_perms;
	allow $1 shell_exec_t:file execute;
')

########################################
#
# corecmd_exec_shell(domain)
#
interface(`corecmd_exec_shell',`
	gen_require(`
		type bin_t, shell_exec_t;
		class dir r_dir_perms;
		class lnk_file r_file_perms;
	')

	allow $1 bin_t:dir r_dir_perms;
	allow $1 bin_t:lnk_file r_file_perms;
	can_exec($1,shell_exec_t)
')

########################################
#
# corecmd_exec_ls(domain)
#
interface(`corecmd_exec_ls',`
	gen_require(`
		type bin_t, ls_exec_t;
		class dir r_dir_perms;
		class lnk_file r_file_perms;
	')

	allow $1 bin_t:dir r_dir_perms;
	allow $1 bin_t:lnk_file r_file_perms;
	can_exec($1,ls_exec_t)
')

########################################
## <summary>
##	Execute a shell in the target domain.  This
##	is an explicit transition, requiring the
##	caller to use setexeccon().
## </summary>
## <desc>
##	<p>
##	Execute a shell in the target domain.  This
##	is an explicit transition, requiring the
##	caller to use setexeccon().
##	</p>
##	<p>
##	No interprocess communication (signals, pipes,
##	etc.) is provided by this interface since
##	the domains are not owned by this module.
##	</p>
## </desc>
## <param name="domain">
##	Domain allowed access.
## </param>
## <param name="target_domain">
##	The type of the shell process.
## </param>
#
interface(`corecmd_shell_spec_domtrans',`
	gen_require(`
		type bin_t, shell_exec_t;
		class dir r_dir_perms;
		class lnk_file r_file_perms;
	')

	allow $1 bin_t:dir r_dir_perms;
	allow $1 bin_t:lnk_file r_file_perms;

	domain_trans($1,shell_exec_t,$2)
')

########################################
## <summary>
##	Execute a shell in the specified domain.
## </summary>
## <desc>
##	<p>
##	Execute a shell in the specified domain.
##	</p>
##	<p>
##	No interprocess communication (signals, pipes,
##	etc.) is provided by this interface since
##	the domains are not owned by this module.
##	</p>
## </desc>
## <param name="domain">
##	Domain allowed access.
## </param>
## <param name="target_domain">
##	The type of the shell process.
## </param>
#
interface(`corecmd_shell_domtrans',`
	gen_require(`
		type shell_exec_t;
	')

	corecmd_shell_spec_domtrans($1,$2)
	type_transition $1 shell_exec_t:process $2;
')

########################################
#
# corecmd_exec_chroot(domain)
#
interface(`corecmd_exec_chroot',`
	gen_require(`
		type chroot_exec_t;
		class capability sys_chroot;
	')

	can_exec($1,chroot_exec_t)
	allow $1 self:capability sys_chroot;
')