From a2868f6eae01369d18f52aa4b81c9f95f237849a Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Sep 28 2005 19:07:22 +0000
Subject: start adding secure_file_type implementation



---

diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index 4a6af13..b853c52 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -7,8 +7,8 @@ policy_module(bind,1.0)
 #
 
 # for DNSSEC key files
-type dnssec_t; #, secure_file_type;
-files_type(dnssec_t)
+type dnssec_t;
+files_security_file(dnssec_t)
 
 type named_t;
 type named_exec_t;
diff --git a/refpolicy/policy/modules/services/kerberos.te b/refpolicy/policy/modules/services/kerberos.te
index 27fac58..6701465 100644
--- a/refpolicy/policy/modules/services/kerberos.te
+++ b/refpolicy/policy/modules/services/kerberos.te
@@ -23,8 +23,8 @@ type krb5_conf_t;
 files_type(krb5_conf_t)
 
 # types for general configuration files in /etc
-type krb5_keytab_t; #, secure_file_type;
-files_type(krb5_keytab_t)
+type krb5_keytab_t;
+files_security_file(krb5_keytab_t)
 
 # types for KDC configs and principal file(s)
 type krb5kdc_conf_t;
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index f59f485..c0910e8 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -153,6 +153,26 @@ interface(`files_poly_member_tmp',`
 
 ########################################
 ## <summary>
+##	Make the specified type a file that
+##	should not be dontaudited from
+##	browsing from user domains.
+## </summary>
+## <param name="file_type">
+##	Type of the file to be used as a
+##	member directory.
+## </param>
+#
+interface(`files_security_file',`
+	gen_require(`
+		attribute security_file_type;
+	')
+
+	files_type($1)
+	typeattribute $1 security_file_type;
+')
+
+########################################
+## <summary>
 ##	Make the specified type a file
 ##	used for temporary files.
 ## </summary>
@@ -247,6 +267,23 @@ interface(`files_list_all_dirs',`
 
 ########################################
 ## <summary>
+##	Do not audit attempts to list all
+##	non security directories.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_list_non_security',`
+	gen_require(`
+		attribute file_type, security_file_type;
+	')
+
+	dontaudit $1 { file_type -security_file_type }:dir r_dir_perms;
+')
+
+########################################
+## <summary>
 ##	Get the attributes of all files.
 ## </summary>
 ## <param name="domain">
@@ -276,7 +313,6 @@ interface(`files_getattr_all_files',`
 interface(`files_dontaudit_getattr_all_files',`
 	gen_require(`
 		attribute file_type;
-		class file getattr;
 	')
 
 	dontaudit $1 file_type:file getattr;
@@ -284,6 +320,23 @@ interface(`files_dontaudit_getattr_all_files',`
 
 ########################################
 ## <summary>
+##	Do not audit attempts to get the attributes
+##	of non security files.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_getattr_non_security_files',`
+	gen_require(`
+		attribute file_type, security_file_type;
+	')
+
+	dontaudit $1 { file_type -security_file_type }:file getattr;
+')
+
+########################################
+## <summary>
 ##	Read all files.
 ## </summary>
 ## <param name="domain">
@@ -344,6 +397,57 @@ interface(`files_dontaudit_getattr_all_symlinks',`
 
 ########################################
 ## <summary>
+##	Do not audit attempts to get the attributes
+##	of non security symbolic links.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_getattr_non_security_symlinks',`
+	gen_require(`
+		attribute file_type, security_file_type;
+	')
+
+	dontaudit $1 { file_type -security_file_type }:lnk_file getattr;
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of non security block devices.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_getattr_non_security_blk_dev',`
+	gen_require(`
+		attribute file_type, security_file_type;
+	')
+
+	dontaudit $1 { file_type -security_file_type }:blk_file getattr;
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of non security character devices.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_getattr_non_security_chr_dev',`
+	gen_require(`
+		attribute file_type, security_file_type;
+	')
+
+	dontaudit $1 { file_type -security_file_type }:chr_file getattr;
+')
+
+########################################
+## <summary>
 ##	Read all symbolic links.
 ## </summary>
 ## <param name="domain">
@@ -400,6 +504,23 @@ interface(`files_dontaudit_getattr_all_pipes',`
 
 ########################################
 ## <summary>
+##	Do not audit attempts to get the attributes
+##	of non security named pipes.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_getattr_non_security_pipes',`
+	gen_require(`
+		attribute file_type, security_file_type;
+	')
+
+	dontaudit $1 { file_type -security_file_type }:fifo_file getattr;
+')
+
+########################################
+## <summary>
 ##	Get the attributes of all named sockets.
 ## </summary>
 ## <param name="domain">
@@ -437,6 +558,23 @@ interface(`files_dontaudit_getattr_all_sockets',`
 
 ########################################
 ## <summary>
+##	Do not audit attempts to get the attributes
+##	of non security named sockets.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
+#
+interface(`files_dontaudit_getattr_non_security_sockets',`
+	gen_require(`
+		attribute file_type, security_file_type;
+	')
+
+	dontaudit $1 { file_type -security_file_type }:sock_file getattr;
+')
+
+########################################
+## <summary>
 ##	Relabel all files on the filesystem, except
 ##	the listed exceptions.
 ## </summary>
diff --git a/refpolicy/policy/modules/system/files.te b/refpolicy/policy/modules/system/files.te
index 281fac4..3545494 100644
--- a/refpolicy/policy/modules/system/files.te
+++ b/refpolicy/policy/modules/system/files.te
@@ -22,6 +22,10 @@ attribute polyparent;
 # And labeling for the member directories
 attribute polymember;
 
+# sensitive security files whose accesses should
+# not be dontaudited for uses
+attribute security_file_type;
+
 attribute tmpfile;
 attribute tmpfsfile;
 
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index cdc5495..d23c918 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -13,11 +13,11 @@ type auditctl_exec_t;
 init_system_domain(auditctl_t,auditctl_exec_t)
 role system_r types auditctl_t;
 
-type auditd_etc_t; #, secure_file_type;
-files_type(auditd_etc_t)
+type auditd_etc_t;
+files_security_file(auditd_etc_t)
 
-type auditd_log_t; # secure_file_type;
-files_type(auditd_log_t)
+type auditd_log_t;
+files_security_file(auditd_log_t)
 
 type auditd_t;
 type auditd_exec_t;
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 0950c76..8ccac59 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -212,6 +212,14 @@ template(`base_user_template',`
 	files_exec_etc_files($1_t)
 	files_read_usr_src_files($1_t)
 	files_search_locks($1_t)
+	# old broswer_domain():
+	files_dontaudit_list_non_security($1_t)
+	files_dontaudit_getattr_non_security_files($1_t)
+	files_dontaudit_getattr_non_security_symlinks($1_t)
+	files_dontaudit_getattr_non_security_pipes($1_t)
+	files_dontaudit_getattr_non_security_sockets($1_t)
+	files_dontaudit_getattr_non_security_blk_dev($1_t)
+	files_dontaudit_getattr_non_security_chr_dev($1_t)
 
 	# Caused by su - init scripts
 	init_dontaudit_use_script_pty($1_t)
@@ -385,9 +393,7 @@ template(`base_user_template',`
 
 	allow $1_t fs_type:dir getattr;
 
-	dontaudit $1 file_type - secure_file_type:dir_file_class_set getattr; 
-	dontaudit $1 file_type - secure_file_type:dir search;
-	dontaudit $1 file_type - secure_file_type:dir read;
+	# old browser_domain():
 	dontaudit $1 unlabeled_t:dir_file_class_set getattr;
 	dontaudit $1 unlabeled_t:dir search;
 	dontaudit $1 unlabeled_t:dir read;