diff --git a/refpolicy/Changelog b/refpolicy/Changelog index 73851b2..f78c716 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -1,3 +1,4 @@ +- Add user fonts to xserver. - Additional interfaces in corecommands, miscfiles, and userdomain from Joy Latten. - Miscellaneous fixes from Thomas Bleher. diff --git a/refpolicy/policy/modules/services/xserver.fc b/refpolicy/policy/modules/services/xserver.fc index 3d19691..77f634b 100644 --- a/refpolicy/policy/modules/services/xserver.fc +++ b/refpolicy/policy/modules/services/xserver.fc @@ -2,6 +2,10 @@ # HOME_DIR # ifdef(`strict_policy',` +HOME_DIR/\.fonts.conf -- gen_context(system_u:object_r:ROLE_fonts_config_t,s0) +HOME_DIR/\.fonts(/.*)? gen_context(system_u:object_r:ROLE_fonts_t,s0) +HOME_DIR/\.fonts/auto(/.*)? gen_context(system_u:object_r:ROLE_fonts_cache_t,s0) +HOME_DIR/\.fonts.cache-.* -- gen_context(system_u:object_r:ROLE_fonts_cache_t,s0) HOME_DIR/\.ICEauthority.* -- gen_context(system_u:object_r:ROLE_iceauth_home_t,s0) HOME_DIR/\.xauth.* -- gen_context(system_u:object_r:ROLE_xauth_home_t,s0) HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:ROLE_xauth_home_t,s0) diff --git a/refpolicy/policy/modules/services/xserver.if b/refpolicy/policy/modules/services/xserver.if index c928d83..f0e8a8e 100644 --- a/refpolicy/policy/modules/services/xserver.if +++ b/refpolicy/policy/modules/services/xserver.if @@ -229,6 +229,15 @@ template(`xserver_per_userdomain_template',` xserver_common_domain_template($1) role $3 types $1_xserver_t; + type $1_fonts_t, fonts_type; + userdom_user_home_content($1,$1_fonts_t) + + type $1_fonts_cache_t, fonts_cache_type; + userdom_user_home_content($1,$1_fonts_cache_t) + + type $1_fonts_config_t, fonts_config_type; + userdom_user_home_content($1,$1_fonts_cache_t) + type $1_iceauth_t; domain_type($1_iceauth_t) role $3 types $1_iceauth_t; @@ -269,6 +278,17 @@ template(`xserver_per_userdomain_template',` allow $1_xserver_t $2:shm rw_shm_perms; + allow $2 $1_fonts_t:dir manage_dir_perms; + allow $2 $1_fonts_t:file manage_file_perms; + allow $2 $1_fonts_t:{ dir file } { relabelto relabelfrom }; + + allow $2 $1_fonts_config_t:dir manage_dir_perms; + allow $2 $1_fonts_config_t:file manage_file_perms; + allow $2 $1_fonts_config_t:file { relabelto relabelfrom }; + + # For startup relabel + allow $2 $1_fonts_cache_t:{ dir file } { relabelto relabelfrom }; + allow $2 $1_xserver_tmp_t:dir r_dir_perms; allow $2 $1_xserver_tmp_t:sock_file rw_file_perms; allow $2 $1_xserver_t:unix_stream_socket connectto; @@ -288,14 +308,13 @@ template(`xserver_per_userdomain_template',` userdom_setattr_user_ttys($1,$1_xserver_t) userdom_rw_user_tmpfs_files($1,$1_xserver_t) + xserver_use_user_fonts($1,$1_xserver_t) + optional_policy(` userhelper_search_config($1_xserver_t) ') ifdef(`TODO',` - # Read fonts - read_fonts($1_xserver_t, $1) - allow $1_t xdm_xserver_tmp_t:dir r_dir_perms; allow $1_t xdm_xserver_t:unix_stream_socket connectto; @@ -559,6 +578,7 @@ template(`xserver_user_client_template',` xserver_ro_session_template(xdm,$2,$3) xserver_rw_session_template($1,$2,$3) + xserver_use_user_fonts($1,$2) # Client write xserver shm tunable_policy(`allow_write_xshm',` @@ -571,10 +591,57 @@ template(`xserver_user_client_template',` kernel_tcp_recvfrom($2) ssh_tcp_connect($2) ') +') - ifdef(`TODO',` - # cjp: need to implement the user-specific fonts part - read_fonts($2, $1) +######################################## +## +## Read user fonts, user font configuration, +## and manage the user font cache. +## +## +##

+## Read user fonts, user font configuration, +## and manage the user font cache. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+##
+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## +## +## Domain allowed access. +## +## +# +template(`xserver_use_user_fonts',` + gen_require(` + type $1_fonts_t, $1_fonts_cache_t, $1_fonts_config_t; + ') + + # Read per user fonts + allow $2 $1_fonts_t:dir list_dir_perms; + allow $2 $1_fonts_t:file read_file_perms; + + # Manipulate the global font cache + allow $2 $1_fonts_cache_t:dir manage_dir_perms; + allow $2 $1_fonts_cache_t:file manage_file_perms; + + # Read per user font config + allow $2 $1_fonts_config_t:dir list_dir_perms; + allow $2 $1_fonts_config_t:file read_file_perms; + + userdom_search_user_home_dirs($1,$2) + + # There are some fonts in .gnome2 + ifdef(`gnome.te', ` + allow $2 $1_gnome_settings_t:dir { getattr search }; ') ') @@ -617,6 +684,42 @@ template(`xserver_domtrans_user_xauth',` ######################################## ## +## Read all users fonts, user font configurations, +## and manage all users font caches. +## +## +## +## Domain allowed access. +## +## +# +interface(`xserver_use_all_users_fonts',` + gen_require(` + attribute fonts_type, fonts_cache_type, fonts_config_type; + ') + + # Read per user fonts + allow $1 fonts_type:dir list_dir_perms; + allow $1 fonts_type:file read_file_perms; + + # Manipulate the global font cache + allow $1 fonts_cache_type:dir manage_dir_perms; + allow $1 fonts_cache_type:file manage_file_perms; + + # Read per user font config + allow $1 fonts_config_type:dir list_dir_perms; + allow $1 fonts_config_type:file read_file_perms; + + userdom_search_all_users_home_dirs($1) + + # There are some fonts in .gnome2 + ifdef(`gnome.te', ` + allow $1 $1_gnome_settings_t:dir { getattr search }; + ') +') + +######################################## +## ## Connect to XDM over a unix domain ## stream socket. ## diff --git a/refpolicy/policy/modules/services/xserver.te b/refpolicy/policy/modules/services/xserver.te index ae96e2e..06867a9 100644 --- a/refpolicy/policy/modules/services/xserver.te +++ b/refpolicy/policy/modules/services/xserver.te @@ -1,11 +1,15 @@ -policy_module(xserver,1.1.1) +policy_module(xserver,1.1.2) ######################################## # # Declarations # +attribute fonts_type; +attribute fonts_cache_type; +attribute fonts_config_type; + type ice_tmp_t; files_tmp_file(ice_tmp_t) @@ -414,12 +418,7 @@ ifdef(`strict_policy',` # (xauth?) userdom_read_unpriv_users_home_content_files(xdm_xserver_t) - ifdef(`TODO',` - # Read all global and per user fonts - read_fonts(xdm_xserver_t, sysadm) - read_fonts(xdm_xserver_t, staff) - read_fonts(xdm_xserver_t, user) - ') dnl end TODO + xserver_use_all_users_fonts(xdm_xserver_t) ') ifdef(`targeted_policy',` diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if index dc63864..336f06b 100644 --- a/refpolicy/policy/modules/system/userdomain.if +++ b/refpolicy/policy/modules/system/userdomain.if @@ -3873,6 +3873,25 @@ interface(`userdom_read_sysadm_home_content_files',` ######################################## ## +## Search all users home directories. +## +## +## +## Domain allowed access. +## +## +# +interface(`userdom_search_all_users_home_dirs',` + gen_require(` + attribute home_dir_type; + ') + + files_list_home($1) + allow $1 home_dir_type:dir search_dir_perms; +') + +######################################## +## ## List all users home directories. ## ## diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te index fda1e87..eda29fa 100644 --- a/refpolicy/policy/modules/system/userdomain.te +++ b/refpolicy/policy/modules/system/userdomain.te @@ -1,5 +1,5 @@ -policy_module(userdomain,1.3.6) +policy_module(userdomain,1.3.7) gen_require(` role sysadm_r, staff_r, user_r;