diff --git a/refpolicy/Rules.monolithic b/refpolicy/Rules.monolithic
index d2a2f1e..0833fa3 100644
--- a/refpolicy/Rules.monolithic
+++ b/refpolicy/Rules.monolithic
@@ -96,7 +96,7 @@ tmp/generated_definitions.conf: $(ALL_LAYERS) $(ALL_TE_FILES)
@test -d tmp || mkdir -p tmp
$(QUIET) echo "define(\`per_userdomain_templates',\`" > $@
$(QUIET) for i in $(patsubst %.te,%,$(notdir $(ALL_MODULES))); do \
- echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$1'")')" \
+ echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \
>> $@ ;\
done
$(QUIET) echo "')" >> $@
diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if
index d86b4c1..992493c 100644
--- a/refpolicy/policy/modules/admin/su.if
+++ b/refpolicy/policy/modules/admin/su.if
@@ -75,6 +75,7 @@ template(`su_per_userdomain_template',`
term_use_all_user_ttys($1_su_t)
term_use_all_user_ptys($1_su_t)
+ auth_domtrans_user_chk_passwd($1_su_t,$1)
auth_dontaudit_read_shadow($1_su_t)
domain_wide_inherit_fd($1_su_t)
@@ -96,6 +97,8 @@ template(`su_per_userdomain_template',`
seutil_read_config($1_su_t)
seutil_read_default_contexts($1_su_t)
+ userdom_use_user_terminals($1_su_t,$1)
+
if(secure_mode)
{
# Only allow transitions to unprivileged user domains.
@@ -130,17 +133,12 @@ template(`su_per_userdomain_template',`
')
ifdef(`TODO',`
- domain_auto_trans($1_su_t, chkpwd_exec_t, $1_chkpwd_t)
-
# Caused by su - init scripts
dontaudit $1_su_t initrc_devpts_t:chr_file { getattr ioctl };
# Inherit and use descriptors from gnome-pty-helper.
ifdef(`gnome-pty-helper.te', `allow $1_su_t $1_gph_t:fd use;')
- # Write to the user domain tty.
- access_terminal($1_su_t, $1)
-
allow $1_su_t { home_root_t $1_home_dir_t }:dir search;
allow $1_su_t $1_home_t:file create_file_perms;
diff --git a/refpolicy/policy/modules/admin/sudo.if b/refpolicy/policy/modules/admin/sudo.if
index d1373ae..4ff3ed5 100644
--- a/refpolicy/policy/modules/admin/sudo.if
+++ b/refpolicy/policy/modules/admin/sudo.if
@@ -121,6 +121,10 @@ template(`sudo_per_userdomain_template',`
seutil_read_config($1_sudo_t)
seutil_read_default_contexts($1_sudo_t)
+ userdom_manage_user_home_subdir_files($1_sudo_t,$1)
+ userdom_manage_user_home_subdir_symlinks($1_sudo_t,$1)
+ userdom_manage_user_tmp_files($1_sudo_t,$1)
+ userdom_manage_user_tmp_symlinks($1_sudo_t,$1)
userdom_use_unpriv_users_fd($1_sudo_t)
# for some PAM modules and for cwd
userdom_dontaudit_search_all_users_home($1_sudo_t)
@@ -156,8 +160,5 @@ template(`sudo_per_userdomain_template',`
allow $1_sudo_t pam_var_run_t:dir create_dir_perms;
allow $1_sudo_t pam_var_run_t:file create_file_perms;
')
-
- rw_dir_create_file($1_sudo_t, $1_tmp_t)
- rw_dir_create_file($1_sudo_t, $1_home_t)
') dnl end TODO
')
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index f69bd70..ac380e1 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -112,6 +112,13 @@ template(`cron_per_userdomain_template',`
miscfiles_read_localization($1_crond_t)
+ userdom_manage_user_tmp_files($1_crond_t,$1)
+ userdom_manage_user_tmp_symlinks($1_crond_t,$1)
+ userdom_manage_user_tmp_pipes($1_crond_t,$1)
+ userdom_manage_user_tmp_sockets($1_crond_t,$1)
+ # Run scripts in user home directory and access shared libs.
+ userdom_exec_user_home_files($1_crond_t,$1)
+
tunable_policy(`fcron_crond', `
allow crond_t $1_cron_spool_t:file create_file_perms;
')
@@ -122,13 +129,10 @@ template(`cron_per_userdomain_template',`
ifdef(`TODO',`
# Access user files and dirs.
- allow $1_crond_t home_root_t:dir search;
file_type_auto_trans($1_crond_t, $1_home_dir_t, $1_home_t)
- # Run scripts in user home directory and access shared libs.
- can_exec($1_crond_t, $1_home_t)
-
- file_type_auto_trans($1_crond_t, tmp_t, $1_tmp_t)
+ allow $1_crond_t tmp_t:dir rw_dir_perms;
+ type_transition $1_crond_t $1_tmp_t:{ file lnk_file sock_file fifo_file } $1_tmp_t;
ifdef(`mta.te', `
domain_auto_trans($1_crond_t, sendmail_exec_t, $1_mail_t)
@@ -198,6 +202,9 @@ template(`cron_per_userdomain_template',`
seutil_dontaudit_search_config($1_crontab_t)
+ userdom_manage_user_tmp_dirs($1_crontab_t,$1)
+ userdom_manage_user_tmp_files($1_crontab_t,$1)
+
tunable_policy(`fcron_crond', `
# fcron wants an instant update of a crontab change for the administrator
# also crontab does a security check for crontab -u
@@ -210,8 +217,8 @@ template(`cron_per_userdomain_template',`
dontaudit $1_crontab_t proc_t:dir search;
- # Type for temporary files.
- file_type_auto_trans($1_crontab_t, tmp_t, $1_tmp_t, { dir file })
+ allow $1_crond_t tmp_t:dir rw_dir_perms;
+ type_transition $1_crond_t $1_tmp_t:{ file dir } $1_tmp_t;
# Run helper programs as $1_t
domain_auto_trans($1_crontab_t, { bin_t sbin_t shell_exec_t }, $1_t)
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 7037a40..c4ada70 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -115,6 +115,46 @@ template(`authlogin_per_userdomain_template',`
########################################
##
+## Run unix_chkpwd to check a password
+## for a user domain.
+##
+##
+##
+## Run unix_chkpwd to check a password
+## for a user domain.
+##
+##
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+##
+##
+##
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+##
+##
+## The type of the process performing this action.
+##
+#
+template(`auth_domtrans_user_chk_passwd',`
+ gen_require(`
+ type chkpwd_exec_t;
+ class process sigchld;
+ class fd use;
+ class fifo_file rw_file_perms;
+ ')
+
+ corecmd_search_bin($1)
+ domain_auto_trans($1,chkpwd_exec_t,$2_chkpwd_t)
+
+ allow $1 $2_chkpwd_t:fd use;
+ allow $2_chkpwd_t $1:fd use;
+ allow $2_chkpwd_t $1:fifo_file rw_file_perms;
+ allow $2_chkpwd_t $1:process sigchld;
+')
+
+########################################
+##
## Use the login program as an entry point program.
##
##
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 19969fc..7668c03 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -81,7 +81,7 @@ template(`base_user_template',`
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
# execute files in the home directory
- allow $1_t $1_home_t:file { rx_file_perms execute_no_trans };
+ can_exec($1_t,$1_home_t)
# full control of the home directory
allow $1_t $1_home_t:file { create_file_perms relabelfrom relabelto };
@@ -92,7 +92,7 @@ template(`base_user_template',`
allow $1_t $1_home_dir_t:dir create_dir_perms;
type_transition $1_t $1_home_dir_t:{ dir notdevfile_class_set } $1_home_t;
- allow $1_t $1_tmp_t:file { rx_file_perms execute_no_trans };
+ can_exec($1_t,$1_tmp_t)
# Bind to a Unix domain socket in /tmp.
# cjp: this is combination is not checked and should be removed
@@ -114,7 +114,7 @@ template(`base_user_template',`
# user domain and the program, and allow us to maintain separation
# between different instances of the program being run by different
# user domains.
- per_userdomain_templates($1)
+ per_userdomain_templates($1,$1_t)
kernel_read_kernel_sysctl($1_t)
selinux_get_fs_mount($1_t)
@@ -867,6 +867,307 @@ template(`admin_user_template',`
########################################
##
+## Execute user home files.
+##
+##
+##
+## Execute user home files.
+##
+##
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+##
+##
+##
+## The type of the process performing this action.
+##
+##
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+##
+#
+template(`userdom_exec_user_home_files',`
+ gen_require(`
+ class dir search;
+ ')
+
+ files_search_home($1)
+ allow $1 $2_home_dir_t:dir search;
+ allow $1 $2_home_t:dir search;
+ can_exec($1,$2_home_t)
+')
+
+########################################
+##
+## Create, read, write, and delete files
+## in a user home subdirectory.
+##
+##
+##
+## Create, read, write, and delete files
+## in a user home subdirectory.
+##
+##
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+##
+##
+##
+## The type of the process performing this action.
+##
+##
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+##
+#
+template(`userdom_manage_user_home_subdir_files',`
+ gen_require(`
+ class dir rw_dir_perms;
+ class file create_file_perms;
+ ')
+
+ files_search_home($1)
+ allow $1 $2_home_dir_t:dir search;
+ allow $1 $2_home_t:dir rw_dir_perms;
+ allow $1 $2_home_t:file create_file_perms;
+')
+
+########################################
+##
+## Create, read, write, and delete symbolic links
+## in a user home subdirectory.
+##
+##
+##
+## Create, read, write, and delete symbolic links
+## in a user home subdirectory.
+##
+##
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+##
+##
+##
+## The type of the process performing this action.
+##
+##
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+##
+#
+template(`userdom_manage_user_home_subdir_symlinks',`
+ gen_require(`
+ class dir rw_dir_perms;
+ class lnk_file create_lnk_perms;
+ ')
+
+ files_search_home($1)
+ allow $1 $2_home_dir_t:dir search;
+ allow $1 $2_home_t:dir rw_dir_perms;
+ allow $1 $2_home_t:lnk_file create_lnk_perms;
+')
+
+########################################
+##
+## Create, read, write, and delete user
+## temporary directories.
+##
+##
+##
+## Create, read, write, and delete user
+## temporary directories.
+##
+##
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+##
+##
+##
+## The type of the process performing this action.
+##
+##
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+##
+#
+template(`userdom_manage_user_tmp_dirs',`
+ gen_require(`
+ class dir create_dir_perms;
+ ')
+
+ files_search_tmp($1)
+ allow $1 $2_tmp_t:dir create_dir_perms;
+')
+
+########################################
+##
+## Create, read, write, and delete user
+## temporary files.
+##
+##
+##
+## Create, read, write, and delete user
+## temporary files.
+##
+##
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+##
+##
+##
+## The type of the process performing this action.
+##
+##
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+##
+#
+template(`userdom_manage_user_tmp_files',`
+ gen_require(`
+ class dir rw_dir_perms;
+ class file create_file_perms;
+ ')
+
+ files_search_tmp($1)
+ allow $1 $2_tmp_t:dir rw_dir_perms;
+ allow $1 $2_tmp_t:file create_file_perms;
+')
+
+########################################
+##
+## Create, read, write, and delete user
+## temporary symbolic links.
+##
+##
+##
+## Create, read, write, and delete user
+## temporary symbolic links.
+##
+##
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+##
+##
+##
+## The type of the process performing this action.
+##
+##
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+##
+#
+template(`userdom_manage_user_tmp_symlinks',`
+ gen_require(`
+ class dir rw_dir_perms;
+ class lnk_file create_lnk_perms;
+ ')
+
+ files_search_tmp($1)
+ allow $1 $2_tmp_t:dir rw_dir_perms;
+ allow $1 $2_tmp_t:lnk_file create_lnk_perms;
+')
+
+########################################
+##
+## Create, read, write, and delete user
+## temporary named pipes.
+##
+##
+##
+## Create, read, write, and delete user
+## temporary named pipes.
+##
+##
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+##
+##
+##
+## The type of the process performing this action.
+##
+##
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+##
+#
+template(`userdom_manage_user_tmp_pipes',`
+ gen_require(`
+ class dir rw_dir_perms;
+ class fifo_file create_file_perms;
+ ')
+
+ files_search_tmp($1)
+ allow $1 $2_tmp_t:dir rw_dir_perms;
+ allow $1 $2_tmp_t:fifo_file create_file_perms;
+')
+
+########################################
+##
+## Create, read, write, and delete user
+## temporary named sockets.
+##
+##
+##
+## Create, read, write, and delete user
+## temporary named sockets.
+##
+##
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+##
+##
+##
+## The type of the process performing this action.
+##
+##
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+##
+#
+template(`userdom_manage_user_tmp_sockets',`
+ gen_require(`
+ class dir rw_dir_perms;
+ class sock_file create_file_perms;
+ ')
+
+ files_search_tmp($1)
+ allow $1 $2_tmp_t:dir rw_dir_perms;
+ allow $1 $2_tmp_t:sock_file create_file_perms;
+')
+
+########################################
+##
+## Read and write a user domain tty and pty.
+##
+##
+##
+## Read and write a user domain tty and pty.
+##
+##
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+##
+##
+##
+## The type of the process performing this action.
+##
+##
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+##
+#
+template(`userdom_use_user_terminals',`
+ gen_require(`
+ class chr_file rw_term_perms;
+ ')
+
+ allow $1 $2_tty_device_t:chr_file rw_term_perms;
+ allow $1 $2_devpts_t:chr_file rw_term_perms;
+ term_list_ptys($1)
+')
+
+########################################
+##
## Execute a shell in all user domains. This
## is an explicit transition, requiring the
## caller to use setexeccon().