diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index cd08bc3..b18abce 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -1392,13 +1392,21 @@ interface(`userdom_search_user_home_dirs',` ######################################## ## <summary> -## Search user home directories. +## Do not audit attempts to search user home directories. ## </summary> +## <desc> +## <p> +## Do not audit attempts to search user home directories. +## This will supress SELinux denial messages when the specified +## domain is denied the permission to search these directories. +## </p> +## </desc> ## <param name="domain"> ## <summary> -## Domain allowed access. +## Domain to not audit. ## </summary> ## </param> +## <infoflow type="none"/> # interface(`userdom_dontaudit_search_user_home_dirs',` gen_require(` @@ -2554,13 +2562,29 @@ interface(`userdom_use_user_ptys',` ######################################## ## <summary> -## Read and write a user domain tty and pty. +## Read and write a user TTYs and PTYs. ## </summary> +## <desc> +## <p> +## Allow the specified domain to read and write user +## TTYs and PTYs. This will allow the domain to +## interact with the user via the terminal. Typically +## all interactive applications will require this +## access. +## </p> +## <p> +## However, this also allows the applications to spy +## on user sessions or inject information into the +## user session. Thus, this access should likely +## not be allowed for non-interactive domains. +## </p> +## </desc> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> +## <infoflow type="both" weight="10"/> # interface(`userdom_use_user_terminals',` gen_require(` @@ -2824,14 +2848,23 @@ interface(`userdom_use_unpriv_users_fds',` ######################################## ## <summary> -## Do not audit attempts to inherit the -## file descriptors from all user domains. +## Do not audit attempts to inherit the file descriptors +## from unprivileged user domains. ## </summary> +## <desc> +## <p> +## Do not audit attempts to inherit the file descriptors +## from unprivileged user domains. This will supress +## SELinux denial messages when the specified domain is denied +## the permission to inherit these file descriptors. +## </p> +## </desc> ## <param name="domain"> ## <summary> -## Domain allowed access. +## Domain to not audit. ## </summary> ## </param> +## <infoflow type="none"/> # interface(`userdom_dontaudit_use_unpriv_user_fds',` gen_require(`