From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-530710-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 324CC1381F3
	for <garchives@archives.gentoo.org>; Mon,  3 Dec 2012 21:03:46 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 0E4E2E05F9;
	Mon,  3 Dec 2012 21:03:23 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 26956E05F9
	for <gentoo-commits@lists.gentoo.org>; Mon,  3 Dec 2012 21:03:22 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id B197033D89E
	for <gentoo-commits@lists.gentoo.org>; Mon,  3 Dec 2012 21:03:21 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 29829E5436
	for <gentoo-commits@lists.gentoo.org>; Mon,  3 Dec 2012 21:03:20 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1354565502.0efe85f51676cb8e96d97afe7a6b4a725379e3e4.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/system/userdomain.if
X-VCS-Directories: policy/modules/system/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 0efe85f51676cb8e96d97afe7a6b4a725379e3e4
X-VCS-Branch: master
Date: Mon,  3 Dec 2012 21:03:20 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 56699fbd-cd5b-459d-ab25-0d95f92c0346
X-Archives-Hash: bd0460e954ad3e3f8aec5ce8f5401146

commit:     0efe85f51676cb8e96d97afe7a6b4a725379e3e4
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Mon Dec  3 15:43:53 2012 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Mon Dec  3 20:11:42 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=0efe85f5

Introduce template for tunable restricted access to home content

Some applications are imo best served by restricting the access they have to the
user home files. As this access is generic, move this into a template that can
be called by application domains.

This will then introduce the proper tunables and access for these domains.

---
 policy/modules/system/userdomain.if |  136 +++++++++++++++++++++++++++++++++++
 1 files changed, 136 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index deb9ae9..981b50a 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -3452,3 +3452,139 @@ interface(`userdom_dbus_send_all_users',`
 
 	allow $1 userdomain:dbus send_msg;
 ')
+
+
+# Gentoo added stuff, but cannot use an ifdef distro_gentoo for this
+
+########################################
+## <summary>
+##	Support creation of tunable access to user content
+## </summary>
+## <param name="prefix">
+##	<summary>
+##	The prefix of the application domain to create the
+##	tunables for
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain to create the tunables for
+##	</summary>
+## </param>
+#
+template(`userdom_user_content_access_template',`
+
+	########################################
+	#
+	# Declarations
+	#
+
+	## <desc>
+	##	<p>
+	##	Allow the application to read generic user home content
+	##	</p>
+	## </desc>
+	gen_tunable(`$1_read_generic_user_content', true)
+
+	## <desc>
+	##	<p>
+	##	Allow the application to read all user home content. This
+	##	includes content that is labeled as home content of another
+	##	application.
+	##	</p>
+	## </desc>
+	gen_tunable(`$1_read_all_user_content', false)
+
+	## <desc>
+	##	<p>
+	##	Allow the application to manage generic user home content
+	##	</p>
+	## </desc>
+	gen_tunable(`$1_manage_generic_user_content', false)
+
+	## <desc>
+	##	<p>
+	##	Allow the application to manage all user home content. This
+	##	includes content that is labeled as home content of another
+	##	application.
+	##	</p>
+	## </desc>
+	gen_tunable(`$1_manage_all_user_content', false)
+
+	tunable_policy(`$1_read_generic_user_content',`
+		userdom_list_user_tmp($2)
+		userdom_read_user_home_content_files($2)
+		userdom_read_user_home_content_symlinks($2)
+		userdom_read_user_tmp_files($2)
+		userdom_read_user_tmp_symlinks($2)
+	',`
+		files_dontaudit_list_home($2)
+		files_dontaudit_list_tmp($2)
+	
+		userdom_dontaudit_list_user_home_dirs($2)
+		userdom_dontaudit_list_user_tmp($2)
+		userdom_dontaudit_read_user_home_content_files($2)
+		userdom_dontaudit_read_user_tmp_files($2)
+	')
+
+	tunable_policy(`$1_read_all_user_content',`
+		userdom_list_user_tmp($2)
+		userdom_read_all_user_home_content($2)
+	')
+
+	tunable_policy(`$1_manage_generic_user_content',`
+		userdom_manage_user_tmp_dirs($2)
+		userdom_manage_user_tmp_files($2)
+		userdom_manage_user_home_content_dirs($2)
+		userdom_manage_user_home_content_files($2)
+	')
+
+	tunable_policy(`$1_manage_all_user_content',`
+		userdom_manage_all_user_home_content($2)
+	')
+')
+
+########################################
+## <summary>
+##	Read all user home content, including application-specific home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+interface(`userdom_read_all_user_home_content',`
+	gen_require(`
+		attribute user_home_content_type;
+	')
+
+	list_dirs_pattern($1, user_home_content_type, user_home_content_type)
+	read_files_pattern($1, user_home_content_type, user_home_content_type)
+	read_lnk_files_pattern($1, user_home_content_type, user_home_content_type)
+	read_fifo_files_pattern($1, user_home_content_type, user_home_content_type)
+	read_sock_files_pattern($1, user_home_content_type, user_home_content_type)
+')
+
+########################################
+## <summary>
+##	Manage all user home content, including application-specific home
+##	content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+interface(`userdom_manage_all_user_home_content',`
+	gen_require(`
+		attribute user_home_content_type;
+	')
+
+	manage_dirs_pattern($1, user_home_content_type, user_home_content_type)
+	manage_files_pattern($1, user_home_content_type, user_home_content_type)
+	manage_lnk_files_pattern($1, user_home_content_type, user_home_content_type)
+	manage_fifo_files_pattern($1, user_home_content_type, user_home_content_type)
+	manage_sock_files_pattern($1, user_home_content_type, user_home_content_type)
+')