From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 0A738139694 for ; Thu, 2 Mar 2017 10:17:55 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 230C721C09C; Thu, 2 Mar 2017 10:17:54 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E5FD121C09C for ; Thu, 2 Mar 2017 10:17:53 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 9D244341648 for ; Thu, 2 Mar 2017 10:17:52 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 6398359AF for ; Thu, 2 Mar 2017 10:17:51 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1488449808.93880cc289e815e9a31a08a0832f80583ae15cb9.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/userdomain.if X-VCS-Directories: policy/modules/system/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 93880cc289e815e9a31a08a0832f80583ae15cb9 X-VCS-Branch: master Date: Thu, 2 Mar 2017 10:17:51 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 253e863d-4785-42ed-b802-4d644f2be448 X-Archives-Hash: aa6744b11b9903ba9db84eecce41bb1b commit: 93880cc289e815e9a31a08a0832f80583ae15cb9 Author: cgzones googlemail com> AuthorDate: Thu Feb 16 13:30:48 2017 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Thu Mar 2 10:16:48 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=93880cc2 improve documentation for user_user_(inherited_)?user_terminals policy/modules/system/userdomain.if | 52 +++++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index 0799c18c..a43c756e 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -3275,41 +3275,48 @@ interface(`userdom_use_user_ptys',` type user_devpts_t; ') + term_list_ptys($1) allow $1 user_devpts_t:chr_file rw_term_perms; ') ######################################## ## -## Read and write a inherited user TTYs and PTYs. +## Read and write a user TTYs and PTYs. ## ## -##

-## Allow the specified domain to read and write inherited user -## TTYs and PTYs. This will allow the domain to -## interact with the user via the terminal. Typically -## all interactive applications will require this -## access. -##

+##

+## Allow the specified domain to read and write user +## TTYs and PTYs. This will allow the domain to +## interact with the user via the terminal. Typically +## all interactive applications will require this +## access. +##

+##

+## However, this also allows the applications to spy +## on user sessions or inject information into the +## user session. Thus, this access should likely +## not be allowed for non-interactive domains. +##

## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## ## # interface(`userdom_use_inherited_user_terminals',` gen_require(` - type user_tty_device_t, user_devpts_t; + type user_devpts_t, user_tty_device_t; ') - allow $1 user_tty_device_t:chr_file rw_inherited_term_perms; - allow $1 user_devpts_t:chr_file rw_inherited_term_perms; + term_list_ptys($1) + allow $1 { user_devpts_t user_tty_device_t }:chr_file rw_inherited_term_perms; ') ######################################## ## -## Read and write a user TTYs and PTYs. +## Read, write and open a user TTYs and PTYs. ## ## ##

@@ -3320,6 +3327,12 @@ interface(`userdom_use_inherited_user_terminals',` ## access. ##

##

+## This interface will also allow to open these user +## terminals, which should not be necessary in general +## and userdom_use_inherited_user_terminals() should +## be sufficient. +##

+##

## However, this also allows the applications to spy ## on user sessions or inject information into the ## user session. Thus, this access should likely @@ -3334,13 +3347,8 @@ interface(`userdom_use_inherited_user_terminals',` ## # interface(`userdom_use_user_terminals',` - gen_require(` - type user_tty_device_t, user_devpts_t; - ') - - allow $1 user_tty_device_t:chr_file rw_term_perms; - allow $1 user_devpts_t:chr_file rw_term_perms; - term_list_ptys($1) + userdom_use_user_ptys($1) + userdom_use_user_ttys($1) ') ########################################