commit: 93880cc289e815e9a31a08a0832f80583ae15cb9
Author: cgzones <cgzones <AT> googlemail <DOT> com>
AuthorDate: Thu Feb 16 13:30:48 2017 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Mar 2 10:16:48 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=93880cc2
improve documentation for user_user_(inherited_)?user_terminals
policy/modules/system/userdomain.if | 52 +++++++++++++++++++++----------------
1 file changed, 30 insertions(+), 22 deletions(-)
diff --git a/policy/modules/system/userdomain.if
b/policy/modules/system/userdomain.if
index 0799c18c..a43c756e 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -3275,41 +3275,48 @@ interface(`userdom_use_user_ptys',`
type user_devpts_t;
')
+ term_list_ptys($1)
allow $1 user_devpts_t:chr_file rw_term_perms;
')
########################################
## <summary>
-## Read and write a inherited user TTYs and PTYs.
+## Read and write a user TTYs and PTYs.
## </summary>
## <desc>
-## <p>
-## Allow the specified domain to read and write inherited user
-## TTYs and PTYs. This will allow the domain to
-## interact with the user via the terminal. Typically
-## all interactive applications will require this
-## access.
-## </p>
+## <p>
+## Allow the specified domain to read and write user
+## TTYs and PTYs. This will allow the domain to
+## interact with the user via the terminal. Typically
+## all interactive applications will require this
+## access.
+## </p>
+## <p>
+## However, this also allows the applications to spy
+## on user sessions or inject information into the
+## user session. Thus, this access should likely
+## not be allowed for non-interactive domains.
+## </p>
## </desc>
## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
+## <summary>
+## Domain allowed access.
+## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`userdom_use_inherited_user_terminals',`
gen_require(`
- type user_tty_device_t, user_devpts_t;
+ type user_devpts_t, user_tty_device_t;
')
- allow $1 user_tty_device_t:chr_file rw_inherited_term_perms;
- allow $1 user_devpts_t:chr_file rw_inherited_term_perms;
+ term_list_ptys($1)
+ allow $1 { user_devpts_t user_tty_device_t }:chr_file
rw_inherited_term_perms;
')
########################################
## <summary>
-## Read and write a user TTYs and PTYs.
+## Read, write and open a user TTYs and PTYs.
## </summary>
## <desc>
## <p>
@@ -3320,6 +3327,12 @@ interface(`userdom_use_inherited_user_terminals',`
## access.
## </p>
## <p>
+## This interface will also allow to open these user
+## terminals, which should not be necessary in general
+## and userdom_use_inherited_user_terminals() should
+## be sufficient.
+## </p>
+## <p>
## However, this also allows the applications to spy
## on user sessions or inject information into the
## user session. Thus, this access should likely
@@ -3334,13 +3347,8 @@ interface(`userdom_use_inherited_user_terminals',`
## <infoflow type="both" weight="10"/>
#
interface(`userdom_use_user_terminals',`
- gen_require(`
- type user_tty_device_t, user_devpts_t;
- ')
-
- allow $1 user_tty_device_t:chr_file rw_term_perms;
- allow $1 user_devpts_t:chr_file rw_term_perms;
- term_list_ptys($1)
+ userdom_use_user_ptys($1)
+ userdom_use_user_ttys($1)
')
########################################
