Date: Thu, 12 Oct 2006 19:47:21 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 107773 for review Message-ID: <200610121947.k9CJlLCv076313@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=107773 Change 107773 by millert@millert_macbook on 2006/10/12 19:46:30 Update to use init_allow_ipc() Updated WindowServer Policy Updated DirectoryService policy; now allows Mach messaging Add memberd_allow_ipc() Update to use new init_allow_ipc() rather than init_mach_ipc() Add configd_allow_ipc() Add lookupd_allow_ipc() Rename init_mach_ipc to init_allow_ipc Add notifyd_allow_ipc() Add loginwindow_allow_send() Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/coreaudiod.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/diskarbitrationd.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/loginwindow.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/memberd.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/notifyd.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.if#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/unconfined.te#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#2 (text+ko) ==== @@ -34,3 +34,41 @@ allow DirectoryService_t DirectoryService_var_log_t:sock_file create_file_perms; allow DirectoryService_t DirectoryService_var_log_t:dir { rw_dir_perms setattr }; logging_log_filetrans(DirectoryService_t,DirectoryService_var_log_t,{ sock_file file dir }) + +# file descriptors and sockets +allow DirectoryService_t self:fd use; +allow DirectoryService_t self:socket { bind connect read write }; +allow DirectoryService_t self:tcp_socket create; +allow DirectoryService_t self:udp_socket create; + +# Misc other +allow DirectoryService_t mnt_t:dir search; +allow DirectoryService_t nfs_t:lnk_file read; +allow DirectoryService_t random_device_t:chr_file read; +allow DirectoryService_t sbin_t:dir { getattr search read }; +allow DirectoryService_t port_t:tcp_socket name_connect; + + +# Allow Mach IP with self +mach_allow_message(DirectoryService_t, DirectoryService_t) + +# Allow communication with bootstrap server +init_allow_bootstrap(DirectoryService_t) + +# Allow communication with notification server +notifyd_allow_ipc(DirectoryService_t) + +# Allow sending to loginwindow +loginwindow_allow_send(DirectoryService_t) + +# Allow communicaion with configd +configd_allow_ipc(DirectoryService_t) + +# Allow communication with launchd +init_allow_ipc(DirectoryService_t) + +# Allow communication with memberd +memberd_allow_ipc(DirectoryService_t) + +# Allow communication with securityd +securityd_allow_ipc(DirectoryService_t) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.if#2 (text+ko) ==== @@ -54,3 +54,19 @@ allow $1 WindowServer_t:fifo_file rw_file_perms; allow $1 WindowServer_t:process sigchld; ') + +######################################## +## <summary> +## Allow Mach IP with WindowServer +## </summary> +## <param name="domain"> +## <summary> +## Type to be used as a domain. +## </summary> +## </param> +# +interface(`WindowServer_allow_ipc',` + + # Allow bidirectional comminication with WindowServer + mach_allow_ipc(WindowServer_t, $1) +') ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.te#2 (text+ko) ==== @@ -24,3 +24,33 @@ ## internal communication is often done using fifo and unix sockets. allow WindowServer_t self:fifo_file { read write }; allow WindowServer_t self:unix_stream_socket create_stream_socket_perms; + +# Allow WindowServer to re-exec itself +allow WindowServer_t WindowServer_exec_t:file execute_no_trans; + +# Allow WindowServer to talk to itself +mach_allow_message(WindowServer_t, WindowServer_t) + +# FDs and sockets and consoles oh my! +allow WindowServer_t self:fd use; +allow WindowServer_t self:udp_socket create; +allow WindowServer_t console_device_t:chr_file setattr; + +# Allow WindowServer to talk to launchd +init_allow_ipc(WindowServer_t) +init_allow_bootstrap(WindowServer_t) + +# Allow WindowServer to talk to notifyd +notifyd_allow_ipc(WindowServer_t) + +# Allow WindowServer to talk to securityd +securityd_allow_ipc(WindowServer_t) + +# Allow shared memory access +allow WindowServer_t init_t:shm { read write }; + +# Misc +allow WindowServer_t nfs_t:filesystem getattr; +allow WindowServer_t nfs_t:lnk_file read; +allow WindowServer_t mnt_t:dir search; + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.if#3 (text+ko) ==== @@ -65,7 +65,7 @@ ## </summary> ## </param> # -interface(`configd_mach_ipc',` +interface(`configd_allow_ipc',` #gen_require(` #class mach_port all_mach_port_perms; #)' ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#3 (text+ko) ==== @@ -9,6 +9,8 @@ type configd_exec_t; domain_type(configd_t) init_domain(configd_t, configd_exec_t) +# Allow Mach IP w/ init_t (launchd) +init_allow_ipc(configd_t) # pid files type configd_var_run_t; ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/coreaudiod.te#3 (text+ko) ==== @@ -9,7 +9,7 @@ type coreaudiod_exec_t; domain_type(coreaudiod_t) init_domain(coreaudiod_t, coreaudiod_exec_t) -init_mach_ipc(coreaudiod_t) +init_allow_ipc(coreaudiod_t) ######################################## # ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/diskarbitrationd.te#3 (text+ko) ==== @@ -35,6 +35,8 @@ allow diskarbitrationd_t diskarbitrationd_var_run_t:dir rw_dir_perms; files_pid_filetrans(diskarbitrationd_t,diskarbitrationd_var_run_t, { file sock_file }) +# Allow Mach IPC with self +mach_allow_message(diskarbitrationd_t, diskarbitrationd_t) + # Allow Mach IPC with configd -configd_mach_ipc(diskarbitrationd_t) - +configd_allow_ipc(diskarbitrationd_t) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/loginwindow.if#2 (text+ko) ==== @@ -20,3 +20,19 @@ allow loginwindow_t:$1:fifo_file rw_file_perms; allow loginwindow_t $1:process sigchld; ') + +######################################## +## <summary> +## Allow sending of mach messages to loginwindow +## </summary> +## <param name="domain"> +## Domain allowed to send. +## </param> +# +interface(`loginwindow_allow_send',` + + # Note. I believe that this is too permissive. Specified domain + # Needs only to use the hold_send_once move_send_once send rights. + mach_allow_message($1, loginwindow_t) + +') ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.if#2 (text+ko) ==== @@ -20,3 +20,22 @@ allow lookupd_t:$1:fifo_file rw_file_perms; allow lookupd_t $1:process sigchld; ') + +######################################## +## <summary> +## Allow Mach IP with lookupd +## </summary> +## <param name="domain"> +## <summary> +## Type to be used as a domain. +## </summary> +## </param> +# +interface(`lookupd_allow_ipc',` + #gen_require(` + #class mach_port all_mach_port_perms; + #)' + + # Allow bidirectional comminication with lookupd + mach_allow_ipc(lookupd_t, $1) +') ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/memberd.if#2 (text+ko) ==== @@ -20,3 +20,19 @@ allow memberd_t:$1:fifo_file rw_file_perms; allow memberd_t $1:process sigchld; ') + +######################################## +## <summary> +## Allow Mach IP with memberd +## </summary> +## <param name="domain"> +## <summary> +## Type to be used as a domain. +## </summary> +## </param> +# +interface(`memberd_allow_ipc',` + + # Allow bidirectional comminication with memberd + mach_allow_ipc(memberd_t, $1) +') ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/notifyd.if#2 (text+ko) ==== @@ -20,3 +20,21 @@ allow notifyd_t:$1:fifo_file rw_file_perms; allow notifyd_t $1:process sigchld; ') + +######################################## +## <summary> +## Allow conversation with the system notification server (notifyd) +## </summary> +## <param name="domain"> +## <summary> +## Type to be used as a domain. +## </summary> +## </param> +# +interface(`notifyd_allow_ipc',` + + # Allow communication with notification server + allow $1 init_t:mi_notify_ipc { notify_server_cancel notify_server_get_state notify_server_monitor_file notify_server_register_check notify_server_register_plain }; + +') + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.if#2 (text+ko) ==== @@ -20,3 +20,19 @@ allow securityd_t:$1:fifo_file rw_file_perms; allow securityd_t $1:process sigchld; ') + +######################################## +## <summary> +## Allow Mach IP with securityd +## </summary> +## <param name="domain"> +## <summary> +## Type to be used as a domain. +## </summary> +## </param> +# +interface(`securityd_allow_ipc',` + + # Allow bidirectional comminication with securityd + mach_allow_ipc(securityd_t, $1) +') ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.if#4 (text+ko) ==== @@ -1105,8 +1105,24 @@ ## </summary> ## </param> # -interface(`init_mach_ipc',` +interface(`init_allow_ipc',` - # Allow bidirectional comminication with configd + # Allow bidirectional comminication with launchd mach_allow_ipc(init_t, $1) ') + +######################################## +## <summary> +## Allow conversation with the bootstrap namespace server (launchd) +## </summary> +## <param name="domain"> +## <summary> +## Type to be used as a domain.o## </summary> +## </param> +# +interface(`init_allow_bootstrap',` + + # Allow communication with bootstrap server + allow $1 init_t:mi_bootstrap { bootstrap_check_in bootstrap_status bootstrap_unprivileged }; + +') ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/unconfined.te#3 (text+ko) ==== @@ -14,6 +14,12 @@ type unconfined_exec_t; init_system_domain(unconfined_t,unconfined_exec_t) +# Allow Mach IPC w/ lookupd +lookupd_allow_ipc(unconfined_t) + +# Allow Mach IPC w/ WindowServer +WindowServer_allow_ipc(unconfined_t) + ifdef(`targeted_policy',` type unconfined_execmem_t; type unconfined_execmem_exec_t;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610121947.k9CJlLCv076313>