module x_select_paste 1.0.0; # ############################################################################ # # # This Loadable Module will manage the X-select and X-paste apps using # # x_context entries supported by policy rules for testing two # # selection scenarios: # # # # 1) Adding a 'user' prefix to form a 'derived type' and using # # type_transition rules similar to the RefPolicy. This does not work # # as explained in the PROBLEM section. # # This is controlled by setting the "poly-selection" boolean to FALSE # # and copying the "x_contexts-file-with-new-labels" to x_contexts. # # # # 2) Using polyinstantiation and type_member rules. This works okay. # # This is controlled by setting the "poly-selection" boolean to TRUE # # and copying the "x_contexts-file-with-new-polylabels" to x_contexts. # # # # Note that additional rules have been added to allow the XSELinuxGET.. # # functions to query contexts etc. for the various windows. # # # # dontaudit rules have also been added to stop unconfined_t getting to # # the x_select_paste_t domain info. # # # # Scenario 1 PROBLEM: # # Cannot find a way to stop selections in unconfined_t being picked # # up by the X-paste application when running in the x_select_paste_t # # domain. For example run: # # runcon -t x_select_paste_t X-paste # # Then select some text in another window running under unconfined_t. # # # # The problem seems to revolve around primary_xselection_t that allows all # # selections to be seen and used as the object type_transition rule has no # # effect at all. # # # # It seems that using polyinstantiation for selections is the only option # # that works (or do you know better !!! - Also tried using # # "constrain x_selection ..", however could not get this to work either. # # # ############################################################################ # require { type unconfined_t; role unconfined_r; # Event types required from the x_contexts file: type x11_destroynotify_xevent_t, x11_propertynotify_xevent_t; type x11_confignotify_xevent_t, x11_enternotify_xevent_t; type x11_focusout_xevent_t, x11_foucusin_xevent_t; type x11_mapnotify_xevent_t, x11_reparentnotify_xevent_t; type x11_expose_xevent_t, x11_leavenotify_xevent_t; type x11_selectionnotify_xevent_t, x11_unmapnotify_xevent_t; type x11_selectionrequest_xevent_t; # Extension types required from the x_contexts file: type big-requests_xextension_t, xkeyboard_xextension_t; type selinux_xextension_t, xinputextension_xextension_t; type undefined_xextension_t; # Property types required from the x_contexts file: type wm_name_xproperty_t, string_xproperty_t; type wm_class_xproperty_t, wm_client_machine_xproperty_t; type wm_command_xproperty_t, wm_hints_xproperty_t; type wm_normal_hints_xproperty_t; type undefined_xproperty_t; type resource_manager_xproperty_t; # Selection types required from the x_contexts file: type primary_xselection_t, undefined_xselection_t; class x_property { create read write getattr }; class x_selection { read getattr setattr }; class x_extension { query use }; class x_event { send receive }; class x_synthetic_event { send receive }; class x_drawable { read get_property getattr send list_property setattr show receive set_property create manage add_child list_child blend }; class x_gc { create setattr }; class x_keyboard { read getattr use getfocus }; class x_resource { read }; class x_client { getattr }; class x_pointer { getattr read }; class file {read entrypoint getattr execute write execute_no_trans create }; class process { transition siginh signal rlimitinh noatsecure sigchld }; class dir { search getattr write add_name }; class fd { use }; class chr_file { read write getattr }; class lnk_file { read }; class filesystem getattr; class unix_stream_socket { create connect connectto read write getattr }; class security { check_context }; class fifo_file { read }; } # These type entries have not been allocated any allow rules as they are not # used (although I thought they would be !!). They were flagged by sechecker # and have been left in for reference only: # user_primary_xselection_t, user_wm_command_xproperty_t, # user_x11_selectionnotify_xevent_t, user_wm_class_xproperty_t, # user_wm_hints_xproperty_t, user_x11_selectionrequest_xevent_t, # user_wm_normal_hints_xproperty_t, user_undefined_xselection_t # # Have a boolen to set either derived selections (false) that do not seem # to work at all, or set selections using polyinstantiation that requires # a type_member statement and poly_primary entry in the x_contexts file. # Polyinstantiation works fine. # bool poly-selection false; # The domain is x_select_paste_t type x_select_paste_t; ##### Start Derived type entries ####### # Derive a specific 'type' by adding a 'prefix'. In this case 'user'. # A derived type will be required for each entry in the x_context file # that the application will need to 'use'. The derived type will then # need a 'type_transition' for the object. # # Event types required from the x_contexts file: type user_x11_destroynotify_xevent_t; type user_x11_propertynotify_xevent_t; type user_x11_confignotify_xevent_t; type user_x11_enternotify_xevent_t; type user_x11_focusout_xevent_t; type user_x11_foucusin_xevent_t; type user_x11_mapnotify_xevent_t; type user_x11_reparentnotify_xevent_t; type user_x11_expose_xevent_t; type user_x11_leavenotify_xevent_t; type user_x11_selectionnotify_xevent_t; type user_x11_selectionrequest_xevent_t; type user_x11_unmapnotify_xevent_t; ## NO derived x_extension types are used. # Property types required from the x_contexts file: type user_undefined_xproperty_t; type user_wm_name_xproperty_t; type user_string_xproperty_t; type user_wm_class_xproperty_t; type user_wm_client_machine_xproperty_t; type user_wm_command_xproperty_t; type user_wm_hints_xproperty_t; type user_wm_normal_hints_xproperty_t; # Selection types required from the x_contexts file: type user_primary_xselection_t; type user_undefined_xselection_t; ##### End Derived type entries ####### # Allow executable to move into the x_select_paste_t domain # using runcon for the type transition: role unconfined_r types { x_select_paste_t }; allow x_select_paste_t unconfined_t : file entrypoint; allow unconfined_t x_select_paste_t : process transition; # ##### Start object type_transition for derived types ######## # # Need type_transition entry for each of the derived type entries defined # above. The format is as follows: #type_transition : # # type_transition the x_drawable object to our domain: type_transition x_select_paste_t unconfined_t : x_drawable x_select_paste_t; # Event types required from the x_contexts file: type_transition x_select_paste_t x11_destroynotify_xevent_t : x_event user_x11_destroynotify_xevent_t; type_transition x_select_paste_t x11_propertynotify_xevent_t : x_event user_x11_propertynotify_xevent_t; type_transition x_select_paste_t x11_confignotify_xevent_t : x_event user_x11_confignotify_xevent_t; type_transition x_select_paste_t x11_enternotify_xevent_t : x_event user_x11_enternotify_xevent_t; type_transition x_select_paste_t x11_focusout_xevent_t : x_event user_x11_focusout_xevent_t; type_transition x_select_paste_t x11_foucusin_xevent_t : x_event user_x11_foucusin_xevent_t; type_transition x_select_paste_t x11_mapnotify_xevent_t : x_event user_x11_mapnotify_xevent_t; type_transition x_select_paste_t x11_reparentnotify_xevent_t : x_event user_x11_reparentnotify_xevent_t; type_transition x_select_paste_t x11_expose_xevent_t : x_event user_x11_expose_xevent_t; type_transition x_select_paste_t x11_leavenotify_xevent_t : x_event user_x11_leavenotify_xevent_t; type_transition x_select_paste_t x11_selectionnotify_xevent_t : x_event user_x11_selectionnotify_xevent_t; type_transition x_select_paste_t x11_selectionrequest_xevent_t : x_event user_x11_selectionrequest_xevent_t; type_transition x_select_paste_t x11_unmapnotify_xevent_t : x_event user_x11_unmapnotify_xevent_t; # As each Window has its own properties it is important to make sure # the undefined_xproperty_t is transitioned to the user domain: type_transition x_select_paste_t undefined_xproperty_t : x_property user_undefined_xproperty_t; #### # These booleans are needed to allow the application name and context to # be displayed in the title bar in the window when using polyinstantiated # selections. Could not figure out how else to fix this !! if (!poly-selection) { # Don't transition this object if title bar info to be displayed when using # polyinstantiated selections: type_transition x_select_paste_t wm_name_xproperty_t : x_property user_wm_name_xproperty_t; } if (poly-selection) { # Also need this to allow info to be displayed: allow x_select_paste_t wm_name_xproperty_t : x_property { write create }; } #### type_transition x_select_paste_t string_xproperty_t : x_property user_string_xproperty_t; type_transition x_select_paste_t wm_class_xproperty_t : x_property user_wm_class_xproperty_t; type_transition x_select_paste_t wm_client_machine_xproperty_t : x_property user_wm_client_machine_xproperty_t; type_transition x_select_paste_t wm_command_xproperty_t : x_property user_wm_command_xproperty_t; type_transition x_select_paste_t wm_hints_xproperty_t : x_property user_wm_hints_xproperty_t; type_transition x_select_paste_t wm_normal_hints_xproperty_t : x_property user_wm_normal_hints_xproperty_t; # Selection types required from the x_contexts file: # primary_xselection_t does not have any effect at all: type_transition x_select_paste_t primary_xselection_t : x_selection user_primary_xselection_t; type_transition x_select_paste_t undefined_xselection_t : x_selection user_undefined_xselection_t; # ##### End object type_transition ######## # # ### Boolean "poly-selection" set to "TRUE" for conditional policy rules ### # if (poly-selection) { # This type_member rules enforces polyinstantiation of the # "poly_selection PRIMARY primary_xselection_t" x_contexts entry: type_member x_select_paste_t primary_xselection_t : x_selection x_select_paste_t; # Additional allow rules: allow x_select_paste_t self : x_selection { getattr setattr read }; # This one stops the title bar being displayed in the Window: # type_member x_select_paste_t user_wm_name_xproperty_t : x_property x_select_paste_t; # allow x_select_paste_t self : x_property { write create }; } # ##### End Boolean "poly-selection" conditional policy rules ###### # # ###### Standard allow rules to display results, write logs etc. etc. ##### # # Allow the test applications to write to log files: allow x_select_paste_t unconfined_t : dir write; allow x_select_paste_t unconfined_t : dir add_name; allow x_select_paste_t unconfined_t : file create; # Usual stuff for shared libraries, signals etc. allow unconfined_t x_select_paste_t : dir search; allow unconfined_t x_select_paste_t : process { siginh signal rlimitinh noatsecure }; allow unconfined_t x_select_paste_t : file read; allow x_select_paste_t unconfined_t : chr_file { read write getattr }; allow x_select_paste_t unconfined_t : dir { search getattr }; allow x_select_paste_t unconfined_t : fd use; allow x_select_paste_t unconfined_t : process sigchld; allow x_select_paste_t unconfined_t : file { read getattr execute }; allow x_select_paste_t unconfined_t : lnk_file read; allow x_select_paste_t unconfined_t : unix_stream_socket connectto; allow x_select_paste_t unconfined_t : filesystem getattr; allow x_select_paste_t unconfined_t : file write; allow x_select_paste_t unconfined_t : security check_context; allow x_select_paste_t self : dir search; allow x_select_paste_t self : file read; allow x_select_paste_t self : unix_stream_socket { create connect getattr read write }; allow x_select_paste_t self : process signal; # ################ Start allow rules for derived objects ################ ########## This first batch are for the X-select application ########## # dontaudit unconfined_t x_select_paste_t : lnk_file read; dontaudit unconfined_t x_select_paste_t : fd use; dontaudit unconfined_t x_select_paste_t : fifo_file read; allow x_select_paste_t unconfined_t : x_keyboard { getattr read }; allow x_select_paste_t unconfined_t : x_pointer { getattr read }; allow x_select_paste_t self : x_gc { create setattr }; allow x_select_paste_t self : x_resource read; allow x_select_paste_t unconfined_t : x_drawable { get_property getattr add_child }; allow x_select_paste_t self : x_drawable { create blend setattr receive getattr set_property list_property show }; allow x_select_paste_t big-requests_xextension_t : x_extension { query use }; allow x_select_paste_t selinux_xextension_t : x_extension { query use }; allow x_select_paste_t xkeyboard_xextension_t : x_extension { query use }; allow x_select_paste_t xinputextension_xextension_t : x_extension { query use }; allow x_select_paste_t undefined_xextension_t : x_extension { query use }; # Need this to select data but note it is not user_primary_xselection_t: allow x_select_paste_t primary_xselection_t : x_selection setattr; allow x_select_paste_t resource_manager_xproperty_t : x_property read; allow x_select_paste_t user_undefined_xproperty_t : x_property { write create }; allow x_select_paste_t user_wm_client_machine_xproperty_t : x_property { write create }; allow x_select_paste_t user_wm_name_xproperty_t : x_property { write create }; allow x_select_paste_t user_x11_destroynotify_xevent_t : x_event receive; # ###### These are for the X-paste application ######### # allow x_select_paste_t self : x_drawable get_property; allow x_select_paste_t self : x_client getattr; allow x_select_paste_t unconfined_t : x_drawable setattr; # Need this to read data but note it is not user_primary_xselection_t: allow x_select_paste_t primary_xselection_t : x_selection { getattr read }; # Need this to allow the derived method to display the app name & context # on title bar: allow unconfined_t user_wm_name_xproperty_t : x_property read; dontaudit unconfined_t user_wm_client_machine_xproperty_t : x_property read; allow x_select_paste_t user_wm_name_xproperty_t : x_property getattr; allow x_select_paste_t wm_name_xproperty_t : x_property getattr; allow x_select_paste_t string_xproperty_t : x_property read; allow x_select_paste_t user_string_xproperty_t : x_property { write create read }; dontaudit unconfined_t user_x11_propertynotify_xevent_t : x_event receive; dontaudit unconfined_t user_x11_reparentnotify_xevent_t : x_event receive; dontaudit unconfined_t user_x11_confignotify_xevent_t : x_event receive; dontaudit unconfined_t user_x11_confignotify_xevent_t : x_synthetic_event { send receive }; dontaudit unconfined_t user_x11_focusout_xevent_t : x_event receive; dontaudit unconfined_t user_x11_foucusin_xevent_t : x_event receive; dontaudit unconfined_t user_x11_mapnotify_xevent_t : x_event receive; dontaudit unconfined_t user_x11_unmapnotify_xevent_t : x_event receive; dontaudit unconfined_t user_x11_enternotify_xevent_t : x_event receive; dontaudit unconfined_t user_x11_leavenotify_xevent_t : x_event receive; dontaudit unconfined_t user_x11_destroynotify_xevent_t : x_event receive; dontaudit unconfined_t user_x11_expose_xevent_t : x_event receive; allow x_select_paste_t user_x11_propertynotify_xevent_t : x_event receive; allow x_select_paste_t user_x11_reparentnotify_xevent_t : x_event receive; allow x_select_paste_t user_x11_confignotify_xevent_t : x_event receive; allow x_select_paste_t user_x11_confignotify_xevent_t : x_synthetic_event receive; allow x_select_paste_t user_x11_focusout_xevent_t : x_event receive; allow x_select_paste_t user_x11_foucusin_xevent_t : x_event receive; allow x_select_paste_t user_x11_mapnotify_xevent_t : x_event receive; allow x_select_paste_t user_x11_unmapnotify_xevent_t : x_event receive; allow x_select_paste_t user_x11_enternotify_xevent_t : x_event receive; allow x_select_paste_t user_x11_expose_xevent_t : x_event receive; allow x_select_paste_t user_x11_leavenotify_xevent_t : x_event receive; # ################ End allow rules for derived objects ################ # # This rule will allow the small X-window to be displayed. Change to the # dontaudit rules to stop this being displayed. allow unconfined_t x_select_paste_t : x_drawable { get_property receive getattr manage set_property setattr send show read list_child }; #dontaudit unconfined_t x_select_paste_t : x_drawable { get_property receive getattr manage set_property setattr send show read list_child };