PERFORCE change 46203 for review
Andrew Reisse
areisse at FreeBSD.org
Fri Jan 30 18:21:26 GMT 2004
http://perforce.freebsd.org/chv.cgi?CH=46203
Change 46203 by areisse at areisse_ibook on 2004/01/30 10:20:50
Merged policy with mach IPC rules back to sedarwin testing policy.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin/policy/Makefile#6 edit
.. //depot/projects/trustedbsd/sedarwin/policy/bininclude.C#2 integrate
.. //depot/projects/trustedbsd/sedarwin/policy/devfs#2 integrate
.. //depot/projects/trustedbsd/sedarwin/policy/fc#2 integrate
.. //depot/projects/trustedbsd/sedarwin/policy/flask/Makefile#1 branch
.. //depot/projects/trustedbsd/sedarwin/policy/flask/access_vectors#2 integrate
.. //depot/projects/trustedbsd/sedarwin/policy/flask/initial_sids#2 integrate
.. //depot/projects/trustedbsd/sedarwin/policy/flask/security_classes#2 integrate
.. //depot/projects/trustedbsd/sedarwin/policy/fs_use#2 integrate
.. //depot/projects/trustedbsd/sedarwin/policy/initial_sid_contexts#2 integrate
.. //depot/projects/trustedbsd/sedarwin/policy/initial_sids#1 branch
.. //depot/projects/trustedbsd/sedarwin/policy/isiddefs#2 integrate
.. //depot/projects/trustedbsd/sedarwin/policy/macros/global_macros.te#2 integrate
.. //depot/projects/trustedbsd/sedarwin/policy/rules#5 integrate
.. //depot/projects/trustedbsd/sedarwin/policy/users#4 integrate
Differences ...
==== //depot/projects/trustedbsd/sedarwin/policy/Makefile#6 (text+ko) ====
@@ -1,8 +1,8 @@
include ../Makeconfig
-default: policy.h
+default: policy.16
-INPUTS = flask/security_classes flask/initial_sids \
+INPUTS = flask/security_classes initial_sids \
flask/access_vectors rules.m4 users initial_sid_contexts fs_use \
devfs
@@ -12,9 +12,6 @@
policy.16: policy.conf
checkpolicy -o $@ $<
-policy.h: bininclude policy.16
- ./bininclude policy.16 policy.h binpolicy
-
rules.m4: rules
m4 -Imacros -s $< > $@
@@ -24,13 +21,9 @@
genfs: fc.out
cat $< | sed -ne 's/^\/[a-zA-Z0-9\/\.]* *[^ ]*$$/genfscon hfs &/p' > $@
-bininclude: bininclude.C
- gcc -o $@ $<
-
-install:
- cp policy.h ../apsl/xnu/security/sebsd/sebsd_policy.h
-
clean:
rm -f bininclude policy.16 policy.conf policy.h rules.m4 fc.out \
genfs
+relabel: fc
+ setfsmac -s $^ /
==== //depot/projects/trustedbsd/sedarwin/policy/bininclude.C#2 (text+ko) ====
==== //depot/projects/trustedbsd/sedarwin/policy/devfs#2 (text+ko) ====
==== //depot/projects/trustedbsd/sedarwin/policy/fc#2 (text+ko) ====
@@ -1,3 +1,15 @@
/.* system_u:object_r:file_t
/bin/.* system_u:object_r:bin_t
/bin/.*sh system_u:object_r:shell_exec_t
+/usr/bin/.* system_u:object_r:bin_t
+/usr/local/bin/.* system_u:object_r:bin_t
+/sbin/.* system_u:object_r:bin_t
+/usr/sbin/.* system_u:object_r:bin_t
+/Applications/.* system_u:object_r:appl_t
+/sbin/SystemStarter system_u:object_r:systemstarter_exec_t
+/System/Library/CoreServices/coreservicesd system_u:object_r:coreservices_exec_t
+/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow.real system_u:object_r:loginwindow_exec_t
+/System/Library/CoreServices/pbs system_u:object_r:pbs_exec_t
+/System/Library/CoreServices/RealWindowServer system_u:object_r:windowserver_exec_t
+/System/Library/CoreServices/SecurityServer system_u:object_r:securityserver_exec_t
+/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/Support/coreservicesd system_u:object_r:coreservices_exec_t
==== //depot/projects/trustedbsd/sedarwin/policy/flask/access_vectors#2 (text+ko) ====
@@ -233,10 +233,6 @@
getcap
setcap
share
- signull
- getattr
- setexec
- setfscreate
noatsecure
}
@@ -261,21 +257,15 @@
{
send
receive
- destroy
}
class shm
inherits ipc
-
-class posix_sem
{
- associate
- disassociate
- destroy
- write
- read
+ lock
}
+
#
# Define the access vector interpretation for the security server.
#
@@ -283,12 +273,16 @@
class security
{
compute_av
- compute_create
- compute_member
- check_context
+ notify_perm
+ transition_sid
+ member_sid
+ sid_to_context
+ context_to_sid
load_policy
- compute_relabel
- compute_user
+ get_sids
+ register_avc
+ change_sid
+ get_user_sids
}
@@ -367,9 +361,28 @@
lease
}
-class passwd
+class mach_port
+{
+ relabelfrom
+ relabelto
+ send
+ recv
+ make_send
+ copy_send
+ move_recv
+}
+
+class mach_task
{
- passwd
- chfn
- chsh
+ terminate
+ set_special_port
}
+
+class mach_names
+{
+ register
+ look_up
+ getparent
+ makesubset
+ create_server
+};
==== //depot/projects/trustedbsd/sedarwin/policy/flask/initial_sids#2 (text+ko) ====
@@ -28,7 +28,10 @@
sid sysctl_vm
sid sysctl_dev
sid kmod
+sid devfs
+sid devpts
+sid nfs
sid policy
-sid scmp_packet
+sid tmpfs
# FLASK
==== //depot/projects/trustedbsd/sedarwin/policy/flask/security_classes#2 (text+ko) ====
@@ -40,14 +40,11 @@
class shm
class ipc
-#Posix.1b-related classes
-class posix_sem
+class mach_port
-#
-# userspace object manager classes
-#
+#classes only used by name
-# passwd/chfn/chsh
-class passwd
+class mach_task
+class mach_names
# FLASK
==== //depot/projects/trustedbsd/sedarwin/policy/fs_use#2 (text+ko) ====
==== //depot/projects/trustedbsd/sedarwin/policy/initial_sid_contexts#2 (text+ko) ====
==== //depot/projects/trustedbsd/sedarwin/policy/isiddefs#2 (text+ko) ====
==== //depot/projects/trustedbsd/sedarwin/policy/macros/global_macros.te#2 (text+ko) ====
@@ -1158,3 +1158,23 @@
allow $1_t etc_t:dir r_dir_perms;
')
+
+#####
+
+define(`allow_mach_ipc', `
+allow $1 $2:mach_port { send copy_send make_send };
+allow $2 $1:mach_port { send copy_send make_send };
+')
+
+define(`mach_bootstrap', `
+allow $1 $2:mach_port { send copy_send make_send };
+allow $1 $3:mach_names look_up;
+allow init_d $1:mach_port { send copy_send };
+')
+
+define(`mach_bootstrap_register', `
+allow $1 $2:mach_names register;
+allow $1 $2:mach_port { send copy_send };
+allow init_d $1:mach_port { send copy_send };
+')
+
==== //depot/projects/trustedbsd/sedarwin/policy/rules#5 (text+ko) ====
@@ -1,4 +1,5 @@
attribute domain;
+attribute domain2;
attribute file;
attribute fs;
@@ -9,12 +10,12 @@
type bin_t, file;
type shell_exec_t, file;
type login_exec_t, file;
-type init_d, domain;
-type login_d, domain;
-type user_d, domain;
-type user_secret_d, domain;
-type sysadm_d, domain;
-type kernel_d, domain;
+type init_d, domain, domain2;
+type login_d, domain, domain2;
+type user_d, domain, domain2;
+type user_secret_d, domain, domain2;
+type sysadm_d, domain, domain2;
+type kernel_d, domain, domain2;
type security_t;
type fs_t, fs;
type devpts_t;
@@ -28,14 +29,53 @@
type console_device_t;
type random_device_t;
type secret_t;
+type user_port_t;
+type time_port_t;
+
+type boot_names_t;
+type user_names_t;
+
+type root_t, file;
+type appl_t, file;
+type lib_t, file;
+
+type pbs_d, domain, domain2;
+type cron_d, domain, domain2;
+type loginwindow_d, domain, domain2;
+type windowserver_d, domain, domain2;
+type securityserver_d, domain, domain2;
+type coreservices_d, domain, domain2;
+type systemstarter_d, domain, domain2;
+type lookupd_d, domain, domain2;
+type directoryservice_d, domain, domain2;
+type pbs_exec_t, file;
+type cron_exec_t, file;
+type loginwindow_exec_t, file;
+type windowserver_exec_t, file;
+type securityserver_exec_t, file;
+type coreservices_exec_t, file;
+type systemstarter_exec_t, file;
+type lookupd_exec_t, file;
+type directoryservice_exec_t, file;
+
role system_r types init_d;
role system_r types login_d;
role system_r types user_d;
role system_r types sysadm_d;
+role system_r types pbs_d;
+role system_r types cron_d;
+role system_r types loginwindow_d;
+role system_r types windowserver_d;
+role system_r types securityserver_d;
+role system_r types coreservices_d;
+role system_r types systemstarter_d;
+role system_r types directoryservice_d;
+role system_r types lookupd_d;
role system_r types security_t;
role system_r types unlabeled_t;
role system_r types kernel_d;
+role system_r types boot_names_t;
#role object_r types file_t;
#role object_r types bin_t;
role object_r types shell_exec_t;
@@ -45,6 +85,7 @@
role object_r types sysadm_devpts_t;
role object_r types secret_t;
role user_r types user_d;
+role user_r types user_port_t;
role user_secret_r types user_secret_d;
role sysadm_r types sysadm_d;
@@ -61,19 +102,182 @@
domain_trans(login_d,shell_exec_t,user_d);
domain_trans(login_d,shell_exec_t,user_secret_d);
domain_trans(login_d,shell_exec_t,sysadm_d);
+
+domain_trans(windowserver_d,shell_exec_t,user_d);
+domain_trans(windowserver_d,shell_exec_t,user_secret_d);
+domain_trans(windowserver_d,shell_exec_t,sysadm_d);
+
type_change user_d devpts_t:chr_file user_devpts_t;
-allow domain file:{file lnk_file sock_file} {create_file_perms execute };
-allow domain file:file execute_no_trans;
-allow domain file:dir { create_dir_perms };
-allow domain {null_device_t console_device_t memory_device_t random_device_t zero_device_t device_t}:{file chr_file} create_file_perms;
-allow domain device_t:blk_file create_file_perms;
-allow domain {devpts_t user_devpts_t sysadm_devpts_t}:chr_file create_file_perms;
-allow domain domain:process { signal sigkill setsched getsession };
-allow domain file:{dir file lnk_file sock_file} { relabelfrom relabelto };
+allow domain self:mach_port { send make_send copy_send move_recv };
+allow domain kernel_d:mach_port { send make_send copy_send };
+allow domain self:mach_task set_special_port;
+allow domain self:mach_names { look_up };
+allow domain root_t:dir { search getattr read };
+allow kernel_d domain:mach_port { send make_send copy_send };
+
+allow domain2 file:{file lnk_file sock_file} {create_file_perms execute };
+allow domain2 file:file execute_no_trans;
+allow domain2 file:dir { create_dir_perms };
+allow domain2 {null_device_t console_device_t memory_device_t random_device_t zero_device_t device_t}:{file chr_file} create_file_perms;
+allow domain2 device_t:blk_file create_file_perms;
+allow domain2 {devpts_t user_devpts_t sysadm_devpts_t}:chr_file create_file_perms;
+allow domain2 domain:process { signal sigkill setsched getsession };
+allow domain2 file:{dir file lnk_file sock_file} { relabelfrom relabelto };
+
+domain_auto_trans(init_d,windowserver_exec_t,windowserver_d);
+domain_auto_trans(systemstarter_d,windowserver_exec_t,windowserver_d);
+domain_auto_trans(init_d,loginwindow_exec_t,loginwindow_d);
+domain_auto_trans(init_d,systemstarter_exec_t,systemstarter_d);
+domain_auto_trans(systemstarter_d,securityserver_exec_t,securityserver_d);
+domain_auto_trans(systemstarter_d,coreservices_exec_t,coreservices_d);
+domain_auto_trans(systemstarter_d,cron_exec_t,cron_d);
+domain_auto_trans(systemstarter_d,lookupd_exec_t,lookupd_d);
+domain_auto_trans(loginwindow_d,pbs_exec_t,pbs_d);
allow user_secret_d secret_t:{file lnk_file} create_file_perms;
allow user_secret_d secret_t:dir { create_file_perms rw_dir_perms };
allow user_secret_d { secret_t unlabeled_t file_t }:{file dir} { relabelfrom relabelto };
allow secret_t fs:filesystem associate;
+#type_change user_d user_d:mach_port user_port_t;
+
+allow_mach_ipc(securityserver_d,coreservices_d);
+allow_mach_ipc(securityserver_d,loginwindow_d);
+allow_mach_ipc(securityserver_d,windowserver_d);
+
+allow_mach_ipc(loginwindow_d,windowserver_d);
+allow_mach_ipc(loginwindow_d,unlabeled_t);
+allow_mach_ipc(loginwindow_d,user_d);
+
+#allow init_d { unlabeled_t init_d login_d kernel_d user_d windowserver_d }:mach_port { send make_send copy_send move_recv };
+#allow kernel_d { unlabeled_t windowserver_d init_d kernel_d user_d }:mach_port { send make_send copy_send };
+#allow login_d { init_d windowserver_d unlabeled_t user_d }:mach_port { send make_send copy_send };
+#allow user_d { user_d init_d windowserver_d user_port_t unlabeled_t coreservices_d }:mach_port { send make_send copy_send };
+allow loginwindow_d { unlabeled_t windowserver_d }:mach_port { send make_send copy_send };
+#allow windowserver_d { init_d loginwindow_d coreservices_d unlabeled_t user_d securityserver_d }:mach_port { send make_send copy_send };
+#allow coreservices_d { user_d securityserver_d }:mach_port { send make_send copy_send };
+#allow securityserver_d { windowserver_d coreservices_d }:mach_port { send make_send copy_send };
+allow init_d self:mach_names { register look_up };
+allow user_d { user_d init_d }:mach_names { register look_up };
+
+allow kernel_d {user_names_t boot_names_t}:mach_port send;
+
+allow_mach_ipc(init_d,coreservices_d); #???
+mach_bootstrap(init_d,boot_names_t,boot_names_t); #???
+type_change loginwindow_d loginwindow_d:mach_names user_names_t;
+allow init_d init_d:mach_port relabelfrom;
+allow init_d boot_names_t:mach_port relabelto;
+allow init_d user_names_t:mach_port { copy_send relabelto };
+allow init_d boot_names_t:mach_names { register create_server }; #???
+mach_bootstrap(init_d,user_names_t,securityserver_d); #???
+
+allow_mach_ipc(systemstarter_d,unlabeled_t);
+allow_mach_ipc(systemstarter_d,boot_names_t);
+allow_mach_ipc(systemstarter_d,init_d);
+allow_mach_ipc(systemstarter_d,lookupd_d);
+allow_mach_ipc(systemstarter_d,coreservices_d);
+mach_bootstrap(systemstarter_d,boot_names_t,coreservices_d);
+mach_bootstrap(systemstarter_d,boot_names_t,securityserver_d);
+mach_bootstrap(systemstarter_d,boot_names_t,windowserver_d);
+mach_bootstrap(systemstarter_d,boot_names_t,boot_names_t);
+allow systemstarter_d init_d:mach_names look_up;
+allow systemstarter_d boot_names_t:mach_names { register create_server };
+
+mach_bootstrap(coreservices_d,boot_names_t,boot_names_t);
+mach_bootstrap(coreservices_d,boot_names_t,init_d);
+mach_bootstrap(coreservices_d,boot_names_t,systemstarter_d); #???
+mach_bootstrap_register(coreservices_d,boot_names_t);
+
+mach_bootstrap_register(windowserver_d,user_names_t);
+allow_mach_ipc(windowserver_d,user_d);
+mach_bootstrap(windowserver_d,user_names_t,systemstarter_d);
+mach_bootstrap(windowserver_d,user_names_t,pbs_d);
+mach_bootstrap(windowserver_d,user_names_t,coreservices_d);
+mach_bootstrap(windowserver_d,user_names_t,user_names_t);
+mach_bootstrap(windowserver_d,user_names_t,init_d);
+mach_bootstrap(windowserver_d,boot_names_t,boot_names_t);
+mach_bootstrap(windowserver_d,boot_names_t,coreservices_d);
+mach_bootstrap(windowserver_d,boot_names_t,windowserver_d);
+allow_mach_ipc(windowserver_d,systemstarter_d);
+allow_mach_ipc(windowserver_d,pbs_d);
+allow_mach_ipc(windowserver_d,lookupd_d);
+allow_mach_ipc(windowserver_d,init_d); # for wsloginui
+allow_mach_ipc(windowserver_d,coreservices_d); # for wsloginui
+mach_bootstrap_register(windowserver_d,boot_names_t);
+
+allow_mach_ipc(loginwindow_d,coreservices_d);
+allow_mach_ipc(loginwindow_d,init_d);
+allow_mach_ipc(loginwindow_d,lookupd_d);
+allow_mach_ipc(loginwindow_d,systemstarter_d);
+mach_bootstrap(loginwindow_d,user_names_t,user_names_t);
+mach_bootstrap(loginwindow_d,user_names_t,coreservices_d);
+mach_bootstrap(loginwindow_d,boot_names_t,init_d);
+mach_bootstrap(loginwindow_d,boot_names_t,boot_names_t);
+mach_bootstrap(loginwindow_d,boot_names_t,windowserver_d);
+mach_bootstrap(loginwindow_d,boot_names_t,securityserver_d);
+mach_bootstrap(loginwindow_d,user_names_t,systemstarter_d); #???
+mach_bootstrap(loginwindow_d,user_names_t,user_d); #???
+mach_bootstrap_register(loginwindow_d,user_names_t);
+mach_bootstrap_register(loginwindow_d,boot_names_t);
+allow loginwindow_d boot_names_t:mach_names makesubset;
+allow loginwindow_d user_names_t:mach_names create_server;
+
+mach_bootstrap(securityserver_d,user_names_t,user_names_t);
+mach_bootstrap(securityserver_d,user_names_t,user_d);
+mach_bootstrap_register(securityserver_d,user_names_t);
+mach_bootstrap_register(securityserver_d,boot_names_t);
+mach_bootstrap(securityserver_d,boot_names_t,init_d);
+mach_bootstrap(securityserver_d,boot_names_t,boot_names_t);
+mach_bootstrap(securityserver_d,boot_names_t,coreservices_d);
+mach_bootstrap(securityserver_d,boot_names_t,windowserver_d);
+mach_bootstrap(securityserver_d,boot_names_t,systemstarter_d); #???
+allow_mach_ipc(securityserver_d,init_d); #???
+allow_mach_ipc(securityserver_d,systemstarter_d); #???
+allow_mach_ipc(securityserver_d,lookupd_d);
+
+allow_mach_ipc(lookupd_d,coreservices_d);
+allow_mach_ipc(lookupd_d,init_d); #DirectoryService?
+allow_mach_ipc(lookupd_d,cron_d);
+mach_bootstrap(lookupd_d,boot_names_t,boot_names_t);
+allow lookupd_d boot_names_t:mach_names create_server;
+
+mach_bootstrap(cron_d,boot_names_t,init_d);
+allow_mach_ipc(cron_d,init_d);
+
+allow_mach_ipc(user_d,systemstarter_d);
+allow_mach_ipc(user_d,init_d);
+allow_mach_ipc(user_d,coreservices_d); #SystemUIServer
+mach_bootstrap(user_d,user_names_t,coreservices_d);
+mach_bootstrap(user_d,user_names_t,pbs_d);
+mach_bootstrap(user_d,user_names_t,loginwindow_d);
+mach_bootstrap(user_d,user_names_t,securityserver_d);
+mach_bootstrap(user_d,user_names_t,windowserver_d);
+mach_bootstrap(user_d,user_names_t,systemstarter_d); #???
+mach_bootstrap_register(user_d,user_names_t);
+mach_bootstrap(user_d,user_names_t,user_names_t);
+allow_mach_ipc(user_d,securityserver_d);
+allow_mach_ipc(user_d,lookupd_d);
+allow_mach_ipc(pbs_d,user_d);
+
+allow pbs_d appl_t:dir { search getattr read };
+allow pbs_d appl_t:file { read getattr };
+allow pbs_d user_d:mach_port { send copy_send };
+allow pbs_d lib_t:dir { search getattr };
+allow pbs_d lib_t:file { read getattr };
+mach_bootstrap_register(pbs_d,user_names_t);
+mach_bootstrap(pbs_d,user_names_t,coreservices_d);
+allow_mach_ipc(pbs_d,init_d);
+mach_bootstrap(pbs_d,user_names_t,init_d) #???
+allow_mach_ipc(pbs_d,lookupd_d);
+allow_mach_ipc(pbs_d,coreservices_d);
+
+allow_mach_ipc(kernel_d,unlabeled_t);
+allow_mach_ipc(cron_d,unlabeled_t);
+allow_mach_ipc(init_d,unlabeled_t);
+allow_mach_ipc(pbs_d,unlabeled_t);
+allow_mach_ipc(user_d,unlabeled_t);
+allow_mach_ipc(lookupd_d,unlabeled_t);
+allow_mach_ipc(coreservices_d,unlabeled_t);
+allow_mach_ipc(windowserver_d,unlabeled_t);
+allow_mach_ipc(securityserver_d,unlabeled_t);
==== //depot/projects/trustedbsd/sedarwin/policy/users#4 (text+ko) ====
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list