PERFORCE change 107773 for review

Todd Miller millert at FreeBSD.org
Thu Oct 12 12:47:53 PDT 2006


http://perforce.freebsd.org/chv.cgi?CH=107773

Change 107773 by millert at millert_macbook on 2006/10/12 19:46:30

	Update to use init_allow_ipc()
	Updated WindowServer Policy
	Updated DirectoryService policy; now allows Mach messaging
	Add memberd_allow_ipc()
	Update to use new init_allow_ipc() rather than init_mach_ipc()
	Add configd_allow_ipc()
	Add lookupd_allow_ipc()
	Rename init_mach_ipc to init_allow_ipc
	Add notifyd_allow_ipc()
	Add loginwindow_allow_send()

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/coreaudiod.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/diskarbitrationd.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/loginwindow.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/memberd.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/notifyd.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.if#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/unconfined.te#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#2 (text+ko) ====

@@ -34,3 +34,41 @@
 allow DirectoryService_t DirectoryService_var_log_t:sock_file create_file_perms;
 allow DirectoryService_t DirectoryService_var_log_t:dir { rw_dir_perms setattr };
 logging_log_filetrans(DirectoryService_t,DirectoryService_var_log_t,{ sock_file file dir })
+
+# file descriptors and sockets
+allow DirectoryService_t self:fd use;
+allow DirectoryService_t self:socket { bind connect read write };
+allow DirectoryService_t self:tcp_socket create;
+allow DirectoryService_t self:udp_socket create;
+
+# Misc other
+allow DirectoryService_t mnt_t:dir search;
+allow DirectoryService_t nfs_t:lnk_file read;
+allow DirectoryService_t random_device_t:chr_file read;
+allow DirectoryService_t sbin_t:dir { getattr search read };
+allow DirectoryService_t port_t:tcp_socket name_connect;
+
+
+# Allow Mach IP with self
+mach_allow_message(DirectoryService_t, DirectoryService_t)
+
+# Allow communication with bootstrap server
+init_allow_bootstrap(DirectoryService_t)
+
+# Allow communication with notification server
+notifyd_allow_ipc(DirectoryService_t)
+
+# Allow sending to loginwindow
+loginwindow_allow_send(DirectoryService_t)
+
+# Allow communicaion with configd
+configd_allow_ipc(DirectoryService_t)
+
+# Allow communication with launchd
+init_allow_ipc(DirectoryService_t)
+
+# Allow communication with memberd
+memberd_allow_ipc(DirectoryService_t)
+
+# Allow communication with securityd
+securityd_allow_ipc(DirectoryService_t)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.if#2 (text+ko) ====

@@ -54,3 +54,19 @@
         allow $1 WindowServer_t:fifo_file rw_file_perms;
         allow $1 WindowServer_t:process sigchld;
 ')
+
+########################################
+## <summary>
+##     Allow Mach IP with WindowServer
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Type to be used as a domain.
+##      </summary>
+## </param>
+#
+interface(`WindowServer_allow_ipc',`
+
+        # Allow bidirectional comminication with WindowServer
+        mach_allow_ipc(WindowServer_t, $1)
+')

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.te#2 (text+ko) ====

@@ -24,3 +24,33 @@
 ## internal communication is often done using fifo and unix sockets.
 allow WindowServer_t self:fifo_file { read write };
 allow WindowServer_t self:unix_stream_socket create_stream_socket_perms;
+
+# Allow WindowServer to re-exec itself
+allow WindowServer_t WindowServer_exec_t:file execute_no_trans;
+
+# Allow WindowServer to talk to itself
+mach_allow_message(WindowServer_t, WindowServer_t)
+
+# FDs and sockets and consoles oh my!
+allow WindowServer_t self:fd use;
+allow WindowServer_t self:udp_socket create;
+allow WindowServer_t console_device_t:chr_file setattr;
+
+# Allow WindowServer to talk to launchd
+init_allow_ipc(WindowServer_t)
+init_allow_bootstrap(WindowServer_t)
+
+# Allow WindowServer to talk to notifyd
+notifyd_allow_ipc(WindowServer_t)
+
+# Allow WindowServer to talk to securityd
+securityd_allow_ipc(WindowServer_t)
+
+# Allow shared memory access
+allow WindowServer_t init_t:shm { read write };
+
+# Misc
+allow WindowServer_t nfs_t:filesystem getattr;
+allow WindowServer_t nfs_t:lnk_file read;
+allow WindowServer_t mnt_t:dir search;
+

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.if#3 (text+ko) ====

@@ -65,7 +65,7 @@
 ##      </summary>
 ## </param>
 #
-interface(`configd_mach_ipc',`
+interface(`configd_allow_ipc',`
 	#gen_require(`
 		#class mach_port all_mach_port_perms;
 	#)'

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#3 (text+ko) ====

@@ -9,6 +9,8 @@
 type configd_exec_t;
 domain_type(configd_t)
 init_domain(configd_t, configd_exec_t)
+# Allow Mach IP w/ init_t (launchd)
+init_allow_ipc(configd_t)
 
 # pid files
 type configd_var_run_t;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/coreaudiod.te#3 (text+ko) ====

@@ -9,7 +9,7 @@
 type coreaudiod_exec_t;
 domain_type(coreaudiod_t)
 init_domain(coreaudiod_t, coreaudiod_exec_t)
-init_mach_ipc(coreaudiod_t)
+init_allow_ipc(coreaudiod_t)
 
 ########################################
 #

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/diskarbitrationd.te#3 (text+ko) ====

@@ -35,6 +35,8 @@
 allow diskarbitrationd_t diskarbitrationd_var_run_t:dir rw_dir_perms;
 files_pid_filetrans(diskarbitrationd_t,diskarbitrationd_var_run_t, { file sock_file })
 
+# Allow Mach IPC with self
+mach_allow_message(diskarbitrationd_t, diskarbitrationd_t)
+
 # Allow Mach IPC with configd
-configd_mach_ipc(diskarbitrationd_t)
-
+configd_allow_ipc(diskarbitrationd_t)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/loginwindow.if#2 (text+ko) ====

@@ -20,3 +20,19 @@
 	allow loginwindow_t:$1:fifo_file rw_file_perms;
 	allow loginwindow_t $1:process sigchld;
 ')
+
+########################################
+## <summary>
+##      Allow sending of mach messages to loginwindow
+## </summary>
+## <param name="domain">
+##      Domain allowed to send.
+## </param>
+#
+interface(`loginwindow_allow_send',`
+
+	# Note. I believe that this is too permissive. Specified domain
+	# Needs only to use the hold_send_once move_send_once send rights.
+	mach_allow_message($1, loginwindow_t)
+
+')

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.if#2 (text+ko) ====

@@ -20,3 +20,22 @@
 	allow lookupd_t:$1:fifo_file rw_file_perms;
 	allow lookupd_t $1:process sigchld;
 ')
+
+########################################
+## <summary>
+##     Allow Mach IP with lookupd
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Type to be used as a domain.
+##      </summary>
+## </param>
+#
+interface(`lookupd_allow_ipc',`
+        #gen_require(`
+                #class mach_port all_mach_port_perms;
+        #)'
+
+        # Allow bidirectional comminication with lookupd
+        mach_allow_ipc(lookupd_t, $1)
+')

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/memberd.if#2 (text+ko) ====

@@ -20,3 +20,19 @@
 	allow memberd_t:$1:fifo_file rw_file_perms;
 	allow memberd_t $1:process sigchld;
 ')
+
+########################################
+## <summary>
+##     Allow Mach IP with memberd
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Type to be used as a domain.
+##      </summary>
+## </param>
+#
+interface(`memberd_allow_ipc',`
+
+        # Allow bidirectional comminication with memberd
+        mach_allow_ipc(memberd_t, $1)
+')

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/notifyd.if#2 (text+ko) ====

@@ -20,3 +20,21 @@
 	allow notifyd_t:$1:fifo_file rw_file_perms;
 	allow notifyd_t $1:process sigchld;
 ')
+
+########################################
+## <summary>
+##    Allow conversation with the system notification server (notifyd)
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Type to be used as a domain.
+##      </summary>
+## </param>
+#
+interface(`notifyd_allow_ipc',`
+
+        # Allow communication with notification server
+	allow $1 init_t:mi_notify_ipc { notify_server_cancel notify_server_get_state notify_server_monitor_file notify_server_register_check notify_server_register_plain };
+
+')
+

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.if#2 (text+ko) ====

@@ -20,3 +20,19 @@
 	allow securityd_t:$1:fifo_file rw_file_perms;
 	allow securityd_t $1:process sigchld;
 ')
+
+########################################
+## <summary>
+##     Allow Mach IP with securityd
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Type to be used as a domain.
+##      </summary>
+## </param>
+#
+interface(`securityd_allow_ipc',`
+
+        # Allow bidirectional comminication with securityd
+        mach_allow_ipc(securityd_t, $1)
+')

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.if#4 (text+ko) ====

@@ -1105,8 +1105,24 @@
 ##      </summary>
 ## </param>
 #
-interface(`init_mach_ipc',`
+interface(`init_allow_ipc',`
 
-        # Allow bidirectional comminication with configd
+        # Allow bidirectional comminication with launchd
         mach_allow_ipc(init_t, $1)
 ')
+
+########################################
+## <summary>
+##    Allow conversation with the bootstrap namespace server (launchd)
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Type to be used as a domain.o##      </summary>
+## </param>
+#
+interface(`init_allow_bootstrap',`
+
+	# Allow communication with bootstrap server
+	allow $1 init_t:mi_bootstrap { bootstrap_check_in bootstrap_status bootstrap_unprivileged };
+
+')

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/unconfined.te#3 (text+ko) ====

@@ -14,6 +14,12 @@
 type unconfined_exec_t;
 init_system_domain(unconfined_t,unconfined_exec_t)
 
+# Allow Mach IPC w/ lookupd
+lookupd_allow_ipc(unconfined_t)
+
+# Allow Mach IPC w/ WindowServer
+WindowServer_allow_ipc(unconfined_t)
+
 ifdef(`targeted_policy',`
 	type unconfined_execmem_t;
 	type unconfined_execmem_exec_t;


More information about the trustedbsd-cvs mailing list