Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/gpg.if
blob: a47ce572690c134383eb8362c970e4bed1f0a6a0 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

## <summary>Policy for GNU Privacy Guard and related programs.</summary>

############################################################
## <summary>
##	Role access for gpg
## </summary>
## <param name="role">
##	<summary>
##	Role allowed access
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role
##	</summary>
## </param>
#
interface(`gpg_role',`
	gen_require(`
		type gpg_t, gpg_exec_t;
		type gpg_agent_t, gpg_agent_exec_t;
		type gpg_agent_tmp_t;
		type gpg_helper_t, gpg_pinentry_t;
		type gpg_pinentry_tmp_t;
	')

	role $1 types { gpg_t gpg_agent_t gpg_helper_t gpg_pinentry_t };

	# transition from the userdomain to the derived domain
	domtrans_pattern($2, gpg_exec_t, gpg_t)

	# allow ps to show gpg
	ps_process_pattern($2, gpg_t)
	allow $2 gpg_t:process { signull sigstop signal sigkill };

	# communicate with the user
	allow gpg_helper_t $2:fd use;
	allow gpg_helper_t $2:fifo_file write;

	# allow ps to show gpg-agent
	ps_process_pattern($2, gpg_agent_t)

	# Allow the user shell to signal the gpg-agent program.
	allow $2 gpg_agent_t:process { signal sigkill };

	manage_dirs_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
	manage_files_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
	manage_sock_files_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t)
	files_tmp_filetrans(gpg_agent_t, gpg_agent_tmp_t, { file sock_file dir })

	# Transition from the user domain to the agent domain.
	domtrans_pattern($2, gpg_agent_exec_t, gpg_agent_t)

	manage_sock_files_pattern($2, gpg_pinentry_tmp_t, gpg_pinentry_tmp_t)
	relabel_sock_files_pattern($2, gpg_pinentry_tmp_t, gpg_pinentry_tmp_t)

	optional_policy(`
		gpg_pinentry_dbus_chat($2)
	')

	ifdef(`hide_broken_symptoms',`
		#Leaked File Descriptors
		dontaudit gpg_t $2:socket_class_set { getattr read write };
		dontaudit gpg_t $2:fifo_file rw_fifo_file_perms;
		dontaudit gpg_agent_t $2:socket_class_set { getattr read write };
		dontaudit gpg_agent_t $2:fifo_file rw_fifo_file_perms;
	')
')

########################################
## <summary>
##	Transition to a user gpg domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`gpg_domtrans',`
	gen_require(`
		type gpg_t, gpg_exec_t;
	')

	domtrans_pattern($1, gpg_exec_t, gpg_t)
')

########################################
## <summary>
##	Execute the gpg application without transitioning
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to execute gpg
##	</summary>
## </param>
#
interface(`gpg_exec',`
	gen_require(`
		type gpg_exec_t;
	')

	can_exec($1, gpg_exec_t)
')

######################################
## <summary>
##	Execute gpg in the gpg web domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`gpg_domtrans_web',`
	gen_require(`
		type gpg_web_t, gpg_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, gpg_exec_t, gpg_web_t)
')

########################################
## <summary>
##	Send generic signals to user gpg processes.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`gpg_signal',`
	gen_require(`
		type gpg_t;
	')

	allow $1 gpg_t:process signal;
')

########################################
## <summary>
##	Read and write GPG agent pipes.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`gpg_rw_agent_pipes',`
	# Just wants read/write could this be a leak?
	gen_require(`
		type gpg_agent_t;
	')

	allow $1 gpg_agent_t:fifo_file rw_fifo_file_perms;
')

########################################
## <summary>
##	Send messages to and from GPG
##	Pinentry over DBUS.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`gpg_pinentry_dbus_chat',`
	gen_require(`
		type gpg_pinentry_t;
		class dbus send_msg;
	')

	allow $1 gpg_pinentry_t:dbus send_msg;
	allow gpg_pinentry_t $1:dbus send_msg;
')

########################################
## <summary>
##	List Gnu Privacy Guard user secrets.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`gpg_list_user_secrets',`
	gen_require(`
		type gpg_secret_t;
	')

	list_dirs_pattern($1, gpg_secret_t, gpg_secret_t)
	userdom_search_user_home_dirs($1)
')