## Policy for GNU Privacy Guard and related programs. ############################################################ ## ## Role access for gpg ## ## ## ## Role allowed access ## ## ## ## ## User domain for the role ## ## # interface(`gpg_role',` gen_require(` attribute_role gpg_roles, gpg_agent_roles, gpg_helper_roles, gpg_pinentry_roles; type gpg_t, gpg_exec_t; type gpg_agent_t, gpg_agent_exec_t; type gpg_agent_tmp_t; type gpg_helper_t, gpg_pinentry_t; type gpg_pinentry_tmp_t; ') roleattribute $1 gpg_roles; roleattribute $1 gpg_agent_roles; roleattribute $1 gpg_helper_roles; roleattribute $1 gpg_pinentry_roles; # transition from the userdomain to the derived domain domtrans_pattern($2, gpg_exec_t, gpg_t) # allow ps to show gpg ps_process_pattern($2, gpg_t) allow $2 gpg_t:process { signull sigstop signal sigkill }; # communicate with the user allow gpg_helper_t $2:fd use; allow gpg_helper_t $2:fifo_file write; # allow ps to show gpg-agent ps_process_pattern($2, gpg_agent_t) # Allow the user shell to signal the gpg-agent program. allow $2 gpg_agent_t:process { signal sigkill }; manage_dirs_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t) manage_files_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t) manage_sock_files_pattern($2, gpg_agent_tmp_t, gpg_agent_tmp_t) files_tmp_filetrans(gpg_agent_t, gpg_agent_tmp_t, { file sock_file dir }) # Transition from the user domain to the agent domain. domtrans_pattern($2, gpg_agent_exec_t, gpg_agent_t) manage_sock_files_pattern($2, gpg_pinentry_tmp_t, gpg_pinentry_tmp_t) relabel_sock_files_pattern($2, gpg_pinentry_tmp_t, gpg_pinentry_tmp_t) allow gpg_pinentry_t $2:fifo_file { read write }; optional_policy(` gpg_pinentry_dbus_chat($2) ') allow $2 gpg_agent_t:unix_stream_socket { rw_socket_perms connectto }; ifdef(`hide_broken_symptoms',` #Leaked File Descriptors dontaudit gpg_t $2:fifo_file rw_fifo_file_perms; dontaudit gpg_agent_t $2:fifo_file rw_fifo_file_perms; ') ') ######################################## ## ## Transition to a user gpg domain. ## ## ## ## Domain allowed to transition. ## ## # interface(`gpg_domtrans',` gen_require(` type gpg_t, gpg_exec_t; ') domtrans_pattern($1, gpg_exec_t, gpg_t) ') ###################################### ## ## Execute gpg in the caller domain. ## ## ## ## Domain allowed access. ## ## # interface(`gpg_exec',` gen_require(` type gpg_exec_t; ') corecmd_search_bin($1) can_exec($1, gpg_exec_t) ') ###################################### ## ## Transition to a gpg web domain. ## ## ## ## Domain allowed access. ## ## # interface(`gpg_domtrans_web',` gen_require(` type gpg_web_t, gpg_exec_t; ') domtrans_pattern($1, gpg_exec_t, gpg_web_t) ') ###################################### ## ## Make gpg an entrypoint for ## the specified domain. ## ## ## ## The domain for which cifs_t is an entrypoint. ## ## # interface(`gpg_entry_type',` gen_require(` type gpg_exec_t; ') domain_entry_file($1, gpg_exec_t) ') ######################################## ## ## Send generic signals to user gpg processes. ## ## ## ## Domain allowed access. ## ## # interface(`gpg_signal',` gen_require(` type gpg_t; ') allow $1 gpg_t:process signal; ') ######################################## ## ## Read and write GPG agent pipes. ## ## ## ## Domain allowed access. ## ## # interface(`gpg_rw_agent_pipes',` # Just wants read/write could this be a leak? gen_require(` type gpg_agent_t; ') allow $1 gpg_agent_t:fifo_file rw_fifo_file_perms; ') ######################################## ## ## Send messages to and from GPG ## Pinentry over DBUS. ## ## ## ## Domain allowed access. ## ## # interface(`gpg_pinentry_dbus_chat',` gen_require(` type gpg_pinentry_t; class dbus send_msg; ') allow $1 gpg_pinentry_t:dbus send_msg; allow gpg_pinentry_t $1:dbus send_msg; ') ######################################## ## ## List Gnu Privacy Guard user secrets. ## ## ## ## Domain allowed access. ## ## # interface(`gpg_list_user_secrets',` gen_require(` type gpg_secret_t; ') list_dirs_pattern($1, gpg_secret_t, gpg_secret_t) userdom_search_user_home_dirs($1) ') ########################### ## ## Allow to manage gpg named home content ## ## ## ## Domain allowed access. ## ## # interface(`gpg_manage_home_content',` gen_require(` type gpg_secret_t; ') manage_files_pattern($1, gpg_secret_t, gpg_secret_t) manage_dirs_pattern($1, gpg_secret_t, gpg_secret_t) userdom_user_home_dir_filetrans($1, gpg_secret_t, dir, ".gnupg") ') ########################### ## ## Allow to manage gpg named admin home content ## ## ## ## Domain allowed access. ## ## # interface(`gpg_manage_admin_home_content',` gen_require(` type gpg_secret_t; ') manage_files_pattern($1, gpg_secret_t, gpg_secret_t) manage_dirs_pattern($1, gpg_secret_t, gpg_secret_t) userdom_admin_home_dir_filetrans($1, gpg_secret_t, dir, ".gnupg") ') ######################################## ## ## Transition to gpg named home content ## ## ## ## Domain allowed access. ## ## # interface(`gpg_filetrans_home_content',` gen_require(` type gpg_secret_t; ') userdom_user_home_dir_filetrans($1, gpg_secret_t, dir, ".gnupg") ') ######################################## ## ## Transition to gpg named admin home content ## ## ## ## Domain allowed access. ## ## # interface(`gpg_filetrans_admin_home_content',` gen_require(` type gpg_secret_t; ') userdom_admin_home_dir_filetrans($1, gpg_secret_t, dir, ".gnupg") ') ######################################## ## ## Connected to gpg_agent_t unix stream socket. ## ## ## ## Domain allowed access. ## ## # interface(`gpg_agent_stream_connect',` gen_require(` type gpg_agent_t; ') allow $1 gpg_agent_t:unix_stream_socket connectto; ') ######################################## ## ## Connected to gpg_agent_t unix stream socket. ## ## ## ## Domain allowed access. ## ## # interface(`gpg_noatsecure',` gen_require(` type gpg_t; ') allow $1 gpg_t:process { noatsecure rlimitinh siginh }; ')