SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 2

/ Pham Thanh Tuyen

File myapp.if

myapp.if has three interfaces:

  • myapp_domtrans is used to transition domain.
  • myapp_run is used to transition domain and assign role.
  • myapp_read_log is used to read the log files.

The content of the file myapp.if is as follows:

## <summary>Myapp example policy</summary>
## <desc>
##	<p>
##		More descriptive text about myapp.  The desc
##		tag can also use p, ul, and ol
##		html tags for formatting.
##	</p>
##	<p>
##		This policy supports the following myapp features:
##		<ul>
##		<li>Feature A</li>
##		<li>Feature B</li>
##		<li>Feature C</li>
##		</ul>
##	</p>
## </desc>

########################################
## <summary>
##	Execute a domain transition to run myapp.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`myapp_domtrans',`
	gen_require(`
		type myapp_t, myapp_exec_t;
	')
    
	domtrans_pattern($1,myapp_exec_t,myapp_t)
')

########################################
## <summary>
##Execute myapp in the myapp domain, and
##allow the specified role the myapp domain.
## </summary>
## <param name="domain">
##<summary>
##Domain allowed to transition.
##</summary>
## </param>
## <param name="role">
##<summary>
##Role allowed access.
##</summary>
## </param>
#
interface(`myapp_run',`
        gen_require(`
            attribute_role myapp_roles;
        ')

        myapp_domtrans($1)
        roleattribute $2 myapp_roles;

')

########################################
## <summary>
##	Read myapp log files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to read the log files.
##	</summary>
## </param>
#
interface(`myapp_read_log',`
	gen_require(`
		type myapp_log_t;
	')

	logging_search_logs($1)
	allow $1 myapp_log_t:file read_file_perms;
')

Explanations:

domtrans_pattern($1,myapp_exec_t,myapp_t)

Transition the domain indicated by the first argument to the domain myapp_t when the binary of type myapp_exec_t is executed.

myapp_domtrans($1)
roleattribute $2 myapp_roles;

Call the interface myapp_domtrans to transition domain with the first argument in the call to the interface myapp_run. Add the role indicated in the second argument to the myapp_roles group. This role serves to compute security contexts during transitioning to ensure that it is available in the new security context.

logging_search_logs($1)
allow $1 myapp_log_t:file read_file_perms;

Allow the domain indicated in the first argument to search for /var, /var/log directories, and read the log files of type myapp_log_t such as /var/log/myapplog.

Bình luận về bài viết này