Bug 145051 - Mplayer can't read the rtc
Mplayer can't read the rtc
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2005-01-13 17:37 EST by Ivan Gyurdiev
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-01-20 13:45:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Mplayer Macros (822 bytes, text/plain)
2005-01-19 10:37 EST, Ivan Gyurdiev
no flags Details

  None (edit)
Description Ivan Gyurdiev 2005-01-13 17:37:28 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041228 Firefox/1.0 Fedora/1.0-8

Description of problem:
audit(1105655616.170:0): avc:  denied  { read } for  pid=4605
exe=/usr/bin/mplayer name=rtc dev=tmpfs ino=571
tcontext=system_u:object_r:clock_device_t tclass=chr_file

audit(1105655616.170:0): avc:  denied  { ioctl } for  pid=4605
exe=/usr/bin/mplayer path=/dev/rtc dev=tmpfs ino=571
tcontext=system_u:object_r:clock_device_t tclass=chr_file

Version-Release number of selected component (if applicable):

How reproducible:
Didn't try

Steps to Reproduce:


Additional info:
Comment 1 Daniel Walsh 2005-01-18 17:12:49 EST
Looks like we might need policy for mplayer.  You want to take a stab?

Comment 2 Ivan Gyurdiev 2005-01-19 10:37:05 EST
Created attachment 109968 [details]
Mplayer Macros
Comment 3 Ivan Gyurdiev 2005-01-19 10:39:37 EST
Well, sure...but I don't really know what I'm doing.
I'm pretty good at copying other policies though.

How's this for a start?

I need to add something to allow it to read content.
It also prints a storm of denials when browsing the fs with
gmplayer. It gives gtk usr_t denials because it's doing something
with bluecurve theme files, and there's more networking to take
care of.

By the way,

1) There's a macro xclient in attrib.te.
   Shouldn't x_client_domain be using it?

2) types.fc has a match for /usr/inclu.e which looks like
   a typo
Comment 4 Ivan Gyurdiev 2005-01-19 10:41:31 EST
The other stuff with the macros:

# mplayer
/usr/bin/mplayer        --      system_u:object_r:mplayer_exec_t
/usr/share/mplayer(/.*)?        system_u:object_r:mplayer_data_t
HOME_DIR/\.mplayer(/.*)?        system_u:object_r:ROLE_mplayer_rw_t

#DESC mplayer - media player
# Author: Ivan Gyurdiev <ivg2@cornell.edu>

# Type for the mplayer executable.
type mplayer_exec_t, file_type, exec_type, sysadmfile;
type mplayer_data_t, file_type, sysadmfile;

# Everything else is in the mplayer_domain macro in
# macros/program/mplayer_macros.te.
--- base_user_macros.te.old     2005-01-19 05:48:54.000000000 -0700
+++ base_user_macros.te 2005-01-19 05:49:56.000000000 -0700
@@ -189,6 +189,7 @@
 ifdef(`using_spamassassin', `spamassassin_domain($1)')
 ifdef(`uml.te', `uml_domain($1)')
 ifdef(`cdrecord.te', `cdrecord_domain($1)')
+ifdef(`mplayer.te', `mplayer_domain($1)')

 # Instantiate a derived domain for user cron jobs.
 ifdef(`crond.te', `crond_domain($1)')
Comment 5 Ivan Gyurdiev 2005-01-20 00:24:38 EST
Allright I have a question. I added the ability to read 
home directory contents to the mplayer policy (version 0.00002).
I am now looking at gmplayer's ability to browse
around the filesystem, and that brings me back to 
the original issue I had with the strict policy last year.
I asked why not fallback to unix permissions for file browsers.
Stephen Smalley didn't like what I was saying, and I gave up 
on arguing. However, today I am still looking at a storm of denials
when using nautilus to browse the filesystem (its primary purpose).
That leads me to conclude that the problem has not been resolved.

I ask again, is the following can_browse core macro acceptable?
It prevents audit of directory { read search } and { getattr }
for all files and directories. This makes it fall back
to unix permissions for those operations. It would
be used in things like mplayer, nautilus, mozilla, any application
that uses the gnome file open/save dialogs maybe?

Such domains can still perform selinux auditing on more
important things like file:{ read } or { create write execute }.


--- core_macros.te      2005-01-19 21:56:21.000000000 -0700
+++ core_macros.te.new  2005-01-19 21:55:48.000000000 -0700
@@ -696,3 +696,18 @@
 allow $1 autofs_t:dir { search getattr };
 ')dnl end general_domain_access
+# can_browse(domain)
+# Allow arbitrary file browsing
+# essentially falling back to standard unix permissons
+# for the given type. This only prevents auditing of
+# { read search } for dirs, and { getattr } for all files
+# and directories
+dontaudit $1 file_type:dir_file_class_set { getattr };
+dontaudit $1 file_type:dir { read search };


# Macros for mplayer
# Author: Ivan Gyurdiev <ivg2@cornell.edu>
# mplayer_domain(domain_prefix)


# Derive from X client domain
x_client_domain($1, `mplayer', `, nscd_client_domain')

# Home directory stuff
if (use_nfs_home_dirs) {
create_dir_file($1_mplayer_t, nfs_t)
if (use_samba_home_dirs) {
create_dir_file($1_mplayer_t, cifs_t)
ifdef(`automount.te', `
allow $1_mplayer_t autofs_t:dir { search getattr };
') dnl end if automount

# Read home directory content
allow $1_mplayer_t $1_home_t:dir { getattr read search };
allow $1_mplayer_t $1_home_t:file { getattr read };

# Allow file browsing

# Audio
allow $1_mplayer_t sound_device_t:chr_file rw_file_perms;

# RTC clock 
allow $1_mplayer_t clock_device_t:chr_file { ioctl read };

# Mplayer data - fonts, themes, etc..
r_dir_file($1_mplayer_t, mplayer_data_t)

# Read /proc/meminfo
allow $1_mplayer_t proc_t:file { read getattr };

# allow ps to show mplayer
#can_ps($1_t, $1_mplayer_t)

') dnl end if mplayer_domain

Comment 6 Ivan Gyurdiev 2005-01-20 01:22:24 EST
Blah... okay I realize now that giving arbitrary { read search }
permissions on dirs to mplayer does not make sense. It may or may
not make sense for nautilus, where the user might be interested
in editing config files, for example. 

Since this can_browse macro is no longer is useful 
I'm getting rid of it. I've replaced it with
*:dir_file_class_set { getattr} permission for mplayer alone,
which seems like the right thing to do at the moment.

Also added ability to read global config, and contexts 
for /etc/mplayer.
Comment 7 Ivan Gyurdiev 2005-01-20 13:45:10 EST
Closing bug - bugzilla is not the right place to post 
new policies, and this bug contains too much incorrect
information. I'll send you example policy via regular email.

Note You need to log in before you can comment on or make changes to this bug.