Unsteady false positive W-002 on template type
Closed this issue · 3 comments
I am getting unsteady false positive warnings for the following template:
tmux.if: 37: (W): Type $1_tmux_t is used in interface but not required (W-002)
tmux.if: 38: (W): Type $1_tmux_t is used in interface but not required (W-002)
tmux.if: 46: (W): Type $1_tmux_t is used in interface but not required (W-002)
tmux.if: 48: (W): Type $1_tmux_t is used in interface but not required (W-002)
tmux.if: 50: (W): Type $1_tmux_t is used in interface but not required (W-002)
tmux.if: 52: (W): Type $1_tmux_t is used in interface but not required (W-002)
tmux.if: 53: (W): Type $1_tmux_t is used in interface but not required (W-002)
tmux.if: 63: (W): Type $1_tmux_t is used in interface but not required (W-002)
## <summary>terminal multiplexer.</summary>
#######################################
## <summary>
## The role template for the tmux module.
## </summary>
## <param name="role_prefix">
## <summary>
## The prefix of the user role (e.g., user
## is the prefix for user_r).
## </summary>
## </param>
## <param name="user_role">
## <summary>
## The role associated with the user domain.
## </summary>
## </param>
## <param name="user_domain">
## <summary>
## The type of the user domain.
## </summary>
## </param>
#
template(`tmux_role_template',`
gen_require(`
attribute tmux_domain;
type tmux_exec_t, tmux_session_t;
type tmux_home_t;
')
########################################
#
# Declarations
#
type $1_tmux_t, tmux_domain;
userdom_user_application_domain($1_tmux_t, tmux_exec_t) # line 37
domain_interactive_fd_object($1_tmux_t)
role $2 types $1_tmux_t;
########################################
#
# Role dependent policy
#
domtrans_pattern($3, tmux_exec_t, $1_tmux_t) # line 46
admin_process_pattern($3, $1_tmux_t)
allow $1_tmux_t $3:process signal;
# read /proc/PID/cmdline
allow $1_tmux_t $3:dir search_dir_perms;
allow $1_tmux_t $3:file read_file_perms;
allow $3 tmux_session_t:dir { manage_dir_perms relabel_dir_perms };
allow $3 tmux_session_t:file { manage_file_perms relabel_file_perms };
allow $3 tmux_session_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
allow $3 tmux_home_t:dir { manage_dir_perms relabel_dir_perms };
allow $3 tmux_home_t:file { manage_file_perms relabel_file_perms };
allow $3 tmux_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
corecmd_shell_domtrans($1_tmux_t, $3)
userdom_user_home_dir_filetrans($3, tmux_home_t, file, ".tmux.conf")
')
[...]
It happened first only on a laptop (with the same os, toolchain etc.), but now also on a gitlab-ci job (https://salsa.debian.org/cgzones-guest/selinux-policy-debian/-/jobs/606046).
It is not triggered by similar templates for sshd
or su
.
I think this would occur if tmux_role_template is called from an interface elsewhere, which it looks like is the case of the linked policy. tmux_role_template is called by userdom_default_user_perms, which is listed as an interface. It looks like that was changed from a template to an interface fairly recently (12d3bb1a), which could potentially be the cause for apparently inconsistent behavior if some runs were on older versions of the policy?
I'll work on a fix for this situation. It might also make sense to add a style check for interfaces calling templates.
Ah, Thanks!
Not calling the template from an interface seems to fix the issue.
It might also make sense to add a style check for interfaces calling templates.
+1