1 |
commit: 6b6e5683fbbb08f25a5321e3f247ee50dcd9f349 |
2 |
Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com> |
3 |
AuthorDate: Mon Apr 28 14:00:36 2014 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Apr 30 17:12:58 2014 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=6b6e5683 |
7 |
|
8 |
Add file for placing default_* statements. |
9 |
|
10 |
--- |
11 |
Makefile | 1 + |
12 |
Rules.modular | 2 +- |
13 |
Rules.monolithic | 2 +- |
14 |
policy/context_defaults | 11 +++++++++++ |
15 |
4 files changed, 14 insertions(+), 2 deletions(-) |
16 |
|
17 |
diff --git a/Makefile b/Makefile |
18 |
index c1c6b2e..7e5bf4b 100644 |
19 |
--- a/Makefile |
20 |
+++ b/Makefile |
21 |
@@ -136,6 +136,7 @@ globaltun = $(poldir)/global_tunables |
22 |
globalbool = $(poldir)/global_booleans |
23 |
user_files := $(poldir)/users |
24 |
policycaps := $(poldir)/policy_capabilities |
25 |
+ctx_defaults := $(poldir)/context_defaults |
26 |
|
27 |
# local config file paths |
28 |
ifndef LOCAL_ROOT |
29 |
|
30 |
diff --git a/Rules.modular b/Rules.modular |
31 |
index 2c5f5ff..b2d2ac4 100644 |
32 |
--- a/Rules.modular |
33 |
+++ b/Rules.modular |
34 |
@@ -15,7 +15,7 @@ users_extra := $(tmpdir)/users_extra |
35 |
|
36 |
base_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf |
37 |
|
38 |
-base_pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps) |
39 |
+base_pre_te_files := $(secclass) $(isids) $(avs) $(ctx_defaults) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps) |
40 |
base_te_files := $(base_mods) |
41 |
base_post_te_files := $(user_files) $(poldir)/constraints |
42 |
base_fc_files := $(base_mods:.te=.fc) |
43 |
|
44 |
diff --git a/Rules.monolithic b/Rules.monolithic |
45 |
index b635952..b8d180e 100644 |
46 |
--- a/Rules.monolithic |
47 |
+++ b/Rules.monolithic |
48 |
@@ -32,7 +32,7 @@ all_interfaces := $(all_modules:.te=.if) $(off_mods:.te=.if) |
49 |
all_te_files := $(all_modules) |
50 |
all_fc_files := $(all_modules:.te=.fc) |
51 |
|
52 |
-pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps) |
53 |
+pre_te_files := $(secclass) $(isids) $(avs) $(ctx_defaults) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps) |
54 |
post_te_files := $(user_files) $(poldir)/constraints |
55 |
|
56 |
policy_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf |
57 |
|
58 |
diff --git a/policy/context_defaults b/policy/context_defaults |
59 |
new file mode 100644 |
60 |
index 0000000..aee96cd |
61 |
--- /dev/null |
62 |
+++ b/policy/context_defaults |
63 |
@@ -0,0 +1,11 @@ |
64 |
+# Override default policy behaviors when creating new contexts. |
65 |
+# |
66 |
+# Behavior for each of the four components of the context can |
67 |
+# be specified, for each object class. |
68 |
+# |
69 |
+# Examples: |
70 |
+# |
71 |
+#default_role process user; |
72 |
+#default_role process source; |
73 |
+#default_type process source; |
74 |
+#default_range process source low; |