1 |
commit: e21a1ab6acced79dae83f0c0da38fb9a97bd24bc |
2 |
Author: David Sugar <dsugar <AT> tresys <DOT> com> |
3 |
AuthorDate: Fri Dec 8 12:43:47 2017 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Dec 12 07:06:27 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e21a1ab6 |
7 |
|
8 |
Create interfaces to write to inherited xserver log files. |
9 |
|
10 |
Updated based on feedback |
11 |
|
12 |
Signed-off-by: Dave Sugar <dsugar <AT> tresys.com> |
13 |
|
14 |
policy/modules/services/xserver.if | 39 ++++++++++++++++++++++++++++++++++++++ |
15 |
1 file changed, 39 insertions(+) |
16 |
|
17 |
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if |
18 |
index f08db931..893e469f 100644 |
19 |
--- a/policy/modules/services/xserver.if |
20 |
+++ b/policy/modules/services/xserver.if |
21 |
@@ -1058,6 +1058,26 @@ interface(`xserver_xsession_spec_domtrans',` |
22 |
|
23 |
######################################## |
24 |
## <summary> |
25 |
+## Write to inherited xsession log |
26 |
+## files such as .xsession-errors. |
27 |
+## </summary> |
28 |
+## <param name="domain"> |
29 |
+## <summary> |
30 |
+## Domain allowed access. |
31 |
+## </summary> |
32 |
+## </param> |
33 |
+# |
34 |
+interface(`xserver_write_inherited_xsession_log',` |
35 |
+ gen_require(` |
36 |
+ type xsession_log_t; |
37 |
+ ') |
38 |
+ |
39 |
+ allow $1 xsession_log_t:file write_inherited_file_perms; |
40 |
+') |
41 |
+ |
42 |
+ |
43 |
+######################################## |
44 |
+## <summary> |
45 |
## Read and write xsession log |
46 |
## files such as .xsession-errors. |
47 |
## </summary> |
48 |
@@ -1096,6 +1116,25 @@ interface(`xserver_manage_xsession_log',` |
49 |
|
50 |
######################################## |
51 |
## <summary> |
52 |
+## Write to inherited X server log |
53 |
+## files like /var/log/lightdm/lightdm.log |
54 |
+## </summary> |
55 |
+## <param name="domain"> |
56 |
+## <summary> |
57 |
+## Domain allowed access. |
58 |
+## </summary> |
59 |
+## </param> |
60 |
+# |
61 |
+interface(`xserver_write_inherited_log',` |
62 |
+ gen_require(` |
63 |
+ type xserver_log_t; |
64 |
+ ') |
65 |
+ |
66 |
+ allow $1 xserver_log_t:file write_inherited_file_perms; |
67 |
+') |
68 |
+ |
69 |
+######################################## |
70 |
+## <summary> |
71 |
## Get the attributes of X server logs. |
72 |
## </summary> |
73 |
## <param name="domain"> |