Gentoo Archives: gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Tue, 30 Oct 2012 18:38:37
Message-Id:	`1351621997.7e6b051d2a11b10ebaac74a40fdb03346d3d11c7.SwifT@gentoo`

1	commit: 7e6b051d2a11b10ebaac74a40fdb03346d3d11c7
2	Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3	AuthorDate: Tue Oct 30 11:26:15 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Tue Oct 30 18:33:17 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=7e6b051d
7
8	Changes to the usbmuxd policy module
9
10	Role attribute
11	Module clean up
12
13	Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
14
15	---
16	policy/modules/contrib/usbmuxd.fc \| 2 +-
17	policy/modules/contrib/usbmuxd.if \| 7 ++++---
18	policy/modules/contrib/usbmuxd.te \| 15 ++++++++-------
19	3 files changed, 13 insertions(+), 11 deletions(-)
20
21	diff --git a/policy/modules/contrib/usbmuxd.fc b/policy/modules/contrib/usbmuxd.fc
22	index 40b8b8d..220f6ad 100644
23	--- a/policy/modules/contrib/usbmuxd.fc
24	+++ b/policy/modules/contrib/usbmuxd.fc
25	@@ -1,3 +1,3 @@
26	/usr/sbin/usbmuxd -- gen_context(system_u:object_r:usbmuxd_exec_t,s0)
27
28	-/var/run/usbmuxd.* gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
29	+/var/run/usbmuxd.* gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
30
31	diff --git a/policy/modules/contrib/usbmuxd.if b/policy/modules/contrib/usbmuxd.if
32	index 53792d3..1ec5e99 100644
33	--- a/policy/modules/contrib/usbmuxd.if
34	+++ b/policy/modules/contrib/usbmuxd.if
35	@@ -1,4 +1,4 @@
36	-## <summary>USB multiplexing daemon for communicating with Apple iPod Touch and iPhone</summary>
37	+## <summary>USB multiplexing daemon for communicating with Apple iPod Touch and iPhone.</summary>
38
39	########################################
40	## <summary>
41	@@ -15,13 +15,14 @@ interface(`usbmuxd_domtrans',`
42	type usbmuxd_t, usbmuxd_exec_t;
43	')
44
45	+ corecmd_search_bin($1)
46	domtrans_pattern($1, usbmuxd_exec_t, usbmuxd_t)
47	')
48
49	#####################################
50	## <summary>
51	-## Connect to usbmuxd over a unix domain
52	-## stream socket.
53	+## Connect to usbmuxd with a unix
54	+## domain stream socket.
55	## </summary>
56	## <param name="domain">
57	## <summary>
58
59	diff --git a/policy/modules/contrib/usbmuxd.te b/policy/modules/contrib/usbmuxd.te
60	index 4440aa6..8840be6 100644
61	--- a/policy/modules/contrib/usbmuxd.te
62	+++ b/policy/modules/contrib/usbmuxd.te
63	@@ -1,25 +1,28 @@
64	-policy_module(usbmuxd, 1.1.0)
65	+policy_module(usbmuxd, 1.1.1)
66
67	########################################
68	#
69	# Declarations
70	#
71
72	+attribute_role usbmuxd_roles;
73	+roleattribute system_r usbmuxd_roles;
74	+
75	type usbmuxd_t;
76	type usbmuxd_exec_t;
77	application_domain(usbmuxd_t, usbmuxd_exec_t)
78	-role system_r types usbmuxd_t;
79	+role usbmuxd_roles types usbmuxd_t;
80
81	type usbmuxd_var_run_t;
82	files_pid_file(usbmuxd_var_run_t)
83
84	########################################
85	#
86	-# usbmuxd local policy
87	+# Local policy
88	#
89
90	allow usbmuxd_t self:capability { kill setgid setuid };
91	-allow usbmuxd_t self:process { fork signal signull };
92	+allow usbmuxd_t self:process { signal signull };
93	allow usbmuxd_t self:fifo_file rw_fifo_file_perms;
94
95	manage_dirs_pattern(usbmuxd_t, usbmuxd_var_run_t, usbmuxd_var_run_t)
96	@@ -33,10 +36,8 @@ kernel_read_system_state(usbmuxd_t)
97	dev_read_sysfs(usbmuxd_t)
98	dev_rw_generic_usb_dev(usbmuxd_t)
99
100	-files_read_etc_files(usbmuxd_t)
101	+auth_use_nsswitch(usbmuxd_t)
102
103	miscfiles_read_localization(usbmuxd_t)
104
105	-auth_use_nsswitch(usbmuxd_t)
106	-
107	logging_send_syslog_msg(usbmuxd_t)

Report Message

Find on MARC Find on Google Groups