Gentoo Archives: gentoo-commits

From: Jason Zaman <gentoo@×××××××××.com>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/contrib/
Date: Sun, 31 Aug 2014 20:51:46
Message-Id: 1409518197.8965c4d3d3a84629546c3c36e9841cd2f80e2b09.perfinion@gentoo
1 commit: 8965c4d3d3a84629546c3c36e9841cd2f80e2b09
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Mon Aug 18 09:51:22 2014 +0000
4 Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
5 CommitDate: Sun Aug 31 20:49:57 2014 +0000
6 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=8965c4d3
7
8 Add java_domain_type interface
9
10 This interface will enable another domain to use Java without
11 having to domtrans to java_t
12
13 ---
14 policy/modules/contrib/java.if | 34 ++++++++++++++++++++++++++++++++++
15 policy/modules/contrib/java.te | 3 +++
16 2 files changed, 37 insertions(+)
17
18 diff --git a/policy/modules/contrib/java.if b/policy/modules/contrib/java.if
19 index acf6a63..f4b9444 100644
20 --- a/policy/modules/contrib/java.if
21 +++ b/policy/modules/contrib/java.if
22 @@ -327,3 +327,37 @@ template(`java_noatsecure_domtrans',`
23
24 java_domtrans($1)
25 ')
26 +
27 +#######################################
28 +## <summary>
29 +## The template for using java in a domain.
30 +## </summary>
31 +## <desc>
32 +## <p>
33 +## This template creates a derived domains which are used
34 +## for java applications.
35 +## </p>
36 +## </desc>
37 +## <param name="domain">
38 +## <summary>
39 +## The type of the domain to be given java privs.
40 +## </summary>
41 +## </param>
42 +#
43 +template(`java_domain_type',`
44 + gen_require(`
45 + attribute java_domain;
46 + type java_exec_t, java_tmp_t, java_tmpfs_t;
47 + type java_home_t;
48 + ')
49 +
50 + ########################################
51 + #
52 + # Policy
53 + #
54 +
55 + typeattribute $1 java_domain;
56 +
57 + # cannot be called on the attribute, so do it now
58 + auth_use_nsswitch($1)
59 +')
60
61 diff --git a/policy/modules/contrib/java.te b/policy/modules/contrib/java.te
62 index 11e996d..67af775 100644
63 --- a/policy/modules/contrib/java.te
64 +++ b/policy/modules/contrib/java.te
65 @@ -120,6 +120,9 @@ ifdef(`distro_gentoo',`
66 manage_dirs_pattern(java_domain, java_home_t, java_home_t)
67 manage_files_pattern(java_domain, java_home_t, java_home_t)
68 userdom_user_home_dir_filetrans(java_domain, java_home_t, dir, ".icedtea")
69 +
70 + manage_lnk_files_pattern(java_domain, java_tmp_t, java_tmp_t)
71 + files_tmp_filetrans(java_domain, java_tmp_t, lnk_file)
72 ')
73
74 tunable_policy(`allow_java_execstack',`