[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Fri, 02 Nov 2012 19:14:06
Message-Id:	`1351883295.49ad0faa2ff66c2e975e47d2af27c15a8549ceaf.SwifT@gentoo`

1

commit:     49ad0faa2ff66c2e975e47d2af27c15a8549ceaf

2

Author:     Dominick Grift <dominick.grift <AT> gmail <DOT> com>

3

AuthorDate: Fri Nov  2 13:10:10 2012 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Fri Nov  2 19:08:15 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=49ad0faa

7

8

Changes to the xscreensaver policy module

9

10

Role attribute

11

Module cleanup

12

13

Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>

14

15

---

16

 policy/modules/contrib/xscreensaver.if |   19 +++++++++++--------

17

 policy/modules/contrib/xscreensaver.te |   11 ++++++-----

18

 2 files changed, 17 insertions(+), 13 deletions(-)

19

20

diff --git a/policy/modules/contrib/xscreensaver.if b/policy/modules/contrib/xscreensaver.if

21

index 1067bd1..2e0b29b 100644

22

--- a/policy/modules/contrib/xscreensaver.if

23

+++ b/policy/modules/contrib/xscreensaver.if

24

@@ -1,30 +1,33 @@

25

-## <summary>X Screensaver</summary>

26

+## <summary>Modular screen saver and locker for X11.</summary>

27

28

 ########################################

29

 ## <summary>

30

-##	Role access for xscreensaver

31

+##	Role access for xscreensaver.

32

 ## </summary>

33

 ## <param name="role">

34

 ##	<summary>

35

-##	Role allowed access

36

+##	Role allowed access.

37

 ##	</summary>

38

 ## </param>

39

 ## <param name="domain">

40

 ##	<summary>

41

-##	User domain for the role

42

+##	User domain for the role.

43

 ##	</summary>

44

 ## </param>

45

#

46

 interface(`xscreensaver_role',`

47

 	gen_require(`

48

-		type xscreensaver_t, xscreensaver_exec_t;

49

+		attribute_role xscreensaver_roles;

50

+		type xscreensaver_t, xscreensaver_exec_t, xscreensaver_tmpfs_t;

51

')

52

53

-	role $1 types xscreensaver_t;

54

+	roleattribute $1 xscreensaver_roles;

55

56

 	domtrans_pattern($2, xscreensaver_exec_t, xscreensaver_t)

57

58

-	# Allow the user domain to signal/ps.

59

+	allow $2 xscreensaver_t:process { ptrace signal_perms };

60

 	ps_process_pattern($2, xscreensaver_t)

61

-	allow $2 xscreensaver_t:process signal_perms;

62

+

63

+	allow $2 xscreensaver_tmpfs_t:dir { manage_dir_perms relabel_dir_perms };

64

+	allow $2 xscreensaver_tmpfs_t:file { manage_file_perms relabel_file_perms };

65

')

66

67

diff --git a/policy/modules/contrib/xscreensaver.te b/policy/modules/contrib/xscreensaver.te

68

index 1487a4e..c9c9650 100644

69

--- a/policy/modules/contrib/xscreensaver.te

70

+++ b/policy/modules/contrib/xscreensaver.te

71

@@ -1,13 +1,16 @@

72

-policy_module(xscreensaver, 1.1.0)

73

+policy_module(xscreensaver, 1.1.1)

74

75

 ########################################

76

#

77

 # Declarations

78

#

79

80

+attribute_role xscreensaver_roles;

81

+

82

 type xscreensaver_t;

83

 type xscreensaver_exec_t;

84

 userdom_user_application_domain(xscreensaver_t, xscreensaver_exec_t)

85

+role xscreensaver_roles types xscreensaver_t;

86

87

 type xscreensaver_tmpfs_t;

88

 userdom_user_tmpfs_file(xscreensaver_tmpfs_t)

89

@@ -17,8 +20,8 @@ userdom_user_tmpfs_file(xscreensaver_tmpfs_t)

90

 # Local policy

91

#

92

93

-allow xscreensaver_t self:fifo_file rw_fifo_file_perms;

94

 allow xscreensaver_t self:process signal;

95

+allow xscreensaver_t self:fifo_file rw_fifo_file_perms;

96

97

 kernel_read_system_state(xscreensaver_t)

98

99

@@ -27,7 +30,6 @@ files_read_usr_files(xscreensaver_t)

100

 auth_use_nsswitch(xscreensaver_t)

101

 auth_domtrans_chk_passwd(xscreensaver_t)

102

103

-#/var/run/utmp

104

 init_read_utmp(xscreensaver_t)

105

106

 logging_send_audit_msgs(xscreensaver_t)

107

@@ -35,8 +37,7 @@ logging_send_syslog_msg(xscreensaver_t)

108

109

 miscfiles_read_localization(xscreensaver_t)

110

111

-userdom_use_user_ptys(xscreensaver_t)

112

-#access to .icons and ~/.xscreensaver

113

+userdom_use_user_terminals(xscreensaver_t)

114

 userdom_read_user_home_content_files(xscreensaver_t)

115

116

 xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t)

1	commit: 49ad0faa2ff66c2e975e47d2af27c15a8549ceaf
2	Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3	AuthorDate: Fri Nov 2 13:10:10 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Fri Nov 2 19:08:15 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=49ad0faa
7
8	Changes to the xscreensaver policy module
9
10	Role attribute
11	Module cleanup
12
13	Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
14
15	---
16	policy/modules/contrib/xscreensaver.if \| 19 +++++++++++--------
17	policy/modules/contrib/xscreensaver.te \| 11 ++++++-----
18	2 files changed, 17 insertions(+), 13 deletions(-)
19
20	diff --git a/policy/modules/contrib/xscreensaver.if b/policy/modules/contrib/xscreensaver.if
21	index 1067bd1..2e0b29b 100644
22	--- a/policy/modules/contrib/xscreensaver.if
23	+++ b/policy/modules/contrib/xscreensaver.if
24	@@ -1,30 +1,33 @@
25	-## <summary>X Screensaver</summary>
26	+## <summary>Modular screen saver and locker for X11.</summary>
27
28	########################################
29	## <summary>
30	-## Role access for xscreensaver
31	+## Role access for xscreensaver.
32	## </summary>
33	## <param name="role">
34	## <summary>
35	-## Role allowed access
36	+## Role allowed access.
37	## </summary>
38	## </param>
39	## <param name="domain">
40	## <summary>
41	-## User domain for the role
42	+## User domain for the role.
43	## </summary>
44	## </param>
45	#
46	interface(`xscreensaver_role',`
47	gen_require(`
48	- type xscreensaver_t, xscreensaver_exec_t;
49	+ attribute_role xscreensaver_roles;
50	+ type xscreensaver_t, xscreensaver_exec_t, xscreensaver_tmpfs_t;
51	')
52
53	- role $1 types xscreensaver_t;
54	+ roleattribute $1 xscreensaver_roles;
55
56	domtrans_pattern($2, xscreensaver_exec_t, xscreensaver_t)
57
58	- # Allow the user domain to signal/ps.
59	+ allow $2 xscreensaver_t:process { ptrace signal_perms };
60	ps_process_pattern($2, xscreensaver_t)
61	- allow $2 xscreensaver_t:process signal_perms;
62	+
63	+ allow $2 xscreensaver_tmpfs_t:dir { manage_dir_perms relabel_dir_perms };
64	+ allow $2 xscreensaver_tmpfs_t:file { manage_file_perms relabel_file_perms };
65	')
66
67	diff --git a/policy/modules/contrib/xscreensaver.te b/policy/modules/contrib/xscreensaver.te
68	index 1487a4e..c9c9650 100644
69	--- a/policy/modules/contrib/xscreensaver.te
70	+++ b/policy/modules/contrib/xscreensaver.te
71	@@ -1,13 +1,16 @@
72	-policy_module(xscreensaver, 1.1.0)
73	+policy_module(xscreensaver, 1.1.1)
74
75	########################################
76	#
77	# Declarations
78	#
79
80	+attribute_role xscreensaver_roles;
81	+
82	type xscreensaver_t;
83	type xscreensaver_exec_t;
84	userdom_user_application_domain(xscreensaver_t, xscreensaver_exec_t)
85	+role xscreensaver_roles types xscreensaver_t;
86
87	type xscreensaver_tmpfs_t;
88	userdom_user_tmpfs_file(xscreensaver_tmpfs_t)
89	@@ -17,8 +20,8 @@ userdom_user_tmpfs_file(xscreensaver_tmpfs_t)
90	# Local policy
91	#
92
93	-allow xscreensaver_t self:fifo_file rw_fifo_file_perms;
94	allow xscreensaver_t self:process signal;
95	+allow xscreensaver_t self:fifo_file rw_fifo_file_perms;
96
97	kernel_read_system_state(xscreensaver_t)
98
99	@@ -27,7 +30,6 @@ files_read_usr_files(xscreensaver_t)
100	auth_use_nsswitch(xscreensaver_t)
101	auth_domtrans_chk_passwd(xscreensaver_t)
102
103	-#/var/run/utmp
104	init_read_utmp(xscreensaver_t)
105
106	logging_send_audit_msgs(xscreensaver_t)
107	@@ -35,8 +37,7 @@ logging_send_syslog_msg(xscreensaver_t)
108
109	miscfiles_read_localization(xscreensaver_t)
110
111	-userdom_use_user_ptys(xscreensaver_t)
112	-#access to .icons and ~/.xscreensaver
113	+userdom_use_user_terminals(xscreensaver_t)
114	userdom_read_user_home_content_files(xscreensaver_t)
115
116	xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t)

Gentoo Archives: gentoo-commits