Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <sven.vermeulen@××××××.be>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Tue, 10 Jul 2012 17:22:36
Message-Id: 1341938504.20a04b9df908ff4b54b8a17a266f0250ef013ef1.SwifT@gentoo
1 commit: 20a04b9df908ff4b54b8a17a266f0250ef013ef1
2 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3 AuthorDate: Tue Jul 10 16:41:44 2012 +0000
4 Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5 CommitDate: Tue Jul 10 16:41:44 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=20a04b9d
7
8 Add blueman policy (backport)
9
10 ---
11 policy/modules/contrib/blueman.fc | 3 +
12 policy/modules/contrib/blueman.if | 99 +++++++++++++++++++++++++++++++++++++
13 policy/modules/contrib/blueman.te | 46 +++++++++++++++++
14 3 files changed, 148 insertions(+), 0 deletions(-)
15
16 diff --git a/policy/modules/contrib/blueman.fc b/policy/modules/contrib/blueman.fc
17 new file mode 100644
18 index 0000000..6355318
19 --- /dev/null
20 +++ b/policy/modules/contrib/blueman.fc
21 @@ -0,0 +1,3 @@
22 +/usr/libexec/blueman-mechanism -- gen_context(system_u:object_r:blueman_exec_t,s0)
23 +
24 +/var/lib/blueman(/.*)? gen_context(system_u:object_r:blueman_var_lib_t,s0)
25
26 diff --git a/policy/modules/contrib/blueman.if b/policy/modules/contrib/blueman.if
27 new file mode 100644
28 index 0000000..6b081c4
29 --- /dev/null
30 +++ b/policy/modules/contrib/blueman.if
31 @@ -0,0 +1,99 @@
32 +## <summary>Blueman is a tool to manage Bluetooth devices</summary>
33 +
34 +########################################
35 +## <summary>
36 +## Execute blueman in the blueman domain..
37 +## </summary>
38 +## <param name="domain">
39 +## <summary>
40 +## Domain allowed to transition.
41 +## </summary>
42 +## </param>
43 +#
44 +interface(`blueman_domtrans',`
45 + gen_require(`
46 + type blueman_t, blueman_exec_t;
47 + ')
48 +
49 + corecmd_search_bin($1)
50 + domtrans_pattern($1, blueman_exec_t, blueman_t)
51 +')
52 +
53 +########################################
54 +## <summary>
55 +## Send and receive messages from
56 +## blueman over dbus.
57 +## </summary>
58 +## <param name="domain">
59 +## <summary>
60 +## Domain allowed access.
61 +## </summary>
62 +## </param>
63 +#
64 +interface(`blueman_dbus_chat',`
65 + gen_require(`
66 + type blueman_t;
67 + class dbus send_msg;
68 + ')
69 +
70 + allow $1 blueman_t:dbus send_msg;
71 + allow blueman_t $1:dbus send_msg;
72 +')
73 +
74 +########################################
75 +## <summary>
76 +## Search blueman lib directories.
77 +## </summary>
78 +## <param name="domain">
79 +## <summary>
80 +## Domain allowed access.
81 +## </summary>
82 +## </param>
83 +#
84 +interface(`blueman_search_lib',`
85 + gen_require(`
86 + type blueman_var_lib_t;
87 + ')
88 +
89 + allow $1 blueman_var_lib_t:dir search_dir_perms;
90 + files_search_var_lib($1)
91 +')
92 +
93 +########################################
94 +## <summary>
95 +## Read blueman lib files.
96 +## </summary>
97 +## <param name="domain">
98 +## <summary>
99 +## Domain allowed access.
100 +## </summary>
101 +## </param>
102 +#
103 +interface(`blueman_read_lib_files',`
104 + gen_require(`
105 + type blueman_var_lib_t;
106 + ')
107 +
108 + files_search_var_lib($1)
109 + read_files_pattern($1, blueman_var_lib_t, blueman_var_lib_t)
110 +')
111 +
112 +########################################
113 +## <summary>
114 +## Create, read, write, and delete
115 +## blueman lib files.
116 +## </summary>
117 +## <param name="domain">
118 +## <summary>
119 +## Domain allowed access.
120 +## </summary>
121 +## </param>
122 +#
123 +interface(`blueman_manage_lib_files',`
124 + gen_require(`
125 + type blueman_var_lib_t;
126 + ')
127 +
128 + files_search_var_lib($1)
129 + manage_files_pattern($1, blueman_var_lib_t, blueman_var_lib_t)
130 +')
131
132 diff --git a/policy/modules/contrib/blueman.te b/policy/modules/contrib/blueman.te
133 new file mode 100644
134 index 0000000..70969fa
135 --- /dev/null
136 +++ b/policy/modules/contrib/blueman.te
137 @@ -0,0 +1,46 @@
138 +policy_module(blueman, 1.0.0)
139 +
140 +########################################
141 +#
142 +# Declarations
143 +#
144 +
145 +type blueman_t;
146 +type blueman_exec_t;
147 +dbus_system_domain(blueman_t, blueman_exec_t)
148 +init_daemon_domain(blueman_t, blueman_exec_t)
149 +
150 +type blueman_var_lib_t;
151 +files_type(blueman_var_lib_t)
152 +
153 +########################################
154 +#
155 +# blueman local policy
156 +#
157 +allow blueman_t self:fifo_file rw_fifo_file_perms;
158 +
159 +manage_dirs_pattern(blueman_t, blueman_var_lib_t, blueman_var_lib_t)
160 +manage_files_pattern(blueman_t, blueman_var_lib_t, blueman_var_lib_t)
161 +files_var_lib_filetrans(blueman_t, blueman_var_lib_t, dir)
162 +
163 +kernel_read_system_state(blueman_t)
164 +
165 +corecmd_exec_bin(blueman_t)
166 +
167 +dev_read_rand(blueman_t)
168 +dev_read_urand(blueman_t)
169 +dev_rw_wireless(blueman_t)
170 +
171 +domain_use_interactive_fds(blueman_t)
172 +
173 +files_read_usr_files(blueman_t)
174 +
175 +auth_use_nsswitch(blueman_t)
176 +
177 +logging_send_syslog_msg(blueman_t)
178 +
179 +miscfiles_read_localization(blueman_t)
180 +
181 +optional_policy(`
182 + avahi_domtrans(blueman_t)
183 +')
Report Message
Find on MARC Find on Google Groups