| 1 |
commit: 234f522a12f0214e10a7a56092e31a3ac747017a |
| 2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
| 3 |
AuthorDate: Sun Sep 10 13:47:28 2017 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Sep 10 13:47:28 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=234f522a |
| 7 |
|
| 8 |
xdg: allow map perms |
| 9 |
|
| 10 |
policy/modules/contrib/xdg.if | 23 +++++++++++++++++++++++ |
| 11 |
1 file changed, 23 insertions(+) |
| 12 |
|
| 13 |
diff --git a/policy/modules/contrib/xdg.if b/policy/modules/contrib/xdg.if |
| 14 |
index 649266b3..3188d96f 100644 |
| 15 |
--- a/policy/modules/contrib/xdg.if |
| 16 |
+++ b/policy/modules/contrib/xdg.if |
| 17 |
@@ -79,6 +79,7 @@ interface(`xdg_read_cache_home_files',` |
| 18 |
') |
| 19 |
|
| 20 |
read_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) |
| 21 |
+ allow $1 xdg_cache_home_t:file map; |
| 22 |
list_dirs_pattern($1, xdg_cache_home_t, xdg_cache_home_t) |
| 23 |
|
| 24 |
userdom_search_user_home_dirs($1) |
| 25 |
@@ -100,6 +101,7 @@ interface(`xdg_read_all_cache_home_files',` |
| 26 |
') |
| 27 |
|
| 28 |
read_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) |
| 29 |
+ allow $1 xdg_cache_home_type:file map; |
| 30 |
|
| 31 |
userdom_search_user_home_dirs($1) |
| 32 |
') |
| 33 |
@@ -208,6 +210,7 @@ interface(`xdg_manage_cache_home',` |
| 34 |
|
| 35 |
manage_dirs_pattern($1, xdg_cache_home_t, xdg_cache_home_t) |
| 36 |
manage_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) |
| 37 |
+ allow $1 xdg_cache_home_t:file map; |
| 38 |
manage_lnk_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) |
| 39 |
manage_fifo_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) |
| 40 |
manage_sock_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) |
| 41 |
@@ -232,6 +235,7 @@ interface(`xdg_manage_all_cache_home',` |
| 42 |
|
| 43 |
manage_dirs_pattern($1, xdg_cache_home_type, xdg_cache_home_type) |
| 44 |
manage_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) |
| 45 |
+ allow $1 xdg_cache_home_type:file map; |
| 46 |
manage_lnk_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) |
| 47 |
manage_fifo_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) |
| 48 |
manage_sock_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) |
| 49 |
@@ -323,6 +327,7 @@ interface(`xdg_read_config_home_files',` |
| 50 |
') |
| 51 |
|
| 52 |
read_files_pattern($1, xdg_config_home_t, xdg_config_home_t) |
| 53 |
+ allow $1 xdg_config_home_t:file map; |
| 54 |
list_dirs_pattern($1, xdg_config_home_t, xdg_config_home_t) |
| 55 |
|
| 56 |
userdom_search_user_home_dirs($1) |
| 57 |
@@ -344,6 +349,7 @@ interface(`xdg_read_all_config_home_files',` |
| 58 |
') |
| 59 |
|
| 60 |
read_files_pattern($1, xdg_config_home_type, xdg_config_home_type) |
| 61 |
+ allow $1 xdg_config_home_type:file map; |
| 62 |
|
| 63 |
userdom_search_user_home_dirs($1) |
| 64 |
') |
| 65 |
@@ -453,6 +459,7 @@ interface(`xdg_manage_config_home',` |
| 66 |
|
| 67 |
manage_dirs_pattern($1, xdg_config_home_t, xdg_config_home_t) |
| 68 |
manage_files_pattern($1, xdg_config_home_t, xdg_config_home_t) |
| 69 |
+ allow $1 xdg_config_home_t:file map; |
| 70 |
manage_lnk_files_pattern($1, xdg_config_home_t, xdg_config_home_t) |
| 71 |
manage_fifo_files_pattern($1, xdg_config_home_t, xdg_config_home_t) |
| 72 |
manage_sock_files_pattern($1, xdg_config_home_t, xdg_config_home_t) |
| 73 |
@@ -477,6 +484,7 @@ interface(`xdg_manage_all_config_home',` |
| 74 |
|
| 75 |
manage_dirs_pattern($1, xdg_config_home_type, xdg_config_home_type) |
| 76 |
manage_files_pattern($1, xdg_config_home_type, xdg_config_home_type) |
| 77 |
+ allow $1 xdg_config_home_type:file map; |
| 78 |
manage_lnk_files_pattern($1, xdg_config_home_type, xdg_config_home_type) |
| 79 |
manage_fifo_files_pattern($1, xdg_config_home_type, xdg_config_home_type) |
| 80 |
manage_sock_files_pattern($1, xdg_config_home_type, xdg_config_home_type) |
| 81 |
@@ -548,6 +556,7 @@ interface(`xdg_read_data_home_files',` |
| 82 |
') |
| 83 |
|
| 84 |
read_files_pattern($1, xdg_data_home_t, xdg_data_home_t) |
| 85 |
+ allow $1 xdg_data_home_t:file map; |
| 86 |
list_dirs_pattern($1, xdg_data_home_t, xdg_data_home_t) |
| 87 |
|
| 88 |
userdom_search_user_home_dirs($1) |
| 89 |
@@ -569,6 +578,7 @@ interface(`xdg_read_all_data_home_files',` |
| 90 |
') |
| 91 |
|
| 92 |
read_files_pattern($1, xdg_data_home_type, xdg_data_home_type) |
| 93 |
+ allow $1 xdg_data_home_type:file map; |
| 94 |
|
| 95 |
userdom_search_user_home_dirs($1) |
| 96 |
') |
| 97 |
@@ -677,6 +687,7 @@ interface(`xdg_manage_data_home',` |
| 98 |
|
| 99 |
manage_dirs_pattern($1, xdg_data_home_t, xdg_data_home_t) |
| 100 |
manage_files_pattern($1, xdg_data_home_t, xdg_data_home_t) |
| 101 |
+ allow $1 xdg_data_home_t:file map; |
| 102 |
manage_lnk_files_pattern($1, xdg_data_home_t, xdg_data_home_t) |
| 103 |
manage_fifo_files_pattern($1, xdg_data_home_t, xdg_data_home_t) |
| 104 |
manage_sock_files_pattern($1, xdg_data_home_t, xdg_data_home_t) |
| 105 |
@@ -701,6 +712,7 @@ interface(`xdg_manage_all_data_home',` |
| 106 |
|
| 107 |
manage_dirs_pattern($1, xdg_data_home_type, xdg_data_home_type) |
| 108 |
manage_files_pattern($1, xdg_data_home_type, xdg_data_home_type) |
| 109 |
+ allow $1 xdg_data_home_type:file map; |
| 110 |
manage_lnk_files_pattern($1, xdg_data_home_type, xdg_data_home_type) |
| 111 |
manage_fifo_files_pattern($1, xdg_data_home_type, xdg_data_home_type) |
| 112 |
manage_sock_files_pattern($1, xdg_data_home_type, xdg_data_home_type) |
| 113 |
@@ -772,6 +784,7 @@ interface(`xdg_read_downloads_home',` |
| 114 |
') |
| 115 |
|
| 116 |
read_files_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t) |
| 117 |
+ allow $1 xdg_downloads_home_t:file map; |
| 118 |
|
| 119 |
userdom_search_user_home_dirs($1) |
| 120 |
') |
| 121 |
@@ -792,6 +805,7 @@ interface(`xdg_read_videos_home',` |
| 122 |
') |
| 123 |
|
| 124 |
read_files_pattern($1, xdg_videos_home_t, xdg_videos_home_t) |
| 125 |
+ allow $1 xdg_videos_home_t:file map; |
| 126 |
list_dirs_pattern($1, xdg_videos_home_t, xdg_videos_home_t) |
| 127 |
|
| 128 |
userdom_search_user_home_dirs($1) |
| 129 |
@@ -813,6 +827,7 @@ interface(`xdg_read_pictures_home',` |
| 130 |
') |
| 131 |
|
| 132 |
read_files_pattern($1, xdg_pictures_home_t, xdg_pictures_home_t) |
| 133 |
+ allow $1 xdg_pictures_home_t:file map; |
| 134 |
list_dirs_pattern($1, xdg_pictures_home_t, xdg_pictures_home_t) |
| 135 |
|
| 136 |
userdom_search_user_home_dirs($1) |
| 137 |
@@ -834,6 +849,7 @@ interface(`xdg_read_music_home',` |
| 138 |
') |
| 139 |
|
| 140 |
read_files_pattern($1, xdg_music_home_t, xdg_music_home_t) |
| 141 |
+ allow $1 xdg_music_home_t:file map; |
| 142 |
list_dirs_pattern($1, xdg_music_home_t, xdg_music_home_t) |
| 143 |
|
| 144 |
userdom_search_user_home_dirs($1) |
| 145 |
@@ -855,6 +871,7 @@ interface(`xdg_create_downloads_home',` |
| 146 |
') |
| 147 |
|
| 148 |
create_files_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t) |
| 149 |
+ allow $1 xdg_downloads_home_t:file map; |
| 150 |
|
| 151 |
userdom_search_user_home_dirs($1) |
| 152 |
') |
| 153 |
@@ -875,6 +892,7 @@ interface(`xdg_write_downloads_home',` |
| 154 |
') |
| 155 |
|
| 156 |
write_files_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t) |
| 157 |
+ allow $1 xdg_downloads_home_t:file map; |
| 158 |
|
| 159 |
userdom_search_user_home_dirs($1) |
| 160 |
') |
| 161 |
@@ -896,6 +914,7 @@ interface(`xdg_manage_downloads_home',` |
| 162 |
|
| 163 |
manage_dirs_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t) |
| 164 |
manage_files_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t) |
| 165 |
+ allow $1 xdg_downloads_home_t:file map; |
| 166 |
') |
| 167 |
|
| 168 |
######################################### |
| 169 |
@@ -915,6 +934,7 @@ interface(`xdg_manage_documents_home',` |
| 170 |
|
| 171 |
manage_dirs_pattern($1, xdg_documents_home_t, xdg_documents_home_t) |
| 172 |
manage_files_pattern($1, xdg_documents_home_t, xdg_documents_home_t) |
| 173 |
+ allow $1 xdg_documents_home_t:file map; |
| 174 |
') |
| 175 |
|
| 176 |
######################################### |
| 177 |
@@ -934,6 +954,7 @@ interface(`xdg_manage_music_home',` |
| 178 |
|
| 179 |
manage_dirs_pattern($1, xdg_music_home_t, xdg_music_home_t) |
| 180 |
manage_files_pattern($1, xdg_music_home_t, xdg_music_home_t) |
| 181 |
+ allow $1 xdg_music_home_t:file map; |
| 182 |
') |
| 183 |
|
| 184 |
######################################### |
| 185 |
@@ -953,6 +974,7 @@ interface(`xdg_manage_pictures_home',` |
| 186 |
|
| 187 |
manage_dirs_pattern($1, xdg_pictures_home_t, xdg_pictures_home_t) |
| 188 |
manage_files_pattern($1, xdg_pictures_home_t, xdg_pictures_home_t) |
| 189 |
+ allow $1 xdg_pictures_home_t:file map; |
| 190 |
') |
| 191 |
|
| 192 |
######################################### |
| 193 |
@@ -972,4 +994,5 @@ interface(`xdg_manage_videos_home',` |
| 194 |
|
| 195 |
manage_dirs_pattern($1, xdg_videos_home_t, xdg_videos_home_t) |
| 196 |
manage_files_pattern($1, xdg_videos_home_t, xdg_videos_home_t) |
| 197 |
+ allow $1 xdg_videos_home_t:file map; |
| 198 |
') |
Archives