Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/
Date: Sun, 30 Jan 2022 01:22:54
Message-Id: 1643505162.fccd438443de08a9d13f8795297efc63f0e6cd19.perfinion@gentoo
1 commit: fccd438443de08a9d13f8795297efc63f0e6cd19
2 Author: Kenton Groombridge <me <AT> concord <DOT> sh>
3 AuthorDate: Thu Dec 2 18:32:04 2021 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Sun Jan 30 01:12:42 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=fccd4384
7
8 kernel: add filetrans interface for unlabeled dirs
9
10 Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
11 Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
12
13 policy/modules/kernel/kernel.if | 34 ++++++++++++++++++++++++++++++++++
14 1 file changed, 34 insertions(+)
15
16 diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
17 index 30aca9ae..4cd35959 100644
18 --- a/policy/modules/kernel/kernel.if
19 +++ b/policy/modules/kernel/kernel.if
20 @@ -2911,6 +2911,40 @@ interface(`kernel_dontaudit_read_unlabeled_files',`
21 dontaudit $1 unlabeled_t:file { getattr read };
22 ')
23
24 +########################################
25 +## <summary>
26 +## Create an object in unlabeled directories
27 +## with a private type.
28 +## </summary>
29 +## <param name="domain">
30 +## <summary>
31 +## Domain allowed access.
32 +## </summary>
33 +## </param>
34 +## <param name="private type">
35 +## <summary>
36 +## The type of the object to be created.
37 +## </summary>
38 +## </param>
39 +## <param name="object">
40 +## <summary>
41 +## The object class of the object being created.
42 +## </summary>
43 +## </param>
44 +## <param name="name" optional="true">
45 +## <summary>
46 +## The name of the object being created.
47 +## </summary>
48 +## </param>
49 +#
50 +interface(`kernel_unlabeled_filetrans',`
51 + gen_require(`
52 + type unlabeled_t;
53 + ')
54 +
55 + filetrans_pattern($1, unlabeled_t, $2, $3, $4)
56 +')
57 +
58 ########################################
59 ## <summary>
60 ## Delete unlabeled symbolic links.