Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/
Date: Thu, 26 May 2016 17:39:40
Message-Id: 1464279073.caeaab82769e2525cde308a0101ea6542472f209.perfinion@gentoo
1 commit: caeaab82769e2525cde308a0101ea6542472f209
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Thu May 26 15:09:27 2016 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Thu May 26 16:11:13 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=caeaab82
7
8 userdomain: filetrans interfaces for user_runtime
9
10 policy/modules/system/userdomain.if | 99 +++++++++++++++++++++++++++++++++++++
11 1 file changed, 99 insertions(+)
12
13 diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
14 index 0d6d9b1..90edc21 100644
15 --- a/policy/modules/system/userdomain.if
16 +++ b/policy/modules/system/userdomain.if
17 @@ -324,6 +324,7 @@ interface(`userdom_manage_tmp_role',`
18 manage_sock_files_pattern($2, user_tmp_t, user_tmp_t)
19 manage_fifo_files_pattern($2, user_tmp_t, user_tmp_t)
20 files_tmp_filetrans($2, user_tmp_t, { dir file lnk_file sock_file fifo_file })
21 + userdom_user_runtime_dir_filetrans_user_tmp($2, { dir file lnk_file sock_file fifo_file })
22 ')
23
24 #######################################
25 @@ -2753,6 +2754,104 @@ interface(`userdom_tmp_filetrans_user_tmp',`
26
27 ########################################
28 ## <summary>
29 +## Create objects in the pid directory
30 +## with an automatic type transition to
31 +## the user runtime root type.
32 +## </summary>
33 +## <param name="domain">
34 +## <summary>
35 +## Domain allowed access.
36 +## </summary>
37 +## </param>
38 +## <param name="object_class">
39 +## <summary>
40 +## The class of the object to be created.
41 +## </summary>
42 +## </param>
43 +## <param name="name" optional="true">
44 +## <summary>
45 +## The name of the object being created.
46 +## </summary>
47 +## </param>
48 +#
49 +interface(`userdom_pid_filetrans_user_runtime_root',`
50 + gen_require(`
51 + type user_runtime_root_t;
52 + ')
53 +
54 + files_pid_filetrans($1, user_runtime_root_t, $2, $3)
55 +')
56 +
57 +########################################
58 +## <summary>
59 +## Create objects in a user runtime
60 +## directory with an automatic type
61 +## transition to a specified private
62 +## type.
63 +## </summary>
64 +## <param name="domain">
65 +## <summary>
66 +## Domain allowed access.
67 +## </summary>
68 +## </param>
69 +## <param name="private_type">
70 +## <summary>
71 +## The type of the object to create.
72 +## </summary>
73 +## </param>
74 +## <param name="object_class">
75 +## <summary>
76 +## The class of the object to be created.
77 +## </summary>
78 +## </param>
79 +## <param name="name" optional="true">
80 +## <summary>
81 +## The name of the object being created.
82 +## </summary>
83 +## </param>
84 +#
85 +interface(`userdom_user_runtime_dir_filetrans',`
86 + gen_require(`
87 + type user_runtime_dir_t;
88 + ')
89 +
90 + filetrans_pattern($1, user_runtime_dir_t, $2, $3, $4)
91 + allow $1 user_runtime_root_t:dir search_dir_perms;
92 + files_search_pids($1)
93 +')
94 +
95 +########################################
96 +## <summary>
97 +## Create objects in the user runtime directory
98 +## with an automatic type transition to
99 +## the user temporary type.
100 +## </summary>
101 +## <param name="domain">
102 +## <summary>
103 +## Domain allowed access.
104 +## </summary>
105 +## </param>
106 +## <param name="object_class">
107 +## <summary>
108 +## The class of the object to be created.
109 +## </summary>
110 +## </param>
111 +## <param name="name" optional="true">
112 +## <summary>
113 +## The name of the object being created.
114 +## </summary>
115 +## </param>
116 +#
117 +interface(`userdom_user_runtime_dir_filetrans_user_tmp',`
118 + gen_require(`
119 + type user_tmp_t;
120 + ')
121 +
122 + userdom_user_runtime_dir_filetrans($1, user_tmp_t, $2, $3)
123 +')
124 +
125 +########################################
126 +## <summary>
127 ## Read and write user tmpfs files.
128 ## </summary>
129 ## <param name="domain">
Report Message
Find on MARC Find on Google Groups