* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
@ 2014-10-31 15:32 99% Sven Vermeulen
0 siblings, 0 replies; 1+ results
From: Sven Vermeulen @ 2014-10-31 15:32 UTC (permalink / raw
To: gentoo-commits
commit: 25635ce6697a48861fa0f3021f79261f760b4d99
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Sat Oct 18 13:30:22 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Oct 31 15:26:27 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=25635ce6
Use create_netlink_socket_perms when allowing netlink socket creation
create_netlink_socket_perms is defined as:
{ create_socket_perms nlmsg_read nlmsg_write }
This means that it is redundant to allow create_socket_perms and
nlmsg_read/nlmsg_write.
Clean up things without allowing anything new.
---
policy/modules/system/ipsec.te | 2 +-
policy/modules/system/sysnetwork.te | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
index db6d1c6..15d7caf 100644
--- a/policy/modules/system/ipsec.te
+++ b/policy/modules/system/ipsec.te
@@ -79,7 +79,7 @@ allow ipsec_t self:tcp_socket create_stream_socket_perms;
allow ipsec_t self:udp_socket create_socket_perms;
allow ipsec_t self:key_socket create_socket_perms;
allow ipsec_t self:fifo_file read_fifo_file_perms;
-allow ipsec_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_write };
+allow ipsec_t self:netlink_xfrm_socket create_netlink_socket_perms;
allow ipsec_t ipsec_initrc_exec_t:file read_file_perms;
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index b95de37..f7dbde0 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -57,7 +57,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
allow dhcpc_t self:tcp_socket create_stream_socket_perms;
allow dhcpc_t self:udp_socket create_socket_perms;
allow dhcpc_t self:packet_socket create_socket_perms;
-allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write };
+allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
@@ -278,7 +278,7 @@ allow ifconfig_t self:udp_socket create_socket_perms;
allow ifconfig_t self:packet_socket create_socket_perms;
allow ifconfig_t self:netlink_socket create_socket_perms;
allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
-allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
+allow ifconfig_t self:netlink_xfrm_socket create_netlink_socket_perms;
allow ifconfig_t self:tcp_socket { create ioctl };
kernel_use_fds(ifconfig_t)
^ permalink raw reply related [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2014-10-31 15:32 99% [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ Sven Vermeulen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox