[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Sun, 28 Oct 2012 18:03:43
Message-Id:	`1351447133.6c4fec78954f8003f3b231d96b201a1731aa669c.SwifT@gentoo`

1

commit:     6c4fec78954f8003f3b231d96b201a1731aa669c

2

Author:     Dominick Grift <dominick.grift <AT> gmail <DOT> com>

3

AuthorDate: Sun Oct 28 12:51:23 2012 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Sun Oct 28 17:58:53 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=6c4fec78

7

8

Changes to the smoltclient policy module

9

10

Ported from Fedora with changes

11

12

Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>

13

14

---

15

 policy/modules/contrib/smoltclient.if |    2 +-

16

 policy/modules/contrib/smoltclient.te |   32 +++++++++++++++++++++++---------

17

 2 files changed, 24 insertions(+), 10 deletions(-)

18

19

diff --git a/policy/modules/contrib/smoltclient.if b/policy/modules/contrib/smoltclient.if

20

index a54079b..44a8ff1 100644

21

--- a/policy/modules/contrib/smoltclient.if

22

+++ b/policy/modules/contrib/smoltclient.if

23

@@ -1 +1 @@

24

-## <summary>The Fedora hardware profiler client</summary>

25

+## <summary>The Fedora hardware profiler client.</summary>

26

27

diff --git a/policy/modules/contrib/smoltclient.te b/policy/modules/contrib/smoltclient.te

28

index bc00875..9c8f9a5 100644

29

--- a/policy/modules/contrib/smoltclient.te

30

+++ b/policy/modules/contrib/smoltclient.te

31

@@ -1,4 +1,4 @@

32

-policy_module(smoltclient, 1.1.0)

33

+policy_module(smoltclient, 1.1.1)

34

35

 ########################################

36

#

37

@@ -8,7 +8,6 @@ policy_module(smoltclient, 1.1.0)

38

 type smoltclient_t;

39

 type smoltclient_exec_t;

40

 application_domain(smoltclient_t, smoltclient_exec_t)

41

-cron_system_entry(smoltclient_t, smoltclient_exec_t)

42

43

 type smoltclient_tmp_t;

44

 files_tmp_file(smoltclient_tmp_t)

45

@@ -19,16 +18,14 @@ files_tmp_file(smoltclient_tmp_t)

46

#

47

48

 allow smoltclient_t self:process { setsched getsched };

49

-

50

 allow smoltclient_t self:fifo_file rw_fifo_file_perms;

51

-allow smoltclient_t self:tcp_socket create_socket_perms;

52

-allow smoltclient_t self:udp_socket create_socket_perms;

53

54

-can_exec(smoltclient_t, smoltclient_tmp_t)

55

 manage_dirs_pattern(smoltclient_t, smoltclient_tmp_t, smoltclient_tmp_t)

56

 manage_files_pattern(smoltclient_t, smoltclient_tmp_t, smoltclient_tmp_t)

57

 files_tmp_filetrans(smoltclient_t, smoltclient_tmp_t, { dir file })

58

59

+can_exec(smoltclient_t, smoltclient_tmp_t)

60

+

61

 kernel_read_system_state(smoltclient_t)

62

 kernel_read_network_state(smoltclient_t)

63

 kernel_read_kernel_sysctls(smoltclient_t)

64

@@ -36,30 +33,47 @@ kernel_read_kernel_sysctls(smoltclient_t)

65

 corecmd_exec_bin(smoltclient_t)

66

 corecmd_exec_shell(smoltclient_t)

67

68

+corenet_all_recvfrom_unlabeled(smoltclient_t)

69

+corenet_all_recvfrom_netlabel(smoltclient_t)

70

+corenet_tcp_sendrecv_generic_if(smoltclient_t)

71

+corenet_tcp_sendrecv_generic_node(smoltclient_t)

72

+

73

+corenet_sendrecv_http_client_packets(smoltclient_t)

74

 corenet_tcp_connect_http_port(smoltclient_t)

75

+corenet_tcp_sendrecv_http_port(smoltclient_t)

76

77

 dev_read_sysfs(smoltclient_t)

78

+dev_read_urand(smoltclient_t)

79

80

 fs_getattr_all_fs(smoltclient_t)

81

 fs_getattr_all_dirs(smoltclient_t)

82

 fs_list_auto_mountpoints(smoltclient_t)

83

84

 files_getattr_generic_locks(smoltclient_t)

85

-files_read_etc_files(smoltclient_t)

86

+files_read_etc_runtime_files(smoltclient_t)

87

 files_read_usr_files(smoltclient_t)

88

89

 auth_use_nsswitch(smoltclient_t)

90

91

 logging_send_syslog_msg(smoltclient_t)

92

93

+miscfiles_read_hwdata(smoltclient_t)

94

 miscfiles_read_localization(smoltclient_t)

95

96

 optional_policy(`

97

-	dbus_system_bus_client(smoltclient_t)

98

+	abrt_stream_connect(smoltclient_t)

99

')

100

101

 optional_policy(`

102

-	hal_dbus_chat(smoltclient_t)

103

+	cron_system_entry(smoltclient_t, smoltclient_exec_t)

104

+')

105

+

106

+optional_policy(`

107

+	dbus_system_bus_client(smoltclient_t)

108

+

109

+	optional_policy(`

110

+		hal_dbus_chat(smoltclient_t)

111

+	')

112

')

113

114

 optional_policy(`

1	commit: 6c4fec78954f8003f3b231d96b201a1731aa669c
2	Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3	AuthorDate: Sun Oct 28 12:51:23 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Sun Oct 28 17:58:53 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=6c4fec78
7
8	Changes to the smoltclient policy module
9
10	Ported from Fedora with changes
11
12	Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
13
14	---
15	policy/modules/contrib/smoltclient.if \| 2 +-
16	policy/modules/contrib/smoltclient.te \| 32 +++++++++++++++++++++++---------
17	2 files changed, 24 insertions(+), 10 deletions(-)
18
19	diff --git a/policy/modules/contrib/smoltclient.if b/policy/modules/contrib/smoltclient.if
20	index a54079b..44a8ff1 100644
21	--- a/policy/modules/contrib/smoltclient.if
22	+++ b/policy/modules/contrib/smoltclient.if
23	@@ -1 +1 @@
24	-## <summary>The Fedora hardware profiler client</summary>
25	+## <summary>The Fedora hardware profiler client.</summary>
26
27	diff --git a/policy/modules/contrib/smoltclient.te b/policy/modules/contrib/smoltclient.te
28	index bc00875..9c8f9a5 100644
29	--- a/policy/modules/contrib/smoltclient.te
30	+++ b/policy/modules/contrib/smoltclient.te
31	@@ -1,4 +1,4 @@
32	-policy_module(smoltclient, 1.1.0)
33	+policy_module(smoltclient, 1.1.1)
34
35	########################################
36	#
37	@@ -8,7 +8,6 @@ policy_module(smoltclient, 1.1.0)
38	type smoltclient_t;
39	type smoltclient_exec_t;
40	application_domain(smoltclient_t, smoltclient_exec_t)
41	-cron_system_entry(smoltclient_t, smoltclient_exec_t)
42
43	type smoltclient_tmp_t;
44	files_tmp_file(smoltclient_tmp_t)
45	@@ -19,16 +18,14 @@ files_tmp_file(smoltclient_tmp_t)
46	#
47
48	allow smoltclient_t self:process { setsched getsched };
49	-
50	allow smoltclient_t self:fifo_file rw_fifo_file_perms;
51	-allow smoltclient_t self:tcp_socket create_socket_perms;
52	-allow smoltclient_t self:udp_socket create_socket_perms;
53
54	-can_exec(smoltclient_t, smoltclient_tmp_t)
55	manage_dirs_pattern(smoltclient_t, smoltclient_tmp_t, smoltclient_tmp_t)
56	manage_files_pattern(smoltclient_t, smoltclient_tmp_t, smoltclient_tmp_t)
57	files_tmp_filetrans(smoltclient_t, smoltclient_tmp_t, { dir file })
58
59	+can_exec(smoltclient_t, smoltclient_tmp_t)
60	+
61	kernel_read_system_state(smoltclient_t)
62	kernel_read_network_state(smoltclient_t)
63	kernel_read_kernel_sysctls(smoltclient_t)
64	@@ -36,30 +33,47 @@ kernel_read_kernel_sysctls(smoltclient_t)
65	corecmd_exec_bin(smoltclient_t)
66	corecmd_exec_shell(smoltclient_t)
67
68	+corenet_all_recvfrom_unlabeled(smoltclient_t)
69	+corenet_all_recvfrom_netlabel(smoltclient_t)
70	+corenet_tcp_sendrecv_generic_if(smoltclient_t)
71	+corenet_tcp_sendrecv_generic_node(smoltclient_t)
72	+
73	+corenet_sendrecv_http_client_packets(smoltclient_t)
74	corenet_tcp_connect_http_port(smoltclient_t)
75	+corenet_tcp_sendrecv_http_port(smoltclient_t)
76
77	dev_read_sysfs(smoltclient_t)
78	+dev_read_urand(smoltclient_t)
79
80	fs_getattr_all_fs(smoltclient_t)
81	fs_getattr_all_dirs(smoltclient_t)
82	fs_list_auto_mountpoints(smoltclient_t)
83
84	files_getattr_generic_locks(smoltclient_t)
85	-files_read_etc_files(smoltclient_t)
86	+files_read_etc_runtime_files(smoltclient_t)
87	files_read_usr_files(smoltclient_t)
88
89	auth_use_nsswitch(smoltclient_t)
90
91	logging_send_syslog_msg(smoltclient_t)
92
93	+miscfiles_read_hwdata(smoltclient_t)
94	miscfiles_read_localization(smoltclient_t)
95
96	optional_policy(`
97	- dbus_system_bus_client(smoltclient_t)
98	+ abrt_stream_connect(smoltclient_t)
99	')
100
101	optional_policy(`
102	- hal_dbus_chat(smoltclient_t)
103	+ cron_system_entry(smoltclient_t, smoltclient_exec_t)
104	+')
105	+
106	+optional_policy(`
107	+ dbus_system_bus_client(smoltclient_t)
108	+
109	+ optional_policy(`
110	+ hal_dbus_chat(smoltclient_t)
111	+ ')
112	')
113
114	optional_policy(`

Gentoo Archives: gentoo-commits