[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Tue, 30 Oct 2012 18:37:42
Message-Id:	`1351621996.46de4b4a687f13369c1d7110629a3d9c105ad2ff.SwifT@gentoo`

1

commit:     46de4b4a687f13369c1d7110629a3d9c105ad2ff

2

Author:     Dominick Grift <dominick.grift <AT> gmail <DOT> com>

3

AuthorDate: Tue Oct 30 11:20:33 2012 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Tue Oct 30 18:33:16 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=46de4b4a

7

8

Changes to the usbmodule policy module

9

10

Role attribute

11

Module clean up

12

13

Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>

14

15

---

16

 policy/modules/contrib/usbmodules.fc |    6 ------

17

 policy/modules/contrib/usbmodules.if |   13 +++++++------

18

 policy/modules/contrib/usbmodules.te |   15 ++++++---------

19

 3 files changed, 13 insertions(+), 21 deletions(-)

20

21

diff --git a/policy/modules/contrib/usbmodules.fc b/policy/modules/contrib/usbmodules.fc

22

index c394dc0..02d7253 100644

23

--- a/policy/modules/contrib/usbmodules.fc

24

+++ b/policy/modules/contrib/usbmodules.fc

25

@@ -1,9 +1,3 @@

26

-#

27

-# /sbin

28

-#

29

 /sbin/usbmodules	--	gen_context(system_u:object_r:usbmodules_exec_t,s0)

30

31

-#

32

-# /usr

33

-#

34

 /usr/sbin/usbmodules	--	gen_context(system_u:object_r:usbmodules_exec_t,s0)

35

36

diff --git a/policy/modules/contrib/usbmodules.if b/policy/modules/contrib/usbmodules.if

37

index b7eade3..c5881ea 100644

38

--- a/policy/modules/contrib/usbmodules.if

39

+++ b/policy/modules/contrib/usbmodules.if

40

@@ -1,4 +1,4 @@

41

-## <summary>List kernel modules of USB devices</summary>

42

+## <summary>List kernel modules of USB devices.</summary>

43

44

 ########################################

45

 ## <summary>

46

@@ -15,14 +15,15 @@ interface(`usbmodules_domtrans',`

47

 		type usbmodules_t, usbmodules_exec_t;

48

')

49

50

+	corecmd_search_bin($1)

51

 	domtrans_pattern($1, usbmodules_exec_t, usbmodules_t)

52

')

53

54

 ########################################

55

 ## <summary>

56

-##	Execute usbmodules in the usbmodules domain, and

57

-##	allow the specified role the usbmodules domain,

58

-##	and use the caller's terminal.

59

+##	Execute usbmodules in the usbmodules

60

+##	domain, and allow the specified

61

+##	role the usbmodules domain.

62

 ## </summary>

63

 ## <param name="domain">

64

 ##	<summary>

65

@@ -38,9 +39,9 @@ interface(`usbmodules_domtrans',`

66

#

67

 interface(`usbmodules_run',`

68

 	gen_require(`

69

-		type usbmodules_t;

70

+		attribute_role usbmodules_roles;

71

')

72

73

 	usbmodules_domtrans($1)

74

-	role $2 types usbmodules_t;

75

+	roleattribute $2 usbmodules_roles;

76

')

77

78

diff --git a/policy/modules/contrib/usbmodules.te b/policy/modules/contrib/usbmodules.te

79

index 74354da..cb9b5bb 100644

80

--- a/policy/modules/contrib/usbmodules.te

81

+++ b/policy/modules/contrib/usbmodules.te

82

@@ -1,14 +1,16 @@

83

-policy_module(usbmodules, 1.2.0)

84

+policy_module(usbmodules, 1.2.1)

85

86

 ########################################

87

#

88

 # Declarations

89

#

90

91

+attribute_role usbmodules_roles;

92

+

93

 type usbmodules_t;

94

 type usbmodules_exec_t;

95

 init_system_domain(usbmodules_t, usbmodules_exec_t)

96

-role system_r types usbmodules_t;

97

+role usbmodules_roles types usbmodules_t;

98

99

 ########################################

100

#

101

@@ -20,18 +22,17 @@ kernel_list_proc(usbmodules_t)

102

 files_list_kernel_modules(usbmodules_t)

103

104

 dev_list_usbfs(usbmodules_t)

105

-# allow usb device access

106

 dev_rw_usbfs(usbmodules_t)

107

108

 files_list_etc(usbmodules_t)

109

-# needs etc_t read access for the hotplug config, maybe should have a new type

110

-files_read_etc_files(usbmodules_t)

111

112

 term_read_console(usbmodules_t)

113

 term_write_console(usbmodules_t)

114

115

 init_use_fds(usbmodules_t)

116

117

+logging_send_syslog_msg(usbmodules_t)

118

+

119

 miscfiles_read_hwdata(usbmodules_t)

120

121

 modutils_read_module_deps(usbmodules_t)

122

@@ -41,7 +42,3 @@ userdom_use_user_terminals(usbmodules_t)

123

 optional_policy(`

124

 	hotplug_read_config(usbmodules_t)

125

')

126

-

127

-optional_policy(`

128

-	logging_send_syslog_msg(usbmodules_t)

129

-')

1	commit: 46de4b4a687f13369c1d7110629a3d9c105ad2ff
2	Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3	AuthorDate: Tue Oct 30 11:20:33 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Tue Oct 30 18:33:16 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=46de4b4a
7
8	Changes to the usbmodule policy module
9
10	Role attribute
11	Module clean up
12
13	Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
14
15	---
16	policy/modules/contrib/usbmodules.fc \| 6 ------
17	policy/modules/contrib/usbmodules.if \| 13 +++++++------
18	policy/modules/contrib/usbmodules.te \| 15 ++++++---------
19	3 files changed, 13 insertions(+), 21 deletions(-)
20
21	diff --git a/policy/modules/contrib/usbmodules.fc b/policy/modules/contrib/usbmodules.fc
22	index c394dc0..02d7253 100644
23	--- a/policy/modules/contrib/usbmodules.fc
24	+++ b/policy/modules/contrib/usbmodules.fc
25	@@ -1,9 +1,3 @@
26	-#
27	-# /sbin
28	-#
29	/sbin/usbmodules -- gen_context(system_u:object_r:usbmodules_exec_t,s0)
30
31	-#
32	-# /usr
33	-#
34	/usr/sbin/usbmodules -- gen_context(system_u:object_r:usbmodules_exec_t,s0)
35
36	diff --git a/policy/modules/contrib/usbmodules.if b/policy/modules/contrib/usbmodules.if
37	index b7eade3..c5881ea 100644
38	--- a/policy/modules/contrib/usbmodules.if
39	+++ b/policy/modules/contrib/usbmodules.if
40	@@ -1,4 +1,4 @@
41	-## <summary>List kernel modules of USB devices</summary>
42	+## <summary>List kernel modules of USB devices.</summary>
43
44	########################################
45	## <summary>
46	@@ -15,14 +15,15 @@ interface(`usbmodules_domtrans',`
47	type usbmodules_t, usbmodules_exec_t;
48	')
49
50	+ corecmd_search_bin($1)
51	domtrans_pattern($1, usbmodules_exec_t, usbmodules_t)
52	')
53
54	########################################
55	## <summary>
56	-## Execute usbmodules in the usbmodules domain, and
57	-## allow the specified role the usbmodules domain,
58	-## and use the caller's terminal.
59	+## Execute usbmodules in the usbmodules
60	+## domain, and allow the specified
61	+## role the usbmodules domain.
62	## </summary>
63	## <param name="domain">
64	## <summary>
65	@@ -38,9 +39,9 @@ interface(`usbmodules_domtrans',`
66	#
67	interface(`usbmodules_run',`
68	gen_require(`
69	- type usbmodules_t;
70	+ attribute_role usbmodules_roles;
71	')
72
73	usbmodules_domtrans($1)
74	- role $2 types usbmodules_t;
75	+ roleattribute $2 usbmodules_roles;
76	')
77
78	diff --git a/policy/modules/contrib/usbmodules.te b/policy/modules/contrib/usbmodules.te
79	index 74354da..cb9b5bb 100644
80	--- a/policy/modules/contrib/usbmodules.te
81	+++ b/policy/modules/contrib/usbmodules.te
82	@@ -1,14 +1,16 @@
83	-policy_module(usbmodules, 1.2.0)
84	+policy_module(usbmodules, 1.2.1)
85
86	########################################
87	#
88	# Declarations
89	#
90
91	+attribute_role usbmodules_roles;
92	+
93	type usbmodules_t;
94	type usbmodules_exec_t;
95	init_system_domain(usbmodules_t, usbmodules_exec_t)
96	-role system_r types usbmodules_t;
97	+role usbmodules_roles types usbmodules_t;
98
99	########################################
100	#
101	@@ -20,18 +22,17 @@ kernel_list_proc(usbmodules_t)
102	files_list_kernel_modules(usbmodules_t)
103
104	dev_list_usbfs(usbmodules_t)
105	-# allow usb device access
106	dev_rw_usbfs(usbmodules_t)
107
108	files_list_etc(usbmodules_t)
109	-# needs etc_t read access for the hotplug config, maybe should have a new type
110	-files_read_etc_files(usbmodules_t)
111
112	term_read_console(usbmodules_t)
113	term_write_console(usbmodules_t)
114
115	init_use_fds(usbmodules_t)
116
117	+logging_send_syslog_msg(usbmodules_t)
118	+
119	miscfiles_read_hwdata(usbmodules_t)
120
121	modutils_read_module_deps(usbmodules_t)
122	@@ -41,7 +42,3 @@ userdom_use_user_terminals(usbmodules_t)
123	optional_policy(`
124	hotplug_read_config(usbmodules_t)
125	')
126	-
127	-optional_policy(`
128	- logging_send_syslog_msg(usbmodules_t)
129	-')

Gentoo Archives: gentoo-commits