1 |
commit: a6327618acb0e35b2290809b402afc12685a35ea |
2 |
Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net> |
3 |
AuthorDate: Sat May 13 21:15:27 2017 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu May 25 16:32:29 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a6327618 |
7 |
|
8 |
base: role changes for the new libmtp module |
9 |
|
10 |
This is the base part of the policy needed to support libmtp (an |
11 |
Initiator implementation of the Media Transfer Protocol). |
12 |
|
13 |
Signed-off-by: Guido Trentalancia <guido at trentalancia.net> |
14 |
|
15 |
policy/modules/roles/staff.te | 4 ++++ |
16 |
policy/modules/roles/sysadm.te | 4 ++++ |
17 |
policy/modules/roles/unprivuser.te | 4 ++++ |
18 |
3 files changed, 12 insertions(+) |
19 |
|
20 |
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te |
21 |
index 8971a209..4614f3e6 100644 |
22 |
--- a/policy/modules/roles/staff.te |
23 |
+++ b/policy/modules/roles/staff.te |
24 |
@@ -125,6 +125,10 @@ ifndef(`distro_redhat',` |
25 |
') |
26 |
|
27 |
optional_policy(` |
28 |
+ libmtp_role(staff_r, staff_t) |
29 |
+ ') |
30 |
+ |
31 |
+ optional_policy(` |
32 |
lockdev_role(staff_r, staff_t) |
33 |
') |
34 |
|
35 |
|
36 |
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te |
37 |
index 13149a4c..bff6e59c 100644 |
38 |
--- a/policy/modules/roles/sysadm.te |
39 |
+++ b/policy/modules/roles/sysadm.te |
40 |
@@ -551,6 +551,10 @@ optional_policy(` |
41 |
') |
42 |
|
43 |
optional_policy(` |
44 |
+ libmtp_role(sysadm_r, sysadm_t) |
45 |
+') |
46 |
+ |
47 |
+optional_policy(` |
48 |
libs_run_ldconfig(sysadm_t, sysadm_r) |
49 |
') |
50 |
|
51 |
|
52 |
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te |
53 |
index b040b4ab..f6be7db2 100644 |
54 |
--- a/policy/modules/roles/unprivuser.te |
55 |
+++ b/policy/modules/roles/unprivuser.te |
56 |
@@ -98,6 +98,10 @@ ifndef(`distro_redhat',` |
57 |
') |
58 |
|
59 |
optional_policy(` |
60 |
+ libmtp_role(user_r, user_t) |
61 |
+ ') |
62 |
+ |
63 |
+ optional_policy(` |
64 |
lockdev_role(user_r, user_t) |
65 |
') |