[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Tue, 30 Oct 2012 18:37:48
Message-Id:	`1351621993.0777ed9ea6f659963889174698ec9193131518ff.SwifT@gentoo`

1

commit:     0777ed9ea6f659963889174698ec9193131518ff

2

Author:     Dominick Grift <dominick.grift <AT> gmail <DOT> com>

3

AuthorDate: Tue Oct 30 11:03:42 2012 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Tue Oct 30 18:33:13 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=0777ed9e

7

8

Changes to the updfstab policy module

9

10

Module clean up

11

12

Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>

13

14

---

15

 policy/modules/contrib/updfstab.fc |    1 -

16

 policy/modules/contrib/updfstab.if |    3 +--

17

 policy/modules/contrib/updfstab.te |   34 +++++++++++++++++-----------------

18

 3 files changed, 18 insertions(+), 20 deletions(-)

19

20

diff --git a/policy/modules/contrib/updfstab.fc b/policy/modules/contrib/updfstab.fc

21

index e534c88..b62ab19 100644

22

--- a/policy/modules/contrib/updfstab.fc

23

+++ b/policy/modules/contrib/updfstab.fc

24

@@ -1,3 +1,2 @@

25

-

26

 /usr/sbin/fstab-sync	--	gen_context(system_u:object_r:updfstab_exec_t,s0)

27

 /usr/sbin/updfstab	--	gen_context(system_u:object_r:updfstab_exec_t,s0)

28

29

diff --git a/policy/modules/contrib/updfstab.if b/policy/modules/contrib/updfstab.if

30

index 4d4b60e..ec0800b 100644

31

--- a/policy/modules/contrib/updfstab.if

32

+++ b/policy/modules/contrib/updfstab.if

33

@@ -1,4 +1,4 @@

34

-## <summary>Red Hat utility to change /etc/fstab.</summary>

35

+## <summary>Red Hat utility to change fstab.</summary>

36

37

 ########################################

38

 ## <summary>

39

@@ -15,7 +15,6 @@ interface(`updfstab_domtrans',`

40

 		type updfstab_t, updfstab_exec_t;

41

')

42

43

-	files_search_usr($1)

44

 	corecmd_search_bin($1)

45

 	domtrans_pattern($1, updfstab_exec_t, updfstab_t)

46

')

47

48

diff --git a/policy/modules/contrib/updfstab.te b/policy/modules/contrib/updfstab.te

49

index ef12ed5..d6bc9bb 100644

50

--- a/policy/modules/contrib/updfstab.te

51

+++ b/policy/modules/contrib/updfstab.te

52

@@ -22,14 +22,23 @@ allow updfstab_t self:fifo_file rw_fifo_file_perms;

53

 kernel_use_fds(updfstab_t)

54

 kernel_read_kernel_sysctls(updfstab_t)

55

 kernel_dontaudit_write_kernel_sysctl(updfstab_t)

56

-# for /proc/partitions

57

 kernel_read_system_state(updfstab_t)

58

-# cjp: why is this required

59

 kernel_change_ring_buffer_level(updfstab_t)

60

61

+corecmd_exec_bin(updfstab_t)

62

+

63

 dev_read_sysfs(updfstab_t)

64

 dev_manage_generic_symlinks(updfstab_t)

65

66

+domain_use_interactive_fds(updfstab_t)

67

+

68

+files_manage_mnt_files(updfstab_t)

69

+files_manage_mnt_dirs(updfstab_t)

70

+files_manage_mnt_symlinks(updfstab_t)

71

+files_manage_etc_files(updfstab_t)

72

+files_dontaudit_search_home(updfstab_t)

73

+files_read_etc_runtime_files(updfstab_t)

74

+

75

 fs_getattr_xattr_fs(updfstab_t)

76

 fs_getattr_tmpfs(updfstab_t)

77

 fs_getattr_tmpfs_dirs(updfstab_t)

78

@@ -51,23 +60,11 @@ storage_write_scsi_generic(updfstab_t)

79

80

 term_dontaudit_use_console(updfstab_t)

81

82

-corecmd_exec_bin(updfstab_t)

83

-

84

-domain_use_interactive_fds(updfstab_t)

85

-

86

-files_manage_mnt_files(updfstab_t)

87

-files_manage_mnt_dirs(updfstab_t)

88

-files_manage_mnt_symlinks(updfstab_t)

89

-files_manage_etc_files(updfstab_t)

90

-files_dontaudit_search_home(updfstab_t)

91

-# for /etc/mtab

92

-files_read_etc_runtime_files(updfstab_t)

93

-

94

 init_use_fds(updfstab_t)

95

 init_use_script_ptys(updfstab_t)

96

97

-logging_send_syslog_msg(updfstab_t)

98

 logging_search_logs(updfstab_t)

99

+logging_send_syslog_msg(updfstab_t)

100

101

 miscfiles_read_localization(updfstab_t)

102

103

@@ -83,9 +80,13 @@ optional_policy(`

104

')

105

106

 optional_policy(`

107

+	dbus_system_bus_client(updfstab_t)

108

+

109

 	init_dbus_chat_script(updfstab_t)

110

111

-	dbus_system_bus_client(updfstab_t)

112

+	optional_policy(`

113

+		hal_dbus_chat(updfstab_t)

114

+	')

115

')

116

117

 optional_policy(`

118

@@ -94,7 +95,6 @@ optional_policy(`

119

120

 optional_policy(`

121

 	hal_stream_connect(updfstab_t)

122

-	hal_dbus_chat(updfstab_t)

123

')

124

125

 optional_policy(`

1	commit: 0777ed9ea6f659963889174698ec9193131518ff
2	Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3	AuthorDate: Tue Oct 30 11:03:42 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Tue Oct 30 18:33:13 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=0777ed9e
7
8	Changes to the updfstab policy module
9
10	Module clean up
11
12	Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
13
14	---
15	policy/modules/contrib/updfstab.fc \| 1 -
16	policy/modules/contrib/updfstab.if \| 3 +--
17	policy/modules/contrib/updfstab.te \| 34 +++++++++++++++++-----------------
18	3 files changed, 18 insertions(+), 20 deletions(-)
19
20	diff --git a/policy/modules/contrib/updfstab.fc b/policy/modules/contrib/updfstab.fc
21	index e534c88..b62ab19 100644
22	--- a/policy/modules/contrib/updfstab.fc
23	+++ b/policy/modules/contrib/updfstab.fc
24	@@ -1,3 +1,2 @@
25	-
26	/usr/sbin/fstab-sync -- gen_context(system_u:object_r:updfstab_exec_t,s0)
27	/usr/sbin/updfstab -- gen_context(system_u:object_r:updfstab_exec_t,s0)
28
29	diff --git a/policy/modules/contrib/updfstab.if b/policy/modules/contrib/updfstab.if
30	index 4d4b60e..ec0800b 100644
31	--- a/policy/modules/contrib/updfstab.if
32	+++ b/policy/modules/contrib/updfstab.if
33	@@ -1,4 +1,4 @@
34	-## <summary>Red Hat utility to change /etc/fstab.</summary>
35	+## <summary>Red Hat utility to change fstab.</summary>
36
37	########################################
38	## <summary>
39	@@ -15,7 +15,6 @@ interface(`updfstab_domtrans',`
40	type updfstab_t, updfstab_exec_t;
41	')
42
43	- files_search_usr($1)
44	corecmd_search_bin($1)
45	domtrans_pattern($1, updfstab_exec_t, updfstab_t)
46	')
47
48	diff --git a/policy/modules/contrib/updfstab.te b/policy/modules/contrib/updfstab.te
49	index ef12ed5..d6bc9bb 100644
50	--- a/policy/modules/contrib/updfstab.te
51	+++ b/policy/modules/contrib/updfstab.te
52	@@ -22,14 +22,23 @@ allow updfstab_t self:fifo_file rw_fifo_file_perms;
53	kernel_use_fds(updfstab_t)
54	kernel_read_kernel_sysctls(updfstab_t)
55	kernel_dontaudit_write_kernel_sysctl(updfstab_t)
56	-# for /proc/partitions
57	kernel_read_system_state(updfstab_t)
58	-# cjp: why is this required
59	kernel_change_ring_buffer_level(updfstab_t)
60
61	+corecmd_exec_bin(updfstab_t)
62	+
63	dev_read_sysfs(updfstab_t)
64	dev_manage_generic_symlinks(updfstab_t)
65
66	+domain_use_interactive_fds(updfstab_t)
67	+
68	+files_manage_mnt_files(updfstab_t)
69	+files_manage_mnt_dirs(updfstab_t)
70	+files_manage_mnt_symlinks(updfstab_t)
71	+files_manage_etc_files(updfstab_t)
72	+files_dontaudit_search_home(updfstab_t)
73	+files_read_etc_runtime_files(updfstab_t)
74	+
75	fs_getattr_xattr_fs(updfstab_t)
76	fs_getattr_tmpfs(updfstab_t)
77	fs_getattr_tmpfs_dirs(updfstab_t)
78	@@ -51,23 +60,11 @@ storage_write_scsi_generic(updfstab_t)
79
80	term_dontaudit_use_console(updfstab_t)
81
82	-corecmd_exec_bin(updfstab_t)
83	-
84	-domain_use_interactive_fds(updfstab_t)
85	-
86	-files_manage_mnt_files(updfstab_t)
87	-files_manage_mnt_dirs(updfstab_t)
88	-files_manage_mnt_symlinks(updfstab_t)
89	-files_manage_etc_files(updfstab_t)
90	-files_dontaudit_search_home(updfstab_t)
91	-# for /etc/mtab
92	-files_read_etc_runtime_files(updfstab_t)
93	-
94	init_use_fds(updfstab_t)
95	init_use_script_ptys(updfstab_t)
96
97	-logging_send_syslog_msg(updfstab_t)
98	logging_search_logs(updfstab_t)
99	+logging_send_syslog_msg(updfstab_t)
100
101	miscfiles_read_localization(updfstab_t)
102
103	@@ -83,9 +80,13 @@ optional_policy(`
104	')
105
106	optional_policy(`
107	+ dbus_system_bus_client(updfstab_t)
108	+
109	init_dbus_chat_script(updfstab_t)
110
111	- dbus_system_bus_client(updfstab_t)
112	+ optional_policy(`
113	+ hal_dbus_chat(updfstab_t)
114	+ ')
115	')
116
117	optional_policy(`
118	@@ -94,7 +95,6 @@ optional_policy(`
119
120	optional_policy(`
121	hal_stream_connect(updfstab_t)
122	- hal_dbus_chat(updfstab_t)
123	')
124
125	optional_policy(`

Gentoo Archives: gentoo-commits