Yes, my fault, thanks for telling me ! Revised patch (v3) posted. On Thu, 03/01/2019 at 17.33 -0500, Chris PeBenito wrote: > On 1/3/19 5:17 AM, Guido Trentalancia wrote: > > Add a SELinux Reference Policy module for the sigrok > > signal analysis software suite (command-line interface). > > Sorry, I missed this, but there's no longer a contrib directory, so > this > should be added to apps. > > > Signed-off-by: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx> > > --- > > policy/modules/contrib/sigrok.fc | 1 > > policy/modules/contrib/sigrok.if | 37 > > +++++++++++++++++++++++++++++++++++ > > policy/modules/contrib/sigrok.te | 39 > > +++++++++++++++++++++++++++++++++++++ > > policy/modules/roles/unprivuser.te | 4 +++ > > 4 files changed, 81 insertions(+) > > > > diff -pruN a/policy/modules/contrib/sigrok.fc > > b/policy/modules/contrib/sigrok.fc > > --- a/policy/modules/contrib/sigrok.fc 1970-01-01 > > 01:00:00.000000000 +0100 > > +++ b/policy/modules/contrib/sigrok.fc 2018-12-25 > > 21:33:17.512518983 +0100 > > @@ -0,0 +1 @@ > > +/usr/bin/sigrok-cli -- gen_context(system_u:object_r > > :sigrok_exec_t,s0) > > diff -pruN a/policy/modules/contrib/sigrok.if > > b/policy/modules/contrib/sigrok.if > > --- a/policy/modules/contrib/sigrok.if 1970-01-01 > > 01:00:00.000000000 +0100 > > +++ b/policy/modules/contrib/sigrok.if 2018-12-29 > > 14:52:30.771773190 +0100 > > @@ -0,0 +1,37 @@ > > +## <summary>sigrok signal analysis software suite.</summary> > > + > > +######################################## > > +## <summary> > > +## Execute sigrok in its domain. > > +## </summary> > > +## <param name="role"> > > +## <summary> > > +## Role allowed access. > > +## </summary> > > +## </param> > > +## <param name="domain"> > > +## <summary> > > +## User domain for the role. > > +## </summary> > > +## </param> > > +# > > +interface(`sigrok_run',` > > + gen_require(` > > + type sigrok_t, sigrok_exec_t; > > + attribute_role sigrok_roles; > > + ') > > + > > + ######################################## > > + # > > + # Declarations > > + # > > + > > + roleattribute $1 sigrok_roles; > > + > > + ######################################## > > + # > > + # Policy > > + # > > + > > + domtrans_pattern($2, sigrok_exec_t, sigrok_t) > > +') > > diff -pruN a/policy/modules/contrib/sigrok.te > > b/policy/modules/contrib/sigrok.te > > --- a/policy/modules/contrib/sigrok.te 1970-01-01 > > 01:00:00.000000000 +0100 > > +++ b/policy/modules/contrib/sigrok.te 2018-12-29 > > 16:25:21.851742375 +0100 > > @@ -0,0 +1,39 @@ > > +policy_module(sigrok, 1.0.0) > > + > > +######################################## > > +# > > +# Declarations > > +# > > + > > +attribute_role sigrok_roles; > > +roleattribute system_r sigrok_roles; > > + > > +type sigrok_t; > > +type sigrok_exec_t; > > +userdom_user_application_domain(sigrok_t, sigrok_exec_t) > > +role sigrok_roles types sigrok_t; > > + > > +######################################## > > +# > > +# Local policy > > +# > > + > > +allow sigrok_t self:fifo_file rw_fifo_file_perms; > > +allow sigrok_t self:netlink_kobject_uevent_socket > > create_socket_perms; > > +allow sigrok_t self:tcp_socket create_socket_perms; > > + > > +corenet_tcp_connect_all_unreserved_ports(sigrok_t) > > + > > +dev_getattr_sysfs_dirs(sigrok_t) > > +dev_read_sysfs(sigrok_t) > > +dev_rw_generic_usb_dev(sigrok_t) > > + > > +files_read_etc_files(sigrok_t) > > + > > +term_use_unallocated_ttys(sigrok_t) > > + > > +userdom_use_user_ptys(sigrok_t) > > + > > +optional_policy(` > > + udev_read_pid_files(sigrok_t) > > +') > > diff -pruN a/policy/modules/roles/unprivuser.te > > b/policy/modules/roles/unprivuser.te > > --- a/policy/modules/roles/unprivuser.te 2017-05-13 > > 21:22:22.837046352 +0200 > > +++ b/policy/modules/roles/unprivuser.te 2018-12-28 > > 20:07:33.588429238 +0100 > > @@ -146,6 +146,10 @@ ifndef(`distro_redhat',` > > ') > > > > optional_policy(` > > + sigrok_run(user_r, user_t) > > + ') > > + > > + optional_policy(` > > spamassassin_role(user_r, user_t) > > ') > > > > > > -- Guido Trentalancia <guido@xxxxxxxxxxxxxxxx> PGP key: http://pgp.trentalancia.com
