-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
This patch adds open to sepolgen checks and resets the priorities to
get better matches on AVCs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5yVm8ACgkQrlYvE4MpobNgBgCg4AMoqz0Vc+Gx6n6A6nIm8hLC
HyAAn0nVx/+cTey510qIFny9vHJrjTI2
=dtQu
-----END PGP SIGNATURE-----
>From 44c3569498d74cfe28892c2f27a87e328af21f79 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Tue, 23 Aug 2011 14:49:45 -0400
Subject: [PATCH 38/67] sepolgen: FIXME Change perm-map and add open to try to
get better results on matches
Better changelog and review
NOT-Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
sepolgen/src/share/perm_map | 51 ++++++++++++++++++++++++------------------
1 files changed, 29 insertions(+), 22 deletions(-)
diff --git a/sepolgen/src/share/perm_map b/sepolgen/src/share/perm_map
index eb2e23b..ca4fa4d 100644
--- a/sepolgen/src/share/perm_map
+++ b/sepolgen/src/share/perm_map
@@ -124,7 +124,7 @@ class filesystem 10
quotamod w 1
quotaget r 1
-class file 20
+class file 21
execute_no_trans r 1
entrypoint r 1
execmod n 1
@@ -141,48 +141,50 @@ class file 20
unlink w 1
link w 1
rename w 5
- execute r 100
+ execute r 10
swapon b 1
quotaon b 1
mounton b 1
+ open r 1
-class dir 22
- add_name w 5
+class dir 23
+ add_name w 1
remove_name w 1
reparent w 1
search r 1
rmdir b 1
ioctl n 1
- read r 10
- write w 10
+ read r 1
+ write w 1
create w 1
- getattr r 7
- setattr w 7
+ getattr r 1
+ setattr w 1
lock n 1
- relabelfrom r 10
- relabelto w 10
+ relabelfrom r 1
+ relabelto w 1
append w 1
unlink w 1
link w 1
- rename w 5
+ rename w 1
execute r 1
swapon b 1
quotaon b 1
mounton b 1
+ open r 1
class fd 1
use b 1
-class lnk_file 17
+class lnk_file 18
ioctl n 1
- read r 10
- write w 10
+ read r 1
+ write w 1
create w 1
- getattr r 7
- setattr w 7
+ getattr r 1
+ setattr w 1
lock n 1
- relabelfrom r 10
- relabelto w 10
+ relabelfrom r 1
+ relabelto w 1
append w 1
unlink w 1
link w 1
@@ -191,8 +193,9 @@ class lnk_file 17
swapon b 1
quotaon b 1
mounton b 1
+ open r 1
-class chr_file 20
+class chr_file 21
execute_no_trans r 1
entrypoint r 1
execmod n 1
@@ -213,8 +216,9 @@ class chr_file 20
swapon b 1
quotaon b 1
mounton b 1
+ open r 1
-class blk_file 17
+class blk_file 18
ioctl n 1
read r 10
write w 10
@@ -232,8 +236,9 @@ class blk_file 17
swapon b 1
quotaon b 1
mounton b 1
+ open r 1
-class sock_file 17
+class sock_file 18
ioctl n 1
read r 10
write w 10
@@ -251,8 +256,9 @@ class sock_file 17
swapon b 1
quotaon b 1
mounton b 1
+ open r 1
-class fifo_file 17
+class fifo_file 18
ioctl n 1
read r 10
write w 10
@@ -270,6 +276,7 @@ class fifo_file 17
swapon b 1
quotaon b 1
mounton b 1
+ open r 1
class socket 22
ioctl n 1
--
1.7.6.2
