-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/I+9IACgkQrlYvE4MpobMxAQCeIAoHqZLNEkf8t3Ux4aZoxq2Y
Wv8AoLGT4uotIk7QtV4x4hbF8ejNAuhv
=dIrb
-----END PGP SIGNATURE-----
>From 9ad9aafba4d7e1f57eec14c575c148db0f996214 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Thu, 31 May 2012 13:06:06 -0400
Subject: [PATCH 79/90] Cleanup templates, fixing cut an paste errors. Use
read_files_pattern rather then allow rule, allow
TEMPLATE_rw_t sock_files
---
policycoreutils/gui/templates/etc_rw.py | 8 ++++----
policycoreutils/gui/templates/executable.py | 2 +-
policycoreutils/gui/templates/rw.py | 26 +++++++++++++++++++++++++-
policycoreutils/gui/templates/tmp.py | 6 +++---
policycoreutils/gui/templates/var_lib.py | 2 +-
policycoreutils/gui/templates/var_run.py | 4 ++--
6 files changed, 36 insertions(+), 12 deletions(-)
diff --git a/policycoreutils/gui/templates/etc_rw.py b/policycoreutils/gui/templates/etc_rw.py
index 1cea8b1..70e0db7 100644
--- a/policycoreutils/gui/templates/etc_rw.py
+++ b/policycoreutils/gui/templates/etc_rw.py
@@ -33,8 +33,8 @@ files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file })
"""
te_stream_rules="""
-allow TEMPLATETYPE_t TEMPLATETYPE_etc_rw_t:sock_file manage_sock_file_perms;
-files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, sock_file)
+manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
+files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, sock_file)
"""
########################### Interface File #############################
@@ -73,8 +73,8 @@ interface(`TEMPLATETYPE_read_conf_files',`
type TEMPLATETYPE_etc_rw_t;
')
- allow $1 TEMPLATETYPE_etc_rw_t:file read_file_perms;
allow $1 TEMPLATETYPE_etc_rw_t:dir list_dir_perms;
+ read_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
files_search_etc($1)
')
@@ -115,7 +115,7 @@ interface(`TEMPLATETYPE_stream_connect',`
type TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t;
')
- files_search_pids($1)
+ files_search_etc($1)
stream_connect_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_t)
')
"""
diff --git a/policycoreutils/gui/templates/executable.py b/policycoreutils/gui/templates/executable.py
index 5b39d77..51444a5 100644
--- a/policycoreutils/gui/templates/executable.py
+++ b/policycoreutils/gui/templates/executable.py
@@ -281,7 +281,7 @@ interface(`TEMPLATETYPE_role',`
TEMPLATETYPE_domtrans($2)
ps_process_pattern($2, TEMPLATETYPE_t)
- allow $2 TEMPLATETYPE_t:process signal;
+ allow $2 TEMPLATETYPE_t:process { signull signal sigkill };
')
"""
diff --git a/policycoreutils/gui/templates/rw.py b/policycoreutils/gui/templates/rw.py
index 5dfc42f..3ca0ccd 100644
--- a/policycoreutils/gui/templates/rw.py
+++ b/policycoreutils/gui/templates/rw.py
@@ -67,7 +67,7 @@ interface(`TEMPLATETYPE_read_rw_files',`
type TEMPLATETYPE_rw_t;
')
- allow $1 TEMPLATETYPE_rw_t:file read_file_perms;
+ read_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
allow $1 TEMPLATETYPE_rw_t:dir list_dir_perms;
files_search_rw($1)
')
@@ -111,6 +111,30 @@ interface(`TEMPLATETYPE_manage_rw_dirs',`
"""
+te_stream_rules="""
+manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
+"""
+
+if_stream_rules="""\
+########################################
+## <summary>
+## Connect to TEMPLATETYPE over a unix stream socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_stream_connect',`
+ gen_require(`
+ type TEMPLATETYPE_t, TEMPLATETYPE_rw_t;
+ ')
+
+ stream_connect_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_t)
+')
+"""
+
if_admin_types="""
type TEMPLATETYPE_rw_t;"""
diff --git a/policycoreutils/gui/templates/tmp.py b/policycoreutils/gui/templates/tmp.py
index 33d4340..3103ff2 100644
--- a/policycoreutils/gui/templates/tmp.py
+++ b/policycoreutils/gui/templates/tmp.py
@@ -33,8 +33,8 @@ files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file })
"""
te_stream_rules="""
-allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:sock_file manage_sock_file_perms;
-files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, sock_file)
+manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
+files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, sock_file)
"""
if_rules="""
@@ -73,7 +73,7 @@ interface(`TEMPLATETYPE_read_tmp_files',`
')
files_search_tmp($1)
- allow $1 TEMPLATETYPE_tmp_t:file read_file_perms;
+ read_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
')
########################################
diff --git a/policycoreutils/gui/templates/var_lib.py b/policycoreutils/gui/templates/var_lib.py
index 8bde8c6..1ac19ef 100644
--- a/policycoreutils/gui/templates/var_lib.py
+++ b/policycoreutils/gui/templates/var_lib.py
@@ -33,7 +33,7 @@ files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file })
"""
te_stream_rules="""\
-allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file manage_sock_file_perms;
+manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, sock_file)
"""
diff --git a/policycoreutils/gui/templates/var_run.py b/policycoreutils/gui/templates/var_run.py
index 916f44c..9522db2 100644
--- a/policycoreutils/gui/templates/var_run.py
+++ b/policycoreutils/gui/templates/var_run.py
@@ -33,7 +33,7 @@ files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, { dir file })
"""
te_stream_rules="""
-allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:sock_file manage_sock_file_perms;
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, sock_file)
"""
@@ -54,7 +54,7 @@ interface(`TEMPLATETYPE_read_pid_files',`
')
files_search_pids($1)
- allow $1 TEMPLATETYPE_var_run_t:file read_file_perms;
+ read_files_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
')
"""
--
1.7.10.2
