[PATCH 66/90] Add rules to all streams to be stored in /tmp and

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   This patch looks good to me. acked.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/I+uAACgkQrlYvE4MpobPH5ACgmD+ye1ht+j8tqYgtPVhXgV1K
zpsAoLW2/FJL6su98ZYS0RnlqOdAxh17
=2dXT
-----END PGP SIGNATURE-----

>From 73e73b822577f49f4b22fa36973ea0720900258c Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Fri, 18 May 2012 11:40:11 -0400
Subject: [PATCH 66/90] Add rules to all streams to be stored in /tmp and
 etc_rw_t

---
 policycoreutils/gui/templates/etc_rw.py |   26 ++++++++++++++++++++++++++
 policycoreutils/gui/templates/tmp.py    |   26 ++++++++++++++++++++++++++
 2 files changed, 52 insertions(+)

diff --git a/policycoreutils/gui/templates/etc_rw.py b/policycoreutils/gui/templates/etc_rw.py
index 0d3dbfe..1cea8b1 100644
--- a/policycoreutils/gui/templates/etc_rw.py
+++ b/policycoreutils/gui/templates/etc_rw.py
@@ -32,6 +32,11 @@ manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_
 files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file })
 """
 
+te_stream_rules="""
+allow TEMPLATETYPE_t TEMPLATETYPE_etc_rw_t:sock_file manage_sock_file_perms;
+files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, sock_file)
+"""
+
 ########################### Interface File #############################
 if_rules="""
 ########################################
@@ -94,6 +99,27 @@ interface(`TEMPLATETYPE_manage_conf_files',`
 
 """
 
+if_stream_rules="""\
+########################################
+## <summary>
+##	Connect to TEMPLATETYPE over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`TEMPLATETYPE_stream_connect',`
+	gen_require(`
+		type TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_t)
+')
+"""
+
 if_admin_types="""
 		type TEMPLATETYPE_etc_rw_t;"""
 
diff --git a/policycoreutils/gui/templates/tmp.py b/policycoreutils/gui/templates/tmp.py
index d2adaa4..33d4340 100644
--- a/policycoreutils/gui/templates/tmp.py
+++ b/policycoreutils/gui/templates/tmp.py
@@ -32,6 +32,11 @@ manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
 files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file })
 """
 
+te_stream_rules="""
+allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:sock_file manage_sock_file_perms;
+files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, sock_file)
+"""
+
 if_rules="""
 ########################################
 ## <summary>
@@ -93,6 +98,27 @@ interface(`TEMPLATETYPE_manage_tmp',`
 ')
 """
 
+if_stream_rules="""\
+########################################
+## <summary>
+##	Connect to TEMPLATETYPE over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`TEMPLATETYPE_stream_connect',`
+	gen_require(`
+		type TEMPLATETYPE_t, TEMPLATETYPE_tmp_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_t)
+')
+"""
+
 if_admin_types="""
 		type TEMPLATETYPE_tmp_t;"""
 
-- 
1.7.10.2
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux