[PATCH 80/90] Add lnk_file handling to te_rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   This patch looks good to me. acked.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/I++EACgkQrlYvE4MpobPtXwCffCytBkR+DgHXvPrW7BtknzGs
KV0AnjRPAxn4vSD6MBaLwHUREmN/mrpl
=yxuR
-----END PGP SIGNATURE-----

>From d4ffd77465000c6a3e04a9cb8d7a494d1618a01e Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Thu, 31 May 2012 13:15:45 -0400
Subject: [PATCH 80/90] Add lnk_file handling to te_rules, add sock_file
 handling to cache.te and spool.te

---
 policycoreutils/gui/templates/etc_rw.py    |    3 ++-
 policycoreutils/gui/templates/rw.py        |    1 +
 policycoreutils/gui/templates/tmp.py       |    3 ++-
 policycoreutils/gui/templates/var_cache.py |   27 ++++++++++++++++++++++++++-
 policycoreutils/gui/templates/var_lib.py   |    3 ++-
 policycoreutils/gui/templates/var_log.py   |    3 ++-
 policycoreutils/gui/templates/var_run.py   |    3 ++-
 policycoreutils/gui/templates/var_spool.py |   27 ++++++++++++++++++++++++++-
 8 files changed, 63 insertions(+), 7 deletions(-)

diff --git a/policycoreutils/gui/templates/etc_rw.py b/policycoreutils/gui/templates/etc_rw.py
index 70e0db7..dcf445e 100644
--- a/policycoreutils/gui/templates/etc_rw.py
+++ b/policycoreutils/gui/templates/etc_rw.py
@@ -29,7 +29,8 @@ files_type(TEMPLATETYPE_etc_rw_t)
 te_rules="""
 manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
 manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
-files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file })
+manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
+files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file lnk_file })
 """
 
 te_stream_rules="""
diff --git a/policycoreutils/gui/templates/rw.py b/policycoreutils/gui/templates/rw.py
index 3ca0ccd..143f56a 100644
--- a/policycoreutils/gui/templates/rw.py
+++ b/policycoreutils/gui/templates/rw.py
@@ -29,6 +29,7 @@ files_type(TEMPLATETYPE_rw_t)
 te_rules="""
 manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
 manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
+manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
 """
 
 ########################### Interface File #############################
diff --git a/policycoreutils/gui/templates/tmp.py b/policycoreutils/gui/templates/tmp.py
index 3103ff2..c000a75 100644
--- a/policycoreutils/gui/templates/tmp.py
+++ b/policycoreutils/gui/templates/tmp.py
@@ -29,7 +29,8 @@ files_tmp_file(TEMPLATETYPE_tmp_t)
 te_rules="""
 manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
 manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file })
+manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
+files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file lnk_file })
 """
 
 te_stream_rules="""
diff --git a/policycoreutils/gui/templates/var_cache.py b/policycoreutils/gui/templates/var_cache.py
index 8efc1d9..3789723 100644
--- a/policycoreutils/gui/templates/var_cache.py
+++ b/policycoreutils/gui/templates/var_cache.py
@@ -30,7 +30,12 @@ te_rules="""
 manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
 manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
 manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
-files_var_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, { dir file })
+files_var_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, { dir file lnk_file })
+"""
+
+te_stream_rules="""\
+manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
+files_var_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, sock_file)
 """
 
 ########################### Interface File #############################
@@ -114,6 +119,26 @@ interface(`TEMPLATETYPE_manage_cache_dirs',`
 
 """
 
+if_stream_rules="""
+########################################
+## <summary>
+##	Connect to TEMPLATETYPE over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`TEMPLATETYPE_stream_connect',`
+	gen_require(`
+		type TEMPLATETYPE_t, TEMPLATETYPE_cache_t;
+	')
+
+	stream_connect_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
+')
+"""
+
 if_admin_types="""
 		type TEMPLATETYPE_cache_t;"""
 
diff --git a/policycoreutils/gui/templates/var_lib.py b/policycoreutils/gui/templates/var_lib.py
index 1ac19ef..148c13e 100644
--- a/policycoreutils/gui/templates/var_lib.py
+++ b/policycoreutils/gui/templates/var_lib.py
@@ -29,7 +29,8 @@ files_type(TEMPLATETYPE_var_lib_t)
 te_rules="""
 manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
 manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file })
+manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
+files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file lnk_file })
 """
 
 te_stream_rules="""\
diff --git a/policycoreutils/gui/templates/var_log.py b/policycoreutils/gui/templates/var_log.py
index b57b93d..371dd7e 100644
--- a/policycoreutils/gui/templates/var_log.py
+++ b/policycoreutils/gui/templates/var_log.py
@@ -30,7 +30,8 @@ logging_log_file(TEMPLATETYPE_log_t)
 te_rules="""
 manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
 manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file })
+manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
+logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file lnk_file })
 """
 
 ########################### Interface File #############################
diff --git a/policycoreutils/gui/templates/var_run.py b/policycoreutils/gui/templates/var_run.py
index 9522db2..563eebb 100644
--- a/policycoreutils/gui/templates/var_run.py
+++ b/policycoreutils/gui/templates/var_run.py
@@ -29,7 +29,8 @@ files_pid_file(TEMPLATETYPE_var_run_t)
 te_rules="""
 manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
 manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, { dir file })
+manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
+files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, { dir file lnk_file })
 """
 
 te_stream_rules="""
diff --git a/policycoreutils/gui/templates/var_spool.py b/policycoreutils/gui/templates/var_spool.py
index 8055a9e..dccb5f1 100644
--- a/policycoreutils/gui/templates/var_spool.py
+++ b/policycoreutils/gui/templates/var_spool.py
@@ -30,7 +30,12 @@ te_rules="""
 manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
 manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
 manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, { dir file })
+files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, { dir file lnk_file })
+"""
+
+te_stream_rules="""\
+manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
+files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, sock_file)
 """
 
 ########################### Interface File #############################
@@ -113,6 +118,26 @@ interface(`TEMPLATETYPE_manage_spool_dirs',`
 
 """
 
+if_stream_rules="""
+########################################
+## <summary>
+##	Connect to TEMPLATETYPE over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`TEMPLATETYPE_stream_connect',`
+	gen_require(`
+		type TEMPLATETYPE_t, TEMPLATETYPE_spool_t;
+	')
+
+	stream_connect_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
+')
+"""
+
 if_admin_types="""
 		type TEMPLATETYPE_spool_t;"""
 
-- 
1.7.10.2
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux