Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen

- Trigger on selinux-policy needs to change to selinux-policy-devel - Update translations - Fix semanage dontaudit off/on exception
2012-05-18 11:42:50 -04:00 · 2012-05-18 11:42:50 -04:00 · 1b634710d1
commit 1b634710d1
parent 9d30639944
2 changed files with 59 additions and 8 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -12227,10 +12227,10 @@ index 0000000..f7af4d8
 +
 diff --git a/policycoreutils/gui/templates/etc_rw.py b/policycoreutils/gui/templates/etc_rw.py
 new file mode 100644
-index 0000000..0d3dbfe
+index 0000000..1cea8b1
 --- /dev/null
 +++ b/policycoreutils/gui/templates/etc_rw.py
-@@ -0,0 +1,112 @@
+@@ -0,0 +1,138 @@
 +# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
@ -12265,6 +12265,11 @@ index 0000000..0d3dbfe
 +files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file })
 +"""
 +
+te_stream_rules="""
+allow TEMPLATETYPE_t TEMPLATETYPE_etc_rw_t:sock_file manage_sock_file_perms;
+files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, sock_file)
+"""
+
 +########################### Interface File #############################
 +if_rules="""
 +########################################
@ -12327,6 +12332,27 @@ index 0000000..0d3dbfe
 +
 +"""
 +
+if_stream_rules="""\
+########################################
+## <summary>
+##	Connect to TEMPLATETYPE over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`TEMPLATETYPE_stream_connect',`
+	gen_require(`
+		type TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_t)
+')
+"""
+
 +if_admin_types="""
 +		type TEMPLATETYPE_etc_rw_t;"""
 +
@ -13218,10 +13244,10 @@ index 0000000..194fb2c
 +
 diff --git a/policycoreutils/gui/templates/tmp.py b/policycoreutils/gui/templates/tmp.py
 new file mode 100644
-index 0000000..d2adaa4
+index 0000000..33d4340
 --- /dev/null
 +++ b/policycoreutils/gui/templates/tmp.py
-@@ -0,0 +1,102 @@
+@@ -0,0 +1,128 @@
 +# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
@ -13256,6 +13282,11 @@ index 0000000..d2adaa4
 +files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file })
 +"""
 +
+te_stream_rules="""
+allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:sock_file manage_sock_file_perms;
+files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, sock_file)
+"""
+
 +if_rules="""
 +########################################
 +## <summary>
@ -13317,6 +13348,27 @@ index 0000000..d2adaa4
 +')
 +"""
 +
+if_stream_rules="""\
+########################################
+## <summary>
+##	Connect to TEMPLATETYPE over a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`TEMPLATETYPE_stream_connect',`
+	gen_require(`
+		type TEMPLATETYPE_t, TEMPLATETYPE_tmp_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_t)
+')
+"""
+
 +if_admin_types="""
 +		type TEMPLATETYPE_tmp_t;"""
 +
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.11
-Release: 14%{?dist}
+Release: 15%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -340,10 +340,9 @@ fi
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :

 %changelog
-* Fri May 18 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-14
+* Fri May 18 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-15
+- Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen
 - Trigger on selinux-policy needs to change to selinux-policy-devel
-
-* Fri May 18 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-13
 - Update translations
 - Fix semanage dontaudit off/on exception