* Fri Sep 14 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-14

- Fix calls to _admin interfaces
This commit is contained in:
Daniel J Walsh 2007-09-14 14:41:51 +00:00
parent d7f1fcd1a3
commit e99a8a65cb
2 changed files with 36 additions and 32 deletions

View File

@ -8905,8 +8905,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.25/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.25/gui/templates/executable.py 2007-09-10 15:43:29.000000000 -0400
@@ -0,0 +1,277 @@
+++ policycoreutils-2.0.25/gui/templates/executable.py 2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,278 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@ -9135,6 +9135,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
+## <summary>
+## All of the rules required to administrate an TEMPLATETYPE environment
+## </summary>
+## <param name="prefix">
+## <summary>
+## Prefix of the domain. Example, user would be
+## the prefix for the uder_t domain.
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
@ -9145,11 +9151,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
+## The role to be allowed to manage the TEMPLATETYPE domain.
+## </summary>
+## </param>
+## <param name="terminal">
+## <summary>
+## The type of the terminal allow the dmidecode domain to use.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`TEMPLATETYPE_admin',`
@ -9157,17 +9158,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
+ type TEMPLATETYPE_t;
+ ')
+
+ allow $1 TEMPLATETYPE_t:process { ptrace signal_perms getattr };
+ read_files_pattern($1, TEMPLATETYPE_t, TEMPLATETYPE_t)
+ allow $2 TEMPLATETYPE_t:process { ptrace signal_perms getattr };
+ read_files_pattern($2, TEMPLATETYPE_t, TEMPLATETYPE_t)
+
+"""
+
+if_initscript_admin="""
+ # Allow $1 to restart the apache service
+ TEMPLATETYPE_script_domtrans($1)
+ domain_system_change_exemption($1)
+ role_transition $2 TEMPLATETYPE_script_exec_t system_r;
+ allow $2 system_r;
+ TEMPLATETYPE_script_domtrans($2)
+ domain_system_change_exemption($2)
+ role_transition $3 TEMPLATETYPE_script_exec_t system_r;
+ allow $3 system_r;
+"""
+
+if_end_admin="""
@ -9186,7 +9187,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.25/gui/templates/__init__.py
--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.25/gui/templates/__init__.py 2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/__init__.py 2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2007 Red Hat, Inc.
@ -9208,7 +9209,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.p
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.25/gui/templates/network.py
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.25/gui/templates/network.py 2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/network.py 2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,80 @@
+te_port_types="""
+type TEMPLATETYPE_port_t;
@ -9292,7 +9293,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.25/gui/templates/rw.py
--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.25/gui/templates/rw.py 2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/rw.py 2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,128 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@ -9411,7 +9412,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
+"""
+
+if_admin_rules="""
+ TEMPLATETYPE_manage_rw($1)
+ TEMPLATETYPE_manage_rw($2)
+"""
+
+########################### File Context ##################################
@ -9424,7 +9425,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.25/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.25/gui/templates/script.py 2007-09-05 22:25:46.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/script.py 2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,45 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@ -9473,7 +9474,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.25/gui/templates/semodule.py
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.25/gui/templates/semodule.py 2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/semodule.py 2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@ -9518,7 +9519,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.25/gui/templates/tmp.py
--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.25/gui/templates/tmp.py 2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/tmp.py 2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,97 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@ -9614,12 +9615,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol
+"""
+
+if_admin_rules="""
+ TEMPLATETYPE_manage_tmp($1)
+ TEMPLATETYPE_manage_tmp($2)
+"""
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.25/gui/templates/user.py
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.25/gui/templates/user.py 2007-09-10 11:43:28.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/user.py 2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,139 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@ -9747,7 +9748,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
+
+te_admin_domain_rules="""
+optional_policy(`
+ APPLICATION_admin(TEMPLATETYPE_t,TEMPLATETYPE_r, { TEMPLATETYPE_tty_device_t TEMPLATETYPE_devpts_t })
+ APPLICATION_admin(TEMPLATETYPE,TEMPLATETYPE_t,TEMPLATETYPE_r)
+')
+"""
+
@ -9762,7 +9763,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.25/gui/templates/var_lib.py
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.25/gui/templates/var_lib.py 2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/var_lib.py 2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,162 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@ -9911,7 +9912,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py
+"""
+
+if_admin_rules="""
+ TEMPLATETYPE_manage_var_lib($1)
+ TEMPLATETYPE_manage_var_lib($2)
+"""
+
+########################### File Context ##################################
@ -9928,7 +9929,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.25/gui/templates/var_log.py
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.25/gui/templates/var_log.py 2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/var_log.py 2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,112 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@ -10031,7 +10032,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
+"""
+
+if_admin_rules="""
+ TEMPLATETYPE_manage_log($1)
+ TEMPLATETYPE_manage_log($2)
+"""
+
+########################### File Context ##################################
@ -10044,7 +10045,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.25/gui/templates/var_run.py
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.25/gui/templates/var_run.py 2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/var_run.py 2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,119 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@ -10150,7 +10151,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py
+"""
+
+if_admin_rules="""
+ TEMPLATETYPE_manage_var_run($1)
+ TEMPLATETYPE_manage_var_run($2)
+"""
+
+fc_file="""\
@ -10167,7 +10168,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.25/gui/templates/var_spool.py
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.25/gui/templates/var_spool.py 2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/var_spool.py 2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,131 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@ -10289,7 +10290,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.
+"""
+
+if_admin_rules="""
+ TEMPLATETYPE_manage_spool($1)
+ TEMPLATETYPE_manage_spool($2)
+"""
+
+########################### File Context ##################################

View File

@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.25
Release: 13%{?dist}
Release: 14%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -200,6 +200,9 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
* Fri Sep 14 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-14
- Fix calls to _admin interfaces
* Tue Sep 13 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-13
- Upgrade version of sepolgen from NSA
* Expand the sepolgen parser to parse all current refpolicy modules from Karl MacMillan.