Add missing kernel_rw_security_state()

2014-01-17 22:42:04 +01:00 · 2014-01-17 22:42:04 +01:00 · 06cfcd1c01
commit 06cfcd1c01
parent 8155b37c25
1 changed files with 22 additions and 2 deletions
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@ -14897,7 +14897,7 @@ index 7be4ddf..d5ef507 100644
 +/sys/class/net/ib.* 		gen_context(system_u:object_r:sysctl_net_t,s0)
 +/sys/kernel/uevent_helper --	gen_context(system_u:object_r:usermodehelper_t,s0)
 diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
-index e100d88..c8e32a2 100644
+index e100d88..854e39d 100644
 --- a/policy/modules/kernel/kernel.if
 +++ b/policy/modules/kernel/kernel.if
@@ -286,7 +286,7 @@ interface(`kernel_rw_unix_dgram_sockets',`
@ -15349,7 +15349,7 @@ index e100d88..c8e32a2 100644
 ##	Unconfined access to kernel module resources.
 ## </summary>
 ## <param name="domain">
-@@ -2972,5 +3192,505 @@ interface(`kernel_unconfined',`
+@@ -2972,5 +3192,525 @@ interface(`kernel_unconfined',`
 	')
 
 	typeattribute $1 kern_unconfined;
@ -15746,6 +15746,26 @@ index e100d88..c8e32a2 100644
 +
 +########################################
 +## <summary>
+##	Allow caller to read the security state symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`kernel_rw_security_state',`
+	gen_require(`
+		type proc_t, proc_security_t;
+	')
+
+	rw_files_pattern($1, { proc_t proc_security_t }, proc_security_t)
+
+	list_dirs_pattern($1, proc_t, proc_security_t)
+')
+
+########################################
+## <summary>
 +##	Read and write userhelper state
 +## </summary>
 +## <param name="domain">