Add missing kernel_rw_security_state()

This commit is contained in:
Miroslav Grepl 2014-01-17 22:42:04 +01:00
parent 8155b37c25
commit 06cfcd1c01

View File

@ -14897,7 +14897,7 @@ index 7be4ddf..d5ef507 100644
+/sys/class/net/ib.* gen_context(system_u:object_r:sysctl_net_t,s0) +/sys/class/net/ib.* gen_context(system_u:object_r:sysctl_net_t,s0)
+/sys/kernel/uevent_helper -- gen_context(system_u:object_r:usermodehelper_t,s0) +/sys/kernel/uevent_helper -- gen_context(system_u:object_r:usermodehelper_t,s0)
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index e100d88..c8e32a2 100644 index e100d88..854e39d 100644
--- a/policy/modules/kernel/kernel.if --- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if
@@ -286,7 +286,7 @@ interface(`kernel_rw_unix_dgram_sockets',` @@ -286,7 +286,7 @@ interface(`kernel_rw_unix_dgram_sockets',`
@ -15349,7 +15349,7 @@ index e100d88..c8e32a2 100644
## Unconfined access to kernel module resources. ## Unconfined access to kernel module resources.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
@@ -2972,5 +3192,505 @@ interface(`kernel_unconfined',` @@ -2972,5 +3192,525 @@ interface(`kernel_unconfined',`
') ')
typeattribute $1 kern_unconfined; typeattribute $1 kern_unconfined;
@ -15746,6 +15746,26 @@ index e100d88..c8e32a2 100644
+ +
+######################################## +########################################
+## <summary> +## <summary>
+## Allow caller to read the security state symbolic links.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`kernel_rw_security_state',`
+ gen_require(`
+ type proc_t, proc_security_t;
+ ')
+
+ rw_files_pattern($1, { proc_t proc_security_t }, proc_security_t)
+
+ list_dirs_pattern($1, proc_t, proc_security_t)
+')
+
+########################################
+## <summary>
+## Read and write userhelper state +## Read and write userhelper state
+## </summary> +## </summary>
+## <param name="domain"> +## <param name="domain">