more transition work

This commit is contained in:
Chris PeBenito 2005-10-27 15:16:42 +00:00
parent b281bf6ed9
commit 08c22f4d17
4 changed files with 64 additions and 5 deletions

View File

@ -1,5 +1,51 @@
## <summary>Bluetooth tools and system services.</summary>
########################################
## <summary>
## Execute bluetooth_helper in the bluetooth_helper domain.
## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
#
interface(`bluetooth_domtrans_helper',`
gen_require(`
type bluetooth_helper_t, bluetooth_helper_exec_t;
')
domain_auto_trans($1,bluetooth_helper_exec_t,bluetooth_helper_t)
allow $1 bluetooth_helper_t:fd use;
allow bluetooth_helper_t $1:fd use;
allow bluetooth_helper_t $1:fifo_file rw_file_perms;
allow bluetooth_helper_t $1:process sigchld;
')
########################################
## <summary>
## Execute bluetooth_helper in the bluetooth_helper domain, and
## allow the specified role the bluetooth_helper domain.
## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
## <param name="role">
## The role to be allowed the bluetooth_helper domain.
## </param>
## <param name="terminal">
## The type of the terminal allow the bluetooth_helper domain to use.
## </param>
#
interface(`bluetooth_run_helper',`
gen_require(`
type bluetooth_helper_t;
')
bluetooth_helper_domtrans($1)
role $2 types bluetooth_helper_t;
allow bluetooth_helper_t $3:chr_file rw_term_perms;
')
########################################
## <summary>
## Read bluetooth helper files.

View File

@ -211,11 +211,6 @@ optional_policy(`nscd.te',`
')
ifdef(`TODO',`
# a "run" interface needs to be
# added, and have sysadm_t use it
# in a optional_policy block.
allow bluetooth_helper_t tmp_t:dir search;
allow bluetooth_helper_t home_dir_type:dir search;

View File

@ -46,6 +46,14 @@ ifdef(`targeted_policy',`
amanda_domtrans_recover(unconfined_t)
')
optional_policy(`bind.te',`
bind_domtrans_ndc(unconfined_t)
')
optional_policy(`bluetooth.te',`
bluetooth_domtrans_helper(unconfined_t)
')
optional_policy(`dmidecode.te',`
dmidecode_domtrans(unconfined_t)
')
@ -64,6 +72,12 @@ ifdef(`targeted_policy',`
modutils_domtrans_update_mods(unconfined_t)
')
optional_policy(`netutils.te',`
netutils_domtrans(unconfined_t)
netutils_domtrans_ping(unconfined_t)
netutils_domtrans_traceroute(unconfined_t)
')
optional_policy(`portmap.te',`
portmap_domtrans_helper(unconfined_t)
')

View File

@ -154,6 +154,10 @@ ifdef(`targeted_policy',`
bind_run_ndc(sysadm_t,sysadm_r,admin_terminal)
')
optional_policy(`bluetooth.te',`
bluetooth_run_helper(sysadm_t,sysadm_r,admin_terminal)
')
optional_policy(`clock.te',`
clock_run(sysadm_t,sysadm_r,admin_terminal)
')