more transition work
This commit is contained in:
parent
b281bf6ed9
commit
08c22f4d17
@ -1,5 +1,51 @@
|
||||
## <summary>Bluetooth tools and system services.</summary>
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute bluetooth_helper in the bluetooth_helper domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## The type of the process performing this action.
|
||||
## </param>
|
||||
#
|
||||
interface(`bluetooth_domtrans_helper',`
|
||||
gen_require(`
|
||||
type bluetooth_helper_t, bluetooth_helper_exec_t;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,bluetooth_helper_exec_t,bluetooth_helper_t)
|
||||
|
||||
allow $1 bluetooth_helper_t:fd use;
|
||||
allow bluetooth_helper_t $1:fd use;
|
||||
allow bluetooth_helper_t $1:fifo_file rw_file_perms;
|
||||
allow bluetooth_helper_t $1:process sigchld;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute bluetooth_helper in the bluetooth_helper domain, and
|
||||
## allow the specified role the bluetooth_helper domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## The type of the process performing this action.
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## The role to be allowed the bluetooth_helper domain.
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## The type of the terminal allow the bluetooth_helper domain to use.
|
||||
## </param>
|
||||
#
|
||||
interface(`bluetooth_run_helper',`
|
||||
gen_require(`
|
||||
type bluetooth_helper_t;
|
||||
')
|
||||
|
||||
bluetooth_helper_domtrans($1)
|
||||
role $2 types bluetooth_helper_t;
|
||||
allow bluetooth_helper_t $3:chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read bluetooth helper files.
|
||||
|
@ -211,11 +211,6 @@ optional_policy(`nscd.te',`
|
||||
')
|
||||
|
||||
ifdef(`TODO',`
|
||||
|
||||
# a "run" interface needs to be
|
||||
# added, and have sysadm_t use it
|
||||
# in a optional_policy block.
|
||||
|
||||
allow bluetooth_helper_t tmp_t:dir search;
|
||||
|
||||
allow bluetooth_helper_t home_dir_type:dir search;
|
||||
|
@ -46,6 +46,14 @@ ifdef(`targeted_policy',`
|
||||
amanda_domtrans_recover(unconfined_t)
|
||||
')
|
||||
|
||||
optional_policy(`bind.te',`
|
||||
bind_domtrans_ndc(unconfined_t)
|
||||
')
|
||||
|
||||
optional_policy(`bluetooth.te',`
|
||||
bluetooth_domtrans_helper(unconfined_t)
|
||||
')
|
||||
|
||||
optional_policy(`dmidecode.te',`
|
||||
dmidecode_domtrans(unconfined_t)
|
||||
')
|
||||
@ -64,6 +72,12 @@ ifdef(`targeted_policy',`
|
||||
modutils_domtrans_update_mods(unconfined_t)
|
||||
')
|
||||
|
||||
optional_policy(`netutils.te',`
|
||||
netutils_domtrans(unconfined_t)
|
||||
netutils_domtrans_ping(unconfined_t)
|
||||
netutils_domtrans_traceroute(unconfined_t)
|
||||
')
|
||||
|
||||
optional_policy(`portmap.te',`
|
||||
portmap_domtrans_helper(unconfined_t)
|
||||
')
|
||||
|
@ -154,6 +154,10 @@ ifdef(`targeted_policy',`
|
||||
bind_run_ndc(sysadm_t,sysadm_r,admin_terminal)
|
||||
')
|
||||
|
||||
optional_policy(`bluetooth.te',`
|
||||
bluetooth_run_helper(sysadm_t,sysadm_r,admin_terminal)
|
||||
')
|
||||
|
||||
optional_policy(`clock.te',`
|
||||
clock_run(sysadm_t,sysadm_r,admin_terminal)
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user