rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Added seutil_dontaudit_access_check_semanage_module_store interface.

Browse Source
This commit is contained in:
Lukas Vrabec 2014-11-29 04:38:17 +01:00
parent cf94d6be19
commit 1929f5bfe8
1 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
policy-rawhide-base.patch
View File

@ -37301,7 +37301,7 @@ index d43f3b1..870bc36 100644
+/etc/share/selinux/targeted(/.*)? gen_context(system_u:object_r:semanage_store_t,s0) +/etc/share/selinux/targeted(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0) +/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
index 3822072..929107c 100644 index 3822072..8a23b62 100644
--- a/policy/modules/system/selinuxutil.if --- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if +++ b/policy/modules/system/selinuxutil.if
@@ -135,6 +135,42 @@ interface(`seutil_exec_loadpolicy',` @@ -135,6 +135,42 @@ interface(`seutil_exec_loadpolicy',`
@ -37793,7 +37793,7 @@ index 3822072..929107c 100644
## Execute semanage in the semanage domain, and ## Execute semanage in the semanage domain, and
## allow the specified role the semanage domain, ## allow the specified role the semanage domain,
## and use the caller's terminal. ## and use the caller's terminal.
@@ -1017,11 +1382,87 @@ interface(`seutil_domtrans_semanage',` @@ -1017,11 +1382,105 @@ interface(`seutil_domtrans_semanage',`
# #
interface(`seutil_run_semanage',` interface(`seutil_run_semanage',`
gen_require(` gen_require(`
@ -37880,10 +37880,28 @@ index 3822072..929107c 100644
+ list_dirs_pattern($1, selinux_config_t, semanage_store_t) + list_dirs_pattern($1, selinux_config_t, semanage_store_t)
+ read_files_pattern($1, semanage_store_t, semanage_store_t) + read_files_pattern($1, semanage_store_t, semanage_store_t)
+ read_lnk_files_pattern($1, semanage_store_t, semanage_store_t) + read_lnk_files_pattern($1, semanage_store_t, semanage_store_t)
+')
+
+#######################################
+## <summary>
+## Dontaudit access check on module store
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`seutil_dontaudit_access_check_semanage_module_store',`
+ gen_require(`
+ type semanage_store_t;
+ ')
+
+ dontaudit $1 semanage_store_t:dir_file_class_set audit_access;
') ')
######################################## ########################################
@@ -1043,7 +1484,11 @@ interface(`seutil_manage_module_store',` @@ -1043,7 +1502,11 @@ interface(`seutil_manage_module_store',`
files_search_etc($1) files_search_etc($1)
manage_dirs_pattern($1, selinux_config_t, semanage_store_t) manage_dirs_pattern($1, selinux_config_t, semanage_store_t)
manage_files_pattern($1, semanage_store_t, semanage_store_t) manage_files_pattern($1, semanage_store_t, semanage_store_t)
@ -37895,7 +37913,7 @@ index 3822072..929107c 100644
') ')
####################################### #######################################
@@ -1067,6 +1512,24 @@ interface(`seutil_get_semanage_read_lock',` @@ -1067,6 +1530,24 @@ interface(`seutil_get_semanage_read_lock',`
####################################### #######################################
## <summary> ## <summary>
@ -37920,7 +37938,7 @@ index 3822072..929107c 100644
## Get trans lock on module store ## Get trans lock on module store
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
@@ -1137,3 +1600,122 @@ interface(`seutil_dontaudit_libselinux_linked',` @@ -1137,3 +1618,122 @@ interface(`seutil_dontaudit_libselinux_linked',`
selinux_dontaudit_get_fs_mount($1) selinux_dontaudit_get_fs_mount($1)
seutil_dontaudit_read_config($1) seutil_dontaudit_read_config($1)
') ')