From 1e92803c628bb4effa6b0c77334203c2ec4b79e7 Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Fri, 17 Sep 2010 09:43:44 +0200 Subject: [PATCH] Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. --- policy/modules/services/boinc.if | 1 + policy/modules/services/clamav.if | 1 + policy/modules/services/courier.if | 4 ++++ policy/modules/services/cron.if | 3 +++ policy/modules/services/dbus.if | 1 + policy/modules/services/dcc.if | 2 +- policy/modules/services/dnsmasq.if | 2 ++ policy/modules/services/dovecot.if | 2 ++ policy/modules/services/qmail.if | 6 ++---- 9 files changed, 17 insertions(+), 5 deletions(-) diff --git a/policy/modules/services/boinc.if b/policy/modules/services/boinc.if index bb4cb6fa..29416735 100644 --- a/policy/modules/services/boinc.if +++ b/policy/modules/services/boinc.if @@ -109,6 +109,7 @@ interface(`boinc_manage_var_lib',` type boinc_var_lib_t; ') + files_search_var_lib($1) manage_dirs_pattern($1, boinc_var_lib_t, boinc_var_lib_t) manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t) manage_lnk_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t) diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if index 1f115723..27061dba 100644 --- a/policy/modules/services/clamav.if +++ b/policy/modules/services/clamav.if @@ -33,6 +33,7 @@ interface(`clamav_stream_connect',` type clamd_t, clamd_var_run_t; ') + files_search_pids($1) stream_connect_pattern($1, clamd_var_run_t, clamd_var_run_t, clamd_t) ') diff --git a/policy/modules/services/courier.if b/policy/modules/services/courier.if index 99713375..f0818996 100644 --- a/policy/modules/services/courier.if +++ b/policy/modules/services/courier.if @@ -138,6 +138,7 @@ interface(`courier_read_config',` type courier_etc_t; ') + files_search_etc($1) read_files_pattern($1, courier_etc_t, courier_etc_t) ') @@ -157,6 +158,7 @@ interface(`courier_manage_spool_dirs',` type courier_spool_t; ') + files_search_spool($1) manage_dirs_pattern($1, courier_spool_t, courier_spool_t) ') @@ -176,6 +178,7 @@ interface(`courier_manage_spool_files',` type courier_spool_t; ') + files_search_spool($1) manage_files_pattern($1, courier_spool_t, courier_spool_t) ') @@ -194,6 +197,7 @@ interface(`courier_read_spool',` type courier_spool_t; ') + files_search_spool($1) read_files_pattern($1, courier_spool_t, courier_spool_t) ') diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if index f17a4c29..00dffdce 100644 --- a/policy/modules/services/cron.if +++ b/policy/modules/services/cron.if @@ -522,6 +522,7 @@ interface(`cron_manage_pid_files',` type crond_var_run_t; ') + files_search_pids($1) manage_files_pattern($1, crond_var_run_t, crond_var_run_t) ') @@ -693,6 +694,7 @@ interface(`cron_read_system_job_lib_files',` type system_cronjob_var_lib_t; ') + files_search_var_lib($1) read_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t) ') @@ -711,5 +713,6 @@ interface(`cron_manage_system_job_lib_files',` type system_cronjob_var_lib_t; ') + files_search_var_lib($1) manage_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t) ') diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if index dc7ff5aa..dd23fbd6 100644 --- a/policy/modules/services/dbus.if +++ b/policy/modules/services/dbus.if @@ -521,6 +521,7 @@ interface(`dbus_delete_pid_files',` type system_dbusd_var_run_t; ') + files_search_pids($1) delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t) ') diff --git a/policy/modules/services/dcc.if b/policy/modules/services/dcc.if index 784753e6..bf65e7d6 100644 --- a/policy/modules/services/dcc.if +++ b/policy/modules/services/dcc.if @@ -168,6 +168,6 @@ interface(`dcc_stream_connect_dccifd',` type dcc_var_t, dccifd_var_run_t, dccifd_t; ') - files_search_var($1) + files_search_pids($1) stream_connect_pattern($1, dcc_var_t, dccifd_var_run_t, dccifd_t) ') diff --git a/policy/modules/services/dnsmasq.if b/policy/modules/services/dnsmasq.if index 9bd812b4..42cc08f1 100644 --- a/policy/modules/services/dnsmasq.if +++ b/policy/modules/services/dnsmasq.if @@ -150,6 +150,7 @@ interface(`dnsmasq_delete_pid_files',` type dnsmasq_var_run_t; ') + files_search_pids($1) delete_files_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t) ') @@ -169,6 +170,7 @@ interface(`dnsmasq_read_pid_files',` type dnsmasq_var_run_t; ') + files_search_pids($1) read_files_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t) ') diff --git a/policy/modules/services/dovecot.if b/policy/modules/services/dovecot.if index 2d72549d..a40e01b9 100644 --- a/policy/modules/services/dovecot.if +++ b/policy/modules/services/dovecot.if @@ -15,6 +15,7 @@ interface(`dovecot_stream_connect_auth',` type dovecot_auth_t, dovecot_var_run_t; ') + files_search_pids($1) stream_connect_pattern($1, dovecot_var_run_t, dovecot_var_run_t, dovecot_auth_t) ') @@ -51,6 +52,7 @@ interface(`dovecot_manage_spool',` type dovecot_spool_t; ') + files_search_spool($1) manage_files_pattern($1, dovecot_spool_t, dovecot_spool_t) manage_lnk_files_pattern($1, dovecot_spool_t, dovecot_spool_t) ') diff --git a/policy/modules/services/qmail.if b/policy/modules/services/qmail.if index a55bf44b..77a25f5e 100644 --- a/policy/modules/services/qmail.if +++ b/policy/modules/services/qmail.if @@ -62,14 +62,13 @@ interface(`qmail_domtrans_inject',` type qmail_inject_t, qmail_inject_exec_t; ') + corecmd_search_bin($1) domtrans_pattern($1, qmail_inject_exec_t, qmail_inject_t) ifdef(`distro_debian',` files_search_usr($1) - corecmd_search_bin($1) ',` files_search_var($1) - corecmd_search_bin($1) ') ') @@ -88,14 +87,13 @@ interface(`qmail_domtrans_queue',` type qmail_queue_t, qmail_queue_exec_t; ') + corecmd_search_bin($1) domtrans_pattern($1, qmail_queue_exec_t, qmail_queue_t) ifdef(`distro_debian',` files_search_usr($1) - corecmd_search_bin($1) ',` files_search_var($1) - corecmd_search_bin($1) ') ')