rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Add new devices

Browse Source
This commit is contained in:
Daniel J Walsh 2007-07-11 20:45:02 +00:00
parent 154d8231c3
commit 2796de2a45
2 changed files with 70 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
policy-20070703.patch
View File

@ -1924,8 +1924,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.0.2/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-06-15 14:54:30.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/kernel/devices.fc 2007-07-11 10:06:28.000000000 -0400
@@ -127,3 +127,7 @@
+++ serefpolicy-3.0.2/policy/modules/kernel/devices.fc 2007-07-11 16:42:08.000000000 -0400
@@ -53,7 +53,7 @@
/dev/radio.* -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/random -c gen_context(system_u:object_r:random_device_t,s0)
/dev/raw1394.* -c gen_context(system_u:object_r:v4l_device_t,s0)
-/dev/(misc/)?rtc -c gen_context(system_u:object_r:clock_device_t,s0)
+/dev/(misc/)?rtc[0-9]* -c gen_context(system_u:object_r:clock_device_t,s0)
/dev/sequencer -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/sequencer2 -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/smpte.* -c gen_context(system_u:object_r:sound_device_t,s0)
@@ -65,6 +65,7 @@
/dev/tlk[0-3] -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/urandom -c gen_context(system_u:object_r:urandom_device_t,s0)
/dev/usbdev.* -c gen_context(system_u:object_r:usb_device_t,s0)
+/dev/usb[0-9]+ -c gen_context(system_u:object_r:usb_device_t,s0)
/dev/usblp.* -c gen_context(system_u:object_r:printer_device_t,s0)
ifdef(`distro_suse', `
/dev/usbscanner -c gen_context(system_u:object_r:scanner_device_t,s0)
@@ -127,3 +128,7 @@
/var/named/chroot/dev/random -c gen_context(system_u:object_r:random_device_t,s0)
/var/named/chroot/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0)
')
@ -2436,6 +2453,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
typeattribute $1 fixed_disk_raw_write;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-3.0.2/policy/modules/kernel/terminal.fc
--- nsaserefpolicy/policy/modules/kernel/terminal.fc 2007-05-29 14:10:48.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/kernel/terminal.fc 2007-07-11 16:39:30.000000000 -0400
@@ -8,6 +8,7 @@
/dev/dcbri[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
/dev/hvc.* -c gen_context(system_u:object_r:tty_device_t,s0)
/dev/hvsi.* -c gen_context(system_u:object_r:tty_device_t,s0)
+/dev/i2c[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
/dev/ircomm[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
/dev/ip2[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
/dev/isdn.* -c gen_context(system_u:object_r:tty_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-3.0.2/policy/modules/kernel/terminal.te
--- nsaserefpolicy/policy/modules/kernel/terminal.te 2007-06-15 14:54:30.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/kernel/terminal.te 2007-07-11 10:06:28.000000000 -0400
@ -3544,7 +3572,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
+/var/lib/misc(/.*)? gen_context(system_u:object_r:system_crond_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.0.2/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2007-07-03 07:06:27.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/services/cron.if 2007-07-11 10:06:28.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/services/cron.if 2007-07-11 15:52:10.000000000 -0400
@@ -35,6 +35,7 @@
#
template(`cron_per_role_template',`
@ -3666,6 +3694,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
tunable_policy(`fcron_crond',`
# fcron wants an instant update of a crontab change for the administrator
@@ -439,6 +421,25 @@
########################################
## <summary>
+## Read temporary files from cron.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`cron_read_tmp_files',`
+ gen_require(`
+ type crond_tmp_t;
+ ')
+
+ files_search_tmp($1)
+ allow $1 crond_tmp_t:file read_file_perms;
+')
+
+########################################
+## <summary>
## Read, and write cron daemon TCP sockets.
## </summary>
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.0.2/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2007-07-03 07:06:27.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/services/cron.te 2007-07-11 10:06:28.000000000 -0400
@ -4994,7 +5048,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.0.2/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2007-07-03 07:06:27.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/services/mta.te 2007-07-11 10:06:28.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/services/mta.te 2007-07-11 15:52:32.000000000 -0400
@@ -27,6 +27,7 @@
type sendmail_exec_t;
@ -5048,6 +5102,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
')
optional_policy(`
@@ -73,6 +103,7 @@
optional_policy(`
cron_read_system_job_tmp_files(system_mail_t)
+ cron_read_tmp_files(system_mail_t)
cron_dontaudit_write_pipes(system_mail_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.0.2/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/services/networkmanager.fc 2007-07-11 10:06:28.000000000 -0400

5
selinux-policy.spec
View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.2
Release: 4%{?dist}
Release: 5%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -356,6 +356,9 @@ exit 0
%endif
%changelog
* Wed Jul 11 2007 Dan Walsh <dwalsh@redhat.com> 3.0.2-5
- Add new devices
* Tue Jul 10 2007 Dan Walsh <dwalsh@redhat.com> 3.0.2-4
- Add brctl policy