move xconsole to xserver mod
This commit is contained in:
Chris PeBenito
parent
0578bf8daf
commit
413982c6a3
@ -1,3 +1,5 @@
|
||||
- Move xconsole_device_t from devices to xserver since it is
|
||||
not actually a device, it is a named pipe.
|
||||
- Handle nonexistant .fc and .if files in devel Makefile by
|
||||
automatically creating empty files.
|
||||
- Remove unused devfs_control_t.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(devices,1.1.5)
|
||||
policy_module(devices,1.1.6)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -181,16 +181,6 @@ type zero_device_t;
|
||||
dev_node(zero_device_t)
|
||||
mls_trusted_object(zero_device_t)
|
||||
|
||||
|
||||
# TODO:
|
||||
|
||||
# this is not actually a device
|
||||
# move it to xserver
|
||||
type xconsole_device_t;
|
||||
files_type(xconsole_device_t)
|
||||
fs_associate_tmpfs(xconsole_device_t)
|
||||
files_associate_tmp(xconsole_device_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Rules for all device nodes
|
||||
|
||||
@ -11,6 +11,11 @@ HOME_DIR/\.xauth.* -- gen_context(system_u:object_r:ROLE_xauth_home_t,s0)
|
||||
HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:ROLE_xauth_home_t,s0)
|
||||
')
|
||||
|
||||
#
|
||||
# /dev
|
||||
#
|
||||
/dev/xconsole -p gen_context(system_u:object_r:xconsole_device_t,s0)
|
||||
|
||||
#
|
||||
# /etc
|
||||
#
|
||||
|
||||
@ -708,6 +708,42 @@ interface(`xserver_use_all_users_fonts',`
|
||||
userdom_search_all_users_home_dirs($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Set the attributes of the X windows console named pipes.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`xserver_setattr_console_pipes',`
|
||||
gen_require(`
|
||||
type xconsole_device_t;
|
||||
')
|
||||
|
||||
allow $1 xconsole_device_t:fifo_file setattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read and write the X windows console named pipe.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`xserver_rw_console',`
|
||||
gen_require(`
|
||||
type xconsole_device_t;
|
||||
')
|
||||
|
||||
allow $1 xconsole_device_t:fifo_file { getattr read write };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Connect to XDM over a unix domain
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(xserver,1.1.3)
|
||||
policy_module(xserver,1.1.4)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -19,6 +19,12 @@ files_type(iceauth_exec_t)
|
||||
type xauth_exec_t;
|
||||
files_type(xauth_exec_t)
|
||||
|
||||
# this is not actually a device, its a pipe
|
||||
type xconsole_device_t;
|
||||
files_type(xconsole_device_t)
|
||||
fs_associate_tmpfs(xconsole_device_t)
|
||||
files_associate_tmp(xconsole_device_t)
|
||||
|
||||
type xdm_t;
|
||||
# real declaration moved to mls until
|
||||
# range_transition works in loadable modules
|
||||
@ -86,6 +92,8 @@ allow xdm_t self:udp_socket create_socket_perms;
|
||||
# Supress permission check on .ICE-unix
|
||||
dontaudit xdm_t ice_tmp_t:dir { getattr setattr };
|
||||
|
||||
allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
|
||||
|
||||
# Allow gdm to run gdm-binary
|
||||
can_exec(xdm_t, xdm_exec_t)
|
||||
|
||||
@ -438,8 +446,6 @@ optional_policy(`
|
||||
')
|
||||
|
||||
ifdef(`TODO',`
|
||||
allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
|
||||
|
||||
can_resmgrd_connect(xdm_t)
|
||||
|
||||
# Need to further investigate these permissions and
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(init,1.3.6)
|
||||
policy_module(init,1.3.7)
|
||||
|
||||
gen_require(`
|
||||
class passwd rootok;
|
||||
@ -726,19 +726,13 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
# init s cript wants to check if it needs to update windowmanagerlist
|
||||
# Set device ownerships/modes.
|
||||
xserver_setattr_console_pipes(initrc_t)
|
||||
|
||||
# init script wants to check if it needs to update windowmanagerlist
|
||||
xserver_read_xdm_rw_config(initrc_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
zebra_read_config(initrc_t)
|
||||
')
|
||||
|
||||
ifdef(`TODO',`
|
||||
# Set device ownerships/modes.
|
||||
allow initrc_t xconsole_device_t:fifo_file setattr;
|
||||
|
||||
ifdef(`distro_redhat', `
|
||||
allow initrc_t device_t:dir create;
|
||||
')
|
||||
') dnl end TODO
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(logging,1.3.2)
|
||||
policy_module(logging,1.3.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -369,7 +369,7 @@ optional_policy(`
|
||||
udev_read_db(syslogd_t)
|
||||
')
|
||||
|
||||
ifdef(`TODO',`
|
||||
# log to the xconsole
|
||||
allow syslogd_t xconsole_device_t:fifo_file { ioctl read write };
|
||||
') dnl end TODO
|
||||
optional_policy(`
|
||||
# log to the xconsole
|
||||
xserver_rw_console(syslogd_t)
|
||||
')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user