cleanups
This commit is contained in:
parent
bcdcc55c7f
commit
41b25f59b9
@ -2531,7 +2531,7 @@ interface(`fs_tmpfs_filetrans',`
|
|||||||
#
|
#
|
||||||
interface(`fs_dontaudit_rw_tmpfs_files',`
|
interface(`fs_dontaudit_rw_tmpfs_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type tmp_t;
|
type tmpfs_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
dontaudit $1 tmpfs_t:file { read write };
|
dontaudit $1 tmpfs_t:file { read write };
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(filesystem,1.3.1)
|
policy_module(filesystem,1.3.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(bluetooth,1.2.1)
|
policy_module(bluetooth,1.2.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -195,6 +195,7 @@ domain_read_all_domains_state(bluetooth_helper_t)
|
|||||||
files_read_etc_files(bluetooth_helper_t)
|
files_read_etc_files(bluetooth_helper_t)
|
||||||
files_read_etc_runtime_files(bluetooth_helper_t)
|
files_read_etc_runtime_files(bluetooth_helper_t)
|
||||||
files_read_usr_files(bluetooth_helper_t)
|
files_read_usr_files(bluetooth_helper_t)
|
||||||
|
files_search_tmp(bluetooth_helper_t)
|
||||||
files_dontaudit_list_default(bluetooth_helper_t)
|
files_dontaudit_list_default(bluetooth_helper_t)
|
||||||
|
|
||||||
libs_use_ld_so(bluetooth_helper_t)
|
libs_use_ld_so(bluetooth_helper_t)
|
||||||
@ -205,6 +206,20 @@ logging_send_syslog_msg(bluetooth_helper_t)
|
|||||||
miscfiles_read_localization(bluetooth_helper_t)
|
miscfiles_read_localization(bluetooth_helper_t)
|
||||||
miscfiles_read_fonts(bluetooth_helper_t)
|
miscfiles_read_fonts(bluetooth_helper_t)
|
||||||
|
|
||||||
|
ifdef(`targeted_policy',`
|
||||||
|
files_rw_generic_tmp_sockets(bluetooth_helper_t)
|
||||||
|
|
||||||
|
fs_rw_tmpfs_files(bluetooth_helper_t)
|
||||||
|
|
||||||
|
unconfined_stream_connect(bluetooth_helper_t)
|
||||||
|
|
||||||
|
userdom_read_all_users_home_content_files(bluetooth_helper_t)
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
xserver_stream_connect_xdm(bluetooth_helper_t)
|
||||||
|
')
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
dbus_system_bus_client_template(bluetooth_helper,bluetooth_helper_t)
|
dbus_system_bus_client_template(bluetooth_helper,bluetooth_helper_t)
|
||||||
dbus_connect_system_bus(bluetooth_helper_t)
|
dbus_connect_system_bus(bluetooth_helper_t)
|
||||||
@ -218,24 +233,3 @@ optional_policy(`
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
xserver_stream_connect_xdm(bluetooth_helper_t)
|
xserver_stream_connect_xdm(bluetooth_helper_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`TODO',`
|
|
||||||
allow bluetooth_helper_t tmp_t:dir search;
|
|
||||||
|
|
||||||
ifdef(`strict_policy',`
|
|
||||||
ifdef(`xdm.te',`
|
|
||||||
allow bluetooth_helper_t xdm_xserver_tmp_t:sock_file { read write };
|
|
||||||
')
|
|
||||||
')
|
|
||||||
') dnl end TODO
|
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
|
||||||
files_rw_generic_tmp_sockets(bluetooth_helper_t)
|
|
||||||
allow bluetooth_helper_t tmpfs_t:file { read write };
|
|
||||||
allow bluetooth_helper_t unconfined_t:unix_stream_socket connectto;
|
|
||||||
userdom_read_all_users_home_content_files(bluetooth_helper_t)
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
xserver_stream_connect_xdm(bluetooth_helper_t)
|
|
||||||
')
|
|
||||||
')
|
|
||||||
|
@ -302,6 +302,25 @@ interface(`unconfined_rw_pipes',`
|
|||||||
allow $1 unconfined_t:fifo_file rw_file_perms;
|
allow $1 unconfined_t:fifo_file rw_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Connect to the unconfined domain using
|
||||||
|
## a unix domain stream socket.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`unconfined_stream_connect',`
|
||||||
|
gen_require(`
|
||||||
|
type unconfined_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 unconfined_t:unix_stream_socket connectto;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Do not audit attempts to read or write
|
## Do not audit attempts to read or write
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(unconfined,1.3.1)
|
policy_module(unconfined,1.3.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user