This commit is contained in:
Chris PeBenito 2006-03-29 14:31:10 +00:00
parent bcdcc55c7f
commit 41b25f59b9
5 changed files with 38 additions and 25 deletions

View File

@ -2531,7 +2531,7 @@ interface(`fs_tmpfs_filetrans',`
# #
interface(`fs_dontaudit_rw_tmpfs_files',` interface(`fs_dontaudit_rw_tmpfs_files',`
gen_require(` gen_require(`
type tmp_t; type tmpfs_t;
') ')
dontaudit $1 tmpfs_t:file { read write }; dontaudit $1 tmpfs_t:file { read write };

View File

@ -1,5 +1,5 @@
policy_module(filesystem,1.3.1) policy_module(filesystem,1.3.2)
######################################## ########################################
# #

View File

@ -1,5 +1,5 @@
policy_module(bluetooth,1.2.1) policy_module(bluetooth,1.2.2)
######################################## ########################################
# #
@ -195,6 +195,7 @@ domain_read_all_domains_state(bluetooth_helper_t)
files_read_etc_files(bluetooth_helper_t) files_read_etc_files(bluetooth_helper_t)
files_read_etc_runtime_files(bluetooth_helper_t) files_read_etc_runtime_files(bluetooth_helper_t)
files_read_usr_files(bluetooth_helper_t) files_read_usr_files(bluetooth_helper_t)
files_search_tmp(bluetooth_helper_t)
files_dontaudit_list_default(bluetooth_helper_t) files_dontaudit_list_default(bluetooth_helper_t)
libs_use_ld_so(bluetooth_helper_t) libs_use_ld_so(bluetooth_helper_t)
@ -205,6 +206,20 @@ logging_send_syslog_msg(bluetooth_helper_t)
miscfiles_read_localization(bluetooth_helper_t) miscfiles_read_localization(bluetooth_helper_t)
miscfiles_read_fonts(bluetooth_helper_t) miscfiles_read_fonts(bluetooth_helper_t)
ifdef(`targeted_policy',`
files_rw_generic_tmp_sockets(bluetooth_helper_t)
fs_rw_tmpfs_files(bluetooth_helper_t)
unconfined_stream_connect(bluetooth_helper_t)
userdom_read_all_users_home_content_files(bluetooth_helper_t)
optional_policy(`
xserver_stream_connect_xdm(bluetooth_helper_t)
')
')
optional_policy(` optional_policy(`
dbus_system_bus_client_template(bluetooth_helper,bluetooth_helper_t) dbus_system_bus_client_template(bluetooth_helper,bluetooth_helper_t)
dbus_connect_system_bus(bluetooth_helper_t) dbus_connect_system_bus(bluetooth_helper_t)
@ -218,24 +233,3 @@ optional_policy(`
optional_policy(` optional_policy(`
xserver_stream_connect_xdm(bluetooth_helper_t) xserver_stream_connect_xdm(bluetooth_helper_t)
') ')
ifdef(`TODO',`
allow bluetooth_helper_t tmp_t:dir search;
ifdef(`strict_policy',`
ifdef(`xdm.te',`
allow bluetooth_helper_t xdm_xserver_tmp_t:sock_file { read write };
')
')
') dnl end TODO
ifdef(`targeted_policy',`
files_rw_generic_tmp_sockets(bluetooth_helper_t)
allow bluetooth_helper_t tmpfs_t:file { read write };
allow bluetooth_helper_t unconfined_t:unix_stream_socket connectto;
userdom_read_all_users_home_content_files(bluetooth_helper_t)
optional_policy(`
xserver_stream_connect_xdm(bluetooth_helper_t)
')
')

View File

@ -302,6 +302,25 @@ interface(`unconfined_rw_pipes',`
allow $1 unconfined_t:fifo_file rw_file_perms; allow $1 unconfined_t:fifo_file rw_file_perms;
') ')
########################################
## <summary>
## Connect to the unconfined domain using
## a unix domain stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`unconfined_stream_connect',`
gen_require(`
type unconfined_t;
')
allow $1 unconfined_t:unix_stream_socket connectto;
')
######################################## ########################################
## <summary> ## <summary>
## Do not audit attempts to read or write ## Do not audit attempts to read or write

View File

@ -1,5 +1,5 @@
policy_module(unconfined,1.3.1) policy_module(unconfined,1.3.2)
######################################## ########################################
# #