fix ordering in modutils.

2009-08-05 10:11:08 -04:00 · 2009-08-05 10:11:08 -04:00 · 54327d48ee
commit 54327d48ee
parent 568efbe895
1 changed files with 76 additions and 78 deletions
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@ -10,6 +10,17 @@ gen_require(`
 # Declarations
 #
 type depmod_t;
 type depmod_exec_t;
 init_system_domain(depmod_t, depmod_exec_t)
 role system_r types depmod_t;
 type insmod_t;
 type insmod_exec_t;
 application_domain(insmod_t, insmod_exec_t)
 mls_file_write_all_levels(insmod_t)
 role system_r types insmod_t;
 # module loading config
 type modules_conf_t;
 files_type(modules_conf_t)
@ -18,17 +29,6 @@ files_type(modules_conf_t)
 type modules_dep_t;
 files_type(modules_dep_t)
 type insmod_t;
 type insmod_exec_t;
 application_domain(insmod_t, insmod_exec_t)
 mls_file_write_all_levels(insmod_t)
 role system_r types insmod_t;
 type depmod_t;
 type depmod_exec_t;
 init_system_domain(depmod_t, depmod_exec_t)
 role system_r types depmod_t;
 type update_modules_t;
 type update_modules_exec_t;
 init_system_domain(update_modules_t, update_modules_exec_t)
@ -37,6 +37,55 @@ role system_r types update_modules_t;
 type update_modules_tmp_t;
 files_tmp_file(update_modules_tmp_t)
 ########################################
 #
 # depmod local policy
 #
 can_exec(depmod_t, depmod_exec_t)
 # Read conf.modules.
 allow depmod_t modules_conf_t:file read_file_perms;
 allow depmod_t modules_dep_t:file manage_file_perms;
 files_kernel_modules_filetrans(depmod_t, modules_dep_t, file)
 kernel_read_system_state(depmod_t)
 corecmd_search_bin(depmod_t)
 domain_use_interactive_fds(depmod_t)
 files_read_kernel_symbol_table(depmod_t)
 files_read_kernel_modules(depmod_t)
 files_read_etc_runtime_files(depmod_t)
 files_read_etc_files(depmod_t)
 files_read_usr_src_files(depmod_t)
 files_list_usr(depmod_t)
 fs_getattr_xattr_fs(depmod_t)
 term_use_console(depmod_t)
 init_use_fds(depmod_t)
 init_use_script_fds(depmod_t)
 init_use_script_ptys(depmod_t)
 userdom_use_user_terminals(depmod_t)
 # Read System.map from home directories.
 files_list_home(depmod_t)
 userdom_read_user_home_content_files(depmod_t)
 ifdef(`distro_ubuntu',`
 	optional_policy(`
 		unconfined_domain(depmod_t)
 	')
 ')
 optional_policy(`
 	rpm_rw_pipes(depmod_t)
 ')
 ########################################
 #
 # insmod local policy
@ -64,9 +113,8 @@ kernel_read_kernel_sysctls(insmod_t)
 kernel_rw_kernel_sysctl(insmod_t)
 kernel_read_hotplug_sysctls(insmod_t)
-files_read_kernel_modules(insmod_t)
+corecmd_exec_bin(insmod_t)
-# for locking: (cjp: ????)
+corecmd_exec_shell(insmod_t)
 files_write_kernel_modules(insmod_t)
 dev_rw_sysfs(insmod_t)
 dev_search_usbfs(insmod_t)
@ -80,14 +128,10 @@ dev_rw_apm_bios(insmod_t)
 # and it also transitions to mount
 dev_mount_usbfs(insmod_t)
 fs_getattr_xattr_fs(insmod_t)
 corecmd_exec_bin(insmod_t)
 corecmd_exec_shell(insmod_t)
 domain_signal_all_domains(insmod_t)
 domain_use_interactive_fds(insmod_t)
 files_read_kernel_modules(insmod_t)
 files_read_etc_runtime_files(insmod_t)
 files_read_etc_files(insmod_t)
 files_read_usr_files(insmod_t)
@ -96,6 +140,10 @@ files_exec_etc_files(insmod_t)
 files_dontaudit_search_pids(insmod_t)
 # for when /var is not mounted early in the boot:
 files_dontaudit_search_isid_type_dirs(insmod_t)
 # for locking: (cjp: ????)
 files_write_kernel_modules(insmod_t)
 fs_getattr_xattr_fs(insmod_t)
 init_rw_initctl(insmod_t)
 init_use_fds(insmod_t)
@ -167,56 +215,6 @@ optional_policy(`
 	xserver_getattr_log(insmod_t)
 ')
 ########################################
 #
 # depmod local policy
 #
 can_exec(depmod_t, depmod_exec_t)
 # Read conf.modules.
 allow depmod_t modules_conf_t:file read_file_perms;
 allow depmod_t modules_dep_t:file manage_file_perms;
 files_kernel_modules_filetrans(depmod_t, modules_dep_t, file)
 kernel_read_system_state(depmod_t)
 files_read_kernel_symbol_table(depmod_t)
 files_read_kernel_modules(depmod_t)
 fs_getattr_xattr_fs(depmod_t)
 term_use_console(depmod_t)
 corecmd_search_bin(depmod_t)
 domain_use_interactive_fds(depmod_t)
 init_use_fds(depmod_t)
 init_use_script_fds(depmod_t)
 init_use_script_ptys(depmod_t)
 files_read_etc_runtime_files(depmod_t)
 files_read_etc_files(depmod_t)
 files_read_usr_src_files(depmod_t)
 files_list_usr(depmod_t)
 userdom_use_user_terminals(depmod_t)
 # Read System.map from home directories.
 files_list_home(depmod_t)
 userdom_read_user_home_content_files(depmod_t)
 ifdef(`distro_ubuntu',`
 	optional_policy(`
 		unconfined_domain(depmod_t)
 	')
 ')
 optional_policy(`
 	rpm_rw_pipes(depmod_t)
 ')
 #################################
 #
 # update-modules local policy
@ -248,8 +246,17 @@ files_tmp_filetrans(update_modules_t, update_modules_tmp_t, { file dir })
 kernel_read_kernel_sysctls(update_modules_t)
 kernel_read_system_state(update_modules_t)
 corecmd_exec_bin(update_modules_t)
 corecmd_exec_shell(update_modules_t)
 dev_read_urand(update_modules_t)
 domain_use_interactive_fds(update_modules_t)
 files_read_etc_runtime_files(update_modules_t)
 files_read_etc_files(update_modules_t)
 files_exec_etc_files(update_modules_t)
 fs_getattr_xattr_fs(update_modules_t)
 term_use_console(update_modules_t)
@ -258,15 +265,6 @@ init_use_fds(update_modules_t)
 init_use_script_fds(update_modules_t)
 init_use_script_ptys(update_modules_t)
 domain_use_interactive_fds(update_modules_t)
 files_read_etc_runtime_files(update_modules_t)
 files_read_etc_files(update_modules_t)
 files_exec_etc_files(update_modules_t)
 corecmd_exec_bin(update_modules_t)
 corecmd_exec_shell(update_modules_t)
 logging_send_syslog_msg(update_modules_t)
 miscfiles_read_localization(update_modules_t)