Remove dup interface
This commit is contained in:
Miroslav Grepl
parent
368fb803a8
commit
71a28bab65
@ -14888,16 +14888,16 @@ index e7d1738..79f6c51 100644
|
||||
########################################
|
||||
#
|
||||
diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc
|
||||
index 7be4ddf..30d9666 100644
|
||||
index 7be4ddf..d5ef507 100644
|
||||
--- a/policy/modules/kernel/kernel.fc
|
||||
+++ b/policy/modules/kernel/kernel.fc
|
||||
@@ -1 +1,3 @@
|
||||
-# This module currently does not have any file contexts.
|
||||
+
|
||||
+/sys/class/net/ib.* gen_context(system_u:object_r:sysctl_net_t,s0)
|
||||
+/sys/kernel/uevent_helper -- gen_context(system_u:object_r:proc_usermodehelper_t,s0)
|
||||
+/sys/kernel/uevent_helper -- gen_context(system_u:object_r:usermodehelper_t,s0)
|
||||
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
|
||||
index e100d88..71ca594 100644
|
||||
index e100d88..d3b9fb4 100644
|
||||
--- a/policy/modules/kernel/kernel.if
|
||||
+++ b/policy/modules/kernel/kernel.if
|
||||
@@ -286,7 +286,7 @@ interface(`kernel_rw_unix_dgram_sockets',`
|
||||
@ -15240,7 +15240,7 @@ index e100d88..71ca594 100644
|
||||
## Unconfined access to kernel module resources.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -2972,5 +3179,527 @@ interface(`kernel_unconfined',`
|
||||
@@ -2972,5 +3179,505 @@ interface(`kernel_unconfined',`
|
||||
')
|
||||
|
||||
typeattribute $1 kern_unconfined;
|
||||
@ -15340,7 +15340,7 @@ index e100d88..71ca594 100644
|
||||
+ ')
|
||||
+
|
||||
+ dontaudit $1 sysctl_type:file getattr;
|
||||
')
|
||||
+')
|
||||
+
|
||||
+########################################
|
||||
+## <summary>
|
||||
@ -15648,12 +15648,12 @@ index e100d88..71ca594 100644
|
||||
+#
|
||||
+interface(`kernel_rw_userhelper_state',`
|
||||
+ gen_require(`
|
||||
+ type proc_t, proc_userhelper_t;
|
||||
+ type proc_t, userhelper_t;
|
||||
+ ')
|
||||
+
|
||||
+ dev_search_sysfs($1)
|
||||
+ rw_files_pattern($1, proc_t, proc_userhelper_t)
|
||||
+ list_dirs_pattern($1, proc_t, proc_userhelper_t)
|
||||
+ rw_files_pattern($1, proc_t, userhelper_t)
|
||||
+ list_dirs_pattern($1, proc_t, userhelper_t)
|
||||
+')
|
||||
+
|
||||
+########################################
|
||||
@ -15670,10 +15670,10 @@ index e100d88..71ca594 100644
|
||||
+#
|
||||
+interface(`kernel_dontaudit_search_userhelper_state',`
|
||||
+ gen_require(`
|
||||
+ type proc_userhelper_t;
|
||||
+ type userhelper_t;
|
||||
+ ')
|
||||
+
|
||||
+ dontaudit $1 proc_userhelper_t:dir search;
|
||||
+ dontaudit $1 userhelper_t:dir search;
|
||||
+')
|
||||
+
|
||||
+########################################
|
||||
@ -15689,10 +15689,10 @@ index e100d88..71ca594 100644
|
||||
+#
|
||||
+interface(`kernel_search_userhelper_state',`
|
||||
+ gen_require(`
|
||||
+ type proc_userhelper_t;
|
||||
+ type userhelper_t;
|
||||
+ ')
|
||||
+
|
||||
+ search_dirs_pattern($1, proc_t, proc_userhelper_t)
|
||||
+ search_dirs_pattern($1, proc_t, userhelper_t)
|
||||
+')
|
||||
+
|
||||
+########################################
|
||||
@ -15719,13 +15719,13 @@ index e100d88..71ca594 100644
|
||||
+#
|
||||
+interface(`kernel_read_userhelper_state',`
|
||||
+ gen_require(`
|
||||
+ type proc_t, proc_userhelper_t;
|
||||
+ type proc_t, userhelper_t;
|
||||
+ ')
|
||||
+
|
||||
+ read_files_pattern($1, { proc_t proc_userhelper_t }, proc_userhelper_t)
|
||||
+ read_lnk_files_pattern($1, { proc_t proc_userhelper_t }, proc_userhelper_t)
|
||||
+ read_files_pattern($1, { proc_t userhelper_t }, userhelper_t)
|
||||
+ read_lnk_files_pattern($1, { proc_t userhelper_t }, userhelper_t)
|
||||
+
|
||||
+ list_dirs_pattern($1, proc_t, proc_userhelper_t)
|
||||
+ list_dirs_pattern($1, proc_t, userhelper_t)
|
||||
+')
|
||||
+
|
||||
+########################################
|
||||
@ -15740,37 +15740,15 @@ index e100d88..71ca594 100644
|
||||
+#
|
||||
+interface(`kernel_read_userhelper_state_symlinks',`
|
||||
+ gen_require(`
|
||||
+ type proc_t, proc_userhelper_t;
|
||||
+ type proc_t, userhelper_t;
|
||||
+ ')
|
||||
+
|
||||
+ read_lnk_files_pattern($1, { proc_t proc_userhelper_t }, proc_userhelper_t)
|
||||
+
|
||||
+ list_dirs_pattern($1, proc_t, proc_userhelper_t)
|
||||
+')
|
||||
+
|
||||
+########################################
|
||||
+## <summary>
|
||||
+## Read and write userhelper state
|
||||
+## </summary>
|
||||
+## <param name="domain">
|
||||
+## <summary>
|
||||
+## Domain allowed access.
|
||||
+## </summary>
|
||||
+## </param>
|
||||
+## <rolecap/>
|
||||
+#
|
||||
+interface(`kernel_rw_userhelper_state',`
|
||||
+ gen_require(`
|
||||
+ type proc_t, proc_userhelper_t;
|
||||
+ ')
|
||||
+
|
||||
+ dev_search_sysfs($1)
|
||||
+ rw_files_pattern($1, proc_t, proc_userhelper_t)
|
||||
+ list_dirs_pattern($1, proc_t, proc_userhelper_t)
|
||||
+')
|
||||
+ read_lnk_files_pattern($1, { proc_t userhelper_t }, userhelper_t)
|
||||
+
|
||||
+ list_dirs_pattern($1, proc_t, userhelper_t)
|
||||
')
|
||||
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
|
||||
index 8dbab4c..2150f2c 100644
|
||||
index 8dbab4c..0c702e6 100644
|
||||
--- a/policy/modules/kernel/kernel.te
|
||||
+++ b/policy/modules/kernel/kernel.te
|
||||
@@ -25,6 +25,9 @@ attribute kern_unconfined;
|
||||
@ -15819,7 +15797,7 @@ index 8dbab4c..2150f2c 100644
|
||||
+genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security_t:s0
|
||||
+genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security_t:s0
|
||||
+
|
||||
+type proc_usermodehelper_t, proc_type;
|
||||
+type usermodehelper_t, proc_type;
|
||||
+genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper_t:s0
|
||||
+genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper_t:s0
|
||||
+genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper_t:s0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user