rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Allow consolehelper to read fonts and config files in user homedir

Browse Source
This commit is contained in:
Dan Walsh 2010-09-23 15:14:34 -04:00
parent f4dc198843
commit 7c94a3ab0d
3 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
policy/modules/apps/userhelper.if
View File

@ -303,12 +303,15 @@ template(`userhelper_console_role_template',`
auth_use_pam($1_consolehelper_t) auth_use_pam($1_consolehelper_t)
userdom_manage_tmpfs_role(#2, $1_consolehelper_t)
optional_policy(` optional_policy(`
shutdown_run($1_consolehelper_t, $2) shutdown_run($1_consolehelper_t, $2)
shutdown_send_sigchld($3) shutdown_send_sigchld($3)
') ')
optional_policy(` optional_policy(`
xserver_run_xauth($1_consolehelper_t, $2)
xserver_read_xdm_pid($1_consolehelper_t) xserver_read_xdm_pid($1_consolehelper_t)
') ')
') ')

9
policy/modules/apps/userhelper.te
View File

@ -22,6 +22,7 @@ application_executable_file(consolehelper_exec_t)
# consolehelper local policy # consolehelper local policy
# #
allow consolehelper_domain self:shm create_shm_perms;
allow consolehelper_domain self:capability { setgid setuid }; allow consolehelper_domain self:capability { setgid setuid };
dontaudit consolehelper_domain userhelper_conf_t:file write; dontaudit consolehelper_domain userhelper_conf_t:file write;
@ -47,13 +48,19 @@ auth_read_pam_pid(consolehelper_domain)
init_read_utmp(consolehelper_domain) init_read_utmp(consolehelper_domain)
miscfiles_read_localization(consolehelper_domain) miscfiles_read_localization(consolehelper_domain)
miscfiles_read_fonts(consolehelper_domain)
userhelper_exec(consolehelper_domain) userhelper_exec(consolehelper_domain)
userdom_use_user_ptys(consolehelper_domain) userdom_use_user_ptys(consolehelper_domain)
userdom_use_user_ttys(consolehelper_domain) userdom_use_user_ttys(consolehelper_domain)
userdom_search_user_home_content(consolehelper_domain) userdom_read_user_home_content_files(consolehelper_domain)
optional_policy(` optional_policy(`
gnome_read_gconf_home_files(consolehelper_domain)
')
optional_policy(`
xserver_read_home_fonts(consolehelper_domain)
xserver_stream_connect(consolehelper_domain) xserver_stream_connect(consolehelper_domain)
') ')

26
policy/modules/services/xserver.if
View File

@ -1558,7 +1558,7 @@ interface(`xserver_read_user_iceauth',`
######################################## ########################################
## <summary> ## <summary>
## Read user homedir fonts. ## Read/write inherited user homedir fonts.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
@ -1664,6 +1664,7 @@ interface(`xserver_run_xauth',`
xserver_domtrans_xauth($1) xserver_domtrans_xauth($1)
role $2 types xauth_t; role $2 types xauth_t;
') ')
######################################## ########################################
## <summary> ## <summary>
## Read user homedir fonts. ## Read user homedir fonts.
@ -1675,6 +1676,29 @@ interface(`xserver_run_xauth',`
## </param> ## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`xserver_read_home_fonts',`
gen_require(`
type user_fonts_t, user_fonts_config_t;
')
read_dirs_pattern($1, user_fonts_t, user_fonts_t)
read_files_pattern($1, user_fonts_t, user_fonts_t)
read_lnk_files_pattern($1, user_fonts_t, user_fonts_t)
read_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
')
########################################
## <summary>
## Manage user homedir fonts.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`xserver_manage_home_fonts',` interface(`xserver_manage_home_fonts',`
gen_require(` gen_require(`
type user_fonts_t, user_fonts_config_t; type user_fonts_t, user_fonts_config_t;