rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

trunk: add mls constraints to dbus.

Browse Source
This commit is contained in:
Chris PeBenito 2008-01-03 20:37:25 +00:00
parent 9323a50bcc
commit 936f286c16
3 changed files with 51 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
policy/mls
View File

@ -570,8 +570,13 @@ mlsconstrain xinput { setattr relabelinput }
# MLS policy for the dbus class
#
mlsconstrain dbus { send_msg }
(( l1 eq l2 ) or
( t1 == mlsdbussend ) or
( t2 == mlsdbusrecv ));
# these access vectors have no MLS restrictions
# dbus { acquire_svc send_msg }
# dbus { acquire_svc }

41
policy/modules/kernel/mls.if
View File

@ -859,3 +859,44 @@ interface(`mls_db_downgrade',`
typeattribute $1 mlsdbdowngrade;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for sending dbus messages to
## all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_dbus_send_all_levels',`
gen_require(`
attribute mlsdbussend;
')
typeattribute $1 mlsdbussend;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for receiving dbus messages from
## all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_dbus_recv_all_levels',`
gen_require(`
attribute mlsdbusrecv;
')
typeattribute $1 mlsdbusrecv;
')

5
policy/modules/kernel/mls.te
View File

@ -1,5 +1,5 @@
policy_module(mls,1.6.0)
policy_module(mls,1.6.1)
########################################
#
@ -61,3 +61,6 @@ attribute mlsfduse;
attribute mlsfdshare;
attribute mlstranslate;
attribute mlsdbusrecv;
attribute mlsdbussend;