rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

fix duplicate /usr/bin/mplayer fc match for targeted

Browse Source
This commit is contained in:
Chris PeBenito 2006-10-18 17:31:14 +00:00
parent d4a48c41c2
commit b04eccd87b
5 changed files with 52 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/apps/mplayer.fc
View File

@ -8,6 +8,7 @@
# #
/usr/bin/mplayer -- gen_context(system_u:object_r:mplayer_exec_t,s0) /usr/bin/mplayer -- gen_context(system_u:object_r:mplayer_exec_t,s0)
/usr/bin/mencoder -- gen_context(system_u:object_r:mencoder_exec_t,s0) /usr/bin/mencoder -- gen_context(system_u:object_r:mencoder_exec_t,s0)
/usr/bin/xine -- gen_context(system_u:object_r:mplayer_exec_t,s0)
ifdef(`strict_policy',` ifdef(`strict_policy',`
HOME_DIR/\.mplayer(/.*)? gen_context(system_u:object_r:ROLE_mplayer_home_t,s0) HOME_DIR/\.mplayer(/.*)? gen_context(system_u:object_r:ROLE_mplayer_home_t,s0)

17
policy/modules/apps/mplayer.te
View File

@ -1,16 +1,23 @@
policy_module(mplayer,1.0.2) policy_module(mplayer,1.0.3)
######################################## ########################################
# #
# Declarations # Declarations
# #
type mplayer_exec_t; type mplayer_etc_t;
corecmd_executable_file(mplayer_exec_t) files_config_file(mplayer_etc_t)
ifdef(`strict_policy',`
type mencoder_exec_t; type mencoder_exec_t;
corecmd_executable_file(mencoder_exec_t) corecmd_executable_file(mencoder_exec_t)
type mplayer_etc_t; type mplayer_exec_t;
files_config_file(mplayer_etc_t) corecmd_executable_file(mplayer_exec_t)
')
ifdef(`targeted_policy',`
unconfined_execmem_alias_program(mencoder_exec_t)
unconfined_execmem_alias_program(mplayer_exec_t)
')

2
policy/modules/system/unconfined.fc
View File

@ -8,7 +8,5 @@ ifdef(`targeted_policy',`
/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) /usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) /usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/local/RealPlay/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) /usr/local/RealPlay/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/bin/mplayer -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/bin/xine -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/lib/ia32el/ia32x_loader -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) /usr/lib/ia32el/ia32x_loader -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
') ')

34
policy/modules/system/unconfined.if
View File

@ -488,6 +488,40 @@ interface(`unconfined_alias_domain',`
') ')
') ')
########################################
## <summary>
## Add an alias type to the unconfined execmem
## program file type.
## </summary>
## <desc>
## <p>
## Add an alias type to the unconfined execmem
## program file type.
## </p>
## <p>
## This is added to support targeted policy. Its
## use should be limited. It has no effect
## on the strict policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## New alias of the unconfined execmem program type.
## </summary>
## </param>
#
interface(`unconfined_execmem_alias_program',`
ifdef(`targeted_policy',`
gen_require(`
type unconfined_execmem_exec_t;
')
typealias unconfined_execmem_exec_t alias $1;
',`
refpolicywarn(`$0($1) has no effect in strict policy.')
')
')
######################################## ########################################
## <summary> ## <summary>
## Connect to the the unconfined DBUS ## Connect to the the unconfined DBUS

2
policy/modules/system/unconfined.te
View File

@ -1,5 +1,5 @@
policy_module(unconfined,1.3.15) policy_module(unconfined,1.3.16)
######################################## ########################################
# #