convert over to system_domain, plus a couple init cleanups

This commit is contained in:
Chris PeBenito 2005-05-05 18:30:00 +00:00
parent 4fc91539f6
commit bbd6a62111
9 changed files with 33 additions and 64 deletions

View File

@ -8,11 +8,10 @@ policy_module(consoletype, 1.0)
# #
type consoletype_t; type consoletype_t;
domain_make_domain(consoletype_t)
role system_r types consoletype_t;
type consoletype_exec_t; type consoletype_exec_t;
domain_make_entrypoint_file(consoletype_t,consoletype_exec_t) domain_make_init_domain(consoletype_t,consoletype_exec_t)
domain_make_system_domain(consoletype_t,consoletype_exec_t)
role system_r types consoletype_t;
######################################## ########################################
# #

View File

@ -30,11 +30,9 @@ type crack_tmp_t;
files_make_file(crack_tmp_t) files_make_file(crack_tmp_t)
type groupadd_t; #, privowner, nscd_client_domain; type groupadd_t; #, privowner, nscd_client_domain;
domain_make_domain(groupadd_t)
role system_r types groupadd_t;
type groupadd_exec_t; type groupadd_exec_t;
domain_make_entrypoint_file(groupadd_t,groupadd_exec_t) domain_make_system_domain(groupadd_t,groupadd_exec_t)
role system_r types groupadd_t;
type passwd_t; #,auth_write, privowner; type passwd_t; #,auth_write, privowner;
domain_make_domain(passwd_t) domain_make_domain(passwd_t)
@ -51,11 +49,9 @@ type sysadm_passwd_tmp_t;
files_make_file(sysadm_passwd_tmp_t) files_make_file(sysadm_passwd_tmp_t)
type useradd_t; #, privowner, nscd_client_domain; type useradd_t; #, privowner, nscd_client_domain;
domain_make_domain(useradd_t)
role system_r types useradd_t;
type useradd_exec_t; type useradd_exec_t;
domain_make_entrypoint_file(useradd_t,useradd_exec_t) domain_make_system_domain(useradd_t,useradd_exec_t)
role system_r types useradd_t;
######################################## ########################################
# #

View File

@ -20,7 +20,7 @@ files_make_file(login_exec_t)
type pam_console_t; type pam_console_t;
type pam_console_exec_t; type pam_console_exec_t;
domain_make_daemon_domain(pam_console_t,pam_console_exec_t) domain_make_system_domain(pam_console_t,pam_console_exec_t)
role system_r types pam_console_t; role system_r types pam_console_t;
domain_make_entrypoint_file(pam_console_t,pam_console_exec_t) domain_make_entrypoint_file(pam_console_t,pam_console_exec_t)

View File

@ -9,7 +9,7 @@ policy_module(hotplug, 1.0)
type hotplug_t; type hotplug_t;
type hotplug_exec_t; type hotplug_exec_t;
domain_make_daemon_domain(hotplug_t,hotplug_exec_t) domain_make_system_domain(hotplug_t,hotplug_exec_t)
type hotplug_etc_t; #, usercanread; type hotplug_etc_t; #, usercanread;
files_make_file(hotplug_etc_t) files_make_file(hotplug_etc_t)

View File

@ -2,6 +2,11 @@
policy_module(init,1.0) policy_module(init,1.0)
########################################
#
# Declarations
#
# #
# init_t is the domain of the init process. # init_t is the domain of the init process.
# #
@ -30,7 +35,6 @@ devices_create_dev_entry(init_t,initctl_t,fifo_file)
# #
type init_var_run_t; type init_var_run_t;
files_make_file(init_var_run_t) files_make_file(init_var_run_t)
files_create_daemon_runtime_data(init_t,init_var_run_t)
type initrc_t; type initrc_t;
domain_make_domain(initrc_t) domain_make_domain(initrc_t)
@ -53,7 +57,6 @@ files_make_file(initrc_state_t)
type initrc_tmp_t; type initrc_tmp_t;
files_make_file(initrc_tmp_t) files_make_file(initrc_tmp_t)
files_create_private_tmp_data(initrc_t,initrc_tmp_t)
type run_init_t; type run_init_t;
domain_make_domain(run_init_t) domain_make_domain(run_init_t)
@ -71,6 +74,7 @@ allow init_t init_exec_t:file { getattr read execute execute_no_trans };
# For /var/run/shutdown.pid. # For /var/run/shutdown.pid.
allow init_t init_var_run_t:file { create getattr read append write setattr unlink }; allow init_t init_var_run_t:file { create getattr read append write setattr unlink };
files_create_daemon_runtime_data(init_t,init_var_run_t)
# Run init scripts. this is ok since initrc # Run init scripts. this is ok since initrc
# is also in this module # is also in this module
@ -140,21 +144,13 @@ allow init_t self:capability ~sys_module;
# Modify utmp. # Modify utmp.
allow init_t initrc_var_run_t:file { getattr read write setattr }; allow init_t initrc_var_run_t:file { getattr read write setattr };
optional_policy(`consoletype.te',` ifdef(`TODO',`
consoletype_execute(init_t,optional)
')
########################################
#
# the following still need to be converted over
#
# something other then static libs # something other then static libs
allow init_t lib_t:file { getattr read }; allow init_t lib_t:file { getattr read };
# for mount points # for mount points
allow init_t file_t:dir search; allow init_t file_t:dir search;
') dnl end TODO
######################################## ########################################
# #
@ -179,6 +175,10 @@ allow initrc_t initrc_state_t:lnk_file { create read getattr setattr unlink rena
allow initrc_t self:tcp_socket { connect listen accept create ioctl read getattr write setattr append bind getopt setopt shutdown }; allow initrc_t self:tcp_socket { connect listen accept create ioctl read getattr write setattr append bind getopt setopt shutdown };
allow initrc_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown }; allow initrc_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown };
allow initrc_t initrc_tmp_t : file { create ioctl read getattr lock write setattr append link unlink rename };
allow initrc_t initrc_tmp_t : dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
files_create_private_tmp_data(initrc_t,initrc_tmp_t, { file dir })
kernel_read_system_state(initrc_t) kernel_read_system_state(initrc_t)
kernel_read_software_raid_state(initrc_t) kernel_read_software_raid_state(initrc_t)
kernel_read_network_state(initrc_t) kernel_read_network_state(initrc_t)
@ -280,23 +280,6 @@ authlogin_pam_read_runtime_data(initrc_t)
authlogin_pam_remove_runtime_data(initrc_t) authlogin_pam_remove_runtime_data(initrc_t)
') ')
optional_policy(`consoletype.te',`
consoletype_transition(initrc_t)
')
optional_policy(`modutils.te',`
modutils_depmod_transition(initrc_t)
modutils_update_modules_transition(initrc_t)
')
optional_policy(`mount.te',`
mount_transition(initrc_t)
')
optional_policy(`sysnetwork.te',`
sysnetwork_ifconfig_transition(initrc_t)
')
tunable_policy(`distro_redhat',` tunable_policy(`distro_redhat',`
kernel_set_selinux_enforcement_mode(initrc_t) kernel_set_selinux_enforcement_mode(initrc_t)

View File

@ -9,7 +9,7 @@ policy_module(iptables, 1.0)
type iptables_t; type iptables_t;
type iptables_exec_t; type iptables_exec_t;
domain_make_daemon_domain(iptables_t,iptables_exec_t) domain_make_system_domain(iptables_t,iptables_exec_t)
role system_r types iptables_t; role system_r types iptables_t;
type iptables_tmp_t; type iptables_tmp_t;

View File

@ -11,25 +11,19 @@ type modules_dep_t;
files_make_file(modules_dep_t) files_make_file(modules_dep_t)
type insmod_t; type insmod_t;
domain_make_domain(insmod_t) type insmod_exec_t;
domain_make_system_domain(insmod_t,insmod_exec_t)
role system_r types insmod_t; role system_r types insmod_t;
type insmod_exec_t;
domain_make_entrypoint_file(insmod_t,insmod_exec_t)
type depmod_t; type depmod_t;
domain_make_domain(depmod_t) type depmod_exec_t;
domain_make_system_domain(depmod_t,depmod_exec_t)
role system_r types depmod_t; role system_r types depmod_t;
type depmod_exec_t;
domain_make_entrypoint_file(depmod_t,depmod_exec_t)
type update_modules_t; type update_modules_t;
domain_make_domain(update_modules_t)
role system_r types update_modules_t;
type update_modules_exec_t; type update_modules_exec_t;
domain_make_entrypoint_file(update_modules_t,update_modules_exec_t) domain_make_system_domain(update_modules_t,update_modules_exec_t)
role system_r types update_modules_t;
type update_modules_tmp_t; type update_modules_tmp_t;
files_make_file(update_modules_tmp_t) files_make_file(update_modules_tmp_t)

View File

@ -1,11 +1,9 @@
# Copyright (C) 2005 Tresys Technology, LLC # Copyright (C) 2005 Tresys Technology, LLC
type mount_t; type mount_t;
domain_make_domain(mount_t)
role system_r types mount_t;
type mount_exec_t; type mount_exec_t;
domain_make_entrypoint_file(mount_t,mount_exec_t) domain_make_system_domain(mount_t,mount_exec_t)
role system_r types mount_t;
type mount_tmp_t; type mount_tmp_t;
files_make_file(mount_tmp_t) files_make_file(mount_tmp_t)

View File

@ -10,6 +10,7 @@ policy_module(sysnetwork,1.0)
type dhcpc_t; type dhcpc_t;
type dhcpc_exec_t; type dhcpc_exec_t;
domain_make_daemon_domain(dhcpc_t,dhcpc_exec_t) domain_make_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
type dhcpc_state_t; type dhcpc_state_t;
files_make_file(dhcpc_state_t) files_make_file(dhcpc_state_t)
@ -21,11 +22,9 @@ type dhcpc_var_run_t;
files_make_file(dhcpc_var_run_t) files_make_file(dhcpc_var_run_t)
type ifconfig_t; type ifconfig_t;
domain_make_domain(ifconfig_t)
role system_r types ifconfig_t;
type ifconfig_exec_t; type ifconfig_exec_t;
domain_make_entrypoint_file(ifconfig_t, ifconfig_exec_t) domain_make_system_domain(ifconfig_t, ifconfig_exec_t)
role system_r types ifconfig_t;
type net_conf_t alias resolv_conf_t; type net_conf_t alias resolv_conf_t;
files_make_file(net_conf_t) files_make_file(net_conf_t)