add extra dep to init_t interfaces since init_t is in base module right now.
This commit is contained in:
		
							parent
							
								
									1ce7f6bf40
								
							
						
					
					
						commit
						bcdcc55c7f
					
				| @ -192,11 +192,108 @@ interface(`init_exec',` | ||||
| interface(`init_getpgid',` | ||||
| 	gen_require(` | ||||
| 		type init_t; | ||||
| 
 | ||||
| 		# cjp: remove this when init_t decl is moved back to this module | ||||
| 		type init_exec_t; | ||||
| 	') | ||||
| 
 | ||||
| 	allow $1 init_t:process getpgid; | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| ## <summary> | ||||
| ##	Send init a null signal. | ||||
| ## </summary> | ||||
| ## <param name="domain"> | ||||
| ##	<summary> | ||||
| ##	Domain allowed access. | ||||
| ##	</summary> | ||||
| ## </param> | ||||
| # | ||||
| interface(`init_signull',` | ||||
| 	gen_require(` | ||||
| 		type init_t; | ||||
| 
 | ||||
| 		# cjp: remove this when init_t decl is moved back to this module | ||||
| 		type init_exec_t; | ||||
| 	') | ||||
| 
 | ||||
| 	allow $1 init_t:process signull; | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| ## <summary> | ||||
| ##	Send init a SIGCHLD signal. | ||||
| ## </summary> | ||||
| ## <param name="domain"> | ||||
| ##	<summary> | ||||
| ##	Domain allowed access. | ||||
| ##	</summary> | ||||
| ## </param> | ||||
| # | ||||
| interface(`init_sigchld',` | ||||
| 	gen_require(` | ||||
| 		type init_t; | ||||
| 
 | ||||
| 		# cjp: remove this when init_t decl is moved back to this module | ||||
| 		type init_exec_t; | ||||
| 	') | ||||
| 
 | ||||
| 	allow $1 init_t:process sigchld; | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| # | ||||
| # init_use_fds(domain) | ||||
| # | ||||
| interface(`init_use_fds',` | ||||
| 	gen_require(` | ||||
| 		type init_t; | ||||
| 
 | ||||
| 		# cjp: remove this when init_t decl is moved back to this module | ||||
| 		type init_exec_t; | ||||
| 	') | ||||
| 
 | ||||
| 	allow $1 init_t:fd use; | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| # | ||||
| # init_dontaudit_use_fds(domain) | ||||
| # | ||||
| interface(`init_dontaudit_use_fds',` | ||||
| 	gen_require(` | ||||
| 		type init_t; | ||||
| 
 | ||||
| 		# cjp: remove this when init_t decl is moved back to this module | ||||
| 		type init_exec_t; | ||||
| 	') | ||||
| 
 | ||||
| 	dontaudit $1 init_t:fd use; | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| ## <summary> | ||||
| ##	Send UDP network traffic to init. | ||||
| ## </summary> | ||||
| ## <param name="domain"> | ||||
| ##	<summary> | ||||
| ##	Domain allowed access. | ||||
| ##	</summary> | ||||
| ## </param> | ||||
| # | ||||
| interface(`init_udp_send',` | ||||
| 	gen_require(` | ||||
| 		type init_t; | ||||
| 
 | ||||
| 		# cjp: remove this when init_t decl is moved back to this module | ||||
| 		type init_exec_t; | ||||
| 	') | ||||
| 
 | ||||
| 	allow $1 init_t:udp_socket sendto; | ||||
| 	allow init_t $1:udp_socket recvfrom; | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| # | ||||
| # init_getattr_initctl(domain) | ||||
| @ -259,85 +356,6 @@ interface(`init_dontaudit_rw_initctl',` | ||||
| 	dontaudit $1 initctl_t:fifo_file { read write }; | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| ## <summary> | ||||
| ##	Send init a null signal. | ||||
| ## </summary> | ||||
| ## <param name="domain"> | ||||
| ##	<summary> | ||||
| ##	Domain allowed access. | ||||
| ##	</summary> | ||||
| ## </param> | ||||
| # | ||||
| interface(`init_signull',` | ||||
| 	gen_require(` | ||||
| 		type init_t; | ||||
| 	') | ||||
| 
 | ||||
| 	allow $1 init_t:process signull; | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| ## <summary> | ||||
| ##	Send init a SIGCHLD signal. | ||||
| ## </summary> | ||||
| ## <param name="domain"> | ||||
| ##	<summary> | ||||
| ##	Domain allowed access. | ||||
| ##	</summary> | ||||
| ## </param> | ||||
| # | ||||
| interface(`init_sigchld',` | ||||
| 	gen_require(` | ||||
| 		type init_t; | ||||
| 	') | ||||
| 
 | ||||
| 	allow $1 init_t:process sigchld; | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| # | ||||
| # init_use_fds(domain) | ||||
| # | ||||
| interface(`init_use_fds',` | ||||
| 	gen_require(` | ||||
| 		type init_t; | ||||
| 	') | ||||
| 
 | ||||
| 	allow $1 init_t:fd use; | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| # | ||||
| # init_dontaudit_use_fds(domain) | ||||
| # | ||||
| interface(`init_dontaudit_use_fds',` | ||||
| 	gen_require(` | ||||
| 		type init_t; | ||||
| 	') | ||||
| 
 | ||||
| 	dontaudit $1 init_t:fd use; | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| ## <summary> | ||||
| ##	Send UDP network traffic to init. | ||||
| ## </summary> | ||||
| ## <param name="domain"> | ||||
| ##	<summary> | ||||
| ##	Domain allowed access. | ||||
| ##	</summary> | ||||
| ## </param> | ||||
| # | ||||
| interface(`init_udp_send',` | ||||
| 	gen_require(` | ||||
| 		type init_t; | ||||
| 	') | ||||
| 
 | ||||
| 	allow $1 init_t:udp_socket sendto; | ||||
| 	allow init_t $1:udp_socket recvfrom; | ||||
| ') | ||||
| 
 | ||||
| ######################################## | ||||
| ## <summary> | ||||
| ##	Make init scripts an entry point for | ||||
|  | ||||
| @ -21,6 +21,8 @@ attribute direct_init_entry; | ||||
| # | ||||
| # real declaration moved to mls until | ||||
| # range_transition works in loadable modules | ||||
| # also remove the extra init_exec_t dependencies | ||||
| # in init_t interfaces when the decl gets moved back here. | ||||
| gen_require(` | ||||
| 	type init_t; | ||||
| ') | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user