From ccf6611bdd5e5b1805383ebf646e1a28fa759149 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Fri, 16 Nov 2007 19:50:34 +0000 Subject: [PATCH] trunk: add unconfined_run_to(). --- policy/modules/system/unconfined.if | 40 +++++++++++++++++++++++++++++ policy/modules/system/unconfined.te | 2 +- 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if index 1bb9f590..69a720dc 100644 --- a/policy/modules/system/unconfined.if +++ b/policy/modules/system/unconfined.if @@ -276,6 +276,46 @@ interface(`unconfined_domtrans_to',` domtrans_pattern(unconfined_t,$2,$1) ') +######################################## +## +## Allow unconfined to execute the specified program in +## the specified domain. Allow the specified domain the +## unconfined role and use of unconfined user terminals. +## +## +##

+## Allow unconfined to execute the specified program in +## the specified domain. Allow the specified domain the +## unconfined role and use of unconfined user terminals. +##

+##

+## This is a interface to support third party modules +## and its use is not allowed in upstream reference +## policy. +##

+## +## +## +## Domain to execute in. +## +## +## +## +## Domain entry point file. +## +## +# +interface(`unconfined_run_to',` + gen_require(` + type unconfined_t, unconfined_devpts_t, unconfined_tty_device_t; + role unconfined_r; + ') + + domtrans_pattern(unconfined_t,$2,$1) + role unconfined_r types $1; + allow $1 { unconfined_devpts_t unconfined_tty_device_t }:chr_file rw_term_perms; +') + ######################################## ## ## Inherit file descriptors from the unconfined domain. diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te index 23fdddf0..b44c48e1 100644 --- a/policy/modules/system/unconfined.te +++ b/policy/modules/system/unconfined.te @@ -1,5 +1,5 @@ -policy_module(unconfined,2.0.2) +policy_module(unconfined,2.0.3) ######################################## #