From d25dd9c1c2372c4ec638dd597a156bb70f6e9c80 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Wed, 11 May 2005 19:36:36 +0000 Subject: [PATCH] add make temporary_file and daemon_runtime_file --- refpolicy/policy/modules/services/cron.te | 2 +- refpolicy/policy/modules/system/authlogin.te | 2 +- refpolicy/policy/modules/system/files.if | 43 ++++++++++++------- refpolicy/policy/modules/system/hotplug.te | 2 +- refpolicy/policy/modules/system/init.te | 7 +-- refpolicy/policy/modules/system/iptables.te | 4 +- refpolicy/policy/modules/system/logging.te | 4 +- refpolicy/policy/modules/system/sysnetwork.te | 2 +- refpolicy/policy/modules/system/udev.te | 4 +- 9 files changed, 42 insertions(+), 28 deletions(-) diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te index 6d49187e..cba4cbdf 100644 --- a/refpolicy/policy/modules/services/cron.te +++ b/refpolicy/policy/modules/services/cron.te @@ -31,7 +31,7 @@ type crond_tmp_t; files_make_temporary_file(crond_tmp_t) type crond_var_run_t; -files_make_file(crond_var_run_t) +files_make_daemon_runtime_file(crond_var_run_t) type crontab_exec_t; files_make_file(crontab_exec_t) diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te index 5e6b50af..3df7fdbc 100644 --- a/refpolicy/policy/modules/system/authlogin.te +++ b/refpolicy/policy/modules/system/authlogin.te @@ -39,7 +39,7 @@ type pam_var_console_t; #, nscd_client_domain files_make_file(pam_var_console_t) type pam_var_run_t; -files_make_file(pam_var_run_t) +files_make_daemon_runtime_file(pam_var_run_t) type shadow_t; files_make_file(shadow_t) diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if index 17ebea4c..257e1b01 100644 --- a/refpolicy/policy/modules/system/files.if +++ b/refpolicy/policy/modules/system/files.if @@ -15,6 +15,34 @@ define(`files_make_file_depend',` attribute file_type; ') +######################################## +# +# files_make_mountpoint(type) +# +define(`files_make_mountpoint',` +requires_block_template(`$0'_depend) +files_make_file($1) +typeattribute $1 mountpoint; +') + +define(`files_make_mountpoint_depend',` +attribute mountpoint; +') + +######################################## +# +# files_make_daemon_runtime_file(type) +# +define(`files_make_daemon_runtime_file',` +requires_block_template(`$0'_depend) +files_make_file($1) +typeattribute $1 pidfile; +') + +define(`files_make_daemon_runtime_file_depend',` +attribute pidfile; +') + ######################################## # # files_make_temporary_file(type) @@ -29,19 +57,6 @@ define(`files_make_temporary_file_depend',` attribute tmpfile; ') -######################################## -# -# files_make_mountpoint(type) -# -define(`files_make_mountpoint',` -requires_block_template(`$0'_depend) -typeattribute $1 mountpoint; -') - -define(`files_make_mountpoint_depend',` -attribute mountpoint; -') - ######################################## # # files_get_all_file_attributes(type) @@ -660,11 +675,9 @@ type_transition $1 var_run_t:file $2; ',` type_transition $1 var_run_t:$3 $2; ') dnl end ifelse -typeattribute $1 pidfile; ') define(`files_create_daemon_runtime_data_depend',` -attribute pidfile; type var_t, var_run_t; class dir { getattr search read write add_name remove_name }; ') diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te index 516974ab..10e5d1bf 100644 --- a/refpolicy/policy/modules/system/hotplug.te +++ b/refpolicy/policy/modules/system/hotplug.te @@ -15,7 +15,7 @@ type hotplug_etc_t; #, usercanread; files_make_file(hotplug_etc_t) type hotplug_var_run_t; -files_make_file(hotplug_var_run_t) +files_make_daemon_runtime_file(hotplug_var_run_t) ######################################## # diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te index bad47ae8..25e7f9ed 100644 --- a/refpolicy/policy/modules/system/init.te +++ b/refpolicy/policy/modules/system/init.te @@ -34,7 +34,7 @@ devices_create_dev_entry(init_t,initctl_t,fifo_file) # init_var_run_t is the type for /var/run/shutdown.pid. # type init_var_run_t; -files_make_file(init_var_run_t) +files_make_daemon_runtime_file(init_var_run_t) type initrc_t; domain_make_domain(initrc_t) @@ -49,8 +49,7 @@ filesystem_noxattr_associate(initrc_devpts_t) terminal_make_pseudoterminal(initrc_t,initrc_devpts_t) type initrc_var_run_t; -files_make_file(initrc_var_run_t) -files_create_daemon_runtime_data(initrc_t,initrc_var_run_t) +files_make_daemon_runtime_file(initrc_var_run_t) type initrc_state_t; files_make_file(initrc_state_t) @@ -173,6 +172,8 @@ allow initrc_t initrc_state_t:lnk_file { create read getattr setattr unlink rena allow initrc_t self:tcp_socket { connect listen accept create ioctl read getattr write setattr append bind getopt setopt shutdown }; allow initrc_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown }; +files_create_daemon_runtime_data(initrc_t,initrc_var_run_t) + allow initrc_t initrc_tmp_t : file { create ioctl read getattr lock write setattr append link unlink rename }; allow initrc_t initrc_tmp_t : dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir }; files_create_private_tmp_data(initrc_t,initrc_tmp_t, { file dir }) diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te index dbdb78ad..85c52742 100644 --- a/refpolicy/policy/modules/system/iptables.te +++ b/refpolicy/policy/modules/system/iptables.te @@ -15,8 +15,8 @@ role system_r types iptables_t; type iptables_tmp_t; files_make_temporary_file(iptables_tmp_t) -type iptables_var_run_t; #, pidfile; -files_make_file(iptables_var_run_t) +type iptables_var_run_t; +files_make_daemon_runtime_file(iptables_var_run_t) ######################################## # diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te index 7753793a..33c518b5 100644 --- a/refpolicy/policy/modules/system/logging.te +++ b/refpolicy/policy/modules/system/logging.te @@ -15,7 +15,7 @@ type klogd_tmp_t; files_make_temporary_file(klogd_tmp_t) type klogd_var_run_t; -files_make_file(klogd_var_run_t) +files_make_daemon_runtime_file(klogd_var_run_t) type syslogd_t; type syslogd_exec_t; @@ -25,7 +25,7 @@ type syslogd_tmp_t; files_make_temporary_file(syslogd_tmp_t) type syslogd_var_run_t; -files_make_file(syslogd_var_run_t) +files_make_daemon_runtime_file(syslogd_var_run_t) type var_log_t, logfile; files_make_file(var_log_t) diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te index eeae74f8..e8818fc9 100644 --- a/refpolicy/policy/modules/system/sysnetwork.te +++ b/refpolicy/policy/modules/system/sysnetwork.te @@ -19,7 +19,7 @@ type dhcpc_tmp_t; files_make_temporary_file(dhcpc_tmp_t) type dhcpc_var_run_t; -files_make_file(dhcpc_var_run_t) +files_make_daemon_runtime_file(dhcpc_var_run_t) type ifconfig_t; type ifconfig_exec_t; diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te index 34e0311a..57598ffc 100644 --- a/refpolicy/policy/modules/system/udev.te +++ b/refpolicy/policy/modules/system/udev.te @@ -25,10 +25,9 @@ files_make_file(udev_runtime_t) type udev_tbl_t alias udev_tdb_t; files_make_file(udev_tbl_t) -devices_create_dev_entry(udev_t,udev_tbl_t,file) type udev_var_run_t; -files_make_file(udev_var_run_t) +files_make_daemon_runtime_file(udev_var_run_t) ######################################## # @@ -56,6 +55,7 @@ allow udev_t udev_etc_t:file { read getattr lock ioctl }; # create udev database in /dev/.udevdb allow udev_t udev_tbl_t:file { create ioctl read getattr lock write setattr append link unlink rename }; +devices_create_dev_entry(udev_t,udev_tbl_t,file) allow udev_t udev_var_run_t : dir { read getattr lock search ioctl add_name remove_name write }; allow udev_t udev_var_run_t : file { create ioctl read getattr lock write setattr append link unlink rename };