From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-517774-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 315B3138010
	for <garchives@archives.gentoo.org>; Sat, 27 Oct 2012 11:48:18 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 80D7C21C01A;
	Sat, 27 Oct 2012 11:47:30 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 9AD2321C01A
	for <gentoo-commits@lists.gentoo.org>; Sat, 27 Oct 2012 11:47:29 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id C31AD33D82B
	for <gentoo-commits@lists.gentoo.org>; Sat, 27 Oct 2012 11:47:28 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 51B51E5436
	for <gentoo-commits@lists.gentoo.org>; Sat, 27 Oct 2012 11:47:27 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1351338154.b172af05bbb10e6577f5b10e94b0ef2905a9c481.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/sblim.fc policy/modules/contrib/sblim.if policy/modules/contrib/sblim.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: b172af05bbb10e6577f5b10e94b0ef2905a9c481
X-VCS-Branch: master
Date: Sat, 27 Oct 2012 11:47:27 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 215a89a8-6383-47bc-9c64-c9cb9cd51538
X-Archives-Hash: bdc3046c2c8267d7d798a943c90adfbb

commit:     b172af05bbb10e6577f5b10e94b0ef2905a9c481
Author:     Dominick Grift <dominick.grift <AT> gmail <DOT> com>
AuthorDate: Sat Oct 27 07:57:24 2012 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sat Oct 27 11:42:34 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b172af05

Chnages to the sblim policy module

Module clean up

Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>

---
 policy/modules/contrib/sblim.fc |    1 -
 policy/modules/contrib/sblim.if |   10 +++---
 policy/modules/contrib/sblim.te |   63 ++++++++++++++++++++-------------------
 3 files changed, 37 insertions(+), 37 deletions(-)

diff --git a/policy/modules/contrib/sblim.fc b/policy/modules/contrib/sblim.fc
index 029ed47..68a550d 100644
--- a/policy/modules/contrib/sblim.fc
+++ b/policy/modules/contrib/sblim.fc
@@ -1,7 +1,6 @@
 /etc/rc\.d/init\.d/gatherer	--	gen_context(system_u:object_r:sblim_initrc_exec_t,s0)
 
 /usr/sbin/gatherd	--	gen_context(system_u:object_r:sblim_gatherd_exec_t,s0)
-
 /usr/sbin/reposd	--	gen_context(system_u:object_r:sblim_reposd_exec_t,s0)
 
 /var/run/gather(/.*)?	gen_context(system_u:object_r:sblim_var_run_t,s0)

diff --git a/policy/modules/contrib/sblim.if b/policy/modules/contrib/sblim.if
index 7ba8b59..98c9e0a 100644
--- a/policy/modules/contrib/sblim.if
+++ b/policy/modules/contrib/sblim.if
@@ -21,7 +21,7 @@ interface(`sblim_domtrans_gatherd',`
 
 ########################################
 ## <summary>
-##	Read gatherd PID files.
+##	Read gatherd pid files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -57,12 +57,12 @@ interface(`sblim_read_pid_files',`
 #
 interface(`sblim_admin',`
 	gen_require(`
-		type sblim_gatherd_t, sblim_initrc_exec_t, sblim_reposd_t;
-		type sblim_var_run_t;
+		attribute sblim_domain;
+		type sblim_initrc_exec_t, sblim_var_run_t;
 	')
 
-	allow $1 { sblim_gatherd_t sblim_reposd_t }:process { ptrace signal_perms };
-	ps_process_pattern($1, { sblim_gatherd_t sblim_reposd_t })
+	allow $1 sblim_domain:process { ptrace signal_perms };
+	ps_process_pattern($1, sblim_domain)
 
 	init_labeled_script_domtrans($1, sblim_initrc_exec_t)
 	domain_system_change_exemption($1)

diff --git a/policy/modules/contrib/sblim.te b/policy/modules/contrib/sblim.te
index 37ddaea..73fc2c8 100644
--- a/policy/modules/contrib/sblim.te
+++ b/policy/modules/contrib/sblim.te
@@ -1,4 +1,4 @@
-policy_module(sblim, 1.0.1)
+policy_module(sblim, 1.0.2)
 
 ########################################
 #
@@ -21,9 +21,38 @@ init_script_file(sblim_initrc_exec_t)
 type sblim_var_run_t;
 files_pid_file(sblim_var_run_t)
 
+######################################
+#
+# Common sblim domain local policy
+#
+
+allow sblim_domain self:tcp_socket create_stream_socket_perms;
+
+manage_dirs_pattern(sblim_domain, sblim_var_run_t, sblim_var_run_t)
+manage_files_pattern(sblim_domain, sblim_var_run_t, sblim_var_run_t)
+manage_sock_files_pattern(sblim_domain, sblim_var_run_t, sblim_var_run_t)
+
+kernel_read_network_state(sblim_domain)
+kernel_read_system_state(sblim_domain)
+
+corenet_all_recvfrom_unlabeled(sblim_domain)
+corenet_all_recvfrom_netlabel(sblim_domain)
+corenet_tcp_sendrecv_generic_if(sblim_domain)
+corenet_tcp_sendrecv_generic_node(sblim_domain)
+
+corenet_tcp_sendrecv_repository_port(sblim_domain)
+
+dev_read_sysfs(sblim_domain)
+
+logging_send_syslog_msg(sblim_domain)
+
+files_read_etc_files(sblim_domain)
+
+miscfiles_read_localization(sblim_domain)
+
 ########################################
 #
-# sblim_gatherd local policy
+# Gatherd local policy
 #
 allow sblim_gatherd_t self:capability dac_override;
 allow sblim_gatherd_t self:process signal;
@@ -80,37 +109,9 @@ optional_policy(`
 
 #######################################
 #
-# sblim_reposd local policy
+# Reposd local policy
 #
 
 corenet_sendrecv_repository_server_packets(sblim_reposd_t)
 corenet_tcp_bind_repository_port(sblim_reposd_t)
-
-######################################
-#
-# sblim_domain local policy
-#
-
-allow sblim_domain self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(sblim_domain, sblim_var_run_t, sblim_var_run_t)
-manage_files_pattern(sblim_domain, sblim_var_run_t, sblim_var_run_t)
-manage_sock_files_pattern(sblim_domain, sblim_var_run_t, sblim_var_run_t)
-
-kernel_read_network_state(sblim_domain)
-kernel_read_system_state(sblim_domain)
-
-corenet_all_recvfrom_unlabeled(sblim_domain)
-corenet_all_recvfrom_netlabel(sblim_domain)
-corenet_tcp_sendrecv_generic_if(sblim_domain)
-corenet_tcp_sendrecv_generic_node(sblim_domain)
 corenet_tcp_bind_generic_node(sblim_domain)
-corenet_tcp_sendrecv_repository_port(sblim_domain)
-
-dev_read_sysfs(sblim_domain)
-
-logging_send_syslog_msg(sblim_domain)
-
-files_read_etc_files(sblim_domain)
-
-miscfiles_read_localization(sblim_domain)