From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8C573138200 for ; Thu, 9 May 2013 17:14:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0CF70E0810; Thu, 9 May 2013 17:14:27 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6A5DCE0810 for ; Thu, 9 May 2013 17:14:26 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 45DA733DF65 for ; Thu, 9 May 2013 17:14:25 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id DB63CE503E for ; Thu, 9 May 2013 17:14:23 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1368119600.94a4ba10dd8424756a70495df306589d7d94a462.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/minidlna.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 94a4ba10dd8424756a70495df306589d7d94a462 X-VCS-Branch: master Date: Thu, 9 May 2013 17:14:23 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 32e9de49-ba67-48d2-bb3e-a6d3f2348eac X-Archives-Hash: 25758f3b49d7ad73fcaefb26c848f0f7 commit: 94a4ba10dd8424756a70495df306589d7d94a462 Author: Sven Vermeulen siphos be> AuthorDate: Thu May 9 17:13:20 2013 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Thu May 9 17:13:20 2013 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=94a4ba10 Move gentoo specifics downwards --- policy/modules/contrib/minidlna.te | 66 +++++++++++++++++------------------- 1 files changed, 31 insertions(+), 35 deletions(-) diff --git a/policy/modules/contrib/minidlna.te b/policy/modules/contrib/minidlna.te index 81a8d4a..541129c 100644 --- a/policy/modules/contrib/minidlna.te +++ b/policy/modules/contrib/minidlna.te @@ -12,36 +12,22 @@ policy_module(minidlna, 0.1) ## gen_tunable(minidlna_read_generic_user_content, false) -## -##

-## Determine whether minidlna can read all user content. -##

-## -gen_tunable(minidlna_read_all_user_content, false) - -## -##

-## Determine whether minidlna can read users xdg videos, pictures and music labeled files -##

-## -gen_tunable(minidlna_read_xdg_media_content, false) - type minidlna_t; type minidlna_exec_t; init_daemon_domain(minidlna_t, minidlna_exec_t) -type minidlna_initrc_exec_t; -init_script_file(minidlna_initrc_exec_t) - type minidlna_conf_t; files_config_file(minidlna_conf_t) -type minidlna_log_t; -logging_log_file(minidlna_log_t) - type minidlna_db_t; files_type(minidlna_db_t) +type minidlna_initrc_exec_t; +init_script_file(minidlna_initrc_exec_t) + +type minidlna_log_t; +logging_log_file(minidlna_log_t) + type minidlna_var_run_t; files_pid_file(minidlna_var_run_t) @@ -58,19 +44,12 @@ allow minidlna_t minidlna_conf_t:file read_file_perms; allow minidlna_t minidlna_db_t:dir { create_dir_perms rw_dir_perms }; allow minidlna_t minidlna_db_t:file manage_file_perms; -#manage_files_pattern(minidlna_t, minidlna_db_t, minidlna_db_t) -#create_dirs_pattern(minidlna_t, minidlna_db_t, minidlna_db_t) -#rw_dirs_pattern(minidlna_t, minidlna_db_t, minidlna_db_t) -#files_var_lib_filetrans(minidlna_t, minidlna_db_t, dir) allow minidlna_t minidlna_log_t:file append_file_perms; create_files_pattern(minidlna_t, minidlna_log_t, minidlna_log_t) -#append_files_pattern(minidlna_t, minidlna_log_t, minidlna_log_t) allow minidlna_t minidlna_var_run_t:file manage_file_perms; allow minidlna_t minidlna_var_run_t:dir rw_dir_perms; -#manage_files_pattern(minidlna_t, minidlna_var_run_t, minidlna_var_run_t) -#rw_dirs_pattern(minidlna_t, minidlna_var_run_t, minidlna_var_run_t) files_pid_filetrans(minidlna_t, minidlna_var_run_t, file) kernel_read_fs_sysctls(minidlna_t) @@ -122,13 +101,30 @@ tunable_policy(`minidlna_read_generic_user_content',` userdom_dontaudit_read_user_tmp_files(minidlna_t) ') -tunable_policy(`minidlna_read_all_user_content',` - userdom_list_user_tmp(minidlna_t) - userdom_read_all_user_home_content(minidlna_t) -') +ifdef(`distro_gentoo',` + +## +##

+## Determine whether minidlna can read all user content. +##

+## +gen_tunable(minidlna_read_all_user_content, false) + +## +##

+## Determine whether minidlna can read users xdg videos, pictures and music labeled files +##

+## +gen_tunable(minidlna_read_xdg_media_content, false) -tunable_policy(`minidlna_read_xdg_media_content',` - xdg_read_music_home(minidlna_t) - xdg_read_pictures_home(minidlna_t) - xdg_read_videos_home(minidlna_t) + tunable_policy(`minidlna_read_all_user_content',` + userdom_list_user_tmp(minidlna_t) + userdom_read_all_user_home_content(minidlna_t) + ') + + tunable_policy(`minidlna_read_xdg_media_content',` + xdg_read_music_home(minidlna_t) + xdg_read_pictures_home(minidlna_t) + xdg_read_videos_home(minidlna_t) + ') ')