[gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/

["Sven Vermeulen" <swift@gentoo.org>]

commit:     c59fbdcd0347acb36cb72b2da4e60f553121113b
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Aug  6 09:03:57 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed Aug  6 18:08:37 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c59fbdcd

Introduce files_manage_non_security_file_type interface

This interface, similar to files_manage_non_auth_files, allows the
domain to manage and work on non-security related file types. No type
attributes are set so this can be used in a tunable_policy statement if
necessary.

Naming based on the attribute used (non_security_file_type).

---
 policy/modules/kernel/files.if | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index ca278d5..5d53aa4 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6728,3 +6728,27 @@ interface(`files_read_etc_runtime',`
 	read_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
 	read_lnk_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
 ')
+
+########################################
+## <summary>
+##	Manage non-security related resources.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_manage_non_security_file_type',`
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	manage_dirs_pattern($1, non_security_file_type, non_security_file_type)
+	manage_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_sock_files_pattern($1, non_security_file_type, non_security_file_type)
+')
+