From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 54B761393DD for ; Wed, 6 Aug 2014 18:13:17 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 61C10E090F; Wed, 6 Aug 2014 18:13:16 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 55358E0905 for ; Wed, 6 Aug 2014 18:13:15 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 82720340272 for ; Wed, 6 Aug 2014 18:13:14 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id 471311881C for ; Wed, 6 Aug 2014 18:13:13 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1407348517.c59fbdcd0347acb36cb72b2da4e60f553121113b.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/kernel/files.if X-VCS-Directories: policy/modules/kernel/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: c59fbdcd0347acb36cb72b2da4e60f553121113b X-VCS-Branch: testing Date: Wed, 6 Aug 2014 18:13:13 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 270e5e0b-cce1-490e-9be3-daaa06d841be X-Archives-Hash: b047e6e410ba669db2a3f6b82f739489 commit: c59fbdcd0347acb36cb72b2da4e60f553121113b Author: Sven Vermeulen siphos be> AuthorDate: Wed Aug 6 09:03:57 2014 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Wed Aug 6 18:08:37 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c59fbdcd Introduce files_manage_non_security_file_type interface This interface, similar to files_manage_non_auth_files, allows the domain to manage and work on non-security related file types. No type attributes are set so this can be used in a tunable_policy statement if necessary. Naming based on the attribute used (non_security_file_type). --- policy/modules/kernel/files.if | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index ca278d5..5d53aa4 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -6728,3 +6728,27 @@ interface(`files_read_etc_runtime',` read_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t) read_lnk_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t) ') + +######################################## +## +## Manage non-security related resources. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`files_manage_non_security_file_type',` + gen_require(` + attribute non_security_file_type; + ') + + manage_dirs_pattern($1, non_security_file_type, non_security_file_type) + manage_files_pattern($1, non_security_file_type, non_security_file_type) + manage_lnk_files_pattern($1, non_security_file_type, non_security_file_type) + manage_fifo_files_pattern($1, non_security_file_type, non_security_file_type) + manage_sock_files_pattern($1, non_security_file_type, non_security_file_type) +') + From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E94DD1393DD for ; Thu, 7 Aug 2014 09:50:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 52661E0964; Thu, 7 Aug 2014 09:50:07 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C9B53E096B for ; Thu, 7 Aug 2014 09:50:06 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 043A934028F for ; Thu, 7 Aug 2014 08:06:06 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id 1BBC21881B for ; Thu, 7 Aug 2014 08:06:04 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1407348517.c59fbdcd0347acb36cb72b2da4e60f553121113b.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/kernel/files.if X-VCS-Directories: policy/modules/kernel/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: c59fbdcd0347acb36cb72b2da4e60f553121113b X-VCS-Branch: master Date: Thu, 7 Aug 2014 08:06:04 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: bb538bdf-dd7f-4734-953f-82ad8b5f1382 X-Archives-Hash: c72c03ad6cfeba0dc4530f0aa1c4e713 Message-ID: <20140807080604.5zuBOA-CY27_irgt0SlKPGp9OL0-oic-s-FFn2JoqgE@z> commit: c59fbdcd0347acb36cb72b2da4e60f553121113b Author: Sven Vermeulen siphos be> AuthorDate: Wed Aug 6 09:03:57 2014 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Wed Aug 6 18:08:37 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c59fbdcd Introduce files_manage_non_security_file_type interface This interface, similar to files_manage_non_auth_files, allows the domain to manage and work on non-security related file types. No type attributes are set so this can be used in a tunable_policy statement if necessary. Naming based on the attribute used (non_security_file_type). --- policy/modules/kernel/files.if | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index ca278d5..5d53aa4 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -6728,3 +6728,27 @@ interface(`files_read_etc_runtime',` read_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t) read_lnk_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t) ') + +######################################## +## +## Manage non-security related resources. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`files_manage_non_security_file_type',` + gen_require(` + attribute non_security_file_type; + ') + + manage_dirs_pattern($1, non_security_file_type, non_security_file_type) + manage_files_pattern($1, non_security_file_type, non_security_file_type) + manage_lnk_files_pattern($1, non_security_file_type, non_security_file_type) + manage_fifo_files_pattern($1, non_security_file_type, non_security_file_type) + manage_sock_files_pattern($1, non_security_file_type, non_security_file_type) +') +