From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-719031-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
by finch.gentoo.org (Postfix) with ESMTP id 54B761393DD
for <garchives@archives.gentoo.org>; Wed, 6 Aug 2014 18:13:17 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 61C10E090F;
Wed, 6 Aug 2014 18:13:16 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id 55358E0905
for <gentoo-commits@lists.gentoo.org>; Wed, 6 Aug 2014 18:13:15 +0000 (UTC)
Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id 82720340272
for <gentoo-commits@lists.gentoo.org>; Wed, 6 Aug 2014 18:13:14 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
by spoonbill.gentoo.org (Postfix) with ESMTP id 471311881C
for <gentoo-commits@lists.gentoo.org>; Wed, 6 Aug 2014 18:13:13 +0000 (UTC)
From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org>
Message-ID: <1407348517.c59fbdcd0347acb36cb72b2da4e60f553121113b.swift@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/kernel/files.if
X-VCS-Directories: policy/modules/kernel/
X-VCS-Committer: swift
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: c59fbdcd0347acb36cb72b2da4e60f553121113b
X-VCS-Branch: testing
Date: Wed, 6 Aug 2014 18:13:13 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 270e5e0b-cce1-490e-9be3-daaa06d841be
X-Archives-Hash: b047e6e410ba669db2a3f6b82f739489
commit: c59fbdcd0347acb36cb72b2da4e60f553121113b
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Aug 6 09:03:57 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed Aug 6 18:08:37 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c59fbdcd
Introduce files_manage_non_security_file_type interface
This interface, similar to files_manage_non_auth_files, allows the
domain to manage and work on non-security related file types. No type
attributes are set so this can be used in a tunable_policy statement if
necessary.
Naming based on the attribute used (non_security_file_type).
---
policy/modules/kernel/files.if | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index ca278d5..5d53aa4 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6728,3 +6728,27 @@ interface(`files_read_etc_runtime',`
read_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
read_lnk_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
')
+
+########################################
+## <summary>
+## Manage non-security related resources.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_manage_non_security_file_type',`
+ gen_require(`
+ attribute non_security_file_type;
+ ')
+
+ manage_dirs_pattern($1, non_security_file_type, non_security_file_type)
+ manage_files_pattern($1, non_security_file_type, non_security_file_type)
+ manage_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+ manage_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
+ manage_sock_files_pattern($1, non_security_file_type, non_security_file_type)
+')
+
From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-719124-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
by finch.gentoo.org (Postfix) with ESMTP id E94DD1393DD
for <garchives@archives.gentoo.org>; Thu, 7 Aug 2014 09:50:09 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 52661E0964;
Thu, 7 Aug 2014 09:50:07 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id C9B53E096B
for <gentoo-commits@lists.gentoo.org>; Thu, 7 Aug 2014 09:50:06 +0000 (UTC)
Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id 043A934028F
for <gentoo-commits@lists.gentoo.org>; Thu, 7 Aug 2014 08:06:06 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
by spoonbill.gentoo.org (Postfix) with ESMTP id 1BBC21881B
for <gentoo-commits@lists.gentoo.org>; Thu, 7 Aug 2014 08:06:04 +0000 (UTC)
From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org>
Message-ID: <1407348517.c59fbdcd0347acb36cb72b2da4e60f553121113b.swift@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/kernel/files.if
X-VCS-Directories: policy/modules/kernel/
X-VCS-Committer: swift
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: c59fbdcd0347acb36cb72b2da4e60f553121113b
X-VCS-Branch: master
Date: Thu, 7 Aug 2014 08:06:04 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: bb538bdf-dd7f-4734-953f-82ad8b5f1382
X-Archives-Hash: c72c03ad6cfeba0dc4530f0aa1c4e713
Message-ID: <20140807080604.5zuBOA-CY27_irgt0SlKPGp9OL0-oic-s-FFn2JoqgE@z>
commit: c59fbdcd0347acb36cb72b2da4e60f553121113b
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Aug 6 09:03:57 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed Aug 6 18:08:37 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c59fbdcd
Introduce files_manage_non_security_file_type interface
This interface, similar to files_manage_non_auth_files, allows the
domain to manage and work on non-security related file types. No type
attributes are set so this can be used in a tunable_policy statement if
necessary.
Naming based on the attribute used (non_security_file_type).
---
policy/modules/kernel/files.if | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index ca278d5..5d53aa4 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6728,3 +6728,27 @@ interface(`files_read_etc_runtime',`
read_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
read_lnk_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
')
+
+########################################
+## <summary>
+## Manage non-security related resources.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_manage_non_security_file_type',`
+ gen_require(`
+ attribute non_security_file_type;
+ ')
+
+ manage_dirs_pattern($1, non_security_file_type, non_security_file_type)
+ manage_files_pattern($1, non_security_file_type, non_security_file_type)
+ manage_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+ manage_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
+ manage_sock_files_pattern($1, non_security_file_type, non_security_file_type)
+')
+