[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/

["Sven Vermeulen" <swift@gentoo.org>]

commit:     536d7e19de29d9c93f31f3ac71698b9730ac96f9
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri Aug  8 12:33:20 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Aug 15 09:58:02 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=536d7e19

Introduce kernel_delete_unlabeled_sockets

The kernel_delete_unlabeled_sockets interface is called by the
(deprecated) files_delete_isid_type_sock_files interface in
kernel/files.if.

Signed-off-by: Sven Vermeulen <sven.vermeulen <AT> siphos.be>

---
 policy/modules/kernel/kernel.if | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index 035f101..0ed9d53 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -2872,6 +2872,23 @@ interface(`kernel_relabelfrom_unlabeled_sockets',`
 
 ########################################
 ## <summary>
+##	Delete unlabeled named sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`kernel_delete_unlabeled_sockets',`
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	delete_sock_files_pattern($1, unlabeled_t, unlabeled_t)
+')
+########################################
+## <summary>
 ##	Send and receive messages from an
 ##	unlabeled IPSEC association.
 ## </summary>