From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 04304138334 for ; Sun, 11 Nov 2018 23:29:43 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 99151E0D41; Sun, 11 Nov 2018 23:29:38 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6FB8EE0D36 for ; Sun, 11 Nov 2018 23:29:38 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 8C5F9335CFE for ; Sun, 11 Nov 2018 23:29:37 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 110E5472 for ; Sun, 11 Nov 2018 23:29:33 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1541978251.682ae85bac62d08d6fadb22405f347dd194bdfdb.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/udev.if X-VCS-Directories: policy/modules/system/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 682ae85bac62d08d6fadb22405f347dd194bdfdb X-VCS-Branch: master Date: Sun, 11 Nov 2018 23:29:33 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 816e4785-286e-4e8f-8a90-c603446609a5 X-Archives-Hash: 65665de4285b303deb99afd99035ddaa commit: 682ae85bac62d08d6fadb22405f347dd194bdfdb Author: David Sugar tresys com> AuthorDate: Fri Nov 2 00:36:45 2018 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sun Nov 11 23:17:31 2018 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=682ae85b Add interface udev_run_domain This interface is useful when using the 'RUN' option in UDEV rules where udev will be executing a user executable to perform some action. This interface allows a domain transition to occur for the run action. Signed-off-by: Dave Sugar tresys.com> Signed-off-by: Jason Zaman perfinion.com> policy/modules/system/udev.if | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if index 73e994d6..2ecdf5f0 100644 --- a/policy/modules/system/udev.if +++ b/policy/modules/system/udev.if @@ -36,6 +36,37 @@ interface(`udev_domtrans',` domtrans_pattern($1, udev_exec_t, udev_t) ') +######################################## +## +## Allow udev to execute the specified program in +## the specified domain. +## +## +##

+## This is a interface to support the UDEV 'RUN' +## command. This will allow the command run by +## udev to be run in a domain other than udev_t. +##

+## +## +## +## Domain to execute in. +## +## +## +## +## Domain entry point file. +## +## +# +interface(`udev_run_domain',` + gen_require(` + type udev_t; + ') + + domtrans_pattern(udev_t,$2,$1) +') + ######################################## ## ## Execute udev in the caller domain.