rpms / fapolicyd

Clone
Source Code
GIT

Blame SOURCES/fapolicyd-selinux.patch

c8 c8-beta c8s c9 c9-beta
  1.   5c957884c5d163c78631616aae63e99e94173b58
  2.   SOURCES
  3.   fapolicyd-selinux.patch
Blob History Raw
5c9578 
diff --color -ru a/fapolicyd-selinux-0.4/fapolicyd.if b/fapolicyd-selinux-0.4/fapolicyd.if
5c9578 
--- a/fapolicyd-selinux-0.4/fapolicyd.if	2021-03-23 10:21:31.000000000 +0100
5c9578 
+++ b/fapolicyd-selinux-0.4/fapolicyd.if	2021-12-14 13:35:17.842430123 +0100
5c9578 
@@ -2,6 +2,122 @@
5c9578
5c9578 
 ########################################
5c9578 
 ## <summary>
5c9578 
+##	Watch_mount directories in /boot.
5c9578 
+## </summary>
5c9578 
+## <param name="domain">
5c9578 
+##	<summary>
5c9578 
+##	Domain allowed access.
5c9578 
+##	</summary>
5c9578 
+## </param>
5c9578 
+#
5c9578 
+
5c9578 
+ifndef(`files_watch_mount_boot_dirs',`
5c9578 
+    interface(`files_watch_mount_boot_dirs',`
5c9578 
+        gen_require(`
5c9578 
+            type boot_t;
5c9578 
+	    ')
5c9578 
+
5c9578 
+	        allow $1 boot_t:dir watch_mount_dir_perms;
5c9578 
+    ')
5c9578 
+')
5c9578 
+
5c9578 
+
5c9578 
+########################################
5c9578 
+## <summary>
5c9578 
+##	Watch_mount home directories.
5c9578 
+## </summary>
5c9578 
+## <param name="domain">
5c9578 
+##	<summary>
5c9578 
+##	Domain allowed access.
5c9578 
+##	</summary>
5c9578 
+## </param>
5c9578 
+#
5c9578 
+
5c9578 
+ifndef(`files_watch_mount_home',`
5c9578 
+    interface(`files_watch_mount_home',`
5c9578 
+        gen_require(`
5c9578 
+            type home_root_t;
5c9578 
+	    ')
5c9578 
+
5c9578 
+	    allow $1 home_root_t:dir watch_mount_dir_perms;
5c9578 
+    ')
5c9578 
+')
5c9578 
+
5c9578 
+
5c9578 
+########################################
5c9578 
+## <summary>
5c9578 
+##	Watch_with_perm home directories.
5c9578 
+## </summary>
5c9578 
+## <param name="domain">
5c9578 
+##	<summary>
5c9578 
+##	Domain allowed access.
5c9578 
+##	</summary>
5c9578 
+## </param>
5c9578 
+#
5c9578 
+
5c9578 
+ifndef(`files_watch_with_perm_home',`
5c9578 
+interface(`files_watch_with_perm_home',`
5c9578 
+	gen_require(`
5c9578 
+		type home_root_t;
5c9578 
+	')
5c9578 
+
5c9578 
+	allow $1 home_root_t:dir watch_with_perm_dir_perms;
5c9578 
+')
5c9578 
+')
5c9578 
+
5c9578 
+
5c9578 
+########################################
5c9578 
+## <summary>
5c9578 
+##	Watch_mount dirs on a DOS filesystem.
5c9578 
+## </summary>
5c9578 
+## <param name="domain">
5c9578 
+##	<summary>
5c9578 
+##	Domain allowed access.
5c9578 
+##	</summary>
5c9578 
+## </param>
5c9578 
+#
5c9578 
+
5c9578 
+ifndef(`fs_watch_mount_dos_dirs',`
5c9578 
+interface(`fs_watch_mount_dos_dirs',`
5c9578 
+	gen_require(`
5c9578 
+		type dosfs_t;
5c9578 
+	')
5c9578 
+
5c9578 
+	watch_mount_dirs_pattern($1, dosfs_t, dosfs_t)
5c9578 
+')
5c9578 
+')
5c9578 
+
5c9578 
+
5c9578 
+
5c9578 
+########################################
5c9578 
+## <summary>
5c9578 
+##	Watch_with_perm dirs on a DOS filesystem.
5c9578 
+## </summary>
5c9578 
+## <param name="domain">
5c9578 
+##	<summary>
5c9578 
+##	Domain allowed access.
5c9578 
+##	</summary>
5c9578 
+## </param>
5c9578 
+#
5c9578 
+
5c9578 
+ifndef(`fs_watch_with_perm_dos_dirs',`
5c9578 
+interface(`fs_watch_with_perm_dos_dirs',`
5c9578 
+	gen_require(`
5c9578 
+		type dosfs_t;
5c9578 
+	')
5c9578 
+
5c9578 
+	watch_with_perm_dirs_pattern($1, dosfs_t, dosfs_t)
5c9578 
+')
5c9578 
+')
5c9578 
+
5c9578 
+
5c9578 
+###################################################################################################
5c9578 
+
5c9578 
+
5c9578 
+
5c9578 
+
5c9578 
+########################################
5c9578 
+## <summary>
5c9578 
 ##	Execute fapolicyd_exec_t in the fapolicyd domain.
5c9578 
 ## </summary>
5c9578 
 ## <param name="domain">
5c9578 
diff --color -ru a/fapolicyd-selinux-0.4/fapolicyd.te b/fapolicyd-selinux-0.4/fapolicyd.te
5c9578 
--- a/fapolicyd-selinux-0.4/fapolicyd.te	2021-03-23 10:21:31.000000000 +0100
5c9578 
+++ b/fapolicyd-selinux-0.4/fapolicyd.te	2021-12-14 13:35:17.842430123 +0100
5c9578 
@@ -1,5 +1,6 @@
5c9578 
 policy_module(fapolicyd, 1.0.0)
5c9578
5c9578 
+
5c9578 
 ########################################
5c9578 
 #
5c9578 
 # Declarations
5c9578 
@@ -36,6 +37,12 @@
5c9578 
 allow fapolicyd_t self:unix_stream_socket create_stream_socket_perms;
5c9578 
 allow fapolicyd_t self:unix_dgram_socket create_socket_perms;
5c9578
5c9578 
+gen_require(`
5c9578 
+	attribute file_type;
5c9578 
+')
5c9578 
+allow fapolicyd_t file_type:dir { watch_mount watch_with_perm };
5c9578 
+allow fapolicyd_t file_type:file { watch_mount watch_with_perm };
5c9578 
+
5c9578 
 manage_files_pattern(fapolicyd_t, fapolicyd_log_t, fapolicyd_log_t)
5c9578 
 logging_log_filetrans(fapolicyd_t, fapolicyd_log_t, file)
5c9578
5c9578 
@@ -63,14 +70,20 @@
5c9578
5c9578 
 files_mmap_usr_files(fapolicyd_t)
5c9578 
 files_read_all_files(fapolicyd_t)
5c9578 
+files_watch_mount_boot_dirs(fapolicyd_t)
5c9578 
+files_watch_with_perm_boot_dirs(fapolicyd_t)
5c9578 
 files_watch_mount_generic_tmp_dirs(fapolicyd_t)
5c9578 
 files_watch_with_perm_generic_tmp_dirs(fapolicyd_t)
5c9578 
+files_watch_mount_home(fapolicyd_t)
5c9578 
+files_watch_with_perm_home(fapolicyd_t)
5c9578 
 files_watch_mount_root_dirs(fapolicyd_t)
5c9578 
 files_watch_with_perm_root_dirs(fapolicyd_t)
5c9578
5c9578 
 fs_getattr_xattr_fs(fapolicyd_t)
5c9578 
 fs_watch_mount_tmpfs_dirs(fapolicyd_t)
5c9578 
 fs_watch_with_perm_tmpfs_dirs(fapolicyd_t)
5c9578 
+fs_watch_mount_dos_dirs(fapolicyd_t)
5c9578 
+fs_watch_with_perm_dos_dirs(fapolicyd_t)
5c9578
5c9578 
 logging_send_syslog_msg(fapolicyd_t)
5c9578 
 dbus_system_bus_client(fapolicyd_t)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation