834062 Implement miscfiles_cert_type().

30 files Authored by Dominick Grift 14 years ago, Committed by Chris PeBenito 14 years ago,
30 files changed. 149 lines added. 42 lines removed.
policy/modules/services/abrt.te
file modified
+1 -1
policy/modules/services/amavis.te
file modified
+1 -1
policy/modules/services/apache.te
file modified
+1 -1
policy/modules/services/automount.te
file modified
+1 -1
policy/modules/services/avahi.te
file modified
+1 -1
policy/modules/services/bind.te
file modified
+1 -1
policy/modules/services/certmaster.if
file modified
+2 -2
policy/modules/services/certmonger.te
file modified
+1 -1
policy/modules/services/cyrus.te
file modified
+1 -1
policy/modules/services/dbus.te
file modified
+1 -1
policy/modules/services/dovecot.te
file modified
+1 -1
policy/modules/services/exim.te
file modified
+1 -1
policy/modules/services/fetchmail.te
file modified
+1 -1
policy/modules/services/ldap.te
file modified
+1 -1
policy/modules/services/networkmanager.te
file modified
+1 -1
policy/modules/services/openvpn.te
file modified
+1 -1
policy/modules/services/postfix.if
file modified
+1 -1
policy/modules/services/radius.te
file modified
+1 -1
policy/modules/services/rpc.te
file modified
+2 -2
policy/modules/services/sasl.te
file modified
+1 -1
policy/modules/services/sendmail.te
file modified
+1 -1
policy/modules/services/squid.te
file modified
+1 -1
policy/modules/services/ssh.if
file modified
+1 -1
policy/modules/services/virt.te
file modified
+1 -1
policy/modules/services/w3c.te
file modified
+1 -1
policy/modules/system/authlogin.if
file modified
+2 -2
policy/modules/system/authlogin.te
file modified
+1 -1
policy/modules/system/miscfiles.if
file modified
+115 -9
policy/modules/system/miscfiles.te
file modified
+3 -2
policy/modules/system/userdomain.if
file modified
+1 -1
    Implement miscfiles_cert_type().
    
    This is based on Fedoras' miscfiles_cert_type implementation.
    The idea was that openvpn needs to be able read home certificates (home_cert_t) which is not implemented in refpolicy yet, as well as generic cert_t certificates.
    
    Note that openvpn is allowed to read all cert_types, as i know that it needs access to both generic cert_t as well as (future) home_cert_t. Dwalsh noted that other domains may need this as well but because i do not know exactly which domains i will not changes any other domains call to generic cert type interfaces.
    
    Signed-off-by: Dominick Grift <domg472@gmail.com>