commit: f12304725c84e011b55b3af81387a8b4c44fab13
Author: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 4 22:30:30 2024 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Mon Jan 6 21:08:11 2025 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f1230472
kernel/files: add interface files_mmap_read_usr_files
Signed-off-by: Marc Schiffbauer <mschiff <AT> gentoo.org>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
policy/modules/kernel/files.if | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index b9aaeba02..0d3a2b618 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -760,6 +760,24 @@ interface(`files_mmap_read_all_files',`
')
')
+########################################
+## <summary>
+## Read and memory map usr_t files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_mmap_read_usr_files',`
+ gen_require(`
+ type usr_t;
+ ')
+
+ mmap_read_files_pattern($1, usr_t, usr_t)
+')
+
########################################
## <summary>
## Allow shared library text relocations in all files.
