commit: 03082087c0e7ca8f63e18f125ae24b73ca0c9e1b Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> AuthorDate: Fri Apr 4 20:52:52 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Fri Apr 11 17:47:56 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=03082087
Create new xattrfs attribute and fs_getattr_all_xattr_fs() interface Create a new attribute and fs_getattr_all_xattr_fs() interface that will be used for all the filesystems that support xattr --- policy/modules/kernel/filesystem.if | 58 +++++++++++++++++++++++++++++++++++++ policy/modules/kernel/filesystem.te | 1 + 2 files changed, 59 insertions(+) diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if index e7d05e7..5b80ee2 100644 --- a/policy/modules/kernel/filesystem.if +++ b/policy/modules/kernel/filesystem.if @@ -108,6 +108,64 @@ interface(`fs_exec_noxattr',` ######################################## ## <summary> +## Transform specified type into a filesystem +## type which has extended attribute +## support. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`fs_xattr_type',` + gen_require(` + attribute xattrfs; + ') + + fs_type($1) + + typeattribute $1 xattrfs; +') + +######################################## +## <summary> +## Get the attributes of all the +## filesystems which have extended +## attributes. +## This includes pseudo filesystems. +## </summary> +## <desc> +## <p> +## Allow the specified domain to +## get the attributes of a filesystems +## which have extended attributes. +## Example attributes: +## </p> +## <ul> +## <li>Type of the file system (e.g., tmpfs)</li> +## <li>Size of the file system</li> +## <li>Available space on the file system</li> +## </ul> +## </desc> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <infoflow type="read" weight="5"/> +## <rolecap/> +# +interface(`fs_getattr_all_xattr_fs',` + gen_require(` + attribute xattrfs; + ') + + allow $1 xattrfs:filesystem getattr; +') + +######################################## +## <summary> ## Mount a persistent filesystem which ## has extended attributes, such as ## ext3, JFS, or XFS. diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te index 0e09942..abaf5c0 100644 --- a/policy/modules/kernel/filesystem.te +++ b/policy/modules/kernel/filesystem.te @@ -8,6 +8,7 @@ policy_module(filesystem, 1.18.0) attribute filesystem_type; attribute filesystem_unconfined_type; attribute noxattrfs; +attribute xattrfs; ############################## #
