commit: 26930c8978e8ae49829ee8b13e9da9ca05e024ce Author: Luis Ressel <aranea <AT> aixah <DOT> de> AuthorDate: Thu Oct 15 10:44:42 2015 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Sat Oct 17 16:47:50 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=26930c89
portage: New read-only interfaces for srcrepo and logs Create portage_read_srcrepo and portage_read_log interfaces. policy/modules/contrib/portage.if | 40 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/policy/modules/contrib/portage.if b/policy/modules/contrib/portage.if index 4652319..962dcca 100644 --- a/policy/modules/contrib/portage.if +++ b/policy/modules/contrib/portage.if @@ -498,6 +498,46 @@ interface(`portage_read_ebuild',` ######################################## ## <summary> +## Read portage log files +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access +## </summary> +## </param> +# +interface(`portage_read_log',` + gen_require(` + type portage_log_t; + ') + + logging_search_logs($1) + read_files_pattern($1, portage_log_t, portage_log_t) +') + +######################################## +## <summary> +## Read portage src repository files +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access +## </summary> +## </param> +# +interface(`portage_read_srcrepo',` + gen_require(` + type portage_ebuild_t, portage_srcrepo_t; + ') + + files_search_usr($1) + list_dirs_pattern($1, portage_ebuild_t, portage_srcrepo_t) + read_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t) + read_lnk_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t) +') + +######################################## +## <summary> ## Do not audit writing portage cache files ## </summary> ## <param name="domain">
