commit: a6f544e3a81cd674dc4bbda69ac49862a0796e7e
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sat Jul 30 20:25:05 2016 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sun Jul 31 10:37:38 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a6f544e3
Boinc updates from Russell Coker.
policy/modules/contrib/boinc.fc | 4 ++++
policy/modules/contrib/boinc.te | 15 +++++++++++++--
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/boinc.fc b/policy/modules/contrib/boinc.fc
index 6d3ccad..e1e53a6 100644
--- a/policy/modules/contrib/boinc.fc
+++ b/policy/modules/contrib/boinc.fc
@@ -1,9 +1,13 @@
+/etc/boinc-client/global_prefs_override.xml --
gen_context(system_u:object_r:boinc_var_lib_t,s0)
/etc/rc\.d/init\.d/boinc-client --
gen_context(system_u:object_r:boinc_initrc_exec_t,s0)
+/usr/bin/boinc -- gen_context(system_u:object_r:boinc_exec_t,s0)
/usr/bin/boinc_client -- gen_context(system_u:object_r:boinc_exec_t,s0)
/var/lib/boinc(/.*)? gen_context(system_u:object_r:boinc_var_lib_t,s0)
+/var/lib/boinc-client(/.*)?
gen_context(system_u:object_r:boinc_var_lib_t,s0)
/var/lib/boinc/projects(/.*)?
gen_context(system_u:object_r:boinc_project_var_lib_t,s0)
/var/lib/boinc/slots(/.*)?
gen_context(system_u:object_r:boinc_project_var_lib_t,s0)
/var/log/boinc\.log.* -- gen_context(system_u:object_r:boinc_log_t,s0)
+/var/log/boincerr\.log.* --
gen_context(system_u:object_r:boinc_log_t,s0)
diff --git a/policy/modules/contrib/boinc.te b/policy/modules/contrib/boinc.te
index c24cb7b..58468ea 100644
--- a/policy/modules/contrib/boinc.te
+++ b/policy/modules/contrib/boinc.te
@@ -1,4 +1,4 @@
-policy_module(boinc, 1.3.0)
+policy_module(boinc, 1.3.1)
########################################
#
@@ -54,6 +54,8 @@ allow boinc_t self:shm create_shm_perms;
allow boinc_t self:fifo_file rw_fifo_file_perms;
allow boinc_t self:sem create_sem_perms;
+can_exec(boinc_t, boinc_exec_t)
+
manage_dirs_pattern(boinc_t, boinc_tmp_t, boinc_tmp_t)
manage_files_pattern(boinc_t, boinc_tmp_t, boinc_tmp_t)
files_tmp_filetrans(boinc_t, boinc_tmp_t, { dir file })
@@ -71,12 +73,13 @@ manage_files_pattern(boinc_t, boinc_project_var_lib_t,
boinc_project_var_lib_t)
filetrans_pattern(boinc_t, boinc_var_lib_t, boinc_project_var_lib_t, dir,
"slots")
filetrans_pattern(boinc_t, boinc_var_lib_t, boinc_project_var_lib_t, dir,
"projects")
-append_files_pattern(boinc_t, boinc_log_t, boinc_log_t)
+manage_files_pattern(boinc_t, boinc_log_t, boinc_log_t)
create_files_pattern(boinc_t, boinc_log_t, boinc_log_t)
setattr_files_pattern(boinc_t, boinc_log_t, boinc_log_t)
logging_log_filetrans(boinc_t, boinc_log_t, file)
can_exec(boinc_t, boinc_var_lib_t)
+libs_exec_lib_files(boinc_t)
domtrans_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_t)
@@ -188,8 +191,16 @@ corenet_sendrecv_boinc_client_packets(boinc_project_t)
corenet_tcp_connect_boinc_port(boinc_project_t)
corenet_tcp_sendrecv_boinc_port(boinc_project_t)
+dev_getattr_input_dev(boinc_t)
+dev_getattr_mouse_dev(boinc_t)
+
files_dontaudit_search_home(boinc_project_t)
+term_getattr_ptmx(boinc_t)
+term_getattr_generic_ptys(boinc_t)
+
+userdom_getattr_user_ttys(boinc_t)
+
optional_policy(`
java_exec(boinc_project_t)
')
