commit:     a6f544e3a81cd674dc4bbda69ac49862a0796e7e
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sat Jul 30 20:25:05 2016 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sun Jul 31 10:37:38 2016 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a6f544e3

Boinc updates from Russell Coker.

 policy/modules/contrib/boinc.fc |  4 ++++
 policy/modules/contrib/boinc.te | 15 +++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/policy/modules/contrib/boinc.fc b/policy/modules/contrib/boinc.fc
index 6d3ccad..e1e53a6 100644
--- a/policy/modules/contrib/boinc.fc
+++ b/policy/modules/contrib/boinc.fc
@@ -1,9 +1,13 @@
+/etc/boinc-client/global_prefs_override.xml -- 
gen_context(system_u:object_r:boinc_var_lib_t,s0)
 /etc/rc\.d/init\.d/boinc-client        --      
gen_context(system_u:object_r:boinc_initrc_exec_t,s0)
 
+/usr/bin/boinc         --      gen_context(system_u:object_r:boinc_exec_t,s0)
 /usr/bin/boinc_client  --      gen_context(system_u:object_r:boinc_exec_t,s0)
 
 /var/lib/boinc(/.*)?   gen_context(system_u:object_r:boinc_var_lib_t,s0)
+/var/lib/boinc-client(/.*)?    
gen_context(system_u:object_r:boinc_var_lib_t,s0)
 /var/lib/boinc/projects(/.*)?  
gen_context(system_u:object_r:boinc_project_var_lib_t,s0)
 /var/lib/boinc/slots(/.*)?     
gen_context(system_u:object_r:boinc_project_var_lib_t,s0)
 
 /var/log/boinc\.log.*  --      gen_context(system_u:object_r:boinc_log_t,s0)
+/var/log/boincerr\.log.*       --      
gen_context(system_u:object_r:boinc_log_t,s0)

diff --git a/policy/modules/contrib/boinc.te b/policy/modules/contrib/boinc.te
index c24cb7b..58468ea 100644
--- a/policy/modules/contrib/boinc.te
+++ b/policy/modules/contrib/boinc.te
@@ -1,4 +1,4 @@
-policy_module(boinc, 1.3.0)
+policy_module(boinc, 1.3.1)
 
 ########################################
 #
@@ -54,6 +54,8 @@ allow boinc_t self:shm create_shm_perms;
 allow boinc_t self:fifo_file rw_fifo_file_perms;
 allow boinc_t self:sem create_sem_perms;
 
+can_exec(boinc_t, boinc_exec_t)
+
 manage_dirs_pattern(boinc_t, boinc_tmp_t, boinc_tmp_t)
 manage_files_pattern(boinc_t, boinc_tmp_t, boinc_tmp_t)
 files_tmp_filetrans(boinc_t, boinc_tmp_t, { dir file })
@@ -71,12 +73,13 @@ manage_files_pattern(boinc_t, boinc_project_var_lib_t, 
boinc_project_var_lib_t)
 filetrans_pattern(boinc_t, boinc_var_lib_t, boinc_project_var_lib_t, dir, 
"slots")
 filetrans_pattern(boinc_t, boinc_var_lib_t, boinc_project_var_lib_t, dir, 
"projects")
 
-append_files_pattern(boinc_t, boinc_log_t, boinc_log_t)
+manage_files_pattern(boinc_t, boinc_log_t, boinc_log_t)
 create_files_pattern(boinc_t, boinc_log_t, boinc_log_t)
 setattr_files_pattern(boinc_t, boinc_log_t, boinc_log_t)
 logging_log_filetrans(boinc_t, boinc_log_t, file)
 
 can_exec(boinc_t, boinc_var_lib_t)
+libs_exec_lib_files(boinc_t)
 
 domtrans_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_t)
 
@@ -188,8 +191,16 @@ corenet_sendrecv_boinc_client_packets(boinc_project_t)
 corenet_tcp_connect_boinc_port(boinc_project_t)
 corenet_tcp_sendrecv_boinc_port(boinc_project_t)
 
+dev_getattr_input_dev(boinc_t)
+dev_getattr_mouse_dev(boinc_t)
+
 files_dontaudit_search_home(boinc_project_t)
 
+term_getattr_ptmx(boinc_t)
+term_getattr_generic_ptys(boinc_t)
+
+userdom_getattr_user_ttys(boinc_t)
+
 optional_policy(`
        java_exec(boinc_project_t)
 ')

Reply via email to