[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

[Jason Zaman]

commit:     53699de58543c87fc116e7ed9fcd3e89555cb890
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Mon Oct 30 07:46:01 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Oct 30 09:37:46 2017 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=53699de5

rtorrent: session dir fixes and allow exec for post download hooks

 policy/modules/contrib/rtorrent.fc | 1 +
 policy/modules/contrib/rtorrent.if | 4 ++--
 policy/modules/contrib/rtorrent.te | 8 +++++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/policy/modules/contrib/rtorrent.fc 
b/policy/modules/contrib/rtorrent.fc
index fb391dfc..65a77bf0 100644
--- a/policy/modules/contrib/rtorrent.fc
+++ b/policy/modules/contrib/rtorrent.fc
@@ -1,4 +1,5 @@
 HOME_DIR/.rtorrent.rc  --      
gen_context(system_u:object_r:rtorrent_home_t,s0)
 HOME_DIR/.rtsession(/.*)?      
gen_context(system_u:object_r:rtorrent_session_t,s0)
+HOME_DIR/.rtorrent(/.*)?       
gen_context(system_u:object_r:rtorrent_session_t,s0)
 
 /usr/bin/rtorrent      --      
gen_context(system_u:object_r:rtorrent_exec_t,s0)

diff --git a/policy/modules/contrib/rtorrent.if 
b/policy/modules/contrib/rtorrent.if
index 790f8893..8818b654 100644
--- a/policy/modules/contrib/rtorrent.if
+++ b/policy/modules/contrib/rtorrent.if
@@ -28,8 +28,8 @@ interface(`rtorrent_role',`
 
        manage_files_pattern($2, rtorrent_home_t, rtorrent_home_t)
 
-       read_files_pattern($2, rtorrent_session_t, rtorrent_session_t)
-       list_dirs_pattern($2, rtorrent_session_t, rtorrent_session_t)
+       manage_files_pattern($2, rtorrent_session_t, rtorrent_session_t)
+       manage_dirs_pattern($2, rtorrent_session_t, rtorrent_session_t)
 
        ps_process_pattern($2, rtorrent_t)
 ')

diff --git a/policy/modules/contrib/rtorrent.te 
b/policy/modules/contrib/rtorrent.te
index bf12b0c0..e7f7c354 100644
--- a/policy/modules/contrib/rtorrent.te
+++ b/policy/modules/contrib/rtorrent.te
@@ -54,10 +54,15 @@ corenet_tcp_sendrecv_all_ports(rtorrent_t)
 domain_use_interactive_fds(rtorrent_t)
 
 files_list_home(rtorrent_t)
+files_list_tmp(rtorrent_t)
+files_list_var(rtorrent_t)
 files_read_etc_files(rtorrent_t)
 
 fs_getattr_xattr_fs(rtorrent_t)
 
+kernel_read_system_state(rtorrent_t)
+
+miscfiles_read_generic_certs(rtorrent_t)
 miscfiles_read_localization(rtorrent_t)
 
 sysnet_read_config(rtorrent_t)
@@ -75,7 +80,8 @@ tunable_policy(`rtorrent_use_dht',`
 tunable_policy(`rtorrent_use_rsync',`
        allow rtorrent_t self:unix_stream_socket { create connect write read };
 
-       corecmd_search_bin(rtorrent_t)  
+       corecmd_exec_bin(rtorrent_t)
+       corecmd_exec_shell(rtorrent_t)
 
        corenet_sendrecv_rsync_client_packets(rtorrent_t)
        corenet_tcp_connect_rsync_port(rtorrent_t)