commit: c59fbdcd0347acb36cb72b2da4e60f553121113b
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Aug 6 09:03:57 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed Aug 6 18:08:37 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c59fbdcd
Introduce files_manage_non_security_file_type interface
This interface, similar to files_manage_non_auth_files, allows the
domain to manage and work on non-security related file types. No type
attributes are set so this can be used in a tunable_policy statement if
necessary.
Naming based on the attribute used (non_security_file_type).
---
policy/modules/kernel/files.if | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index ca278d5..5d53aa4 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6728,3 +6728,27 @@ interface(`files_read_etc_runtime',`
read_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
read_lnk_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
')
+
+########################################
+## <summary>
+## Manage non-security related resources.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_manage_non_security_file_type',`
+ gen_require(`
+ attribute non_security_file_type;
+ ')
+
+ manage_dirs_pattern($1, non_security_file_type, non_security_file_type)
+ manage_files_pattern($1, non_security_file_type, non_security_file_type)
+ manage_lnk_files_pattern($1, non_security_file_type,
non_security_file_type)
+ manage_fifo_files_pattern($1, non_security_file_type,
non_security_file_type)
+ manage_sock_files_pattern($1, non_security_file_type,
non_security_file_type)
+')
+
