commit: 044584b198f2b155849e5f00f9fdeb7531882d28 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> AuthorDate: Fri Aug 8 12:33:22 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Fri Aug 15 09:58:07 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=044584b1
Introduce kernel_delete_unlabeled_chr_files The kernel_delete_unlabeled_chr_files interface is called by the (deprecated) files_delete_isid_type_chr_files interface in kernel/files.if. Signed-off-by: Sven Vermeulen <sven.vermeulen <AT> siphos.be> --- policy/modules/kernel/kernel.if | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if index 5d978cc..c100068 100644 --- a/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if @@ -2760,6 +2760,25 @@ interface(`kernel_dontaudit_write_unlabeled_chr_files',` ######################################## ## <summary> +## Delete unlabeled character device nodes. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`kernel_delete_unlabeled_chr_files',` + gen_require(` + type unlabeled_t; + ') + + delete_chr_files_pattern($1, unlabeled_t, unlabeled_t) +') + + +######################################## +## <summary> ## Create, read, write, and delete unlabeled character device nodes. ## </summary> ## <param name="domain">
