commit: 536d7e19de29d9c93f31f3ac71698b9730ac96f9 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> AuthorDate: Fri Aug 8 12:33:20 2014 +0000 Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com> CommitDate: Fri Aug 15 09:58:02 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=536d7e19
Introduce kernel_delete_unlabeled_sockets The kernel_delete_unlabeled_sockets interface is called by the (deprecated) files_delete_isid_type_sock_files interface in kernel/files.if. Signed-off-by: Sven Vermeulen <sven.vermeulen <AT> siphos.be> --- policy/modules/kernel/kernel.if | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if index 035f101..0ed9d53 100644 --- a/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if @@ -2872,6 +2872,23 @@ interface(`kernel_relabelfrom_unlabeled_sockets',` ######################################## ## <summary> +## Delete unlabeled named sockets. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`kernel_delete_unlabeled_sockets',` + gen_require(` + type unlabeled_t; + ') + + delete_sock_files_pattern($1, unlabeled_t, unlabeled_t) +') +######################################## +## <summary> ## Send and receive messages from an ## unlabeled IPSEC association. ## </summary>
