commit: 830377badedee4af85544b6f5c856c71031520e5 Author: Kenton Groombridge <me <AT> concord <DOT> sh> AuthorDate: Wed Oct 13 22:46:07 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Nov 20 22:58:24 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=830377ba
mono: use user exec domain attribute Signed-off-by: Kenton Groombridge <me <AT> concord.sh> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/apps/mono.if | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/policy/modules/apps/mono.if b/policy/modules/apps/mono.if index f37db3e8..ef116c39 100644 --- a/policy/modules/apps/mono.if +++ b/policy/modules/apps/mono.if @@ -12,18 +12,23 @@ ## </desc> ## <param name="role_prefix"> ## <summary> -## The prefix of the user domain (e.g., user -## is the prefix for user_t). +## The prefix of the user role (e.g., user +## is the prefix for user_r). ## </summary> ## </param> -## <param name="user_role"> +## <param name="user_domain"> ## <summary> -## The role associated with the user domain. +## User domain for the role. ## </summary> ## </param> -## <param name="user_domain"> +## <param name="user_exec_domain"> +## <summary> +## User exec domain for execute and transition access. +## </summary> +## </param> +## <param name="role"> ## <summary> -## The type of the user domain. +## Role allowed access ## </summary> ## </param> # @@ -54,16 +59,16 @@ template(`mono_role_template',` domtrans_pattern($3, mono_exec_t, $1_mono_t) allow $3 $1_mono_t:process { ptrace noatsecure signal_perms }; - ps_process_pattern($2, $1_mono_t) + ps_process_pattern($3, $1_mono_t) - corecmd_bin_domtrans($1_mono_t, $3) + corecmd_bin_domtrans($1_mono_t, $2) userdom_manage_user_tmpfs_files($1_mono_t) optional_policy(` fs_dontaudit_rw_tmpfs_files($1_mono_t) - xserver_role($1, $1_mono_t, $1_application_exec_domain, $1_r) + xserver_role($1, $1_mono_t, $3, $4) ') ')