commit: 830377badedee4af85544b6f5c856c71031520e5
Author: Kenton Groombridge <me <AT> concord <DOT> sh>
AuthorDate: Wed Oct 13 22:46:07 2021 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Nov 20 22:58:24 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=830377ba
mono: use user exec domain attribute
Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/apps/mono.if | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/policy/modules/apps/mono.if b/policy/modules/apps/mono.if
index f37db3e8..ef116c39 100644
--- a/policy/modules/apps/mono.if
+++ b/policy/modules/apps/mono.if
@@ -12,18 +12,23 @@
## </desc>
## <param name="role_prefix">
## <summary>
-## The prefix of the user domain (e.g., user
-## is the prefix for user_t).
+## The prefix of the user role (e.g., user
+## is the prefix for user_r).
## </summary>
## </param>
-## <param name="user_role">
+## <param name="user_domain">
## <summary>
-## The role associated with the user domain.
+## User domain for the role.
## </summary>
## </param>
-## <param name="user_domain">
+## <param name="user_exec_domain">
+## <summary>
+## User exec domain for execute and transition access.
+## </summary>
+## </param>
+## <param name="role">
## <summary>
-## The type of the user domain.
+## Role allowed access
## </summary>
## </param>
#
@@ -54,16 +59,16 @@ template(`mono_role_template',`
domtrans_pattern($3, mono_exec_t, $1_mono_t)
allow $3 $1_mono_t:process { ptrace noatsecure signal_perms };
- ps_process_pattern($2, $1_mono_t)
+ ps_process_pattern($3, $1_mono_t)
- corecmd_bin_domtrans($1_mono_t, $3)
+ corecmd_bin_domtrans($1_mono_t, $2)
userdom_manage_user_tmpfs_files($1_mono_t)
optional_policy(`
fs_dontaudit_rw_tmpfs_files($1_mono_t)
- xserver_role($1, $1_mono_t, $1_application_exec_domain, $1_r)
+ xserver_role($1, $1_mono_t, $3, $4)
')
')
