diff options
| author | Chris PeBenito <cpebenito@tresys.com> | 2009-08-31 09:38:47 -0400 |
|---|---|---|
| committer | Chris PeBenito <cpebenito@tresys.com> | 2009-08-31 09:38:47 -0400 |
| commit | a9e9678fc75de5fe3c6d35c46e74fac3fcf6b2fe (patch) | |
| tree | 1f06bb8d89039f71bb740c7a1324899a3bff8207 | |
| parent | aaff2fcfcd7023cc400b908c5d44002528ca5195 (diff) | |
kismet patch from dan.
| -rw-r--r-- | policy/modules/admin/kismet.if | 1 | ||||
| -rw-r--r-- | policy/modules/admin/kismet.te | 17 | ||||
| -rw-r--r-- | policy/modules/system/userdomain.if | 20 | ||||
| -rw-r--r-- | policy/modules/system/userdomain.te | 2 |
4 files changed, 38 insertions, 2 deletions
diff --git a/policy/modules/admin/kismet.if b/policy/modules/admin/kismet.if index b4cf1326..b630279d 100644 --- a/policy/modules/admin/kismet.if +++ b/policy/modules/admin/kismet.if @@ -16,6 +16,7 @@ interface(`kismet_domtrans',` ') domtrans_pattern($1, kismet_exec_t, kismet_t) + allow kismet_t $1:process signull; ') ######################################## diff --git a/policy/modules/admin/kismet.te b/policy/modules/admin/kismet.te index dbbd9e0b..49ed789e 100644 --- a/policy/modules/admin/kismet.te +++ b/policy/modules/admin/kismet.te @@ -1,5 +1,5 @@ -policy_module(kismet, 1.3.0) +policy_module(kismet, 1.3.1) ######################################## # @@ -17,6 +17,9 @@ logging_log_file(kismet_log_t) type kismet_tmp_t; files_tmp_file(kismet_tmp_t) +type kismet_tmpfs_t; +files_tmp_file(kismet_tmpfs_t) + type kismet_var_lib_t; files_type(kismet_var_lib_t) @@ -44,6 +47,10 @@ manage_dirs_pattern(kismet_t, kismet_tmp_t, kismet_tmp_t) manage_files_pattern(kismet_t, kismet_tmp_t, kismet_tmp_t) files_tmp_filetrans(kismet_t, kismet_tmp_t, { file dir }) +manage_dirs_pattern(kismet_t, kismet_tmpfs_t, kismet_tmpfs_t) +manage_files_pattern(kismet_t, kismet_tmpfs_t, kismet_tmpfs_t) +fs_tmpfs_filetrans(kismet_t, kismet_tmpfs_t, { dir file }) + allow kismet_t kismet_var_lib_t:file manage_file_perms; allow kismet_t kismet_var_lib_t:dir manage_dir_perms; files_var_lib_filetrans(kismet_t, kismet_var_lib_t, { file dir }) @@ -53,6 +60,7 @@ allow kismet_t kismet_var_run_t:dir manage_dir_perms; files_pid_filetrans(kismet_t, kismet_var_run_t, { file dir }) kernel_search_debugfs(kismet_t) +kernel_read_system_state(kismet_t) corecmd_exec_bin(kismet_t) @@ -74,3 +82,10 @@ files_read_usr_files(kismet_t) miscfiles_read_localization(kismet_t) userdom_use_user_terminals(kismet_t) +userdom_read_user_tmpfs_files(kismet_t) + +optional_policy(` + dbus_system_bus_client(kismet_t) + + networkmanager_dbus_chat(kismet_t) +') diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index 41bb2eeb..f209ccff 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -2399,6 +2399,26 @@ interface(`userdom_tmp_filetrans_user_tmp',` ## </summary> ## </param> # +interface(`userdom_read_user_tmpfs_files',` + gen_require(` + type user_tmpfs_t; + ') + + read_files_pattern($1, user_tmpfs_t, user_tmpfs_t) + allow $1 user_tmpfs_t:dir list_dir_perms; + fs_search_tmpfs($1) +') + +######################################## +## <summary> +## Read user tmpfs files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# interface(`userdom_rw_user_tmpfs_files',` gen_require(` type user_tmpfs_t; diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te index bda2964a..6bdd0813 100644 --- a/policy/modules/system/userdomain.te +++ b/policy/modules/system/userdomain.te @@ -1,5 +1,5 @@ -policy_module(userdomain, 4.2.3) +policy_module(userdomain, 4.2.4) ######################################## # |