commit: fd3daff45780891aec6e66182b10ddeab365baad
Author: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 24 16:45:40 2025 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Jul 15 08:04:55 2025 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=fd3daff4
kernel: use mmap_read_files_pattern instead of read_files_pattern+allow
This just replaces two occurences of
read_files_pattern()
allow $1 *:file map;
by mmap_read_files_pattern()
Signed-off-by: Marc Schiffbauer <mschiff <AT> gentoo.org>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/kernel/files.if | 3 +--
policy/modules/kernel/filesystem.if | 3 +--
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 8428afdbe..8ce60a585 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -4653,8 +4653,7 @@ interface(`files_mmap_read_kernel_modules',`
')
allow $1 modules_object_t:dir list_dir_perms;
- read_files_pattern($1, modules_object_t, modules_object_t)
- allow $1 modules_object_t:file map;
+ mmap_read_files_pattern($1, modules_object_t, modules_object_t)
read_lnk_files_pattern($1, modules_object_t, modules_object_t)
')
diff --git a/policy/modules/kernel/filesystem.if
b/policy/modules/kernel/filesystem.if
index 424a6af40..51fe5bdfd 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -2586,8 +2586,7 @@ interface(`fs_mmap_read_dos_files',`
type dosfs_t;
')
- read_files_pattern($1, dosfs_t, dosfs_t)
- allow $1 dosfs_t:file map;
+ mmap_read_files_pattern($1, dosfs_t, dosfs_t)
')
########################################
