[gentoo-commits] proj/hardened-refpolicy:swift commit in: policy/modules/system/

Sven Vermeulen Mon, 24 Oct 2016 09:56:31 -0700

commit:     d95d8f98194fb82bcd0afba3ce09893911a3f146
Author:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 24 16:55:07 2016 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Oct 24 16:55:07 2016 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d95d8f98


Move miscfiles_relabel_user_certs to userdom_relabel_user_certs

 policy/modules/system/miscfiles.if  | 11 +++--------
 policy/modules/system/userdomain.if | 23 +++++++++++++++++++++++
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/policy/modules/system/miscfiles.if 
b/policy/modules/system/miscfiles.if
index d89c7c0..5b9a810 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -103,7 +103,7 @@ interface(`miscfiles_manage_user_certs',`
 
 ########################################
 ## <summary>
-##     Relabel from/to cert_home_t (user-managed SSL certificates)
+##     Relabel from/to user_cert_t (user-managed SSL certificates)
 ## </summary>
 ## <param name="domain">
 ##     <summary>
@@ -112,13 +112,8 @@ interface(`miscfiles_manage_user_certs',`
 ## </param>
 #
 interface(`miscfiles_relabel_user_certs',`
-       gen_require(`
-               type cert_home_t;
-       ')
-
-       relabel_dirs_pattern($1, cert_home_t, cert_home_t)
-       relabel_files_pattern($1, cert_home_t, cert_home_t)
-       relabel_lnk_files_pattern($1, cert_home_t, cert_home_t)
+       userdom_relabel_user_certs($1)
+       refpolicywarn(`$0() has been deprecated, please use 
userdom_relabel_user_certs() instead.')
 ')
 
 ########################################

diff --git a/policy/modules/system/userdomain.if 
b/policy/modules/system/userdomain.if
index 666292e..c4bef2b 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -4053,3 +4053,26 @@ interface(`userdom_user_home_dir_filetrans_user_cert',`
 
        userdom_user_home_dir_filetrans($1, user_cert_t, $2, $3)
 ')
+
+########################################
+## <summary>
+##     Allow relabeling resources to user_cert_t
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access
+##     </summary>
+## </param>
+#
+
+interface(`userdom_relabel_user_certs',`
+       gen_require(`
+               type user_cert_t;
+       ')
+
+       relabel_dirs_pattern($1, user_cert_t, user_cert_t)
+       relabel_files_pattern($1, user_cert_t, user_cert_t)
+       relabel_lnk_files_pattern($1, user_cert_t, user_cert_t)
+       relabel_sock_files_pattern($1, user_cert_t, user_cert_t)
+       relabel_fifo_files_pattern($1, user_cert_t, user_cert_t)
+')

[gentoo-commits] proj/hardened-refpolicy:swift commit in: policy/modules/system/

Reply via email to