[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/

Sven Vermeulen Mon, 24 Oct 2016 10:14:52 -0700

commit:     b2555d98366d548d5bffc6cf5d07f4314e5815e4
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sun Oct  9 05:08:41 2016 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Oct 24 17:13:49 2016 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=b2555d98


DO NOT MERGE. sync user_cert_t cert_home_t with upstream

Need to upstream userdom_user_home_dir_filetrans_user_cert interface

 policy/modules/system/userdomain.if | 30 ++++++++++++++++++++++++++++++
 policy/modules/system/userdomain.te |  2 +-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/policy/modules/system/userdomain.if 
b/policy/modules/system/userdomain.if
index c4bef2b..e8659da 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -2465,6 +2465,36 @@ interface(`userdom_manage_user_certs',`
 
 ########################################
 ## <summary>
+##     Automatically use the user_cert_t label for
+##     selected resources created in a users home
+##     directory
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access
+##     </summary>
+## </param>
+## <param name="class">
+##     <summary>
+##     Resource type(s) for which the label should be used
+##     </summary>
+## </param>
+## <param name="filename" optional="true">
+##     <summary>
+##     Name of the resource that is being created
+##     </summary>
+## </param>
+#
+interface(`userdom_user_home_dir_filetrans_user_cert',`
+       gen_require(`
+               type user_cert_t;
+       ')
+
+       userdom_user_home_dir_filetrans($1, user_cert_t, $2, $3)
+')
+
+########################################
+## <summary>
 ##     Write to user temporary named sockets.
 ## </summary>
 ## <param name="domain">

diff --git a/policy/modules/system/userdomain.te 
b/policy/modules/system/userdomain.te
index d147a56..43ac9a2 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -93,7 +93,7 @@ files_associate_tmp(user_home_t)
 files_poly_parent(user_home_t)
 files_mountpoint(user_home_t)
 
-type user_cert_t;
+type user_cert_t alias cert_home_t;
 userdom_user_home_content(user_cert_t)
 
 type user_devpts_t alias { staff_devpts_t sysadm_devpts_t secadm_devpts_t 
auditadm_devpts_t unconfined_devpts_t };

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/

Reply via email to