commit: 7a9ceb8654c69d890b28a59c361d41000070a486
Author: cgzones <cgzones <AT> googlemail <DOT> com>
AuthorDate: Fri Feb 17 15:26:22 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Feb 21 06:40:52 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=7a9ceb86
add admin_process_pattern macro
useful for MODULE_admin interfaces
policy/support/misc_patterns.spt | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
index f249fd70..cd3a1282 100644
--- a/policy/support/misc_patterns.spt
+++ b/policy/support/misc_patterns.spt
@@ -98,3 +98,16 @@ define(`ps_process_pattern',`
allow $1 $2:lnk_file read_lnk_file_perms;
allow $1 $2:process getattr;
')
+
+#
+# Process administration pattern
+#
+# Parameters:
+# 1. source domain
+# 2. target domain
+#
+define(`admin_process_pattern',`
+ ps_process_pattern($1, $2)
+
+ allow $1 $2:process { ptrace signal_perms };
+')
