commit: 8fdebd557db3d293e40ef47be7cbff315576beab
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Thu Feb 15 22:09:45 2018 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 18 11:19:30 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8fdebd55
Simple map patch from Russell Coker.
policy/modules/contrib/dictd.te | 3 ++-
policy/modules/contrib/dpkg.if | 18 ++++++++++++++++++
policy/modules/contrib/dpkg.te | 2 +-
policy/modules/contrib/logrotate.te | 3 ++-
policy/modules/contrib/tor.te | 2 +-
5 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/policy/modules/contrib/dictd.te b/policy/modules/contrib/dictd.te
index acf5c932..6cad541b 100644
--- a/policy/modules/contrib/dictd.te
+++ b/policy/modules/contrib/dictd.te
@@ -1,4 +1,4 @@
-policy_module(dictd, 1.11.0)
+policy_module(dictd, 1.11.1)
########################################
#
@@ -57,6 +57,7 @@ dev_read_sysfs(dictd_t)
domain_use_interactive_fds(dictd_t)
+files_map_usr_files(dictd_t)
files_read_etc_runtime_files(dictd_t)
files_read_usr_files(dictd_t)
files_search_var_lib(dictd_t)
diff --git a/policy/modules/contrib/dpkg.if b/policy/modules/contrib/dpkg.if
index c753ad62..a5e88d6f 100644
--- a/policy/modules/contrib/dpkg.if
+++ b/policy/modules/contrib/dpkg.if
@@ -301,3 +301,21 @@ interface(`dpkg_manage_script_tmp_files',`
allow $1 dpkg_script_tmp_t:dir manage_dir_perms;
allow $1 dpkg_script_tmp_t:file manage_file_perms;
')
+
+########################################
+## <summary>
+## map dpkg_script_tmp_t files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dpkg_map_script_tmp_files',`
+ gen_require(`
+ type dpkg_script_tmp_t;
+ ')
+
+ allow $1 dpkg_script_tmp_t:file map;
+')
diff --git a/policy/modules/contrib/dpkg.te b/policy/modules/contrib/dpkg.te
index 0ff59b94..e7747bc7 100644
--- a/policy/modules/contrib/dpkg.te
+++ b/policy/modules/contrib/dpkg.te
@@ -1,4 +1,4 @@
-policy_module(dpkg, 1.12.0)
+policy_module(dpkg, 1.12.1)
########################################
#
diff --git a/policy/modules/contrib/logrotate.te
b/policy/modules/contrib/logrotate.te
index 4bb9da7b..2490cdfa 100644
--- a/policy/modules/contrib/logrotate.te
+++ b/policy/modules/contrib/logrotate.te
@@ -1,4 +1,4 @@
-policy_module(logrotate, 1.20.0)
+policy_module(logrotate, 1.20.1)
########################################
#
@@ -77,6 +77,7 @@ domain_use_interactive_fds(logrotate_t)
domain_getattr_all_entry_files(logrotate_t)
domain_read_all_domains_state(logrotate_t)
+files_map_etc_files(logrotate_t)
files_read_usr_files(logrotate_t)
files_read_etc_runtime_files(logrotate_t)
files_read_all_pids(logrotate_t)
diff --git a/policy/modules/contrib/tor.te b/policy/modules/contrib/tor.te
index 990ea8c4..8029630f 100644
--- a/policy/modules/contrib/tor.te
+++ b/policy/modules/contrib/tor.te
@@ -1,4 +1,4 @@
-policy_module(tor, 1.14.0)
+policy_module(tor, 1.14.1)
########################################
#
