commit: c94eeb89027d18ddcb3891d4f81fd342da4b3a61
Author: Kenton Groombridge <me <AT> concord <DOT> sh>
AuthorDate: Sat Sep 24 17:23:53 2022 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Wed Nov 2 14:07:07 2022 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c94eeb89
xdg: add interface to dontaudit searching xdg data dirs
Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
policy/modules/system/xdg.if | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/policy/modules/system/xdg.if b/policy/modules/system/xdg.if
index 6e1cd836c..62edcd84d 100644
--- a/policy/modules/system/xdg.if
+++ b/policy/modules/system/xdg.if
@@ -653,6 +653,25 @@ interface(`xdg_search_data_dirs',`
allow $1 xdg_data_t:dir search_dir_perms;
')
+########################################
+## <summary>
+## Do not audit attempts to search through the
+## xdg data home directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`xdg_dontaudit_search_data_dirs',`
+ gen_require(`
+ type xdg_data_t;
+ ')
+
+ dontaudit $1 xdg_data_t:dir search_dir_perms;
+')
+
########################################
## <summary>
## Watch the xdg data home directories
