* [refpolicy] [ usedom_user_tmpfs_content patch 1/1] Create userdom_user_tmpfs_content, and replace existing user tmpfs content type declarations by it.
@ 2010-07-09 15:12 Dominick Grift
2010-07-12 18:52 ` Christopher J. PeBenito
0 siblings, 1 reply; 3+ messages in thread
From: Dominick Grift @ 2010-07-09 15:12 UTC (permalink / raw)
To: refpolicy
Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 b1aeb7c... e5ea9e0... M policy/modules/apps/evolution.te
:100644 100644 cea5c8c... 45c59f2... M policy/modules/apps/games.te
:100644 100644 5bb9e30... 31546b7... M policy/modules/apps/gift.te
:100644 100644 c6f1fe2... 78bfb13... M policy/modules/apps/gpg.te
:100644 100644 143a522... 3bc449e... M policy/modules/apps/java.te
:100644 100644 82c4a54... 4f4e249... M policy/modules/apps/mplayer.te
:100644 100644 892057b... f05e641... M policy/modules/apps/podsleuth.te
:100644 100644 6f08115... 58a924e... M policy/modules/apps/thunderbird.te
:100644 100644 10d6692... 76b0605... M policy/modules/apps/tvtime.te
:100644 100644 62960c0... 05d8159... M policy/modules/apps/uml.te
:100644 100644 5bc77b4... b93fbad... M policy/modules/apps/vmware.te
:100644 100644 ca29f80... 40f24a7... M policy/modules/apps/wireshark.te
:100644 100644 1bdeb16... 3695f3c... M policy/modules/apps/xscreensaver.te
:100644 100644 1d6ddf2... 6352ec1... M policy/modules/services/bluetooth.te
:100644 100644 afbe9ac... deb52da... M policy/modules/services/ssh.te
:100644 100644 f51b828... 5dfdcb7... M policy/modules/services/xserver.te
:100644 100644 7d83ec3... 142f63b... M policy/modules/system/userdomain.if
:100644 100644 089f74f... 357de70... M policy/modules/system/userdomain.te
policy/modules/apps/evolution.te | 12 ++++--------
policy/modules/apps/games.te | 3 +--
policy/modules/apps/gift.te | 3 +--
policy/modules/apps/gpg.te | 3 +--
policy/modules/apps/java.te | 3 +--
policy/modules/apps/mplayer.te | 3 +--
policy/modules/apps/podsleuth.te | 3 +--
policy/modules/apps/thunderbird.te | 3 +--
policy/modules/apps/tvtime.te | 3 +--
policy/modules/apps/uml.te | 3 +--
policy/modules/apps/vmware.te | 3 +--
policy/modules/apps/wireshark.te | 3 +--
policy/modules/apps/xscreensaver.te | 3 +--
policy/modules/services/bluetooth.te | 3 +--
policy/modules/services/ssh.te | 3 +--
policy/modules/services/xserver.te | 3 +--
policy/modules/system/userdomain.if | 17 +++++++++++++++++
policy/modules/system/userdomain.te | 3 ++-
18 files changed, 38 insertions(+), 39 deletions(-)
diff --git a/policy/modules/apps/evolution.te b/policy/modules/apps/evolution.te
index b1aeb7c..e5ea9e0 100644
--- a/policy/modules/apps/evolution.te
+++ b/policy/modules/apps/evolution.te
@@ -22,8 +22,7 @@ ubac_constrained(evolution_alarm_t)
type evolution_alarm_tmpfs_t;
typealias evolution_alarm_tmpfs_t alias { user_evolution_alarm_tmpfs_t staff_evolution_alarm_tmpfs_t sysadm_evolution_alarm_tmpfs_t };
typealias evolution_alarm_tmpfs_t alias { auditadm_evolution_alarm_tmpfs_t secadm_evolution_alarm_tmpfs_t };
-files_tmpfs_file(evolution_alarm_tmpfs_t)
-ubac_constrained(evolution_alarm_tmpfs_t)
+userdom_user_tmpfs_content(evolution_alarm_tmpfs_t)
type evolution_alarm_orbit_tmp_t;
typealias evolution_alarm_orbit_tmp_t alias { user_evolution_alarm_orbit_tmp_t staff_evolution_alarm_orbit_tmp_t sysadm_evolution_alarm_orbit_tmp_t };
@@ -40,8 +39,7 @@ ubac_constrained(evolution_exchange_t)
type evolution_exchange_tmpfs_t;
typealias evolution_exchange_tmpfs_t alias { user_evolution_exchange_tmpfs_t staff_evolution_exchange_tmpfs_t sysadm_evolution_exchange_tmpfs_t };
typealias evolution_exchange_tmpfs_t alias { auditadm_evolution_exchange_tmpfs_t secadm_evolution_exchange_tmpfs_t };
-files_tmpfs_file(evolution_exchange_tmpfs_t)
-ubac_constrained(evolution_exchange_tmpfs_t)
+userdom_user_tmpfs_content(evolution_exchange_tmpfs_t)
type evolution_exchange_tmp_t;
typealias evolution_exchange_tmp_t alias { user_evolution_exchange_tmp_t staff_evolution_exchange_tmp_t sysadm_evolution_exchange_tmp_t };
@@ -80,8 +78,7 @@ userdom_user_tmp_content(evolution_server_t, evolution_server_orbit_tmp_t)
type evolution_tmpfs_t;
typealias evolution_tmpfs_t alias { user_evolution_tmpfs_t staff_evolution_tmpfs_t sysadm_evolution_tmpfs_t };
typealias evolution_tmpfs_t alias { auditadm_evolution_tmpfs_t secadm_evolution_tmpfs_t };
-files_tmpfs_file(evolution_tmpfs_t)
-ubac_constrained(evolution_tmpfs_t)
+userdom_user_tmpfs_content(evolution_tmpfs_t)
type evolution_webcal_t;
type evolution_webcal_exec_t;
@@ -93,8 +90,7 @@ ubac_constrained(evolution_webcal_t)
type evolution_webcal_tmpfs_t;
typealias evolution_webcal_tmpfs_t alias { user_evolution_webcal_tmpfs_t staff_evolution_webcal_tmpfs_t sysadm_evolution_webcal_tmpfs_t };
typealias evolution_webcal_tmpfs_t alias { auditadm_evolution_webcal_tmpfs_t secadm_evolution_webcal_tmpfs_t };
-files_tmpfs_file(evolution_webcal_tmpfs_t)
-ubac_constrained(evolution_webcal_tmpfs_t)
+userdom_user_tmpfs_content(evolution_webcal_tmpfs_t)
########################################
#
diff --git a/policy/modules/apps/games.te b/policy/modules/apps/games.te
index cea5c8c..45c59f2 100644
--- a/policy/modules/apps/games.te
+++ b/policy/modules/apps/games.te
@@ -40,8 +40,7 @@ userdom_user_tmp_content(games_t, games_tmp_t)
type games_tmpfs_t;
typealias games_tmpfs_t alias { user_games_tmpfs_t staff_games_tmpfs_t sysadm_games_tmpfs_t };
typealias games_tmpfs_t alias { auditadm_games_tmpfs_t secadm_games_tmpfs_t };
-files_tmpfs_file(games_tmpfs_t)
-ubac_constrained(games_tmpfs_t)
+userdom_user_tmpfs_content(games_tmpfs_t)
########################################
#
diff --git a/policy/modules/apps/gift.te b/policy/modules/apps/gift.te
index 5bb9e30..31546b7 100644
--- a/policy/modules/apps/gift.te
+++ b/policy/modules/apps/gift.te
@@ -20,8 +20,7 @@ userdom_user_home_content(gift_home_t)
type gift_tmpfs_t;
typealias gift_tmpfs_t alias { user_gift_tmpfs_t staff_gift_tmpfs_t sysadm_gift_tmpfs_t };
typealias gift_tmpfs_t alias { auditadm_gift_tmpfs_t secadm_gift_tmpfs_t };
-files_tmpfs_file(gift_tmpfs_t)
-ubac_constrained(gift_tmpfs_t)
+userdom_user_tmpfs_content(gift_tmpfs_t)
type giftd_t;
type giftd_exec_t;
diff --git a/policy/modules/apps/gpg.te b/policy/modules/apps/gpg.te
index c6f1fe2..78bfb13 100644
--- a/policy/modules/apps/gpg.te
+++ b/policy/modules/apps/gpg.te
@@ -57,8 +57,7 @@ type gpg_pinentry_tmp_t;
userdom_user_tmp_content(gpg_pinentry_t, gpg_pinentry_tmp_t)
type gpg_pinentry_tmpfs_t;
-files_tmpfs_file(gpg_pinentry_tmpfs_t)
-ubac_constrained(gpg_pinentry_tmpfs_t)
+userdom_user_tmpfs_content(gpg_pinentry_tmpfs_t)
########################################
#
diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te
index 143a522..3bc449e 100644
--- a/policy/modules/apps/java.te
+++ b/policy/modules/apps/java.te
@@ -26,10 +26,9 @@ typealias java_tmp_t alias { auditadm_tmp_javaplugin_t secadm_javaplugin_tmp_t }
userdom_user_tmp_content(java_t, java_tmp_t)
type java_tmpfs_t;
-ubac_constrained(java_tmpfs_t)
-files_tmpfs_file(java_tmpfs_t)
typealias java_tmpfs_t alias { staff_javaplugin_tmpfs_t user_javaplugin_tmpfs_t sysadm_javaplugin_tmpfs_t };
typealias java_tmpfs_t alias { auditadm_tmpfs_javaplugin_t secadm_tmpfs_javaplugin_t };
+userdom_user_tmpfs_content(java_tmpfs_t)
type unconfined_java_t;
init_system_domain(unconfined_java_t, java_exec_t)
diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te
index 82c4a54..4f4e249 100644
--- a/policy/modules/apps/mplayer.te
+++ b/policy/modules/apps/mplayer.te
@@ -37,8 +37,7 @@ userdom_user_home_content(mplayer_home_t)
type mplayer_tmpfs_t;
typealias mplayer_tmpfs_t alias { user_mplayer_tmpfs_t staff_mplayer_tmpfs_t sysadm_mplayer_tmpfs_t };
typealias mplayer_tmpfs_t alias { auditadm_mplayer_tmpfs_t secadm_mplayer_tmpfs_t };
-files_tmpfs_file(mplayer_tmpfs_t)
-ubac_constrained(mplayer_tmpfs_t)
+userdom_user_tmpfs_content(mplayer_tmpfs_t)
########################################
#
diff --git a/policy/modules/apps/podsleuth.te b/policy/modules/apps/podsleuth.te
index 892057b..f05e641 100644
--- a/policy/modules/apps/podsleuth.te
+++ b/policy/modules/apps/podsleuth.te
@@ -18,8 +18,7 @@ type podsleuth_tmp_t;
userdom_user_tmp_content(podsleuth_t, podsleuth_tmp_t)
type podsleuth_tmpfs_t;
-files_tmpfs_file(podsleuth_tmpfs_t)
-ubac_constrained(podsleuth_tmpfs_t)
+userdom_user_tmpfs_content(podsleuth_tmpfs_t)
########################################
#
diff --git a/policy/modules/apps/thunderbird.te b/policy/modules/apps/thunderbird.te
index 6f08115..58a924e 100644
--- a/policy/modules/apps/thunderbird.te
+++ b/policy/modules/apps/thunderbird.te
@@ -20,8 +20,7 @@ userdom_user_home_content(thunderbird_home_t)
type thunderbird_tmpfs_t;
typealias thunderbird_tmpfs_t alias { user_thunderbird_tmpfs_t staff_thunderbird_tmpfs_t sysadm_thunderbird_tmpfs_t };
typealias thunderbird_tmpfs_t alias { auditadm_thunderbird_tmpfs_t secadm_thunderbird_tmpfs_t };
-files_tmpfs_file(thunderbird_tmpfs_t)
-ubac_constrained(thunderbird_tmpfs_t)
+userdom_user_tmpfs_content(thunderbird_tmpfs_t)
########################################
#
diff --git a/policy/modules/apps/tvtime.te b/policy/modules/apps/tvtime.te
index 10d6692..76b0605 100644
--- a/policy/modules/apps/tvtime.te
+++ b/policy/modules/apps/tvtime.te
@@ -25,8 +25,7 @@ userdom_user_tmp_content(tvtime_t, tvtime_tmp_t)
type tvtime_tmpfs_t;
typealias tvtime_tmpfs_t alias { user_tvtime_tmpfs_t staff_tvtime_tmpfs_t sysadm_tvtime_tmpfs_t };
typealias tvtime_tmpfs_t alias { auditadm_tvtime_tmpfs_t secadm_tvtime_tmpfs_t };
-files_tmpfs_file(tvtime_tmpfs_t)
-ubac_constrained(tvtime_tmpfs_t)
+userdom_user_tmpfs_content(tvtime_tmpfs_t)
########################################
#
diff --git a/policy/modules/apps/uml.te b/policy/modules/apps/uml.te
index 62960c0..05d8159 100644
--- a/policy/modules/apps/uml.te
+++ b/policy/modules/apps/uml.te
@@ -30,8 +30,7 @@ userdom_user_tmp_content(uml_t, uml_tmp_t)
type uml_tmpfs_t;
typealias uml_tmpfs_t alias { user_uml_tmpfs_t staff_uml_tmpfs_t sysadm_uml_tmpfs_t };
typealias uml_tmpfs_t alias { auditadm_uml_tmpfs_t secadm_uml_tmpfs_t };
-files_tmpfs_file(uml_tmpfs_t)
-ubac_constrained(uml_tmpfs_t)
+userdom_user_tmpfs_content(uml_tmpfs_t)
type uml_devpts_t;
typealias uml_devpts_t alias { user_uml_devpts_t staff_uml_devpts_t sysadm_uml_devpts_t };
diff --git a/policy/modules/apps/vmware.te b/policy/modules/apps/vmware.te
index 5bc77b4..b93fbad 100644
--- a/policy/modules/apps/vmware.te
+++ b/policy/modules/apps/vmware.te
@@ -59,8 +59,7 @@ userdom_user_tmp_content(vmware_t, vmware_tmp_t)
type vmware_tmpfs_t;
typealias vmware_tmpfs_t alias { user_vmware_tmpfs_t staff_vmware_tmpfs_t sysadm_vmware_tmpfs_t };
typealias vmware_tmpfs_t alias { auditadm_vmware_tmpfs_t secadm_vmware_tmpfs_t };
-files_tmpfs_file(vmware_tmpfs_t)
-ubac_constrained(vmware_tmpfs_t)
+userdom_user_tmpfs_content(vmware_tmpfs_t)
ifdef(`enable_mcs',`
init_ranged_daemon_domain(vmware_host_t, vmware_host_exec_t, s0 - mcs_systemhigh)
diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te
index ca29f80..40f24a7 100644
--- a/policy/modules/apps/wireshark.te
+++ b/policy/modules/apps/wireshark.te
@@ -25,8 +25,7 @@ userdom_user_tmp_content(wireshark_t, wireshark_tmp_t)
type wireshark_tmpfs_t;
typealias wireshark_tmpfs_t alias { user_wireshark_tmpfs_t staff_wireshark_tmpfs_t sysadm_wireshark_tmpfs_t };
typealias wireshark_tmpfs_t alias { auditadm_wireshark_tmpfs_t secadm_wireshark_tmpfs_t };
-files_tmpfs_file(wireshark_tmpfs_t)
-ubac_constrained(wireshark_tmpfs_t)
+userdom_user_tmpfs_content(wireshark_tmpfs_t)
##############################
#
diff --git a/policy/modules/apps/xscreensaver.te b/policy/modules/apps/xscreensaver.te
index 1bdeb16..3695f3c 100644
--- a/policy/modules/apps/xscreensaver.te
+++ b/policy/modules/apps/xscreensaver.te
@@ -11,8 +11,7 @@ application_domain(xscreensaver_t, xscreensaver_exec_t)
ubac_constrained(xscreensaver_t)
type xscreensaver_tmpfs_t;
-files_tmpfs_file(xscreensaver_tmpfs_t)
-ubac_constrained(xscreensaver_tmpfs_t)
+userdom_user_tmpfs_content(xscreensaver_tmpfs_t)
########################################
#
diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te
index 1d6ddf2..6352ec1 100644
--- a/policy/modules/services/bluetooth.te
+++ b/policy/modules/services/bluetooth.te
@@ -29,8 +29,7 @@ userdom_user_tmp_content(bluetooth_helper_t, bluetooth_helper_tmp_t)
type bluetooth_helper_tmpfs_t;
typealias bluetooth_helper_tmpfs_t alias { user_bluetooth_helper_tmpfs_t staff_bluetooth_helper_tmpfs_t sysadm_bluetooth_helper_tmpfs_t };
typealias bluetooth_helper_tmpfs_t alias { auditadm_bluetooth_helper_tmpfs_t secadm_bluetooth_helper_tmpfs_t };
-files_tmpfs_file(bluetooth_helper_tmpfs_t)
-ubac_constrained(bluetooth_helper_tmpfs_t)
+userdom_user_tmpfs_content(bluetooth_helper_tmpfs_t)
type bluetooth_initrc_exec_t;
init_script_file(bluetooth_initrc_exec_t)
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index afbe9ac..deb52da 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -68,8 +68,7 @@ ubac_constrained(ssh_keysign_t)
type ssh_tmpfs_t;
typealias ssh_tmpfs_t alias { user_ssh_tmpfs_t staff_ssh_tmpfs_t sysadm_ssh_tmpfs_t };
typealias ssh_tmpfs_t alias { auditadm_ssh_tmpfs_t secadm_ssh_tmpfs_t };
-files_tmpfs_file(ssh_tmpfs_t)
-ubac_constrained(ssh_tmpfs_t)
+userdom_user_tmpfs_content(ssh_tmpfs_t)
type ssh_home_t;
typealias ssh_home_t alias { home_ssh_t user_ssh_home_t user_home_ssh_t staff_home_ssh_t sysadm_home_ssh_t };
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index f51b828..5dfdcb7 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -203,8 +203,7 @@ userdom_user_tmp_content(xserver_t, xserver_tmp_t)
type xserver_tmpfs_t;
typealias xserver_tmpfs_t alias { user_xserver_tmpfs_t staff_xserver_tmpfs_t sysadm_xserver_tmpfs_t };
typealias xserver_tmpfs_t alias { auditadm_xserver_tmpfs_t secadm_xserver_tmpfs_t xdm_xserver_tmpfs_t };
-files_tmpfs_file(xserver_tmpfs_t)
-ubac_constrained(xserver_tmpfs_t)
+userdom_user_tmpfs_content(xserver_tmpfs_t)
type xsession_exec_t;
corecmd_executable_file(xsession_exec_t)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 7d83ec3..142f63b 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1310,6 +1310,23 @@ interface(`userdom_user_tmp_content',`
########################################
## <summary>
+## Make the specified type usable user
+## shared memory content.
+## </summary>
+## <param name="type">
+## <summary>
+## Type to be used for user shared
+## memory content.
+## </summary>
+## </param>
+#
+interface(`userdom_user_tmpfs_content',`
+ files_tmpfs_file($1)
+ ubac_constrained($1)
+')
+
+########################################
+## <summary>
## Allow domain to attach to TUN devices created by administrative users.
## </summary>
## <param name="domain">
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 089f74f..357de70 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -89,7 +89,8 @@ files_tmp_file(user_tmp_t)
userdom_user_home_content(user_tmp_t)
type user_tmpfs_t alias { staff_tmpfs_t sysadm_tmpfs_t secadm_tmpfs_t auditadm_tmpfs_t unconfined_tmpfs_t };
-files_tmpfs_file(user_tmpfs_t)
+userdom_user_tmpfs_content(user_tmpfs_t)
+# Consider removing this
userdom_user_home_content(user_tmpfs_t)
type user_tty_device_t alias { staff_tty_device_t sysadm_tty_device_t secadm_tty_device_t auditadm_tty_device_t unconfined_tty_device_t };
--
1.7.1.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100709/99a02304/attachment.bin
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [refpolicy] [ usedom_user_tmpfs_content patch 1/1] Create userdom_user_tmpfs_content, and replace existing user tmpfs content type declarations by it.
2010-07-09 15:12 [refpolicy] [ usedom_user_tmpfs_content patch 1/1] Create userdom_user_tmpfs_content, and replace existing user tmpfs content type declarations by it Dominick Grift
@ 2010-07-12 18:52 ` Christopher J. PeBenito
2010-07-12 19:28 ` Dominick Grift
0 siblings, 1 reply; 3+ messages in thread
From: Christopher J. PeBenito @ 2010-07-12 18:52 UTC (permalink / raw)
To: refpolicy
On 07/09/10 11:12, Dominick Grift wrote:
> Signed-off-by: Dominick Grift<domg472@gmail.com>
Doesn't apply.
> ---
> :100644 100644 b1aeb7c... e5ea9e0... M policy/modules/apps/evolution.te
> :100644 100644 cea5c8c... 45c59f2... M policy/modules/apps/games.te
> :100644 100644 5bb9e30... 31546b7... M policy/modules/apps/gift.te
> :100644 100644 c6f1fe2... 78bfb13... M policy/modules/apps/gpg.te
> :100644 100644 143a522... 3bc449e... M policy/modules/apps/java.te
> :100644 100644 82c4a54... 4f4e249... M policy/modules/apps/mplayer.te
> :100644 100644 892057b... f05e641... M policy/modules/apps/podsleuth.te
> :100644 100644 6f08115... 58a924e... M policy/modules/apps/thunderbird.te
> :100644 100644 10d6692... 76b0605... M policy/modules/apps/tvtime.te
> :100644 100644 62960c0... 05d8159... M policy/modules/apps/uml.te
> :100644 100644 5bc77b4... b93fbad... M policy/modules/apps/vmware.te
> :100644 100644 ca29f80... 40f24a7... M policy/modules/apps/wireshark.te
> :100644 100644 1bdeb16... 3695f3c... M policy/modules/apps/xscreensaver.te
> :100644 100644 1d6ddf2... 6352ec1... M policy/modules/services/bluetooth.te
> :100644 100644 afbe9ac... deb52da... M policy/modules/services/ssh.te
> :100644 100644 f51b828... 5dfdcb7... M policy/modules/services/xserver.te
> :100644 100644 7d83ec3... 142f63b... M policy/modules/system/userdomain.if
> :100644 100644 089f74f... 357de70... M policy/modules/system/userdomain.te
> policy/modules/apps/evolution.te | 12 ++++--------
> policy/modules/apps/games.te | 3 +--
> policy/modules/apps/gift.te | 3 +--
> policy/modules/apps/gpg.te | 3 +--
> policy/modules/apps/java.te | 3 +--
> policy/modules/apps/mplayer.te | 3 +--
> policy/modules/apps/podsleuth.te | 3 +--
> policy/modules/apps/thunderbird.te | 3 +--
> policy/modules/apps/tvtime.te | 3 +--
> policy/modules/apps/uml.te | 3 +--
> policy/modules/apps/vmware.te | 3 +--
> policy/modules/apps/wireshark.te | 3 +--
> policy/modules/apps/xscreensaver.te | 3 +--
> policy/modules/services/bluetooth.te | 3 +--
> policy/modules/services/ssh.te | 3 +--
> policy/modules/services/xserver.te | 3 +--
> policy/modules/system/userdomain.if | 17 +++++++++++++++++
> policy/modules/system/userdomain.te | 3 ++-
> 18 files changed, 38 insertions(+), 39 deletions(-)
>
> diff --git a/policy/modules/apps/evolution.te b/policy/modules/apps/evolution.te
> index b1aeb7c..e5ea9e0 100644
> --- a/policy/modules/apps/evolution.te
> +++ b/policy/modules/apps/evolution.te
> @@ -22,8 +22,7 @@ ubac_constrained(evolution_alarm_t)
> type evolution_alarm_tmpfs_t;
> typealias evolution_alarm_tmpfs_t alias { user_evolution_alarm_tmpfs_t staff_evolution_alarm_tmpfs_t sysadm_evolution_alarm_tmpfs_t };
> typealias evolution_alarm_tmpfs_t alias { auditadm_evolution_alarm_tmpfs_t secadm_evolution_alarm_tmpfs_t };
> -files_tmpfs_file(evolution_alarm_tmpfs_t)
> -ubac_constrained(evolution_alarm_tmpfs_t)
> +userdom_user_tmpfs_content(evolution_alarm_tmpfs_t)
>
> type evolution_alarm_orbit_tmp_t;
> typealias evolution_alarm_orbit_tmp_t alias { user_evolution_alarm_orbit_tmp_t staff_evolution_alarm_orbit_tmp_t sysadm_evolution_alarm_orbit_tmp_t };
> @@ -40,8 +39,7 @@ ubac_constrained(evolution_exchange_t)
> type evolution_exchange_tmpfs_t;
> typealias evolution_exchange_tmpfs_t alias { user_evolution_exchange_tmpfs_t staff_evolution_exchange_tmpfs_t sysadm_evolution_exchange_tmpfs_t };
> typealias evolution_exchange_tmpfs_t alias { auditadm_evolution_exchange_tmpfs_t secadm_evolution_exchange_tmpfs_t };
> -files_tmpfs_file(evolution_exchange_tmpfs_t)
> -ubac_constrained(evolution_exchange_tmpfs_t)
> +userdom_user_tmpfs_content(evolution_exchange_tmpfs_t)
>
> type evolution_exchange_tmp_t;
> typealias evolution_exchange_tmp_t alias { user_evolution_exchange_tmp_t staff_evolution_exchange_tmp_t sysadm_evolution_exchange_tmp_t };
> @@ -80,8 +78,7 @@ userdom_user_tmp_content(evolution_server_t, evolution_server_orbit_tmp_t)
> type evolution_tmpfs_t;
> typealias evolution_tmpfs_t alias { user_evolution_tmpfs_t staff_evolution_tmpfs_t sysadm_evolution_tmpfs_t };
> typealias evolution_tmpfs_t alias { auditadm_evolution_tmpfs_t secadm_evolution_tmpfs_t };
> -files_tmpfs_file(evolution_tmpfs_t)
> -ubac_constrained(evolution_tmpfs_t)
> +userdom_user_tmpfs_content(evolution_tmpfs_t)
>
> type evolution_webcal_t;
> type evolution_webcal_exec_t;
> @@ -93,8 +90,7 @@ ubac_constrained(evolution_webcal_t)
> type evolution_webcal_tmpfs_t;
> typealias evolution_webcal_tmpfs_t alias { user_evolution_webcal_tmpfs_t staff_evolution_webcal_tmpfs_t sysadm_evolution_webcal_tmpfs_t };
> typealias evolution_webcal_tmpfs_t alias { auditadm_evolution_webcal_tmpfs_t secadm_evolution_webcal_tmpfs_t };
> -files_tmpfs_file(evolution_webcal_tmpfs_t)
> -ubac_constrained(evolution_webcal_tmpfs_t)
> +userdom_user_tmpfs_content(evolution_webcal_tmpfs_t)
>
> ########################################
> #
> diff --git a/policy/modules/apps/games.te b/policy/modules/apps/games.te
> index cea5c8c..45c59f2 100644
> --- a/policy/modules/apps/games.te
> +++ b/policy/modules/apps/games.te
> @@ -40,8 +40,7 @@ userdom_user_tmp_content(games_t, games_tmp_t)
> type games_tmpfs_t;
> typealias games_tmpfs_t alias { user_games_tmpfs_t staff_games_tmpfs_t sysadm_games_tmpfs_t };
> typealias games_tmpfs_t alias { auditadm_games_tmpfs_t secadm_games_tmpfs_t };
> -files_tmpfs_file(games_tmpfs_t)
> -ubac_constrained(games_tmpfs_t)
> +userdom_user_tmpfs_content(games_tmpfs_t)
>
> ########################################
> #
> diff --git a/policy/modules/apps/gift.te b/policy/modules/apps/gift.te
> index 5bb9e30..31546b7 100644
> --- a/policy/modules/apps/gift.te
> +++ b/policy/modules/apps/gift.te
> @@ -20,8 +20,7 @@ userdom_user_home_content(gift_home_t)
> type gift_tmpfs_t;
> typealias gift_tmpfs_t alias { user_gift_tmpfs_t staff_gift_tmpfs_t sysadm_gift_tmpfs_t };
> typealias gift_tmpfs_t alias { auditadm_gift_tmpfs_t secadm_gift_tmpfs_t };
> -files_tmpfs_file(gift_tmpfs_t)
> -ubac_constrained(gift_tmpfs_t)
> +userdom_user_tmpfs_content(gift_tmpfs_t)
>
> type giftd_t;
> type giftd_exec_t;
> diff --git a/policy/modules/apps/gpg.te b/policy/modules/apps/gpg.te
> index c6f1fe2..78bfb13 100644
> --- a/policy/modules/apps/gpg.te
> +++ b/policy/modules/apps/gpg.te
> @@ -57,8 +57,7 @@ type gpg_pinentry_tmp_t;
> userdom_user_tmp_content(gpg_pinentry_t, gpg_pinentry_tmp_t)
>
> type gpg_pinentry_tmpfs_t;
> -files_tmpfs_file(gpg_pinentry_tmpfs_t)
> -ubac_constrained(gpg_pinentry_tmpfs_t)
> +userdom_user_tmpfs_content(gpg_pinentry_tmpfs_t)
>
> ########################################
> #
> diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te
> index 143a522..3bc449e 100644
> --- a/policy/modules/apps/java.te
> +++ b/policy/modules/apps/java.te
> @@ -26,10 +26,9 @@ typealias java_tmp_t alias { auditadm_tmp_javaplugin_t secadm_javaplugin_tmp_t }
> userdom_user_tmp_content(java_t, java_tmp_t)
>
> type java_tmpfs_t;
> -ubac_constrained(java_tmpfs_t)
> -files_tmpfs_file(java_tmpfs_t)
> typealias java_tmpfs_t alias { staff_javaplugin_tmpfs_t user_javaplugin_tmpfs_t sysadm_javaplugin_tmpfs_t };
> typealias java_tmpfs_t alias { auditadm_tmpfs_javaplugin_t secadm_tmpfs_javaplugin_t };
> +userdom_user_tmpfs_content(java_tmpfs_t)
>
> type unconfined_java_t;
> init_system_domain(unconfined_java_t, java_exec_t)
> diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te
> index 82c4a54..4f4e249 100644
> --- a/policy/modules/apps/mplayer.te
> +++ b/policy/modules/apps/mplayer.te
> @@ -37,8 +37,7 @@ userdom_user_home_content(mplayer_home_t)
> type mplayer_tmpfs_t;
> typealias mplayer_tmpfs_t alias { user_mplayer_tmpfs_t staff_mplayer_tmpfs_t sysadm_mplayer_tmpfs_t };
> typealias mplayer_tmpfs_t alias { auditadm_mplayer_tmpfs_t secadm_mplayer_tmpfs_t };
> -files_tmpfs_file(mplayer_tmpfs_t)
> -ubac_constrained(mplayer_tmpfs_t)
> +userdom_user_tmpfs_content(mplayer_tmpfs_t)
>
> ########################################
> #
> diff --git a/policy/modules/apps/podsleuth.te b/policy/modules/apps/podsleuth.te
> index 892057b..f05e641 100644
> --- a/policy/modules/apps/podsleuth.te
> +++ b/policy/modules/apps/podsleuth.te
> @@ -18,8 +18,7 @@ type podsleuth_tmp_t;
> userdom_user_tmp_content(podsleuth_t, podsleuth_tmp_t)
>
> type podsleuth_tmpfs_t;
> -files_tmpfs_file(podsleuth_tmpfs_t)
> -ubac_constrained(podsleuth_tmpfs_t)
> +userdom_user_tmpfs_content(podsleuth_tmpfs_t)
>
> ########################################
> #
> diff --git a/policy/modules/apps/thunderbird.te b/policy/modules/apps/thunderbird.te
> index 6f08115..58a924e 100644
> --- a/policy/modules/apps/thunderbird.te
> +++ b/policy/modules/apps/thunderbird.te
> @@ -20,8 +20,7 @@ userdom_user_home_content(thunderbird_home_t)
> type thunderbird_tmpfs_t;
> typealias thunderbird_tmpfs_t alias { user_thunderbird_tmpfs_t staff_thunderbird_tmpfs_t sysadm_thunderbird_tmpfs_t };
> typealias thunderbird_tmpfs_t alias { auditadm_thunderbird_tmpfs_t secadm_thunderbird_tmpfs_t };
> -files_tmpfs_file(thunderbird_tmpfs_t)
> -ubac_constrained(thunderbird_tmpfs_t)
> +userdom_user_tmpfs_content(thunderbird_tmpfs_t)
>
> ########################################
> #
> diff --git a/policy/modules/apps/tvtime.te b/policy/modules/apps/tvtime.te
> index 10d6692..76b0605 100644
> --- a/policy/modules/apps/tvtime.te
> +++ b/policy/modules/apps/tvtime.te
> @@ -25,8 +25,7 @@ userdom_user_tmp_content(tvtime_t, tvtime_tmp_t)
> type tvtime_tmpfs_t;
> typealias tvtime_tmpfs_t alias { user_tvtime_tmpfs_t staff_tvtime_tmpfs_t sysadm_tvtime_tmpfs_t };
> typealias tvtime_tmpfs_t alias { auditadm_tvtime_tmpfs_t secadm_tvtime_tmpfs_t };
> -files_tmpfs_file(tvtime_tmpfs_t)
> -ubac_constrained(tvtime_tmpfs_t)
> +userdom_user_tmpfs_content(tvtime_tmpfs_t)
>
> ########################################
> #
> diff --git a/policy/modules/apps/uml.te b/policy/modules/apps/uml.te
> index 62960c0..05d8159 100644
> --- a/policy/modules/apps/uml.te
> +++ b/policy/modules/apps/uml.te
> @@ -30,8 +30,7 @@ userdom_user_tmp_content(uml_t, uml_tmp_t)
> type uml_tmpfs_t;
> typealias uml_tmpfs_t alias { user_uml_tmpfs_t staff_uml_tmpfs_t sysadm_uml_tmpfs_t };
> typealias uml_tmpfs_t alias { auditadm_uml_tmpfs_t secadm_uml_tmpfs_t };
> -files_tmpfs_file(uml_tmpfs_t)
> -ubac_constrained(uml_tmpfs_t)
> +userdom_user_tmpfs_content(uml_tmpfs_t)
>
> type uml_devpts_t;
> typealias uml_devpts_t alias { user_uml_devpts_t staff_uml_devpts_t sysadm_uml_devpts_t };
> diff --git a/policy/modules/apps/vmware.te b/policy/modules/apps/vmware.te
> index 5bc77b4..b93fbad 100644
> --- a/policy/modules/apps/vmware.te
> +++ b/policy/modules/apps/vmware.te
> @@ -59,8 +59,7 @@ userdom_user_tmp_content(vmware_t, vmware_tmp_t)
> type vmware_tmpfs_t;
> typealias vmware_tmpfs_t alias { user_vmware_tmpfs_t staff_vmware_tmpfs_t sysadm_vmware_tmpfs_t };
> typealias vmware_tmpfs_t alias { auditadm_vmware_tmpfs_t secadm_vmware_tmpfs_t };
> -files_tmpfs_file(vmware_tmpfs_t)
> -ubac_constrained(vmware_tmpfs_t)
> +userdom_user_tmpfs_content(vmware_tmpfs_t)
>
> ifdef(`enable_mcs',`
> init_ranged_daemon_domain(vmware_host_t, vmware_host_exec_t, s0 - mcs_systemhigh)
> diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te
> index ca29f80..40f24a7 100644
> --- a/policy/modules/apps/wireshark.te
> +++ b/policy/modules/apps/wireshark.te
> @@ -25,8 +25,7 @@ userdom_user_tmp_content(wireshark_t, wireshark_tmp_t)
> type wireshark_tmpfs_t;
> typealias wireshark_tmpfs_t alias { user_wireshark_tmpfs_t staff_wireshark_tmpfs_t sysadm_wireshark_tmpfs_t };
> typealias wireshark_tmpfs_t alias { auditadm_wireshark_tmpfs_t secadm_wireshark_tmpfs_t };
> -files_tmpfs_file(wireshark_tmpfs_t)
> -ubac_constrained(wireshark_tmpfs_t)
> +userdom_user_tmpfs_content(wireshark_tmpfs_t)
>
> ##############################
> #
> diff --git a/policy/modules/apps/xscreensaver.te b/policy/modules/apps/xscreensaver.te
> index 1bdeb16..3695f3c 100644
> --- a/policy/modules/apps/xscreensaver.te
> +++ b/policy/modules/apps/xscreensaver.te
> @@ -11,8 +11,7 @@ application_domain(xscreensaver_t, xscreensaver_exec_t)
> ubac_constrained(xscreensaver_t)
>
> type xscreensaver_tmpfs_t;
> -files_tmpfs_file(xscreensaver_tmpfs_t)
> -ubac_constrained(xscreensaver_tmpfs_t)
> +userdom_user_tmpfs_content(xscreensaver_tmpfs_t)
>
> ########################################
> #
> diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te
> index 1d6ddf2..6352ec1 100644
> --- a/policy/modules/services/bluetooth.te
> +++ b/policy/modules/services/bluetooth.te
> @@ -29,8 +29,7 @@ userdom_user_tmp_content(bluetooth_helper_t, bluetooth_helper_tmp_t)
> type bluetooth_helper_tmpfs_t;
> typealias bluetooth_helper_tmpfs_t alias { user_bluetooth_helper_tmpfs_t staff_bluetooth_helper_tmpfs_t sysadm_bluetooth_helper_tmpfs_t };
> typealias bluetooth_helper_tmpfs_t alias { auditadm_bluetooth_helper_tmpfs_t secadm_bluetooth_helper_tmpfs_t };
> -files_tmpfs_file(bluetooth_helper_tmpfs_t)
> -ubac_constrained(bluetooth_helper_tmpfs_t)
> +userdom_user_tmpfs_content(bluetooth_helper_tmpfs_t)
>
> type bluetooth_initrc_exec_t;
> init_script_file(bluetooth_initrc_exec_t)
> diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
> index afbe9ac..deb52da 100644
> --- a/policy/modules/services/ssh.te
> +++ b/policy/modules/services/ssh.te
> @@ -68,8 +68,7 @@ ubac_constrained(ssh_keysign_t)
> type ssh_tmpfs_t;
> typealias ssh_tmpfs_t alias { user_ssh_tmpfs_t staff_ssh_tmpfs_t sysadm_ssh_tmpfs_t };
> typealias ssh_tmpfs_t alias { auditadm_ssh_tmpfs_t secadm_ssh_tmpfs_t };
> -files_tmpfs_file(ssh_tmpfs_t)
> -ubac_constrained(ssh_tmpfs_t)
> +userdom_user_tmpfs_content(ssh_tmpfs_t)
>
> type ssh_home_t;
> typealias ssh_home_t alias { home_ssh_t user_ssh_home_t user_home_ssh_t staff_home_ssh_t sysadm_home_ssh_t };
> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> index f51b828..5dfdcb7 100644
> --- a/policy/modules/services/xserver.te
> +++ b/policy/modules/services/xserver.te
> @@ -203,8 +203,7 @@ userdom_user_tmp_content(xserver_t, xserver_tmp_t)
> type xserver_tmpfs_t;
> typealias xserver_tmpfs_t alias { user_xserver_tmpfs_t staff_xserver_tmpfs_t sysadm_xserver_tmpfs_t };
> typealias xserver_tmpfs_t alias { auditadm_xserver_tmpfs_t secadm_xserver_tmpfs_t xdm_xserver_tmpfs_t };
> -files_tmpfs_file(xserver_tmpfs_t)
> -ubac_constrained(xserver_tmpfs_t)
> +userdom_user_tmpfs_content(xserver_tmpfs_t)
>
> type xsession_exec_t;
> corecmd_executable_file(xsession_exec_t)
> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
> index 7d83ec3..142f63b 100644
> --- a/policy/modules/system/userdomain.if
> +++ b/policy/modules/system/userdomain.if
> @@ -1310,6 +1310,23 @@ interface(`userdom_user_tmp_content',`
>
> ########################################
> ##<summary>
> +## Make the specified type usable user
> +## shared memory content.
> +##</summary>
> +##<param name="type">
> +## <summary>
> +## Type to be used for user shared
> +## memory content.
> +## </summary>
> +##</param>
> +#
> +interface(`userdom_user_tmpfs_content',`
> + files_tmpfs_file($1)
> + ubac_constrained($1)
> +')
> +
> +########################################
> +##<summary>
> ## Allow domain to attach to TUN devices created by administrative users.
> ##</summary>
> ##<param name="domain">
> diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
> index 089f74f..357de70 100644
> --- a/policy/modules/system/userdomain.te
> +++ b/policy/modules/system/userdomain.te
> @@ -89,7 +89,8 @@ files_tmp_file(user_tmp_t)
> userdom_user_home_content(user_tmp_t)
>
> type user_tmpfs_t alias { staff_tmpfs_t sysadm_tmpfs_t secadm_tmpfs_t auditadm_tmpfs_t unconfined_tmpfs_t };
> -files_tmpfs_file(user_tmpfs_t)
> +userdom_user_tmpfs_content(user_tmpfs_t)
> +# Consider removing this
> userdom_user_home_content(user_tmpfs_t)
>
> type user_tty_device_t alias { staff_tty_device_t sysadm_tty_device_t secadm_tty_device_t auditadm_tty_device_t unconfined_tty_device_t };
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [refpolicy] [ usedom_user_tmpfs_content patch 1/1] Create userdom_user_tmpfs_content, and replace existing user tmpfs content type declarations by it.
2010-07-12 18:52 ` Christopher J. PeBenito
@ 2010-07-12 19:28 ` Dominick Grift
0 siblings, 0 replies; 3+ messages in thread
From: Dominick Grift @ 2010-07-12 19:28 UTC (permalink / raw)
To: refpolicy
On 07/12/2010 08:52 PM, Christopher J. PeBenito wrote:
> On 07/09/10 11:12, Dominick Grift wrote:
>> Signed-off-by: Dominick Grift<domg472@gmail.com>
>
> Doesn't apply.
>
It does not apply because you did not apply a previous part of this
patch set. I thought we've discussed the issue of files_poly_member_tmp
and that it was decided it should be part of userdom_user_tmp_content.
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100712/5e424fe4/attachment.bin
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-07-12 19:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-09 15:12 [refpolicy] [ usedom_user_tmpfs_content patch 1/1] Create userdom_user_tmpfs_content, and replace existing user tmpfs content type declarations by it Dominick Grift
2010-07-12 18:52 ` Christopher J. PeBenito
2010-07-12 19:28 ` Dominick Grift
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.