commit: efbdcdbe1e713bdf62e3ad054d0b950e29b6b605 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> AuthorDate: Thu Aug 7 09:39:37 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Thu Aug 7 09:39:37 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=efbdcdbe
Add files_relabel_non_security_file_type This interface allows for relabel operations against all resources with a type associated with the non_security_file_type attribute. --- policy/modules/kernel/files.if | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index 5d53aa4..105c7c2 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -6731,6 +6731,35 @@ interface(`files_read_etc_runtime',` ######################################## ## <summary> +## Relabel all non-security related +## files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`files_relabel_non_security_file_type',` + gen_require(` + attribute non_security_file_type; + ') + + allow $1 non_security_file_type:dir list_dir_perms; + relabel_dirs_pattern($1, non_security_file_type, non_security_file_type) + relabel_files_pattern($1, non_security_file_type, non_security_file_type) + relabel_lnk_files_pattern($1, non_security_file_type, non_security_file_type) + relabel_fifo_files_pattern($1, non_security_file_type, non_security_file_type) + relabel_sock_files_pattern($1, non_security_file_type, non_security_file_type) + # this is only relabelfrom since there should be no + # device nodes with file types. + relabelfrom_blk_files_pattern($1, non_security_file_type, non_security_file_type) + relabelfrom_chr_files_pattern($1, non_security_file_type, non_security_file_type) +') + +######################################## +## <summary> ## Manage non-security related resources. ## </summary> ## <param name="domain">
