[selinux-policy: 802/3172] sediff fixes

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:14:21 UTC 2010 

commit 1dd86c43cd8157364cb34ad90c6cef25a01798da
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Oct 24 12:38:45 2005 +0000

    sediff fixes

 refpolicy/policy/modules/services/cron.te     |    5 +++++
 refpolicy/policy/modules/system/authlogin.if  |   25 ++++++++++++-------------
 refpolicy/policy/modules/system/sysnetwork.te |   22 ++++++++++++++++++++++
 refpolicy/policy/modules/system/unconfined.te |    4 ++++
 refpolicy/policy/modules/system/userdomain.if |   17 +++++++++++------
 5 files changed, 54 insertions(+), 19 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index 5ca4305..615bba7 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -50,6 +50,11 @@ files_lock_file(system_crond_lock_t)
 type system_crond_tmp_t;
 files_tmp_file(system_crond_tmp_t)
 
+ifdef(`targeted_policy',`
+	type sysadm_cron_spool_t;
+	files_type(sysadm_cron_spool_t)
+')
+
 ########################################
 #
 # Cron Local policy
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 1829987..6af6581 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -136,20 +136,19 @@ template(`authlogin_per_userdomain_template',`
 ## </param>
 #
 template(`auth_domtrans_user_chk_passwd',`
-	gen_require(`
-		type chkpwd_exec_t;
-		class process sigchld;
-		class fd use;
-		class fifo_file rw_file_perms;
-	')
+	ifdef(`targeted_policy',`',`
+		gen_require(`
+			type chkpwd_exec_t;
+		')
 
-	corecmd_search_bin($1)
-	domain_auto_trans($1,chkpwd_exec_t,$2_chkpwd_t)
+		corecmd_search_bin($1)
+		domain_auto_trans($1,chkpwd_exec_t,$2_chkpwd_t)
 
-	allow $1 $2_chkpwd_t:fd use;
-	allow $2_chkpwd_t $1:fd use;
-	allow $2_chkpwd_t $1:fifo_file rw_file_perms;
-	allow $2_chkpwd_t $1:process sigchld;
+		allow $1 $2_chkpwd_t:fd use;
+		allow $2_chkpwd_t $1:fd use;
+		allow $2_chkpwd_t $1:fifo_file rw_file_perms;
+		allow $2_chkpwd_t $1:process sigchld;
+	')
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index b998b18..9a44ac6 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -158,6 +158,28 @@ optional_policy(`consoletype.te',`
 	consoletype_domtrans(dhcpc_t)
 ')
 
+optional_policy(`dbus.te',`
+	gen_require(`
+		class dbus send_msg;
+	')
+
+	allow dhcpc_t self:dbus send_msg;
+
+	dbus_system_bus_client_template(dhcpc,dhcpc_t)
+	dbus_connect_system_bus(dhcpc_t)
+	dbus_send_system_bus_msg(dhcpc_t)
+
+	domain_auto_trans(system_dbusd_t, dhcpc_exec_t, dhcpc_t)
+
+	allow { NetworkManager_t initrc_t } dhcpc_t:dbus send_msg;
+	allow dhcpc_t { NetworkManager_t initrc_t }:dbus send_msg;
+
+	ifdef(`unconfined.te', `
+		allow unconfined_t dhcpc_t:dbus send_msg;
+		allow dhcpc_t unconfined_t:dbus send_msg;
+	')
+')
+
 optional_policy(`hostname.te',`
 	hostname_domtrans(dhcpc_t)
 ')
diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te
index a03604b..6e5acc9 100644
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@@ -35,6 +35,10 @@ ifdef(`targeted_policy',`
 
 	userdom_unconfined(unconfined_t)
 
+	optional_policy(`su.te',`
+		su_per_userdomain_template(sysadm,unconfined_t,system_r)
+	')
+
 	ifdef(`TODO',`
 	ifdef(`samba.te', `samba_domain(user)')
 
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 5cef4cc..a1b75af 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -1432,13 +1432,18 @@ template(`userdom_manage_user_tmp_sockets',`
 ## </param>
 #
 template(`userdom_use_user_terminals',`
-	gen_require(`
-		type $1_tty_device_t, $1_devpts_t;
-	')
+	ifdef(`targeted_policy',`
+		term_use_unallocated_tty($2)
+		term_use_generic_pty($2)
+	',`
+		gen_require(`
+			type $1_tty_device_t, $1_devpts_t;
+		')
 
-	allow $2 $1_tty_device_t:chr_file rw_term_perms;
-	allow $2 $1_devpts_t:chr_file rw_term_perms;
-	term_list_ptys($2)
+		allow $2 $1_tty_device_t:chr_file rw_term_perms;
+		allow $2 $1_devpts_t:chr_file rw_term_perms;
+		term_list_ptys($2)
+	')
 ')
 
 ########################################

More information about the scm-commits mailing list