[selinux-policy: 1096/3172] interface-ize screen fixes

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:39:33 UTC 2010 

commit 22d2e25f3d169541232118f07826b5c950ba25fb
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Jan 13 16:10:04 2006 +0000

    interface-ize screen fixes

 refpolicy/policy/modules/apps/screen.if       |    3 +-
 refpolicy/policy/modules/system/userdomain.if |   31 +++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)
---
diff --git a/refpolicy/policy/modules/apps/screen.if b/refpolicy/policy/modules/apps/screen.if
index 16004ad..51a6e14 100644
--- a/refpolicy/policy/modules/apps/screen.if
+++ b/refpolicy/policy/modules/apps/screen.if
@@ -70,8 +70,6 @@ template(`screen_per_userdomain_template',`
 	allow $1_screen_t $1_screen_tmp_t:fifo_file create_file_perms;
 	files_create_tmp_files($1_screen_t, $1_screen_tmp_t, { file dir })
 
-allow $1_screen_t $1_devpts_t:chr_file setattr;
-
 	# Create fifo
 	allow $1_screen_t screen_dir_t:dir rw_dir_perms;
 	allow $1_screen_t screen_dir_t:dir create_dir_perms;
@@ -160,6 +158,7 @@ allow $1_screen_t $1_devpts_t:chr_file setattr;
 	userdom_use_user_terminals($1,$1_screen_t)
 	userdom_create_user_pty($1,$1_screen_t)
 	userdom_user_home_domtrans($1,$1_screen_t,$2)
+	userdom_setattr_user_pty($1,$1_screen_t)
 
 	tunable_policy(`read_default_t',`
 		files_list_default($1_screen_t)
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 321b9ca..9efc0d5 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -1022,6 +1022,37 @@ template(`userdom_home_file',`
 
 ########################################
 ## <summary>
+##	Set the attributes of a user pty.
+## </summary>
+## <desc>
+##	<p>
+##	Set the attributes of a user pty.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+template(`userdom_setattr_user_pty',`
+	ifdef(`strict_policy',`
+		gen_require(`
+			type $1_devpts_t;
+		')
+
+		allow $2 $1_devpts_t:chr_file setattr;
+	')
+')
+
+########################################
+## <summary>
 ##	Create a user pty.
 ## </summary>
 ## <desc>

More information about the scm-commits mailing list