[selinux-policy: 1096/3172] interface-ize screen fixes
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:39:33 UTC 2010
commit 22d2e25f3d169541232118f07826b5c950ba25fb
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Jan 13 16:10:04 2006 +0000
interface-ize screen fixes
refpolicy/policy/modules/apps/screen.if | 3 +-
refpolicy/policy/modules/system/userdomain.if | 31 +++++++++++++++++++++++++
2 files changed, 32 insertions(+), 2 deletions(-)
---
diff --git a/refpolicy/policy/modules/apps/screen.if b/refpolicy/policy/modules/apps/screen.if
index 16004ad..51a6e14 100644
--- a/refpolicy/policy/modules/apps/screen.if
+++ b/refpolicy/policy/modules/apps/screen.if
@@ -70,8 +70,6 @@ template(`screen_per_userdomain_template',`
allow $1_screen_t $1_screen_tmp_t:fifo_file create_file_perms;
files_create_tmp_files($1_screen_t, $1_screen_tmp_t, { file dir })
-allow $1_screen_t $1_devpts_t:chr_file setattr;
-
# Create fifo
allow $1_screen_t screen_dir_t:dir rw_dir_perms;
allow $1_screen_t screen_dir_t:dir create_dir_perms;
@@ -160,6 +158,7 @@ allow $1_screen_t $1_devpts_t:chr_file setattr;
userdom_use_user_terminals($1,$1_screen_t)
userdom_create_user_pty($1,$1_screen_t)
userdom_user_home_domtrans($1,$1_screen_t,$2)
+ userdom_setattr_user_pty($1,$1_screen_t)
tunable_policy(`read_default_t',`
files_list_default($1_screen_t)
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 321b9ca..9efc0d5 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -1022,6 +1022,37 @@ template(`userdom_home_file',`
########################################
## <summary>
+## Set the attributes of a user pty.
+## </summary>
+## <desc>
+## <p>
+## Set the attributes of a user pty.
+## </p>
+## <p>
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+## </p>
+## </desc>
+## <param name="userdomain_prefix">
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </param>
+## <param name="domain">
+## Domain allowed access.
+## </param>
+#
+template(`userdom_setattr_user_pty',`
+ ifdef(`strict_policy',`
+ gen_require(`
+ type $1_devpts_t;
+ ')
+
+ allow $2 $1_devpts_t:chr_file setattr;
+ ')
+')
+
+########################################
+## <summary>
## Create a user pty.
## </summary>
## <desc>
More information about the scm-commits
mailing list