[selinux-policy: 1206/3172] add x_client_domain implementation

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:49:11 UTC 2010 

commit 0a30b0086bd2c4b5543ff6f515a844904ab1e1c3
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Feb 15 16:30:48 2006 +0000

    add x_client_domain implementation

 docs/macro_conversion_guide |   25 ++++++++++++++++++++-----
 1 files changed, 20 insertions(+), 5 deletions(-)
---
diff --git a/docs/macro_conversion_guide b/docs/macro_conversion_guide
index 00be218..97395f6 100644
--- a/docs/macro_conversion_guide
+++ b/docs/macro_conversion_guide
@@ -1197,11 +1197,11 @@ files_filetrans_tmp($1_t, $1_tmp_t, $3)
 #
 type $1_tmpfs_t;
 files_tmpfs_file($1_tmpfs_t)
-allow $1_t $1_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
-allow $1_t $1_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename };
-allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
-allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
-allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
+allow $1_t $1_tmpfs_t:dir rw_dir_perms;
+allow $1_t $1_tmpfs_t:file manage_file_perms;
+allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms;
+allow $1_t $1_tmpfs_t:sock_file manage_file_perms;
+allow $1_t $1_tmpfs_t:fifo_file manage_file_perms;
 fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
 
 #
@@ -1254,3 +1254,18 @@ allow $1 $1_var_run_t:dir create_dir_perms;
 allow $1 $1_var_run_t:lnk_file create_lnk_perms;
 # else:
 allow $1 $1_var_run_t:$2 create_file_perms;
+
+#
+# x_client_domain($1,$2): complete
+#
+type $1_tmpfs_t;
+files_tmpfs_file($1_tmpfs_t)
+allow $1_t $1_tmpfs_t:dir rw_dir_perms;
+allow $1_t $1_tmpfs_t:file manage_file_perms;
+allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms;
+allow $1_t $1_tmpfs_t:sock_file manage_file_perms;
+allow $1_t $1_tmpfs_t:fifo_file manage_file_perms;
+fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+optional_policy(`xserver',`
+xserver_user_client_template($2,$1_t,$1_tmpfs_t)
+')

More information about the scm-commits mailing list