RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Introduce setrans_admin interface

This commit is contained in:
Jason Zaman 2015-07-11 13:15:46 +04:00 committed by Chris PeBenito
parent e1f2a8b9d6
commit 0023b30946
2 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy/modules/roles/sysadm.te
View File

@ -951,6 +951,10 @@ optional_policy(`
sensord_admin(sysadm_t, sysadm_r) sensord_admin(sysadm_t, sysadm_r)
') ')
optional_policy(`
setrans_admin(sysadm_t, sysadm_r)
')
optional_policy(` optional_policy(`
setroubleshoot_admin(sysadm_t, sysadm_r) setroubleshoot_admin(sysadm_t, sysadm_r)
') ')

31
policy/modules/system/setrans.if
View File

@ -40,3 +40,34 @@ interface(`setrans_translate_context',`
stream_connect_pattern($1, setrans_var_run_t, setrans_var_run_t, setrans_t) stream_connect_pattern($1, setrans_var_run_t, setrans_var_run_t, setrans_t)
files_list_pids($1) files_list_pids($1)
') ')
######################################
## <summary>
## All of the rules required to
## administrate an setrans environment.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
#
interface(`setrans_admin',`
gen_require(`
type setrans_t, setrans_initrc_exec_t;
type setrans_var_run_t;
')
allow $1 setrans_t:process { ptrace signal_perms };
ps_process_pattern($1, setrans_t)
init_startstop_service($1, $2, setrans_t, setrans_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, setrans_var_run_t)
')