From dd4cfd8a77158996576be0dcc8c157acc92c8321 Mon Sep 17 00:00:00 2001 From: cgzones Date: Fri, 17 Feb 2017 16:26:22 +0100 Subject: [PATCH] add admin_process_pattern macro useful for MODULE_admin interfaces --- policy/support/misc_patterns.spt | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt index f249fd705..cd3a1282e 100644 --- a/policy/support/misc_patterns.spt +++ b/policy/support/misc_patterns.spt @@ -98,3 +98,16 @@ define(`ps_process_pattern',` allow $1 $2:lnk_file read_lnk_file_perms; allow $1 $2:process getattr; ') + +# +# Process administration pattern +# +# Parameters: +# 1. source domain +# 2. target domain +# +define(`admin_process_pattern',` + ps_process_pattern($1, $2) + + allow $1 $2:process { ptrace signal_perms }; +')