RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SELinux xscreensaver policy support 

Hello

This a patch for adding xscreensaver policy.

I think it need a specific policy because of the auth_domtrans_chk_passwd.

cordially

Signed-off-by: LABBE Corentin <corentin.labbe@geomatys.fr>
This commit is contained in:
corentin.labbe 2009-09-11 14:21:59 +02:00 committed by Chris PeBenito
parent c141d835f1
commit 31f9c109c1
3 changed files with 87 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/apps/xscreensaver.fc Normal file
View File

@ -0,0 +1 @@
/usr/bin/xscreensaver -- gen_context(system_u:object_r:xscreensaver_exec_t,s0)

34
policy/modules/apps/xscreensaver.if Normal file
View File

@ -0,0 +1,34 @@
## <summary>xscreensaver policy interface</summary>
########################################
## <summary>
## Role access for xscreensaver
## </summary>
## <param name="role">
## <summary>
## Role allowed access
## </summary>
## </param>
## <param name="domain">
## <summary>
## User domain for the role
## </summary>
## </param>
#
interface(`xscreensaver_role',`
gen_require(`
type xscreensaver_t, xscreensaver_exec_t;
')
role $1 types xscreensaver_t;
domtrans_pattern($2, xscreensaver_exec_t, xscreensaver_t)
allow xscreensaver_t $2:fd use;
# Allow the user domain to signal/ps.
ps_process_pattern($2, xscreensaver_t)
allow $2 xscreensaver_t:process signal_perms;
allow xscreensaver_t $2:process sigchld;
')

52
policy/modules/apps/xscreensaver.te Normal file
View File

@ -0,0 +1,52 @@
policy_module(xscreensaver, 1.0.0)
########################################
#
# Declarations
#
type xscreensaver_t;
type xscreensaver_exec_t;
application_domain(xscreensaver_t, xscreensaver_exec_t)
type xscreensaver_tmpfs_t;
files_tmpfs_file(xscreensaver_tmpfs_t)
ubac_constrained(xscreensaver_tmpfs_t)
########################################
#
# Local policy
#
auth_use_nsswitch(xscreensaver_t)
logging_send_audit_msgs(xscreensaver_t)
logging_send_syslog_msg(xscreensaver_t)
miscfiles_read_localization(xscreensaver_t)
allow xscreensaver_t self:fifo_file rw_fifo_file_perms;
allow xscreensaver_t self:process signal;
#access to .icons and ~/.xscreensaver
userdom_read_user_home_content_files(xscreensaver_t)
userdom_use_user_ptys(xscreensaver_t)
files_read_usr_files(xscreensaver_t)
auth_domtrans_chk_passwd(xscreensaver_t)
#/var/run/utmp
init_read_utmp(xscreensaver_t)
########################################
#
# X Serveur and co
#
xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t)
########################################
#
# process, kernel and /proc /dev /sys
#
kernel_read_system_state(xscreensaver_t)