Add optional name for kernel and system filetrans interfaces.

2025-02-02 21:01:32 +00:00 · 2012-05-10 09:53:45 -04:00 · 2012-05-10 09:53:45 -04:00 · 4f24b1841c
commit 4f24b1841c
parent b0e936e0d0
17 changed files with 203 additions and 42 deletions
--- a/1
+++ b/1
@ -1,3 +1,4 @@
+- Add optional name for kernel and system filetrans interfaces.
 - Non-auth file attribute to eliminate set expressions, from James Carter.
 - Virt updates from Sven Vermeulen.
 - Various dontaudits from Sven Vermeulen.
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@ -932,13 +932,18 @@ interface(`dev_manage_generic_chr_files',`
 ##	the transition will occur.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`dev_filetrans',`
 	gen_require(`
 		type device_t;
 	')

-	filetrans_pattern($1, device_t, $2, $3)
+	filetrans_pattern($1, device_t, $2, $3, $4)

 	dev_associate($2)
 	files_associate_tmp($2)
@ -962,13 +967,18 @@ interface(`dev_filetrans',`
 ##	the transition will occur.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`dev_tmpfs_filetrans_dev',`
 	gen_require(`
 		type device_t;
 	')

-	fs_tmpfs_filetrans($1, device_t, $2)
+	fs_tmpfs_filetrans($1, device_t, $2, $3)
 ')

 ########################################
@ -1637,13 +1647,18 @@ interface(`dev_manage_cardmgr_dev',`
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`dev_filetrans_cardmgr',`
 	gen_require(`
 		type device_t, cardmgr_dev_t;
 	')

-	filetrans_pattern($1, device_t, cardmgr_dev_t, { chr_file blk_file })
+	filetrans_pattern($1, device_t, cardmgr_dev_t, { chr_file blk_file }, $2)
 ')

 ########################################
@ -1893,13 +1908,18 @@ interface(`dev_manage_dri_dev',`
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`dev_filetrans_dri',`
 	gen_require(`
 		type device_t, dri_device_t;
 	')

-	filetrans_pattern($1, device_t, dri_device_t, chr_file)
+	filetrans_pattern($1, device_t, dri_device_t, chr_file, $2)
 ')

 ########################################
@ -2347,13 +2367,18 @@ interface(`dev_rw_lirc',`
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`dev_filetrans_lirc',`
 	gen_require(`
 		type device_t, lirc_device_t;
 	')

-	filetrans_pattern($1, device_t, lirc_device_t, chr_file)
+	filetrans_pattern($1, device_t, lirc_device_t, chr_file, $2)
 ')

 ########################################
@ -4630,13 +4655,18 @@ interface(`dev_manage_xen',`
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`dev_filetrans_xen',`
 	gen_require(`
 		type device_t, xen_device_t;
 	')

-	filetrans_pattern($1, device_t, xen_device_t, chr_file)
+	filetrans_pattern($1, device_t, xen_device_t, chr_file, $2)
 ')

 ########################################
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@ -1,4 +1,4 @@
-policy_module(devices, 1.13.0)
+policy_module(devices, 1.13.1)

 ########################################
 #
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@ -1747,13 +1747,18 @@ interface(`files_dontaudit_rw_root_dir',`
 ##	The object class of the object being created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`files_root_filetrans',`
 	gen_require(`
 		type root_t;
 	')

-	filetrans_pattern($1, root_t, $2, $3)
+	filetrans_pattern($1, root_t, $2, $3, $4)
 ')

 ########################################
@ -2033,13 +2038,18 @@ interface(`files_manage_boot_dirs',`
 ##	The object class of the object being created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`files_boot_filetrans',`
 	gen_require(`
 		type boot_t;
 	')

-	filetrans_pattern($1, boot_t, $2, $3)
+	filetrans_pattern($1, boot_t, $2, $3, $4)
 ')

 ########################################
@ -2809,13 +2819,18 @@ interface(`files_manage_etc_symlinks',`
 ##	Object classes to be created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`files_etc_filetrans',`
 	gen_require(`
 		type etc_t;
 	')

-	filetrans_pattern($1, etc_t, $2, $3)
+	filetrans_pattern($1, etc_t, $2, $3, $4)
 ')

 ########################################
@ -2833,6 +2848,11 @@ interface(`files_etc_filetrans',`
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 ## <rolecap/>
 #
 interface(`files_create_boot_flag',`
@ -2841,7 +2861,7 @@ interface(`files_create_boot_flag',`
 	')

 	allow $1 etc_runtime_t:file manage_file_perms;
-	filetrans_pattern($1, root_t, etc_runtime_t, file)
+	filetrans_pattern($1, root_t, etc_runtime_t, file, $2)
 ')

 ########################################
@ -3004,13 +3024,18 @@ interface(`files_manage_etc_runtime_files',`
 ##	The class of the object being created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`files_etc_filetrans_etc_runtime',`
 	gen_require(`
 		type etc_t, etc_runtime_t;
 	')

-	filetrans_pattern($1, etc_t, etc_runtime_t, $2)
+	filetrans_pattern($1, etc_t, etc_runtime_t, $2, $3)
 ')

 ########################################
@ -3549,13 +3574,18 @@ interface(`files_relabelto_home',`
 ##	The class of the object being created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`files_home_filetrans',`
 	gen_require(`
 		type home_root_t;
 	')

-	filetrans_pattern($1, home_root_t, $2, $3)
+	filetrans_pattern($1, home_root_t, $2, $3, $4)
 ')

 ########################################
@ -3989,13 +4019,18 @@ interface(`files_relabel_kernel_modules',`
 ##	The object class of the object being created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`files_kernel_modules_filetrans',`
 	gen_require(`
 		type modules_object_t;
 	')

-	filetrans_pattern($1, modules_object_t, $2, $3)
+	filetrans_pattern($1, modules_object_t, $2, $3, $4)
 ')

 ########################################
@ -4503,13 +4538,18 @@ interface(`files_read_all_tmp_files',`
 ##	The object class of the object being created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`files_tmp_filetrans',`
 	gen_require(`
 		type tmp_t;
 	')

-	filetrans_pattern($1, tmp_t, $2, $3)
+	filetrans_pattern($1, tmp_t, $2, $3, $4)
 ')

 ########################################
@ -4866,13 +4906,18 @@ interface(`files_read_usr_symlinks',`
 ##	The object class.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`files_usr_filetrans',`
 	gen_require(`
 		type usr_t;
 	')

-	filetrans_pattern($1, usr_t, $2, $3)
+	filetrans_pattern($1, usr_t, $2, $3, $4)
 ')

 ########################################
@ -5269,13 +5314,18 @@ interface(`files_manage_var_symlinks',`
 ##	The object class.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`files_var_filetrans',`
 	gen_require(`
 		type var_t;
 	')

-	filetrans_pattern($1, var_t, $2, $3)
+	filetrans_pattern($1, var_t, $2, $3, $4)
 ')

 ########################################
@ -5403,6 +5453,11 @@ interface(`files_rw_var_lib_dirs',`
 ##	The object class.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`files_var_lib_filetrans',`
 	gen_require(`
@ -5410,7 +5465,7 @@ interface(`files_var_lib_filetrans',`
 	')

 	allow $1 var_t:dir search_dir_perms;
-	filetrans_pattern($1, var_lib_t, $2, $3)
+	filetrans_pattern($1, var_lib_t, $2, $3, $4)
 ')

 ########################################
@ -5743,6 +5798,11 @@ interface(`files_manage_all_locks',`
 ##	The object class of the object being created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`files_lock_filetrans',`
 	gen_require(`
@ -5751,7 +5811,7 @@ interface(`files_lock_filetrans',`

 	allow $1 var_t:dir search_dir_perms;
 	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
-	filetrans_pattern($1, var_lock_t, $2, $3)
+	filetrans_pattern($1, var_lock_t, $2, $3, $4)
 ')

 ########################################
@ -5937,6 +5997,11 @@ interface(`files_write_generic_pid_pipes',`
 ##	The object class of the object being created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 ## <infoflow type="write" weight="10"/>
 #
 interface(`files_pid_filetrans',`
@ -5946,7 +6011,7 @@ interface(`files_pid_filetrans',`

 	allow $1 var_t:dir search_dir_perms;
 	allow $1 var_run_t:lnk_file read_lnk_file_perms;
-	filetrans_pattern($1, var_run_t, $2, $3)
+	filetrans_pattern($1, var_run_t, $2, $3, $4)
 ')

 ########################################
@ -6254,6 +6319,11 @@ interface(`files_manage_generic_spool',`
 ##	the transition will occur.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`files_spool_filetrans',`
 	gen_require(`
@ -6261,7 +6331,7 @@ interface(`files_spool_filetrans',`
 	')

 	allow $1 var_t:dir search_dir_perms;
-	filetrans_pattern($1, var_spool_t, $2, $3)
+	filetrans_pattern($1, var_spool_t, $2, $3, $4)
 ')

 ########################################
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@ -1,4 +1,4 @@
-policy_module(files, 1.16.2)
+policy_module(files, 1.16.3)

 ########################################
 #
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@ -2188,6 +2188,11 @@ interface(`fs_dontaudit_list_inotifyfs',`
 ##	The object class of the object being created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`fs_hugetlbfs_filetrans',`
 	gen_require(`
@ -2195,7 +2200,7 @@ interface(`fs_hugetlbfs_filetrans',`
 	')

 	allow $2 hugetlbfs_t:filesystem associate;
-	filetrans_pattern($1, hugetlbfs_t, $2, $3)
+	filetrans_pattern($1, hugetlbfs_t, $2, $3, $4)
 ')

 ########################################
@ -4014,6 +4019,11 @@ interface(`fs_dontaudit_write_tmpfs_dirs',`
 ##	The object class of the object being created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`fs_tmpfs_filetrans',`
 	gen_require(`
@ -4021,7 +4031,7 @@ interface(`fs_tmpfs_filetrans',`
 	')

 	allow $2 tmpfs_t:filesystem associate;
-	filetrans_pattern($1, tmpfs_t, $2, $3)
+	filetrans_pattern($1, tmpfs_t, $2, $3, $4)
 ')

 ########################################
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@ -1,4 +1,4 @@
-policy_module(filesystem, 1.15.0)
+policy_module(filesystem, 1.15.1)

 ########################################
 #
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@ -1575,6 +1575,11 @@ interface(`init_rw_script_tmp_files',`
 ##	The object class.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`init_script_tmp_filetrans',`
 	gen_require(`
@ -1582,7 +1587,7 @@ interface(`init_script_tmp_filetrans',`
 	')

 	files_search_tmp($1)
-	filetrans_pattern($1, initrc_tmp_t, $2, $3)
+	filetrans_pattern($1, initrc_tmp_t, $2, $3, $4)
 ')

 ########################################
@ -1750,7 +1755,7 @@ interface(`init_pid_filetrans_utmp',`
 		type initrc_var_run_t;
 	')

-	files_pid_filetrans($1, initrc_var_run_t, file)
+	files_pid_filetrans($1, initrc_var_run_t, file, "utmp")
 ')

 ########################################
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@ -1,4 +1,4 @@
-policy_module(init, 1.18.2)
+policy_module(init, 1.18.3)

 gen_require(`
 	class passwd rootok;
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@ -480,6 +480,11 @@ interface(`logging_domtrans_syslog',`
 ##	The object class of the object being created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 ## <infoflow type="write" weight="10"/>
 #
 interface(`logging_log_filetrans',`
@ -488,7 +493,7 @@ interface(`logging_log_filetrans',`
 	')

 	files_search_var($1)
-	filetrans_pattern($1, var_log_t, $2, $3)
+	filetrans_pattern($1, var_log_t, $2, $3, $4)
 ')

 ########################################
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@ -1,4 +1,4 @@
-policy_module(logging, 1.18.1)
+policy_module(logging, 1.18.2)

 ########################################
 #
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@ -1043,7 +1043,7 @@ interface(`seutil_manage_module_store',`
 	files_search_etc($1)
 	manage_dirs_pattern($1, selinux_config_t, semanage_store_t)
 	manage_files_pattern($1, semanage_store_t, semanage_store_t)
-	filetrans_pattern($1, selinux_config_t, semanage_store_t, dir)
+	filetrans_pattern($1, selinux_config_t, semanage_store_t, dir, "modules")
 ')

 #######################################
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@ -1,4 +1,4 @@
-policy_module(selinuxutil, 1.16.2)
+policy_module(selinuxutil, 1.16.3)

 gen_require(`
 	bool secure_mode;
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@ -401,13 +401,18 @@ interface(`sysnet_create_config',`
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`sysnet_etc_filetrans_config',`
 	gen_require(`
 		type net_conf_t;
 	')

-	files_etc_filetrans($1, net_conf_t, file)
+	files_etc_filetrans($1, net_conf_t, file, $2)
 ')

 #######################################
@ -622,6 +627,11 @@ interface(`sysnet_search_dhcp_state',`
 ##	The object class.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`sysnet_dhcp_state_filetrans',`
 	gen_require(`
@ -629,7 +639,7 @@ interface(`sysnet_dhcp_state_filetrans',`
 	')

 	files_search_var_lib($1)
-	filetrans_pattern($1, dhcp_state_t, $2, $3)
+	filetrans_pattern($1, dhcp_state_t, $2, $3, $4)
 ')

 ########################################
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@ -1,4 +1,4 @@
-policy_module(sysnetwork, 1.13.1)
+policy_module(sysnetwork, 1.13.2)

 ########################################
 #
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@ -1597,13 +1597,18 @@ interface(`userdom_relabelto_user_home_dirs',`
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`userdom_home_filetrans_user_home_dir',`
 	gen_require(`
 		type user_home_dir_t;
 	')

-	files_home_filetrans($1, user_home_dir_t, dir)
+	files_home_filetrans($1, user_home_dir_t, dir, $2)
 ')

 ########################################
@ -2074,13 +2079,18 @@ interface(`userdom_manage_user_home_content_sockets',`
 ##	The class of the object to be created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`userdom_user_home_dir_filetrans',`
 	gen_require(`
 		type user_home_dir_t;
 	')

-	filetrans_pattern($1, user_home_dir_t, $2, $3)
+	filetrans_pattern($1, user_home_dir_t, $2, $3, $4)
 	files_search_home($1)
 ')

@ -2105,13 +2115,18 @@ interface(`userdom_user_home_dir_filetrans',`
 ##	The class of the object to be created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`userdom_user_home_content_filetrans',`
 	gen_require(`
 		type user_home_dir_t, user_home_t;
 	')

-	filetrans_pattern($1, user_home_t, $2, $3)
+	filetrans_pattern($1, user_home_t, $2, $3, $4)
 	allow $1 user_home_dir_t:dir search_dir_perms;
 	files_search_home($1)
 ')
@ -2132,13 +2147,18 @@ interface(`userdom_user_home_content_filetrans',`
 ##	The class of the object to be created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`userdom_user_home_dir_filetrans_user_home_content',`
 	gen_require(`
 		type user_home_dir_t, user_home_t;
 	')

-	filetrans_pattern($1, user_home_dir_t, user_home_t, $2)
+	filetrans_pattern($1, user_home_dir_t, user_home_t, $2, $3)
 	files_search_home($1)
 ')

@ -2456,13 +2476,18 @@ interface(`userdom_manage_user_tmp_sockets',`
 ##	The class of the object to be created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`userdom_user_tmp_filetrans',`
 	gen_require(`
 		type user_tmp_t;
 	')

-	filetrans_pattern($1, user_tmp_t, $2, $3)
+	filetrans_pattern($1, user_tmp_t, $2, $3, $4)
 	files_search_tmp($1)
 ')

@ -2482,13 +2507,18 @@ interface(`userdom_user_tmp_filetrans',`
 ##	The class of the object to be created.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`userdom_tmp_filetrans_user_tmp',`
 	gen_require(`
 		type user_tmp_t;
 	')

-	files_tmp_filetrans($1, user_tmp_t, $2)
+	files_tmp_filetrans($1, user_tmp_t, $2, $3)
 ')

 ########################################
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@ -1,4 +1,4 @@
-policy_module(userdomain, 4.7.1)
+policy_module(userdomain, 4.7.2)

 ########################################
 #