From 67484fced40f7e9c56343fee09437d9608b319a1 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 2 May 2005 18:42:33 +0000 Subject: [PATCH] add ignore read system state --- refpolicy/policy/modules/kernel/kernel.if | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if index 47f3ef604..05e5e5dc4 100644 --- a/refpolicy/policy/modules/kernel/kernel.if +++ b/refpolicy/policy/modules/kernel/kernel.if @@ -418,6 +418,20 @@ class lnk_file { getattr read }; class file { getattr read }; ') +######################################## +# +# kernel_ignore_read_system_state(domain) +# +define(`kernel_ignore_read_system_state',` +requires_block_template(kernel_ignore_read_system_state_depend) +allow $1 proc_t:file read; +') + +ifdef(`kernel_ignore_read_system_state_depend',` +type proc_t; +class file read; +') + ####################################### # # kernel_read_software_raid_state(domain,[`optional'])