Merge pull request #196 from gtrentalancia/watch-perms
This commit is contained in:
Chris PeBenito
commit
b3959fb415
|
|
@ -164,9 +164,11 @@ dev_write_sound(mozilla_t)
|
|||
|
||||
domain_dontaudit_read_all_domains_state(mozilla_t)
|
||||
|
||||
files_watch_etc_dirs(mozilla_t)
|
||||
files_read_etc_runtime_files(mozilla_t)
|
||||
files_map_usr_files(mozilla_t)
|
||||
files_read_usr_files(mozilla_t)
|
||||
files_watch_usr_dirs(mozilla_t)
|
||||
files_read_var_files(mozilla_t)
|
||||
files_read_var_lib_files(mozilla_t)
|
||||
files_read_var_symlinks(mozilla_t)
|
||||
|
|
|
|||
|
|
@ -89,6 +89,10 @@ template(`wm_role_template',`
|
|||
gnome_stream_connect_all_gkeyringd($1_wm_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
networkmanager_watch_etc_dirs($1_wm_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
policykit_run_auth($1_wm_t, $2)
|
||||
policykit_signal_auth($1_wm_t)
|
||||
|
|
|
|||
|
|
@ -171,6 +171,24 @@ interface(`networkmanager_signal',`
|
|||
allow $1 NetworkManager_t:process signal;
|
||||
')
|
||||
|
||||
########################################
|
||||
### <summary>
|
||||
### Watch networkmanager etc dirs.
|
||||
### </summary>
|
||||
### <param name="domain">
|
||||
### <summary>
|
||||
### Domain allowed access.
|
||||
### </summary>
|
||||
### </param>
|
||||
##
|
||||
interface(`networkmanager_watch_etc_dirs',`
|
||||
gen_require(`
|
||||
type NetworkManager_etc_t;
|
||||
')
|
||||
|
||||
allow $1 NetworkManager_etc_t:dir watch;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read networkmanager etc files.
|
||||
|
|
|
|||
|
|
@ -46,6 +46,7 @@ files_lock_filetrans(getty_t, getty_lock_t, file)
|
|||
allow getty_t getty_log_t:file { append_file_perms create_file_perms setattr_file_perms };
|
||||
logging_log_filetrans(getty_t, getty_log_t, file)
|
||||
|
||||
allow getty_t getty_runtime_t:dir watch;
|
||||
manage_files_pattern(getty_t, getty_runtime_t, getty_runtime_t)
|
||||
files_pid_filetrans(getty_t, getty_runtime_t, file)
|
||||
|
||||
|
|
|
|||
|
|
@ -367,6 +367,25 @@ interface(`miscfiles_manage_fonts',`
|
|||
manage_lnk_files_pattern($1, fonts_t, fonts_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Watch fonts directories.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`miscfiles_watch_fonts_dirs',`
|
||||
gen_require(`
|
||||
type fonts_t;
|
||||
')
|
||||
|
||||
allow $1 fonts_t:dir watch;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Set the attributes on a fonts cache directory.
|
||||
|
|
|
|||
|
|
@ -92,8 +92,11 @@ template(`userdom_base_user_template',`
|
|||
domain_dontaudit_getsession_all_domains($1_t)
|
||||
|
||||
files_read_etc_files($1_t)
|
||||
files_watch_etc_dirs($1_t)
|
||||
files_read_etc_runtime_files($1_t)
|
||||
files_read_usr_files($1_t)
|
||||
files_watch_usr_dirs($1_t)
|
||||
files_watch_runtime_dirs($1_t)
|
||||
# Read directories and files with the readable_t type.
|
||||
# This type is a general type for "world"-readable files.
|
||||
files_list_world_readable($1_t)
|
||||
|
|
@ -112,6 +115,7 @@ template(`userdom_base_user_template',`
|
|||
|
||||
miscfiles_read_localization($1_t)
|
||||
miscfiles_read_generic_certs($1_t)
|
||||
miscfiles_watch_fonts_dirs($1_t)
|
||||
|
||||
sysnet_read_config($1_t)
|
||||
|
||||
|
|
@ -364,6 +368,8 @@ interface(`userdom_manage_home_role',`
|
|||
# cjp: this should probably be removed:
|
||||
allow $2 user_home_dir_t:dir { manage_dir_perms relabel_dir_perms };
|
||||
|
||||
allow $2 user_home_dir_t:dir watch;
|
||||
|
||||
userdom_manage_user_certs($2)
|
||||
userdom_user_home_dir_filetrans($2, user_cert_t, dir, ".pki")
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue