Add an interface to allow the specified domain to mmap the general network configuration files

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2019-10-08 16:37:06 +02:00 · 2019-10-08 16:37:06 +02:00 · c89e121db4
parent 61923c23d7
commit c89e121db4
1 changed files with 25 additions and 0 deletions
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@ -364,6 +364,31 @@ interface(`sysnet_read_config',`
 	')
 ')

+#######################################
+## <summary>
+##     Map network config files.
+## </summary>
+## <desc>
+##     <p>
+##     Allow the specified domain to mmap the
+##     general network configuration files.
+##     </p>
+## </desc>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`sysnet_mmap_config_files',`
+	gen_require(`
+		type net_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 net_conf_t:file map;
+')
+
 #######################################
 ## <summary>
 ##	Do not audit attempts to read network config files.