nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,088 Commits 1 Branch 0 Tags 16 MiB
8ef3a91347
Commit Graph

388 Commits

Author SHA1 Message Date
Kenton Groombridge
0ac3f4ea2c rssh, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
0a78bb05eb pulseaudio, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
9554af912d openoffice, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
ffdbf9c86e mplayer, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
f5f0af2c24 mozilla, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
8bdab0397c libmtp, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
0f650e0dc5 java, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
b7980a45fc irc, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
56a50fb56c gpg, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
7cd14e0c49 gnome, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
d5246d98aa games, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
ab30d35882 evolution, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
4d7eb76fb9 chromium, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
99c2c94507 cdrecord, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
b90d40db67 xserver, roles, various: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:34 -04:00
Kenton Groombridge
dd7abf1f47 xscreensaver, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:33 -04:00
Kenton Groombridge
a3f02b2f6c syncthing, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:24 -04:00
Kenton Groombridge
150353158a screen, roles: use user exec domain attribute 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-10-13 19:07:13 -04:00
Chris PeBenito
b19be25429 systemd, userdomain, wm: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-09-14 13:55:26 -07:00
Chris PeBenito
938453ddb1 Merge pull request #381 from 0xC0ncord/bugfix/systemd-user-exec-apps 2021-09-14 13:23:23 -07:00
Kenton Groombridge
b91c6062ac wm: add user exec domain attribute to wm domains 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2021-09-14 14:53:48 -04:00
Chris PeBenito
4248e38824 Bump module versions for release. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-09-08 10:53:44 -04:00
Chris PeBenito
322037695e wireshark: Module version bump 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-09-08 10:52:38 -04:00
Fabrice Fontaine
d5c571c855 policy/modules/apps/wireshark.te: make xdg optional 
Make xdg optional to fix the following build failure:

 Compiling targeted policy.31
 env LD_LIBRARY_PATH="/tmp/instance-0/output-1/host/lib:/tmp/instance-0/output-1/host/usr/lib" /tmp/instance-0/output-1/host/usr/bin/checkpolicy -c 31 -U deny -S -O -E policy.conf -o policy.31
 policy/modules/apps/wireshark.te:96:ERROR 'unknown type xdg_downloads_t' at token ';' on line 645315:
 #line 96
	allow wireshark_t xdg_downloads_t:dir { getattr search open };
 checkpolicy:  error(s) encountered while parsing configuration
 make[1]: *** [Rules.monolithic:79: policy.31] Error 1

Fixes:
 - http://autobuild.buildroot.org/results/dfbc667e0c17072ddab89a03244f572d5234da50

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 2021-09-05 11:06:21 +02:00
Chris PeBenito
6c2f4bff7b
Merge pull request #388 from maage/doc-style 
style: policy: interfaces: doc: indent param blocks consistently
 2021-07-06 09:37:44 -04:00
Chris PeBenito
f1084e0b3c
Merge pull request #387 from maage/mixed-order 
fix: Mixed order
 2021-07-06 09:29:35 -04:00
Markus Linnala
9127219358 policy: interfaces: doc: indent param blocks consistently 
There is more than 5000 parameter documentations. Only about 300 are
differently done. Change them to be consistently indented.

param with one space
and content inside with one tab

This was done with:

sed -ri '
/^##[[:space:]]*<param/,/^##[[:space:]]*<[/]param>/{
	s/^##[[:space:]]*/##\t/;
	s/^##[[:space:]]*(<[/]?summary)/##\t\1/;
	s/^##[[:space:]]*(<[/]?param)/## \1/;
}' policy/modules/*/*.if

Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
 2021-07-02 12:19:25 +03:00
Markus Linnala
af1ec6b172 policy seunshare: seunshare_role: parameters usage partially mixed 
Documentation states 1st parameter is role and 2nd is domain.

So role clause should get role parameter
and seunshare_domtrans gets domain.

Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
 2021-07-02 12:07:29 +03:00
Markus Linnala
214d49461a policy gpg: doc: add documents for all *filterans parameters 
Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
 2021-07-02 11:53:24 +03:00
Markus Linnala
6c3cbdc16d policy chromium: chromium_tmp_filetrans: doc: add missing 2nd param documentation 
Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
 2021-07-02 11:53:24 +03:00
Markus Linnala
d949eb5d6e policy gnome: gnome_dbus_chat_gconfd: doc: does not have 1st param of role_prefix 
Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
 2021-07-02 11:53:24 +03:00
Christian Göttsche
6c5928d65a Use correct interface or template declaration 
Following the guideline of interfaces not allowed to declare anything
and not use prefix parameters, declare interfaces doing so as templates.

Also declare templates not using those features and not calling
templates themselves as interfaces.

These changes originate from the discussion in
https://github.com/TresysTechnology/selint/issues/205 and are found by
new proposed SELint checks at
https://github.com/TresysTechnology/selint/pull/206.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 2021-05-13 17:22:59 +02:00
Chris PeBenito
4412ad507c various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-05-11 08:41:48 -04:00
Jonathan Davies
5703b622cd irc.te: Allowed client access to screen runtime sock file. 
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-05-10 10:52:41 +01:00
Jonathan Davies
bad206ee3b screen.if: Added interface to allow executing sock file. 
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-05-10 10:52:41 +01:00
Jonathan Davies
508289a967 irc.te: Allow irc_t access to unix_dgram_socket sendto to allow clients to 
connect to a SOCKS proxy.

Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-05-10 10:52:25 +01:00
Chris PeBenito
8934069f82 Remove additional unused modules 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-03-07 09:29:34 -05:00
Chris PeBenito
ff983a6239 Bump module versions for release. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-03 08:38:26 -05:00
Chris PeBenito
4436cd0d6d various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 13:58:24 -05:00
Russell Coker
8b4f1e3384 misc apps and admin patches 
Send again without the section Dominick didn't like.  I think it's ready for inclusion.

Signed-off-by: Russell Coker <russell@coker.com.au>
 2021-02-02 13:29:48 -05:00
Chris PeBenito
cfb48c28d0 screen: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 08:47:55 -05:00
Jonathan Davies
9ec80c1b2f apps/screen.te: Allow screen to search xdg directories. 
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-02-01 21:42:12 +00:00
Jonathan Davies
2bdfc5c742 apps/screen.fc: Added fcontext for tmux xdg directory. 
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-01-29 14:56:29 +00:00
Chris PeBenito
072c0a9458 userdomain, gpg: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-29 08:35:12 -05:00
Dave Sugar
09bd4af708 Work with xdg module disabled 
These two cases I see when building on a system without graphical interface.
Move userdom_xdg_user_template into optional block
gpg module doesn't require a graphical front end, move xdg_read_data_files into optional block

Signed-off-by: Dave Sugar <dsugar@tresys.com>
 2021-01-28 18:13:33 -05:00
Chris PeBenito
87ffc9472a various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-25 09:48:59 -05:00
Russell Coker
da9b6306ea more Chrome stuff 
Patches for some more Chrome stuff

Signed-off-by: Russell Coker <russell@coker.com.au>
 2021-01-25 09:36:56 -05:00
Chris PeBenito
221813c947 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-25 08:27:35 -05:00
Chris PeBenito
cb93093f4e Merge pull request #335 from pebenito/drop-dead-modules 2021-01-25 08:22:09 -05:00
Chris PeBenito
0f6c861dfb various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-19 09:51:56 -05:00