sediff fixes

2005-10-24 12:38:45 +00:00 · 2005-10-24 12:38:45 +00:00 · 1dd86c43cd
commit 1dd86c43cd
parent bb67633572
5 changed files with 54 additions and 19 deletions
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@ -50,6 +50,11 @@ files_lock_file(system_crond_lock_t)
 type system_crond_tmp_t;
 files_tmp_file(system_crond_tmp_t)

+ifdef(`targeted_policy',`
+	type sysadm_cron_spool_t;
+	files_type(sysadm_cron_spool_t)
+')
+
 ########################################
 #
 # Cron Local policy
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@ -136,20 +136,19 @@ template(`authlogin_per_userdomain_template',`
 ## </param>
 #
 template(`auth_domtrans_user_chk_passwd',`
-	gen_require(`
-		type chkpwd_exec_t;
-		class process sigchld;
-		class fd use;
-		class fifo_file rw_file_perms;
+	ifdef(`targeted_policy',`',`
+		gen_require(`
+			type chkpwd_exec_t;
+		')
+
+		corecmd_search_bin($1)
+		domain_auto_trans($1,chkpwd_exec_t,$2_chkpwd_t)
+
+		allow $1 $2_chkpwd_t:fd use;
+		allow $2_chkpwd_t $1:fd use;
+		allow $2_chkpwd_t $1:fifo_file rw_file_perms;
+		allow $2_chkpwd_t $1:process sigchld;
 	')
-
-	corecmd_search_bin($1)
-	domain_auto_trans($1,chkpwd_exec_t,$2_chkpwd_t)
-
-	allow $1 $2_chkpwd_t:fd use;
-	allow $2_chkpwd_t $1:fd use;
-	allow $2_chkpwd_t $1:fifo_file rw_file_perms;
-	allow $2_chkpwd_t $1:process sigchld;
 ')

 ########################################
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@ -158,6 +158,28 @@ optional_policy(`consoletype.te',`
 	consoletype_domtrans(dhcpc_t)
 ')

+optional_policy(`dbus.te',`
+	gen_require(`
+		class dbus send_msg;
+	')
+
+	allow dhcpc_t self:dbus send_msg;
+
+	dbus_system_bus_client_template(dhcpc,dhcpc_t)
+	dbus_connect_system_bus(dhcpc_t)
+	dbus_send_system_bus_msg(dhcpc_t)
+
+	domain_auto_trans(system_dbusd_t, dhcpc_exec_t, dhcpc_t)
+
+	allow { NetworkManager_t initrc_t } dhcpc_t:dbus send_msg;
+	allow dhcpc_t { NetworkManager_t initrc_t }:dbus send_msg;
+
+	ifdef(`unconfined.te', `
+		allow unconfined_t dhcpc_t:dbus send_msg;
+		allow dhcpc_t unconfined_t:dbus send_msg;
+	')
+')
+
 optional_policy(`hostname.te',`
 	hostname_domtrans(dhcpc_t)
 ')
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@ -35,6 +35,10 @@ ifdef(`targeted_policy',`

 	userdom_unconfined(unconfined_t)

+	optional_policy(`su.te',`
+		su_per_userdomain_template(sysadm,unconfined_t,system_r)
+	')
+
 	ifdef(`TODO',`
 	ifdef(`samba.te', `samba_domain(user)')

--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@ -1432,13 +1432,18 @@ template(`userdom_manage_user_tmp_sockets',`
 ## </param>
 #
 template(`userdom_use_user_terminals',`
-	gen_require(`
-		type $1_tty_device_t, $1_devpts_t;
-	')
+	ifdef(`targeted_policy',`
+		term_use_unallocated_tty($2)
+		term_use_generic_pty($2)
+	',`
+		gen_require(`
+			type $1_tty_device_t, $1_devpts_t;
+		')

-	allow $2 $1_tty_device_t:chr_file rw_term_perms;
-	allow $2 $1_devpts_t:chr_file rw_term_perms;
-	term_list_ptys($2)
+		allow $2 $1_tty_device_t:chr_file rw_term_perms;
+		allow $2 $1_devpts_t:chr_file rw_term_perms;
+		term_list_ptys($2)
+	')
 ')

 ########################################