nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,986 Commits 1 Branch 0 Tags 16 MiB
55cc7b4652
Commit Graph

360 Commits

Author SHA1 Message Date
Markus Linnala
214d49461a policy gpg: doc: add documents for all *filterans parameters 
Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
 2021-07-02 11:53:24 +03:00
Markus Linnala
6c3cbdc16d policy chromium: chromium_tmp_filetrans: doc: add missing 2nd param documentation 
Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
 2021-07-02 11:53:24 +03:00
Markus Linnala
d949eb5d6e policy gnome: gnome_dbus_chat_gconfd: doc: does not have 1st param of role_prefix 
Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
 2021-07-02 11:53:24 +03:00
Christian Göttsche
6c5928d65a Use correct interface or template declaration 
Following the guideline of interfaces not allowed to declare anything
and not use prefix parameters, declare interfaces doing so as templates.

Also declare templates not using those features and not calling
templates themselves as interfaces.

These changes originate from the discussion in
https://github.com/TresysTechnology/selint/issues/205 and are found by
new proposed SELint checks at
https://github.com/TresysTechnology/selint/pull/206.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 2021-05-13 17:22:59 +02:00
Chris PeBenito
4412ad507c various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-05-11 08:41:48 -04:00
Jonathan Davies
5703b622cd irc.te: Allowed client access to screen runtime sock file. 
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-05-10 10:52:41 +01:00
Jonathan Davies
bad206ee3b screen.if: Added interface to allow executing sock file. 
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-05-10 10:52:41 +01:00
Jonathan Davies
508289a967 irc.te: Allow irc_t access to unix_dgram_socket sendto to allow clients to 
connect to a SOCKS proxy.

Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-05-10 10:52:25 +01:00
Chris PeBenito
8934069f82 Remove additional unused modules 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-03-07 09:29:34 -05:00
Chris PeBenito
ff983a6239 Bump module versions for release. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-03 08:38:26 -05:00
Chris PeBenito
4436cd0d6d various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 13:58:24 -05:00
Russell Coker
8b4f1e3384 misc apps and admin patches 
Send again without the section Dominick didn't like.  I think it's ready for inclusion.

Signed-off-by: Russell Coker <russell@coker.com.au>
 2021-02-02 13:29:48 -05:00
Chris PeBenito
cfb48c28d0 screen: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-02-02 08:47:55 -05:00
Jonathan Davies
9ec80c1b2f apps/screen.te: Allow screen to search xdg directories. 
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-02-01 21:42:12 +00:00
Jonathan Davies
2bdfc5c742 apps/screen.fc: Added fcontext for tmux xdg directory. 
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
 2021-01-29 14:56:29 +00:00
Chris PeBenito
072c0a9458 userdomain, gpg: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-29 08:35:12 -05:00
Dave Sugar
09bd4af708 Work with xdg module disabled 
These two cases I see when building on a system without graphical interface.
Move userdom_xdg_user_template into optional block
gpg module doesn't require a graphical front end, move xdg_read_data_files into optional block

Signed-off-by: Dave Sugar <dsugar@tresys.com>
 2021-01-28 18:13:33 -05:00
Chris PeBenito
87ffc9472a various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-25 09:48:59 -05:00
Russell Coker
da9b6306ea more Chrome stuff 
Patches for some more Chrome stuff

Signed-off-by: Russell Coker <russell@coker.com.au>
 2021-01-25 09:36:56 -05:00
Chris PeBenito
221813c947 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-25 08:27:35 -05:00
Chris PeBenito
cb93093f4e Merge pull request #335 from pebenito/drop-dead-modules 2021-01-25 08:22:09 -05:00
Chris PeBenito
0f6c861dfb various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-19 09:51:56 -05:00
Chris PeBenito
437e0c4b97 chromium: Move naclhelper lines. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-19 08:39:53 -05:00
Chris PeBenito
34a8c10cb9 chromium: Whitespace changes. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-19 08:39:45 -05:00
Russell Coker
31a2b463f7 base chrome/chromium patch fixed 
This patch is the one I described as "another chromium patch" on the 10th of
April last year, but with the issues addressed, and the
chromium_t:file manage_file_perms removed as requested.

I believe it's ready for inclusion.

Signed-off-by: Russell Coker <russell@coker.com.au>
 2021-01-19 08:39:40 -05:00
Chris PeBenito
7b15003eae Remove modules for programs that are deprecated or no longer supported. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-14 17:14:30 -05:00
Chris PeBenito
bb471c3f1c various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-13 15:20:47 -05:00
Chris PeBenito
6c69f6e3de udev: Drop udev_tbl_t. 
This usage under /dev/.udev has been unused for a very long time and
replaced by functionality in /run/udev.  Since these have separate types,
take this opportunity to revoke these likely unnecessary rules.

Fixes #221

Derived from Laurent Bigonville's work in #230

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2021-01-13 15:12:11 -05:00
Chris PeBenito
72e221fd4d various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-08-28 15:30:52 -04:00
Chris PeBenito
74b37e16db Merge pull request #301 from bauen1/fix-selint-s-010 2020-08-28 15:26:47 -04:00
bauen1
fa59d0e9bc
selint: fix S-010 
Signed-off-by: bauen1 <j2468h@gmail.com>
 2020-08-28 17:39:09 +02:00
Chris PeBenito
d387e79989 Bump module versions for release. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-08-18 09:09:10 -04:00
Yi Zhao
8322f0e0d9 Remove duplicated rules 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2020-08-14 10:55:31 +08:00
Chris PeBenito
fbc60f2319
Merge pull request #296 from cgzones/diff-check 
whitespace cleanup
 2020-08-13 09:19:48 -04:00
Christian Göttsche
72b2c66256 whitespace cleanup 
Remove trailing white spaces and mixed up indents

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 2020-08-13 14:34:57 +02:00
Christian Göttsche
3bb507efa6 Fix several misspellings 
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 2020-08-13 14:08:58 +02:00
Chris PeBenito
613708cad6 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-07-04 09:30:45 -04:00
Chris PeBenito
0992763548 Update callers for "pid" to "runtime" interface rename. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-06-28 16:03:45 -04:00
Chris PeBenito
be04bb3e7e Rename "pid" interfaces to "runtime" interfaces. 
Rename interfaces to bring consistency with previous pid->runtime type
renaming.  See PR #106 or 69a403cd original type renaming.

Interfaces that are still in use were renamed with a compatibility
interface.  Unused interfaces were fully deprecated for removal.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-06-28 14:33:17 -04:00
Chris PeBenito
71002cdfe0 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-06-15 08:57:44 -04:00
Chris PeBenito
91087f8ff1 Merge pull request #274 from bauen1/remove-dead-weight 2020-06-15 08:56:42 -04:00
bauen1
77f891c7bf
Remove the ada module, it is unecessary and not touched since ~2008 
It is only used to allow the compiler execmem / execstack but we have
unconfined_execmem_t for that.

Signed-off-by: bauen1 <j2468h@gmail.com>
 2020-06-15 14:47:14 +02:00
bauen1
cb2d84b0d1
gpg: don't allow gpg-agent to read /proc/kcore 
This was probably a typo and shouldn't have been merged.

Signed-off-by: bauen1 <j2468h@gmail.com>
 2020-06-15 14:45:07 +02:00
bauen1
a5c3c70385
thunderbird: label files under /tmp 
Signed-off-by: bauen1 <j2468h@gmail.com>
 2020-06-15 14:43:17 +02:00
Chris PeBenito
309f655fdc various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-06-10 15:02:27 -04:00
Topi Miettinen
1d8333d7a7
Remove unlabeled packet access 
When SECMARK or Netlabel packet labeling is used, it's useful to
forbid receiving and sending unlabeled packets. If packet labeling is
not active, there's no effect.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-06-03 23:16:19 +03:00
Chris PeBenito
5b171c223a various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-05-14 10:32:30 -04:00
Christian Göttsche
57d570f01c chromium/libraries: move lib_t filecontext to defining module 
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 2020-05-12 20:09:44 +02:00
Christian Göttsche
31153edcb4 chromium: drop dead conditional block 
The condition `use_alsa` is nowhere defined, and the contained interface
`alsa_domain` does not exist.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 2020-05-11 21:42:50 +02:00
Chris PeBenito
4ae3713c45 various: Module version bump. 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
 2020-05-04 08:55:09 -04:00