[refpolicy] [PATCH 3/5] Introduce interface to manage all non-security-sensitive resource types

Sven Vermeulen sven.vermeulen at siphos.be
Thu Aug 7 14:05:36 EDT 2014


This interface can be used by domains that need wide management
privileges on the various file-related types (directories, symbolic
links and the like) but should not need this for security-sensitive
resources.

Signed-off-by: Jason Zaman <jason at perfinion.com>
Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 policy/modules/kernel/files.if | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index fd56414..b75d03a 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -590,6 +590,28 @@ interface(`files_manage_non_security_dirs',`
 	allow $1 non_security_file_type:dir manage_dir_perms;
 ')
 
+#########################################
+## <summary>
+##	Manage non-security-sensitive resource types
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_manage_all_non_security_file_types',`
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	manage_dirs_pattern($1, non_security_file_type, non_security_file_type)
+	manage_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_sock_files_pattern($1, non_security_file_type, non_security_file_type)
+')
+
 ########################################
 ## <summary>
 ##	Get the attributes of all files.
-- 
1.8.5.5



More information about the refpolicy mailing list