2018-10-27 16:14:45

by Sugar, David

[permalink] [raw]
Subject: [PATCH 1/1] Interface to allow reading of virus signature files.

Signed-off-by: Dave Sugar <[email protected]>
---
policy/modules/services/clamav.if | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)

diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if
index 7ad8e800..80ac5c1e 100644
--- a/policy/modules/services/clamav.if
+++ b/policy/modules/services/clamav.if
@@ -177,6 +177,34 @@ interface(`clamav_read_state_clamd',`
read_lnk_files_pattern($1, clamd_t, clamd_t)
')

+#######################################
+## <summary>
+## Read clam virus signature files
+## </summary>
+## <desc>
+## <p>
+## Useful for when using things like 'sigtool'
+## which provides useful information about
+## ClamAV signature files.
+## </p>
+## </desc>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`clamav_read_signatures',`
+ gen_require(`
+ type clamd_var_lib_t;
+ ')
+
+ clamav_search_lib($1)
+ allow $1 clamd_var_lib_t:dir list_dir_perms;
+ read_files_pattern($1, clamd_var_lib_t, clamd_var_lib_t)
+ read_lnk_files_pattern($1, clamd_var_lib_t, clamd_var_lib_t)
+')
+
########################################
## <summary>
## All of the rules required to
--
2.14.4



2018-10-27 19:11:33

by Chris PeBenito

[permalink] [raw]
Subject: Re: [PATCH 1/1] Interface to allow reading of virus signature files.

On 10/27/2018 12:14 PM, David Sugar wrote:
> Signed-off-by: Dave Sugar <[email protected]>
> ---
> policy/modules/services/clamav.if | 28 ++++++++++++++++++++++++++++
> 1 file changed, 28 insertions(+)
>
> diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if
> index 7ad8e800..80ac5c1e 100644
> --- a/policy/modules/services/clamav.if
> +++ b/policy/modules/services/clamav.if
> @@ -177,6 +177,34 @@ interface(`clamav_read_state_clamd',`
> read_lnk_files_pattern($1, clamd_t, clamd_t)
> ')
>
> +#######################################
> +## <summary>
> +## Read clam virus signature files
> +## </summary>
> +## <desc>
> +## <p>
> +## Useful for when using things like 'sigtool'
> +## which provides useful information about
> +## ClamAV signature files.
> +## </p>
> +## </desc>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`clamav_read_signatures',`
> + gen_require(`
> + type clamd_var_lib_t;
> + ')
> +
> + clamav_search_lib($1)
> + allow $1 clamd_var_lib_t:dir list_dir_perms;
> + read_files_pattern($1, clamd_var_lib_t, clamd_var_lib_t)
> + read_lnk_files_pattern($1, clamd_var_lib_t, clamd_var_lib_t)
> +')
> +
> ########################################
> ## <summary>
> ## All of the rules required to

Merged.

--
Chris PeBenito