Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.5 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C6B02C43441 for ; Fri, 16 Nov 2018 17:43:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 78CE62086B for ; Fri, 16 Nov 2018 17:43:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=tresys.onmicrosoft.com header.i=@tresys.onmicrosoft.com header.b="Arkl9PNU" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 78CE62086B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=tresys.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729140AbeKQD4q (ORCPT ); Fri, 16 Nov 2018 22:56:46 -0500 Received: from mail-eopbgr730133.outbound.protection.outlook.com ([40.107.73.133]:32482 "EHLO NAM05-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728175AbeKQD4q (ORCPT ); Fri, 16 Nov 2018 22:56:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tresys.onmicrosoft.com; s=selector1-tresys-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gamP5GDVoOx84gBLz3us26HAXvwaI7hcHEP5eh3BPFE=; b=Arkl9PNUAOH/ZLSfvzGLiHjemQikTLvdy3MTi9PnJkZNweHfxuQHzgffB2NBzxY86TO5fACKarpnvk3GjDS1VTX8oIVq3GFn6OFzbzwPdKdgrSKMFB0w0/+wwS/ApF3zIjXoUrFfOg4AqB0c+IqnJ0/M9ZQANJMg3yiGPkY4/Xk= Received: from BN6PR15MB1507.namprd15.prod.outlook.com (10.172.151.147) by BN6PR15MB1553.namprd15.prod.outlook.com (10.172.152.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.28; Fri, 16 Nov 2018 17:43:25 +0000 Received: from BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::19a7:1a53:2419:2929]) by BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::19a7:1a53:2419:2929%9]) with mapi id 15.20.1339.023; Fri, 16 Nov 2018 17:43:25 +0000 From: David Sugar To: "selinux-refpolicy@vger.kernel.org" Subject: [PATCH] Interface to read cron_system_spool_t Thread-Topic: [PATCH] Interface to read cron_system_spool_t Thread-Index: AQHUfdPf9WxLqu0PrEivZ+V69M1pVw== Date: Fri, 16 Nov 2018 17:43:25 +0000 Message-ID: <20181116174221.1254-1-dsugar@tresys.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [96.244.17.66] x-clientproxiedby: BN6PR0101CA0007.prod.exchangelabs.com (2603:10b6:405:2a::20) To BN6PR15MB1507.namprd15.prod.outlook.com (2603:10b6:404:c6::19) authentication-results: spf=none (sender IP is ) smtp.mailfrom=dsugar@tresys.com; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;BN6PR15MB1553;6:uR3jHsJfvQTjuhYT+qNZ+pTVGNILPKM/mkAibQBMBVwub7CcevG9juuMWc2qDE184v4pK1NALYrChNPkdHg9+4vlexQ1ukDD1/XlOkD+n5VTkd1kEA+u5NqSMNDZRmutZkwjN33mjwCDgzwkimwr1JpD1xJadwnW59cAZZMSTJHfgrjDALsymjLpXmEgjCjcEXQqLH5ZwplfnagyUVYBqLi5UkLaP220y+VqFGY4OShaXdoPCebadUMCWGsFAVhzYAlm0XwkOFc9HTUyOCs8sRjcsTAMLE/apHqJ+94TFZJ2wdpcUbmPn0e8EfpcByKK1t+NkwZbBnl8R5bYqRhX5c9e9it3GTWwTU2hI9pLlRMtDdKNW9SkiOvDicpqyNlSoolrNDIGfO8vPAeN9azCTyJjqA2S7+D/VHmg4lPG2JomTaWOEcDWlW2TwII89JRMQxhiWX40VAIGPZNwcc3YRQ==;5:g4trvt0ZBuDXCJzgAOZ7sUfu01pu0XzkbHLsWzdQ3jc8WEsS6+JaJ3a1IyVAj3pgf2Vgx8QdDDI/YmXZXJF8x4eqiQfzeNX+VQRDo9Kjdn5QMpLMAy+4QurQwwZ0xOWlHmk+maORmqqRyKwmNwOVrNAmg15+xQImIewjQ5zhrew=;7:ybn3P1nZSOjIG93F5V5JH578UCjirwK7RcsxK6wqoD9lCrs+pd/UD82SO5qOH7rFbUVhIYVjB1whJc3P5fLtxfiZhbzYyx+V589mS6uvpK6wmfABYe5Caecz4UfGQyfl19jH2AKvbaFHeP5c/m4Lyg== x-ms-office365-filtering-correlation-id: 866e388c-fd59-420d-34ae-08d64beb0221 x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390098)(7020095)(4652040)(7021145)(8989299)(5600074)(711020)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(2017052603328)(7153060)(7193020);SRVR:BN6PR15MB1553; x-ms-traffictypediagnostic: BN6PR15MB1553: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(269456686620040); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3231415)(944501410)(52105112)(93006095)(93001095)(3002001)(148016)(149066)(150057)(6041310)(20161123558120)(20161123564045)(20161123562045)(20161123560045)(2016111802025)(6043046)(201708071742011)(7699051)(76991095);SRVR:BN6PR15MB1553;BCL:0;PCL:0;RULEID:;SRVR:BN6PR15MB1553; x-forefront-prvs: 0858FF8026 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(366004)(39830400003)(396003)(346002)(136003)(376002)(189003)(199004)(2351001)(2616005)(97736004)(476003)(2501003)(106356001)(486006)(71190400001)(36756003)(316002)(71200400001)(52116002)(386003)(6506007)(99286004)(26005)(186003)(305945005)(102836004)(6512007)(1076002)(81166006)(81156014)(8676002)(2900100001)(6116002)(86362001)(256004)(7736002)(66066001)(1857600001)(5660300001)(53936002)(25786009)(8936002)(14444005)(508600001)(14454004)(6916009)(68736007)(2906002)(6436002)(5640700003)(3846002)(105586002)(6486002);DIR:OUT;SFP:1102;SCL:1;SRVR:BN6PR15MB1553;H:BN6PR15MB1507.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: tresys.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: JDcNJ0Nt2kGeVN6bKRUslma2mJ6ix1+ipZcJFClG63AfBEymwCqnjVizrtMdfhL7Jf9FR4hS7s1PX2LUrGH9b1MojYP203e7nS4HKbhWMXqbHrycX0cUuLTPaIhK0pZhX8v5e/4LCwZn7RLd3+Xg2mPrj4Z+GFs829MfJ56Tr0AbOZEooX30AjY7lHjuxqLttO3JexRJsD3sJiZchpreDhhmZrU5SXB/8ZpGL5XANiZ3URfxKBl8IDeI+zUAxALSIFy8LLMKbgsIuUUJU2aWgE05lBSEuXIMeaV5+U4B7vAQknLC2E6ZLd1cgdYHq/ZBhIoBb0Jkh4+B0ebdaNzcE49ou0vb+E3GeSZrhQYjr00= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: tresys.com X-MS-Exchange-CrossTenant-Network-Message-Id: 866e388c-fd59-420d-34ae-08d64beb0221 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2018 17:43:25.0413 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a0d45667-6c07-4e88-868f-4ac9af95c7ed X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1553 Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org Useful for the case that manage isn't requied. Signed-off-by: Dave Sugar --- policy/modules/services/cron.if | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron= .if index d40848ab..3278c216 100644 --- a/policy/modules/services/cron.if +++ b/policy/modules/services/cron.if @@ -706,6 +706,26 @@ interface(`cron_manage_system_spool',` manage_files_pattern($1, system_cron_spool_t, system_cron_spool_t) ') =20 +######################################## +## +## Read the system spool. +## +## +## +## Domain allowed access. +## +## +# +interface(`cron_read_system_spool',` + gen_require(` + type system_cron_spool_t; + ') + + cron_search_spool($1) + list_dirs_pattern($1, system_cron_spool_t, system_cron_spool_t) + read_files_pattern($1, system_cron_spool_t, system_cron_spool_t) +') + ######################################## ## ## Read and write crond temporary files. --=20 2.19.1