Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6F36C61CE8 for ; Sat, 19 Jan 2019 16:19:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7C6A02084F for ; Sat, 19 Jan 2019 16:19:20 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=tresys.onmicrosoft.com header.i=@tresys.onmicrosoft.com header.b="CZbubN4k" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728693AbfASQTU (ORCPT ); Sat, 19 Jan 2019 11:19:20 -0500 Received: from mail-eopbgr800115.outbound.protection.outlook.com ([40.107.80.115]:54414 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728460AbfASQTU (ORCPT ); Sat, 19 Jan 2019 11:19:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tresys.onmicrosoft.com; s=selector1-tresys-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=arZ3ED/ZjRLLfSpuIdclTEIYOomfHNPUDipizygoGIQ=; b=CZbubN4k2M955vu18hWQIFcvtek3GTzOaAIkt5k46pT/gOCffPsxfgt39zqQzIJhC2grEOJENgMQUTxn6kMlrZSL2Aq9J88J8S+ITCZq/5cRKPc5N3s1f39d2YXIfXsTGTBISFm2MQMk270egWc8sSiZhLykvTCBmaK0pyPC2mk= Received: from BN6PR15MB1507.namprd15.prod.outlook.com (10.172.151.147) by BN6PR15MB1569.namprd15.prod.outlook.com (10.172.152.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.27; Sat, 19 Jan 2019 16:19:16 +0000 Received: from BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::6d82:5bd:50b3:6a10]) by BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::6d82:5bd:50b3:6a10%3]) with mapi id 15.20.1537.028; Sat, 19 Jan 2019 16:19:15 +0000 From: "Sugar, David" To: "selinux-refpolicy@vger.kernel.org" Subject: [PATCH] Add interface clamav_run Thread-Topic: [PATCH] Add interface clamav_run Thread-Index: AQHUsBK4XlXkrb2fyEGvYZ7bVDhl0A== Date: Sat, 19 Jan 2019 16:19:15 +0000 Message-ID: <20190119161905.25553-1-dsugar@tresys.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [73.180.141.176] x-clientproxiedby: BN6PR2001CA0024.namprd20.prod.outlook.com (2603:10b6:404:b4::34) To BN6PR15MB1507.namprd15.prod.outlook.com (2603:10b6:404:c6::19) authentication-results: spf=none (sender IP is ) smtp.mailfrom=dsugar@tresys.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.20.1 x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;BN6PR15MB1569;6:TSGYj3gJ7Ccb2f08dTx++qB1KPZcnJ63OA+uTDwlwII0vgifcJP5JwQord9KNitYJKPvL6n3tjx9RugpVwEY5Bn3lL5n0WbIZ78lmrW/ERyOfexlHLD45akz2/4qGLvSj/hrTxEdsuHjHEA7UifrzHe0g7onpeEgwRdesbCuDbNKmH7Ry6+cafNTWgGq+xnKsHch4Sw5LpODMKLBURscqiyMh6kkqh21VWErrbxdnVIJkJMIpUT8rYn0yIaRCgd2lLYx1a3WanUBRVveRNec/w424lEKJdjMv6xcKBxGPjHs8cbtX09qlVSVIKpu1Ix/UUtgbvT1Qh7ezgTUUNZWBDtGI4ylGz5qUUBWvfHeJR9n34levJ5mXJkXYVaMiZJy5ckOO9J416M/qZgCl4wt/kJ7MZNafAblCmuNLzXElbN7EepMUIfWqBupz2DCKa2vWfn4z0TPd1ycSkG858ZDrQ==;5:a4yUjik3EviO4ZWb1SAT5Ld5BvnlSxW/ksIIPaJCCl9i3U+cj+WgDE/nnGPTjzAbnej+IkeTwmEl0EMK8Mw1PQCrjzI/lV6C8VzXRfO6iD9+r6sMjtHCWiH7n9UbVMwxkEJCFjJKufBQDcUVcr5EtJ2WHbaY7bhGQb5XDbFePbOfYzWCACOaNNqBPsIUUUdtszVZw3npg8R8MFAPPqGu4Q==;7:2SNmKHHwpFOaYVar0jb2HcVSRsPy+BafpPoEupOOKcKsg/IblGW1m+GDi/NpA90K8uH/B0q7qaIQzQGw2zHapZHNAoQ5zIBYNCB0b3QAaDy7MPQjj3MKMWKZ5MSMwaSQ9tat0fckhDWRwhJdfrihxg== x-ms-office365-filtering-correlation-id: 1ca2714b-8125-4daf-0ad3-08d67e29daf9 x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(5600109)(711020)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(2017052603328)(7153060)(7193020);SRVR:BN6PR15MB1569; x-ms-traffictypediagnostic: BN6PR15MB1569: x-microsoft-antispam-prvs: x-forefront-prvs: 09222B39F5 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(136003)(366004)(396003)(346002)(376002)(39830400003)(189003)(199004)(52116002)(5640700003)(386003)(7736002)(476003)(53936002)(486006)(106356001)(105586002)(6116002)(3846002)(256004)(5660300001)(6506007)(6916009)(305945005)(2501003)(2906002)(66066001)(2616005)(102836004)(25786009)(508600001)(8676002)(50226002)(316002)(26005)(6512007)(14454004)(71200400001)(71190400001)(97736004)(81156014)(99286004)(14444005)(6486002)(8936002)(68736007)(81166006)(6436002)(2351001)(36756003)(4744005)(186003)(1076003)(86362001);DIR:OUT;SFP:1102;SCL:1;SRVR:BN6PR15MB1569;H:BN6PR15MB1507.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: tresys.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: wJWMuOyvpTqEDadVrnEjtPMRqSrtx52G1e/4zPPLttgI++XWzcqcJXLyD4KzhruDa8JjJeh4oGNJAiBHXI+09obC/Os8JBIbcupxs7jDd5UjwoiR09+3SqKkWq+85L5g6GFFTxMdTFE4ygBRbsXCi1uznu8fdF4vWraJi0yKu2iOzqitqd04RfX2d+dfVguGC7JGv/+Z726EMTx7m7GphSNSU0ozRDKJqUhI3VCG8ucXt8ylVtUZUwFWuNjuI8lcTNhblkUQr0haxkB5QS/9bCw6ci6x3KCSakja3TLOeLnnNUVcwpzOc1T8HvlGqq9BK/YEnY3AmnPsWJEbLmMh/8Jbv5mscbT563XysC8xsZZMNhdsTkhMTsPZjhqLGq+W75mtlsYmp6BRSKgNpstUatIOfADR/JG50UTP0d2uX/I= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: tresys.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1ca2714b-8125-4daf-0ad3-08d67e29daf9 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jan 2019 16:19:15.1416 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a0d45667-6c07-4e88-868f-4ac9af95c7ed X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1569 Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org Signed-off-by: Dave Sugar --- policy/modules/services/clamav.if | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/policy/modules/services/clamav.if b/policy/modules/services/cl= amav.if index 7b6df49e..3639d769 100644 --- a/policy/modules/services/clamav.if +++ b/policy/modules/services/clamav.if @@ -19,6 +19,32 @@ interface(`clamav_domtrans',` domtrans_pattern($1, clamd_exec_t, clamd_t) ') =20 +######################################## +## +## Execute clamd programs in the clamd +## domain and allow the specified role +## the clamd domain. +## +## +## +## Domain allowed to transition. +## +## +## +## +## Role allowed access. +## +## +# +interface(`clamav_run',` + gen_require(` + type clamd_t; + ') + + clamav_domtrans($1) + role $2 types clamd_t; +') + ######################################## ## ## Connect to clamd using a unix --=20 2.20.1