Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A406C43381 for ; Tue, 5 Mar 2019 22:31:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2CD7A20652 for ; Tue, 5 Mar 2019 22:31:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=tresys.onmicrosoft.com header.i=@tresys.onmicrosoft.com header.b="DAQk1NRn" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727741AbfCEWby (ORCPT ); Tue, 5 Mar 2019 17:31:54 -0500 Received: from mail-eopbgr720092.outbound.protection.outlook.com ([40.107.72.92]:48331 "EHLO NAM05-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726210AbfCEWby (ORCPT ); Tue, 5 Mar 2019 17:31:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tresys.onmicrosoft.com; s=selector1-tresys-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xvzBUcBR/YJn2x00d4Qtt95y65tatCQDl2pU37q3uyQ=; b=DAQk1NRnry2RMc10aCwYYKUxpKh3EXsJ3I03ih8zf3CIrFmarxWa3TYKM9mNJkdqLlTKXkk89IuaWlL5tcUt0XOjkILJe7jENk267P9CbSIKnzBAtKC9LNgfxZgdxhjZ/60CphkLaUwizq9xPnsKT4fKw4vZ1CxwQ+dLV0xRZF0= Received: from BN6PR15MB1507.namprd15.prod.outlook.com (10.172.151.147) by BN6PR15MB1729.namprd15.prod.outlook.com (10.174.239.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.15; Tue, 5 Mar 2019 22:31:49 +0000 Received: from BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::ec41:1dc7:5fd4:a07a]) by BN6PR15MB1507.namprd15.prod.outlook.com ([fe80::ec41:1dc7:5fd4:a07a%7]) with mapi id 15.20.1665.020; Tue, 5 Mar 2019 22:31:49 +0000 From: "Sugar, David" To: "selinux-refpolicy@vger.kernel.org" Subject: [PATCH] Add interface udev_run Thread-Topic: [PATCH] Add interface udev_run Thread-Index: AQHU06M5Wm7vCPYDLEWmiaHftT1Oiw== Date: Tue, 5 Mar 2019 22:31:49 +0000 Message-ID: <20190305223113.18610-1-dsugar@tresys.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [173.8.5.193] x-clientproxiedby: BN3PR03CA0095.namprd03.prod.outlook.com (2603:10b6:400:4::13) To BN6PR15MB1507.namprd15.prod.outlook.com (2603:10b6:404:c6::19) authentication-results: spf=none (sender IP is ) smtp.mailfrom=dsugar@tresys.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.20.1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a931cf92-ff66-43cf-86ea-08d6a1ba5b82 x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020);SRVR:BN6PR15MB1729; x-ms-traffictypediagnostic: BN6PR15MB1729: x-microsoft-exchange-diagnostics: =?iso-8859-1?Q?1;BN6PR15MB1729;23:meL1grX58kYB/f1UPtobV9oMl0TnB4/lo5WnXg3?= =?iso-8859-1?Q?upryN8cjDZzCUVu+MBZekh6piFQiilh5skOVLJFSoV9tVgZ4zt0ldF9bYS?= =?iso-8859-1?Q?7f+DzU84414vyqdanJlxD8Ttxxnd2CjdfwepSp9gjD6XLQOp+cdhVQP0uj?= =?iso-8859-1?Q?WFawLMUbtegrQMFTv8mtY0xdy7iq3P9ygC22MxGug7FbV6nFyt05htRIif?= =?iso-8859-1?Q?w6z+oaNVVmhunASD0tx2K8+GQK5QbpMv5bH5PDDtnesW/n4j5BvO/1+ZKy?= =?iso-8859-1?Q?yhQLyM0BgwUf8gujQSERWQBf7fLpmXq+lsn1KGIpsMJs5wZg+UxKpkTE2/?= =?iso-8859-1?Q?455WhQJdtJFg98CXMZbnfV/uxt+/LEF06QJYEo78s9JiHG+3eRzivLPV9M?= =?iso-8859-1?Q?irx7brk2BxxOoUj/y/BEOWM5Tvy7dw28/nbjsqjUra/hgl4FcT3W82OtP1?= =?iso-8859-1?Q?Oed7sn1seg1dtJuzlkovn242+CgUSORTRMe/h+eEpy1bTbyqKztt/X7Mz/?= =?iso-8859-1?Q?MoVnRbswMKJ8k09GS7iPyrCUZseJQYBYNLoPFRg/fa+4W5lXZdV0MvsgSK?= =?iso-8859-1?Q?Cr6D1htaGYuofcSDz9hUcjTzcOClCjAYKOhEPdC6PkDf1Tu1ndv9IRVyL/?= =?iso-8859-1?Q?e6rscIpFBHdQ5WDgDk5ziFyWyKX89hedx5XBgbvL8vuvSV3HRF+elnVT/i?= =?iso-8859-1?Q?L+fH6Z+wjxb5ouilWzCFKb0ok4EFmaGXs0aKzwiruZHsxkQwX3evHvKgG5?= =?iso-8859-1?Q?xzaj9n/GnWu3EfTAHwKX/9DaYP3A8Al5+aeLdlkvv1AKbtTcsrpmshnppH?= =?iso-8859-1?Q?bhgZXoVw6P/pfRHmrVeS5jOHyUeNMO5ZanqQjsgBqdc2qrDDHT+FxXB2gZ?= =?iso-8859-1?Q?mBUu4VYjmDgA3mV4IjwWJZWGuqkEvsAP+32uF1Nq0biPcV+1Ga0KoLH4EB?= =?iso-8859-1?Q?Mb71OYs4TveURUqVOUy6l7XxNEtcIIBvtdYeeJHnxBv9fNhsh6sm0iZAns?= =?iso-8859-1?Q?lodZFcaYc6Ip9Fh5R2WitN9tsPnR44c4O64QUoAfbf9xxvUTzZdphaEts7?= =?iso-8859-1?Q?ZfNMagklsJgBqmOj8hCwTHJoGzZNNsDvsi0InFbLXOW3Q7bquxf6sB56QM?= =?iso-8859-1?Q?zonRkUA35Sx+Zcr/Szgmn8U38o99pT+GC1OvZTUVkf0q+0IawU/XTf5XoG?= =?iso-8859-1?Q?nOG7ds+UkAtWkLKxu0QHMr7YTkLS2MM6yLtbZe61DO+QPca1hFzew/sMy5?= =?iso-8859-1?Q?lYLZk0R/P9y2D/rJV?= x-microsoft-antispam-prvs: x-forefront-prvs: 0967749BC1 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(39830400003)(376002)(346002)(136003)(366004)(396003)(199004)(189003)(53936002)(97736004)(2616005)(8936002)(26005)(99286004)(14454004)(36756003)(386003)(5660300002)(106356001)(2351001)(476003)(486006)(71190400001)(71200400001)(52116002)(186003)(1076003)(105586002)(4744005)(508600001)(86362001)(2501003)(102836004)(6486002)(6436002)(6116002)(3846002)(50226002)(316002)(305945005)(6506007)(81166006)(256004)(14444005)(81156014)(6916009)(8676002)(6512007)(2906002)(5640700003)(25786009)(7736002)(68736007)(66066001);DIR:OUT;SFP:1102;SCL:1;SRVR:BN6PR15MB1729;H:BN6PR15MB1507.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: tresys.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: fQ59/HNVvd/2DpxTf8tRv13LSJJJ9kTgjMYipNIVzKWVlNmOHkzC1cAhJDdDRH75qRXygcruweR6b2B4WTjTp0+IXdlJXd06Ck4uNSDc+8bBwqqbC5vEPlxkIG7/3XjPyEBvKvkDMgC3S/3faXg2yO5rwWAyLp6o6XiQ3uz6+tIeGLX+bupfeALZJBGsuz4JideRfIrw2noaD3c8c89m+JkPKhOLg95j1FZrXy1cUwPtEe8qMdu9PA7e/1SYuIgoXaltxUq4+rEqr1LGlhiRYTO7SgZ1QPnJbgH2kfdC8s6idDZ/HSOZSgvmv0ynSETYrA3ysuGLUAE5u2B2R38tilXJneO3bMRACv+3/0zhDBqGvD+hNwwdmsWy/SthC7SYV1nWlutz0FrZs0wf0Ak4HAoOrVktWb+D4q8XiS++NFM= Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: tresys.com X-MS-Exchange-CrossTenant-Network-Message-Id: a931cf92-ff66-43cf-86ea-08d6a1ba5b82 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Mar 2019 22:31:49.3816 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a0d45667-6c07-4e88-868f-4ac9af95c7ed X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1729 Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org Signed-off-by: Dave Sugar --- policy/modules/system/udev.if | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if index fee55852..335adb6a 100644 --- a/policy/modules/system/udev.if +++ b/policy/modules/system/udev.if @@ -36,6 +36,32 @@ interface(`udev_domtrans',` domtrans_pattern($1, udev_exec_t, udev_t) ') =20 +######################################## +## +## Execute udev in the udev domain, and +## allow the specified role the udev domain. +## +## +## +## Domain allowed to transition. +## +## +## +## +## Role allowed access. +## +## +## +# +interface(`udev_run',` + gen_require(` + type udev_t; + ') + + udev_domtrans($1) + role $2 types udev_t; +') + ######################################## ## ## Allow udev to execute the specified program in --=20 2.20.1