This patch fixes the xserver module so that the hidden .ICEauthority
file is created with the proper context (file transition).
It also optimizes a similar interface used for xauth home files.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/services/xserver.if | 33 ++++++++++++++++++++++++++++++++-
1 file changed, 32 insertions(+), 1 deletion(-)
--- refpolicy-2.20170204-orig/policy/modules/services/xserver.if 2017-01-29 18:47:23.000000000 +0100
+++ refpolicy-2.20170204/policy/modules/services/xserver.if 2017-04-19 17:07:06.659759701 +0200
@@ -167,6 +167,8 @@ interface(`xserver_role',`
relabel_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t)
relabel_files_pattern($2, user_fonts_config_t, user_fonts_config_t)
+ xserver_user_home_dir_filetrans_user_iceauth($2, ".ICEauthority")
+
xserver_read_xkb_libs($2)
')
@@ -561,13 +563,42 @@ interface(`xserver_domtrans_xauth',`
## Domain allowed access.
## </summary>
## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
#
interface(`xserver_user_home_dir_filetrans_user_xauth',`
gen_require(`
type xauth_home_t;
')
- userdom_user_home_dir_filetrans($1, xauth_home_t, file)
+ userdom_user_home_dir_filetrans($1, xauth_home_t, file, $2)
+')
+
+#######################################
+## <summary>
+## Create a ICEauthority file in
+## the user home directory.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`xserver_user_home_dir_filetrans_user_iceauth',`
+ gen_require(`
+ type iceauth_home_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, iceauth_home_t, file, $2)
')
########################################
On 04/19/2017 11:35 AM, Guido Trentalancia via refpolicy wrote:
> This patch fixes the xserver module so that the hidden .ICEauthority
> file is created with the proper context (file transition).
>
> It also optimizes a similar interface used for xauth home files.
Merged.
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/services/xserver.if | 33 ++++++++++++++++++++++++++++++++-
> 1 file changed, 32 insertions(+), 1 deletion(-)
>
> --- refpolicy-2.20170204-orig/policy/modules/services/xserver.if 2017-01-29 18:47:23.000000000 +0100
> +++ refpolicy-2.20170204/policy/modules/services/xserver.if 2017-04-19 17:07:06.659759701 +0200
> @@ -167,6 +167,8 @@ interface(`xserver_role',`
> relabel_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t)
> relabel_files_pattern($2, user_fonts_config_t, user_fonts_config_t)
>
> + xserver_user_home_dir_filetrans_user_iceauth($2, ".ICEauthority")
> +
> xserver_read_xkb_libs($2)
> ')
>
> @@ -561,13 +563,42 @@ interface(`xserver_domtrans_xauth',`
> ## Domain allowed access.
> ## </summary>
> ## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> #
> interface(`xserver_user_home_dir_filetrans_user_xauth',`
> gen_require(`
> type xauth_home_t;
> ')
>
> - userdom_user_home_dir_filetrans($1, xauth_home_t, file)
> + userdom_user_home_dir_filetrans($1, xauth_home_t, file, $2)
> +')
> +
> +#######################################
> +## <summary>
> +## Create a ICEauthority file in
> +## the user home directory.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="name" optional="true">
> +## <summary>
> +## The name of the object being created.
> +## </summary>
> +## </param>
> +#
> +interface(`xserver_user_home_dir_filetrans_user_iceauth',`
> + gen_require(`
> + type iceauth_home_t;
> + ')
> +
> + userdom_user_home_dir_filetrans($1, iceauth_home_t, file, $2)
> ')
--
Chris PeBenito