2017-02-23 04:14:16

by Russell Coker

[permalink] [raw]
Subject: [refpolicy] [PATCH] rw_inherited_file_perms

This patch defines rw_inherited_file_perms. It's needed by a few patches
I'm going to send soon so I need to get it in before they go in.

Also it's generally a good thing to have. We should reconsider some of the
other policy for whether it should use this.

Index: refpolicy-2.20170221/policy/support/obj_perm_sets.spt
===================================================================
--- refpolicy-2.20170221.orig/policy/support/obj_perm_sets.spt
+++ refpolicy-2.20170221/policy/support/obj_perm_sets.spt
@@ -158,7 +158,8 @@ define(`mmap_file_perms',`{ getattr open
define(`exec_file_perms',`{ getattr open read execute ioctl execute_no_trans }')
define(`append_file_perms',`{ getattr open append lock ioctl }')
define(`write_file_perms',`{ getattr open write append lock ioctl }')
-define(`rw_file_perms',`{ getattr open read write append ioctl lock }')
+define(`rw_inherited_file_perms',`{ getattr read write append ioctl lock }')
+define(`rw_file_perms',`{ open rw_inherited_file_perms }')
define(`create_file_perms',`{ getattr create open }')
define(`rename_file_perms',`{ getattr rename }')
define(`delete_file_perms',`{ getattr unlink }')


2017-02-24 01:51:48

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy] [PATCH] rw_inherited_file_perms

On 02/22/17 23:14, Russell Coker via refpolicy wrote:
> This patch defines rw_inherited_file_perms. It's needed by a few patches
> I'm going to send soon so I need to get it in before they go in.
>
> Also it's generally a good thing to have. We should reconsider some of the
> other policy for whether it should use this.
>
> Index: refpolicy-2.20170221/policy/support/obj_perm_sets.spt
> ===================================================================
> --- refpolicy-2.20170221.orig/policy/support/obj_perm_sets.spt
> +++ refpolicy-2.20170221/policy/support/obj_perm_sets.spt
> @@ -158,7 +158,8 @@ define(`mmap_file_perms',`{ getattr open
> define(`exec_file_perms',`{ getattr open read execute ioctl execute_no_trans }')
> define(`append_file_perms',`{ getattr open append lock ioctl }')
> define(`write_file_perms',`{ getattr open write append lock ioctl }')
> -define(`rw_file_perms',`{ getattr open read write append ioctl lock }')
> +define(`rw_inherited_file_perms',`{ getattr read write append ioctl lock }')
> +define(`rw_file_perms',`{ open rw_inherited_file_perms }')
> define(`create_file_perms',`{ getattr create open }')
> define(`rename_file_perms',`{ getattr rename }')
> define(`delete_file_perms',`{ getattr unlink }')

Merged.

--
Chris PeBenito