From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 21 Aug 2008 10:00:59 -0400
Subject: [refpolicy] [patch 07/35] w3c policy addition
In-Reply-To: <20080804123735.658128129@hardeman.nu>
References: <20080804123456.679565839@hardeman.nu>
	<20080804123735.658128129@hardeman.nu>
Message-ID: <1219327259.16398.61.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2008-08-04 at 14:35 +0200, david at hardeman.nu wrote:
> plain text document attachment (policy_modules_services_w3c.patch)
> This is a new module not present upstream, contains nothing that
> looks controversial.
> 
> I've added one Debian path, perhaps it should be in a
> conditional block...(/usr/lib/cgi-bin/check)

Merged.

> Index: refpolicy/policy/modules/services/w3c.fc
> ===================================================================
> --- /dev/null	1970-01-01 00:00:00.000000000 +0000
> +++ refpolicy/policy/modules/services/w3c.fc	2008-08-03 17:13:33.000000000 +0200
> @@ -0,0 +1,3 @@
> +/usr/share/w3c-markup-validator(/.*)?		gen_context(system_u:object_r:httpd_w3c_validator_content_t,s0)
> +/usr/share/w3c-markup-validator/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0)
> +/usr/lib/cgi-bin/check				gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0)
> Index: refpolicy/policy/modules/services/w3c.if
> ===================================================================
> --- /dev/null	1970-01-01 00:00:00.000000000 +0000
> +++ refpolicy/policy/modules/services/w3c.if	2008-08-03 17:13:33.000000000 +0200
> @@ -0,0 +1,20 @@
> +## <summary>W3C</summary>
> +
> +########################################
> +## <summary>
> +##	Execute w3c server in the w3c domain.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	The type of the process performing this action.
> +##	</summary>
> +## </param>
> +#
> +#
> +interface(`w3c_script_domtrans',`
> +	gen_require(`
> +		type w3c_script_exec_t;
> +	')
> +
> +	init_script_domtrans_spec($1,w3c_script_exec_t)
> +')
> Index: refpolicy/policy/modules/services/w3c.te
> ===================================================================
> --- /dev/null	1970-01-01 00:00:00.000000000 +0000
> +++ refpolicy/policy/modules/services/w3c.te	2008-08-03 17:13:33.000000000 +0200
> @@ -0,0 +1,14 @@
> +policy_module(w3c,1.2.1)
> +
> +apache_content_template(w3c_validator)
> +
> +sysnet_dns_name_resolve(httpd_w3c_validator_script_t)
> +
> +corenet_tcp_connect_ftp_port(httpd_w3c_validator_script_t)
> +corenet_tcp_sendrecv_ftp_port(httpd_w3c_validator_script_t)
> +corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
> +corenet_tcp_sendrecv_http_port(httpd_w3c_validator_script_t)
> +corenet_tcp_connect_http_cache_port(httpd_w3c_validator_script_t)
> +corenet_tcp_sendrecv_http_cache_port(httpd_w3c_validator_script_t)
> +
> +miscfiles_read_certs(httpd_w3c_validator_script_t)
> 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150