From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 21 Aug 2008 10:00:59 -0400
Subject: [refpolicy] [patch 07/35] w3c policy addition
In-Reply-To: <20080804123735.658128129@hardeman.nu>
References: <20080804123456.679565839@hardeman.nu>
<20080804123735.658128129@hardeman.nu>
Message-ID: <1219327259.16398.61.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
On Mon, 2008-08-04 at 14:35 +0200, david at hardeman.nu wrote:
> plain text document attachment (policy_modules_services_w3c.patch)
> This is a new module not present upstream, contains nothing that
> looks controversial.
>
> I've added one Debian path, perhaps it should be in a
> conditional block...(/usr/lib/cgi-bin/check)
Merged.
> Index: refpolicy/policy/modules/services/w3c.fc
> ===================================================================
> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> +++ refpolicy/policy/modules/services/w3c.fc 2008-08-03 17:13:33.000000000 +0200
> @@ -0,0 +1,3 @@
> +/usr/share/w3c-markup-validator(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_content_t,s0)
> +/usr/share/w3c-markup-validator/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0)
> +/usr/lib/cgi-bin/check gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0)
> Index: refpolicy/policy/modules/services/w3c.if
> ===================================================================
> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> +++ refpolicy/policy/modules/services/w3c.if 2008-08-03 17:13:33.000000000 +0200
> @@ -0,0 +1,20 @@
> +## W3C
> +
> +########################################
> +##
> +## Execute w3c server in the w3c domain.
> +##
> +##
> +##
> +## The type of the process performing this action.
> +##
> +##
> +#
> +#
> +interface(`w3c_script_domtrans',`
> + gen_require(`
> + type w3c_script_exec_t;
> + ')
> +
> + init_script_domtrans_spec($1,w3c_script_exec_t)
> +')
> Index: refpolicy/policy/modules/services/w3c.te
> ===================================================================
> --- /dev/null 1970-01-01 00:00:00.000000000 +0000
> +++ refpolicy/policy/modules/services/w3c.te 2008-08-03 17:13:33.000000000 +0200
> @@ -0,0 +1,14 @@
> +policy_module(w3c,1.2.1)
> +
> +apache_content_template(w3c_validator)
> +
> +sysnet_dns_name_resolve(httpd_w3c_validator_script_t)
> +
> +corenet_tcp_connect_ftp_port(httpd_w3c_validator_script_t)
> +corenet_tcp_sendrecv_ftp_port(httpd_w3c_validator_script_t)
> +corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
> +corenet_tcp_sendrecv_http_port(httpd_w3c_validator_script_t)
> +corenet_tcp_connect_http_cache_port(httpd_w3c_validator_script_t)
> +corenet_tcp_sendrecv_http_cache_port(httpd_w3c_validator_script_t)
> +
> +miscfiles_read_certs(httpd_w3c_validator_script_t)
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150