From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 09 Sep 2010 08:07:34 -0400
Subject: [refpolicy] [Various 4/5] Implement seutil_domtrans_setsebool
 and add a call to this interface for the following domains: rpm_script_t,
 setroubelshoot_fixit_t, anaconda_t.
In-Reply-To: <20100903142417.GA26367@localhost.localdomain>
References: <20100903142417.GA26367@localhost.localdomain>
Message-ID: <4C88CE06.9040609@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/03/10 10:24, Dominick Grift wrote:
> Signed-off-by: Dominick Grift<domg472@gmail.com>

Setsebool_t does not exist upstream.

> ---
> :100644 100644 96f68e9... d1ebb91... M	policy/modules/admin/anaconda.te
> :100644 100644 1a08320... e7312eb... M	policy/modules/admin/rpm.te
> :100644 100644 3d17148... 3a2351b... M	policy/modules/services/setroubleshoot.te
> :100644 100644 170e2c7... cecca76... M	policy/modules/system/selinuxutil.if
>   policy/modules/admin/anaconda.te          |    1 +
>   policy/modules/admin/rpm.te               |    1 +
>   policy/modules/services/setroubleshoot.te |    1 +
>   policy/modules/system/selinuxutil.if      |   20 ++++++++++++++++++++
>   4 files changed, 23 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
> index 96f68e9..d1ebb91 100644
> --- a/policy/modules/admin/anaconda.te
> +++ b/policy/modules/admin/anaconda.te
> @@ -31,6 +31,7 @@ modutils_domtrans_insmod(anaconda_t)
>   modutils_domtrans_depmod(anaconda_t)
>
>   seutil_domtrans_semanage(anaconda_t)
> +seutil_domtrans_setsebool(anaconda_t)
>
>   userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
>
> diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
> index 1a08320..e7312eb 100644
> --- a/policy/modules/admin/rpm.te
> +++ b/policy/modules/admin/rpm.te
> @@ -334,6 +334,7 @@ modutils_domtrans_insmod(rpm_script_t)
>   seutil_domtrans_loadpolicy(rpm_script_t)
>   seutil_domtrans_setfiles(rpm_script_t)
>   seutil_domtrans_semanage(rpm_script_t)
> +seutil_domtrans_setsebool(rpm_script_t)
>
>   userdom_use_all_users_fds(rpm_script_t)
>
> diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
> index 3d17148..3a2351b 100644
> --- a/policy/modules/services/setroubleshoot.te
> +++ b/policy/modules/services/setroubleshoot.te
> @@ -150,6 +150,7 @@ corecmd_exec_bin(setroubleshoot_fixit_t)
>   corecmd_exec_shell(setroubleshoot_fixit_t)
>
>   seutil_domtrans_setfiles(setroubleshoot_fixit_t)
> +seutil_domtrans_setsebool(setroubleshoot_fixit_t)
>
>   files_read_usr_files(setroubleshoot_fixit_t)
>   files_read_etc_files(setroubleshoot_fixit_t)
> diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
> index 170e2c7..cecca76 100644
> --- a/policy/modules/system/selinuxutil.if
> +++ b/policy/modules/system/selinuxutil.if
> @@ -1038,6 +1038,26 @@ interface(`seutil_run_semanage',`
>
>   ########################################
>   ##<summary>
> +##	Execute a domain transition to run setsebool.
> +##</summary>
> +##<param name="domain">
> +##	<summary>
> +##	Domain allowed to transition.
> +##	</summary>
> +##</param>
> +#
> +interface(`seutil_domtrans_setsebool',`
> +	gen_require(`
> +		type setsebool_t, setsebool_exec_t;
> +	')
> +
> +	files_search_usr($1)
> +	corecmd_search_bin($1)
> +	domtrans_pattern($1, setsebool_exec_t, setsebool_t)
> +')
> +
> +########################################
> +##<summary>
>   ##	Full management of the semanage
>   ##	module store.
>   ##</summary>
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com