From: domg472@gmail.com (Dominick Grift)
Date: Thu, 9 Sep 2010 14:11:06 +0200
Subject: [refpolicy] [Various 4/5] Implement seutil_domtrans_setsebool
 and add a call to this interface for the following domains: rpm_script_t,
 setroubelshoot_fixit_t, anaconda_t.
In-Reply-To: <4C88CE06.9040609@tresys.com>
References: <20100903142417.GA26367@localhost.localdomain>
	<4C88CE06.9040609@tresys.com>
Message-ID: <20100909121105.GA16089@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, Sep 09, 2010 at 08:07:34AM -0400, Christopher J. PeBenito wrote:
> On 09/03/10 10:24, Dominick Grift wrote:
> >Signed-off-by: Dominick Grift<domg472@gmail.com>
> 
> Setsebool_t does not exist upstream.

Yes, i redid it (see my other patch) after i figured that out. However i do not like how Fedora implemented that solution either and i wouldnt be surprised if you dont like it either

> 
> >---
> >:100644 100644 96f68e9... d1ebb91... M	policy/modules/admin/anaconda.te
> >:100644 100644 1a08320... e7312eb... M	policy/modules/admin/rpm.te
> >:100644 100644 3d17148... 3a2351b... M	policy/modules/services/setroubleshoot.te
> >:100644 100644 170e2c7... cecca76... M	policy/modules/system/selinuxutil.if
> >  policy/modules/admin/anaconda.te          |    1 +
> >  policy/modules/admin/rpm.te               |    1 +
> >  policy/modules/services/setroubleshoot.te |    1 +
> >  policy/modules/system/selinuxutil.if      |   20 ++++++++++++++++++++
> >  4 files changed, 23 insertions(+), 0 deletions(-)
> >
> >diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
> >index 96f68e9..d1ebb91 100644
> >--- a/policy/modules/admin/anaconda.te
> >+++ b/policy/modules/admin/anaconda.te
> >@@ -31,6 +31,7 @@ modutils_domtrans_insmod(anaconda_t)
> >  modutils_domtrans_depmod(anaconda_t)
> >
> >  seutil_domtrans_semanage(anaconda_t)
> >+seutil_domtrans_setsebool(anaconda_t)
> >
> >  userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
> >
> >diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
> >index 1a08320..e7312eb 100644
> >--- a/policy/modules/admin/rpm.te
> >+++ b/policy/modules/admin/rpm.te
> >@@ -334,6 +334,7 @@ modutils_domtrans_insmod(rpm_script_t)
> >  seutil_domtrans_loadpolicy(rpm_script_t)
> >  seutil_domtrans_setfiles(rpm_script_t)
> >  seutil_domtrans_semanage(rpm_script_t)
> >+seutil_domtrans_setsebool(rpm_script_t)
> >
> >  userdom_use_all_users_fds(rpm_script_t)
> >
> >diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
> >index 3d17148..3a2351b 100644
> >--- a/policy/modules/services/setroubleshoot.te
> >+++ b/policy/modules/services/setroubleshoot.te
> >@@ -150,6 +150,7 @@ corecmd_exec_bin(setroubleshoot_fixit_t)
> >  corecmd_exec_shell(setroubleshoot_fixit_t)
> >
> >  seutil_domtrans_setfiles(setroubleshoot_fixit_t)
> >+seutil_domtrans_setsebool(setroubleshoot_fixit_t)
> >
> >  files_read_usr_files(setroubleshoot_fixit_t)
> >  files_read_etc_files(setroubleshoot_fixit_t)
> >diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
> >index 170e2c7..cecca76 100644
> >--- a/policy/modules/system/selinuxutil.if
> >+++ b/policy/modules/system/selinuxutil.if
> >@@ -1038,6 +1038,26 @@ interface(`seutil_run_semanage',`
> >
> >  ########################################
> >  ##<summary>
> >+##	Execute a domain transition to run setsebool.
> >+##</summary>
> >+##<param name="domain">
> >+##	<summary>
> >+##	Domain allowed to transition.
> >+##	</summary>
> >+##</param>
> >+#
> >+interface(`seutil_domtrans_setsebool',`
> >+	gen_require(`
> >+		type setsebool_t, setsebool_exec_t;
> >+	')
> >+
> >+	files_search_usr($1)
> >+	corecmd_search_bin($1)
> >+	domtrans_pattern($1, setsebool_exec_t, setsebool_t)
> >+')
> >+
> >+########################################
> >+##<summary>
> >  ##	Full management of the semanage
> >  ##	module store.
> >  ##</summary>
> >
> >
> >
> >_______________________________________________
> >refpolicy mailing list
> >refpolicy at oss.tresys.com
> >http://oss.tresys.com/mailman/listinfo/refpolicy
> 
> 
> -- 
> Chris PeBenito
> Tresys Technology, LLC
> www.tresys.com | oss.tresys.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100909/306c360c/attachment.bin