From: dominick.grift@gmail.com (Dominick Grift)
Date: Sun, 24 Jun 2012 21:32:29 +0200
Subject: [refpolicy] [PATCH v2 2/5] Support listing module configuration
 files
In-Reply-To: <20120624180418.GC11810@siphos.be>
References: <20120624180258.GA11810@siphos.be>
	<20120624180418.GC11810@siphos.be>
Message-ID: <1340566349.8671.3.camel@x220.mydomain.internal>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, 2012-06-24 at 20:04 +0200, Sven Vermeulen wrote:
> Dracut, an application that creates an initramfs based on the systems'
> requirements, needs to list the module configuration
> files to function. This adds in this interface for this purpose.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/system/modutils.if |   21 +++++++++++++++++++++
>  policy/modules/system/modutils.te |    4 ++++
>  2 files changed, 25 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/system/modutils.if b/policy/modules/system/modutils.if
> index 350c450..19d328a 100644
> --- a/policy/modules/system/modutils.if
> +++ b/policy/modules/system/modutils.if
> @@ -39,6 +39,27 @@ interface(`modutils_read_module_deps',`
>  
>  ########################################
>  ## <summary>
> +##	List the module configuration option files 
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +## <rolecap/>
> +#
> +interface(`modutils_list_module_config',`
> +	gen_require(`
> +		type modules_conf_t;
> +	')

I doubt that its listing this just for the sake of listing. You will
probably want to use "modutils_read_module_config()" instead. This also
allow caller to list.

> +	list_dirs_pattern($1, modules_conf_t, modules_conf_t)
> +')
> +
> +
> +
> +########################################
> +## <summary>
>  ##	Read the configuration options used when
>  ##	loading modules.
>  ## </summary>
> diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
> index 560d5d9..7607294 100644
> --- a/policy/modules/system/modutils.te
> +++ b/policy/modules/system/modutils.te
> @@ -89,6 +89,10 @@ tunable_policy(`use_samba_home_dirs',`
>  ')
>  
>  optional_policy(`
> +	dracut_manage_tmp_files(depmod_t)
> +')
> +
> +optional_policy(`
>  	rpm_rw_pipes(depmod_t)
>  	rpm_manage_script_tmp_files(depmod_t)
>  ')