From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 9 Oct 2012 11:22:50 -0400
Subject: [refpolicy] [PATCH] Changes to the bootloader policy module
In-Reply-To: <1349768675-24260-1-git-send-email-dominick.grift@gmail.com>
References: <1349768675-24260-1-git-send-email-dominick.grift@gmail.com>
Message-ID: <5074414A.4030208@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 10/09/12 03:44, Dominick Grift wrote:
> 
> Add bootloader_exec() for kdumpgui
> 
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> diff --git a/policy/modules/admin/bootloader.if b/policy/modules/admin/bootloader.if
> index a778bb1..cc8df9d 100644
> --- a/policy/modules/admin/bootloader.if
> +++ b/policy/modules/admin/bootloader.if
> @@ -47,6 +47,25 @@
>  
>  ########################################
>  ## <summary>
> +##	Execute bootloader in the caller domain.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`bootloader_exec',`
> +	gen_require(`
> +		type bootloader_exec_t;
> +	')
> +
> +	corecmd_search_bin($1)
> +	can_exec($1, bootloader_exec_t)
> +')
> +
> +########################################
> +## <summary>
>  ##	Read the bootloader configuration file.
>  ## </summary>
>  ## <param name="domain">

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com