From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Sat, 8 Dec 2012 21:56:55 +0100 Subject: [refpolicy] [PATCH 04/11] Initial policy for makewhatis In-Reply-To: <1355000222-7297-1-git-send-email-sven.vermeulen@siphos.be> References: <1355000222-7297-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1355000222-7297-5-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Signed-off-by: Sven Vermeulen --- makewhatis.fc | 1 + makewhatis.if | 1 + makewhatis.te | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+), 0 deletions(-) create mode 100644 makewhatis.fc create mode 100644 makewhatis.if create mode 100644 makewhatis.te diff --git a/makewhatis.fc b/makewhatis.fc new file mode 100644 index 0000000..5ddf136 --- /dev/null +++ b/makewhatis.fc @@ -0,0 +1 @@ +/usr/sbin/makewhatis -- gen_context(system_u:object_r:makewhatis_exec_t,s0) diff --git a/makewhatis.if b/makewhatis.if new file mode 100644 index 0000000..17d948a --- /dev/null +++ b/makewhatis.if @@ -0,0 +1 @@ +## Build whatis database from man pages diff --git a/makewhatis.te b/makewhatis.te new file mode 100644 index 0000000..7c5c356 --- /dev/null +++ b/makewhatis.te @@ -0,0 +1,35 @@ +policy_module(makewhatis, 0.1) + +type makewhatis_t; +type makewhatis_exec_t; +application_domain(makewhatis_t, makewhatis_exec_t) + +type makewhatis_tmp_t; +files_tmp_file(makewhatis_tmp_t) + +#################### +# +# Local policy +# + +allow makewhatis_t self:process getsched; +allow makewhatis_t self:unix_stream_socket rw_stream_socket_perms; +allow makewhatis_t self:fifo_file rw_fifo_file_perms; + +manage_files_pattern(makewhatis_t, makewhatis_tmp_t, makewhatis_tmp_t) +manage_dirs_pattern(makewhatis_t, makewhatis_tmp_t, makewhatis_tmp_t) +files_tmp_filetrans(makewhatis_t, makewhatis_tmp_t, dir) + +kernel_read_system_state(makewhatis_t) + +corecmd_exec_bin(makewhatis_t) +corecmd_exec_shell(makewhatis_t) + +auth_use_nsswitch(makewhatis_t) + +miscfiles_read_localization(makewhatis_t) +miscfiles_manage_man_pages(makewhatis_t) + +optional_policy(` + cron_system_entry(makewhatis_t, makewhatis_exec_t) +') -- 1.7.8.6