From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Thu, 7 Aug 2014 20:05:36 +0200 Subject: [refpolicy] [PATCH 3/5] Introduce interface to manage all non-security-sensitive resource types In-Reply-To: <1407434738-11937-1-git-send-email-sven.vermeulen@siphos.be> References: <1407434738-11937-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1407434738-11937-4-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This interface can be used by domains that need wide management privileges on the various file-related types (directories, symbolic links and the like) but should not need this for security-sensitive resources. Signed-off-by: Jason Zaman Signed-off-by: Sven Vermeulen --- policy/modules/kernel/files.if | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index fd56414..b75d03a 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -590,6 +590,28 @@ interface(`files_manage_non_security_dirs',` allow $1 non_security_file_type:dir manage_dir_perms; ') +######################################### +## +## Manage non-security-sensitive resource types +## +## +## +## Domain allowed access. +## +## +# +interface(`files_manage_all_non_security_file_types',` + gen_require(` + attribute non_security_file_type; + ') + + manage_dirs_pattern($1, non_security_file_type, non_security_file_type) + manage_files_pattern($1, non_security_file_type, non_security_file_type) + manage_lnk_files_pattern($1, non_security_file_type, non_security_file_type) + manage_fifo_files_pattern($1, non_security_file_type, non_security_file_type) + manage_sock_files_pattern($1, non_security_file_type, non_security_file_type) +') + ######################################## ## ## Get the attributes of all files. -- 1.8.5.5