From: pebenito@ieee.org (Chris PeBenito) Date: Sat, 31 Dec 2016 10:52:04 -0500 Subject: [refpolicy] [PATCH v2] plymouth: use the correct running domain for the client In-Reply-To: <1483132999.3820.0.camel@trentalancia.net> References: <1483132084.2893.3.camel@trentalancia.net> <1483132999.3820.0.camel@trentalancia.net> Message-ID: <45a4945b-2d61-a2ba-71a3-6fa13d07cc31@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/30/16 16:23, Guido Trentalancia via refpolicy wrote: > The plymouth client needs a domain for short running processes > which are started by init scripts instead of an application > domain. > > Also add the ability to inherit init file descriptors (for the > console) and use it. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/plymouthd.te | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff -pru a/policy/modules/contrib/plymouthd.te b/policy/modules/contrib/plymouthd.te > --- a/policy/modules/contrib/plymouthd.te 2016-12-22 23:12:59.391081860 +0100 > +++ b/policy/modules/contrib/plymouthd.te 2016-12-30 22:17:18.458090959 +0100 > @@ -7,8 +7,7 @@ policy_module(plymouthd, 1.3.1) > > type plymouth_t; > type plymouth_exec_t; > -application_domain(plymouth_t, plymouth_exec_t) > -role system_r types plymouth_t; > +init_system_domain(plymouth_t, plymouth_exec_t) > > type plymouthd_t; > type plymouthd_exec_t; > @@ -115,12 +114,15 @@ domain_use_interactive_fds(plymouth_t) > > files_read_etc_files(plymouth_t) > > -term_use_ptmx(plymouth_t) Actually, this is the correct location of the term lines. They shouldn't be moved down. > +init_use_fds(plymouth_t) > > miscfiles_read_localization(plymouth_t) > > sysnet_read_config(plymouth_t) > > +term_use_console(plymouth_t) > +term_use_ptmx(plymouth_t) > + > ifdef(`hide_broken_symptoms',` > optional_policy(` > hal_dontaudit_write_log(plymouth_t) -- Chris PeBenito