diff options
author | David Sugar <dsugar@tresys.com> | 2017-12-08 12:43:47 +0000 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2017-12-12 15:06:27 +0800 |
commit | e21a1ab6acced79dae83f0c0da38fb9a97bd24bc (patch) | |
tree | b8c66cac167296d85cc825bfd605fc9b515be59b /policy/modules/services/xserver.if | |
parent | xserver, sysnetwork, systemd: Module version bump. (diff) | |
download | hardened-refpolicy-e21a1ab6acced79dae83f0c0da38fb9a97bd24bc.tar.gz hardened-refpolicy-e21a1ab6acced79dae83f0c0da38fb9a97bd24bc.tar.bz2 hardened-refpolicy-e21a1ab6acced79dae83f0c0da38fb9a97bd24bc.zip |
Create interfaces to write to inherited xserver log files.
Updated based on feedback
Signed-off-by: Dave Sugar <dsugar@tresys.com>
Diffstat (limited to 'policy/modules/services/xserver.if')
-rw-r--r-- | policy/modules/services/xserver.if | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index f08db931..893e469f 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -1058,6 +1058,26 @@ interface(`xserver_xsession_spec_domtrans',` ######################################## ## <summary> +## Write to inherited xsession log +## files such as .xsession-errors. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`xserver_write_inherited_xsession_log',` + gen_require(` + type xsession_log_t; + ') + + allow $1 xsession_log_t:file write_inherited_file_perms; +') + + +######################################## +## <summary> ## Read and write xsession log ## files such as .xsession-errors. ## </summary> @@ -1096,6 +1116,25 @@ interface(`xserver_manage_xsession_log',` ######################################## ## <summary> +## Write to inherited X server log +## files like /var/log/lightdm/lightdm.log +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`xserver_write_inherited_log',` + gen_require(` + type xserver_log_t; + ') + + allow $1 xserver_log_t:file write_inherited_file_perms; +') + +######################################## +## <summary> ## Get the attributes of X server logs. ## </summary> ## <param name="domain"> |