diff options
author | Guido Trentalancia via refpolicy <refpolicy@oss.tresys.com> | 2017-04-19 17:35:42 +0200 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2017-04-30 17:00:00 +0800 |
commit | e8ee9e56711dd429cc435957eb7e89bf20da748d (patch) | |
tree | ed0673aae53e269e0034f492277bf49815e785a7 /policy/modules/services/xserver.if | |
parent | Module version bump for patch from Guido Trentalancia (diff) | |
download | hardened-refpolicy-e8ee9e56711dd429cc435957eb7e89bf20da748d.tar.gz hardened-refpolicy-e8ee9e56711dd429cc435957eb7e89bf20da748d.tar.bz2 hardened-refpolicy-e8ee9e56711dd429cc435957eb7e89bf20da748d.zip |
xserver: fix iceauth_home_t file context creation
This patch fixes the xserver module so that the hidden .ICEauthority
file is created with the proper context (file transition).
It also optimizes a similar interface used for xauth home files.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
Diffstat (limited to 'policy/modules/services/xserver.if')
-rw-r--r-- | policy/modules/services/xserver.if | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index eae74b67..35879363 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -167,6 +167,8 @@ interface(`xserver_role',` relabel_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t) relabel_files_pattern($2, user_fonts_config_t, user_fonts_config_t) + xserver_user_home_dir_filetrans_user_iceauth($2, ".ICEauthority") + xserver_read_xkb_libs($2) ') @@ -561,13 +563,42 @@ interface(`xserver_domtrans_xauth',` ## Domain allowed access. ## </summary> ## </param> +## <param name="name" optional="true"> +## <summary> +## The name of the object being created. +## </summary> +## </param> # interface(`xserver_user_home_dir_filetrans_user_xauth',` gen_require(` type xauth_home_t; ') - userdom_user_home_dir_filetrans($1, xauth_home_t, file) + userdom_user_home_dir_filetrans($1, xauth_home_t, file, $2) +') + +####################################### +## <summary> +## Create a ICEauthority file in +## the user home directory. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <param name="name" optional="true"> +## <summary> +## The name of the object being created. +## </summary> +## </param> +# +interface(`xserver_user_home_dir_filetrans_user_iceauth',` + gen_require(` + type iceauth_home_t; + ') + + userdom_user_home_dir_filetrans($1, iceauth_home_t, file, $2) ') ######################################## |