Adding patches for base policy

sjvermeu · Dec 22, 2011 · b1899e7 · b1899e7
1 parent 5bfe751
commit b1899e7
Show file tree

Hide file tree

Showing 13 changed files with 815 additions and 12 deletions.
diff --git a/selinux-modules/patches/0040-gorg-introduce_gorg_domain-r8.patch b/selinux-modules/patches/0040-gorg-introduce_gorg_domain-r8.patch
@@ -1,14 +1,11 @@
 --- refpolicy/policy/modules/services/gorg.te	1970-01-01 01:00:00.000000000 +0100
-+++ refpolicy/policy/modules/services/gorg.te	2011-12-06 10:22:57.352020520 +0100
++++ refpolicy/policy/modules/services/gorg.te	2011-12-06 11:27:02.279028727 +0100
-@@ -0,0 +1,65 @@
+@@ -0,0 +1,62 @@
 +policy_module(gorg, 1.0.0)
 +
 +type gorg_t;
 +type gorg_exec_t;
-+typealias gorg_t alias { staff_gorg_t user_gorg_t };
 +application_domain(gorg_t, gorg_exec_t)
-+role staff_r types gorg_t;
-+role user_r types gorg_t;
 +
 +type gorg_cache_t;
 +files_type(gorg_cache_t);

diff --git a/selinux-modules/patches/0060-mutt-update_xdg_calls-r8.patch b/selinux-modules/patches/0060-mutt-update_xdg_calls-r8.patch
@@ -0,0 +1,48 @@
+--- refpolicy/policy/modules/apps/mutt.te	2011-12-09 20:15:50.042001485 +0100
++++ refpolicy/policy/modules/apps/mutt.te	2011-12-09 19:05:52.690642348 +0100
+@@ -37,7 +37,6 @@
+
+ allow mutt_t self:process signal_perms;
+ allow mutt_t self:fifo_file rw_fifo_file_perms;
+-# TODO dgrift has self:unix_stream_socket create_socket_perms; here too?
+
+ manage_dirs_pattern(mutt_t, mutt_home_t, mutt_home_t)
+ manage_files_pattern(mutt_t, mutt_home_t, mutt_home_t)
+@@ -45,8 +44,6 @@
+
+ manage_dirs_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t)
+ manage_files_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t)
+-# TODO check if this is needed - where are these fifos created as mutt_tmp_t ? There is no filetrans defined for it.
+-#manage_fifo_files_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t)
+ files_tmp_filetrans(mutt_t, mutt_tmp_t, { file dir })
+
+ read_files_pattern(mutt_t, mutt_etc_t, mutt_etc_t)
+@@ -54,7 +51,6 @@
+ read_files_pattern(mutt_t, mutt_conf_t, mutt_conf_t)
+
+
+-# TODO dgrift has kernel_read_crypto_sysctls(mutt_t)
+ kernel_read_system_state(mutt_t)
+
+ corecmd_exec_bin(mutt_t)
+@@ -84,8 +80,6 @@
+
+ miscfiles_read_localization(mutt_t)
+
+-userdom_manage_xdg_cache_home(mutt_t)
+-userdom_read_xdg_config_home(mutt_t)
+ userdom_search_user_home_content(mutt_t)
+ userdom_use_user_terminals(mutt_t)
+
+@@ -93,6 +87,11 @@
+ 	gpg_domtrans(mutt_t)
+ ')
+
++optional_policy(`
++	xdg_manage_generic_cache_home_content(mutt_t)
++	xdg_read_generic_config_home_files(mutt_t)
++')
++
+ tunable_policy(`mutt_manage_user_content',`
+ 	# Needed for handling attachments
+ 	userdom_manage_user_home_content_files(mutt_t)