* [PATCH] Add interface udev_run
@ 2019-03-05 22:31 Sugar, David
2019-03-06 8:11 ` Dominick Grift
0 siblings, 1 reply; 2+ messages in thread
From: Sugar, David @ 2019-03-05 22:31 UTC (permalink / raw)
To: selinux-refpolicy
Signed-off-by: Dave Sugar <dsugar@tresys.com>
---
policy/modules/system/udev.if | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
index fee55852..335adb6a 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -36,6 +36,32 @@ interface(`udev_domtrans',`
domtrans_pattern($1, udev_exec_t, udev_t)
')
+########################################
+## <summary>
+## Execute udev in the udev domain, and
+## allow the specified role the udev domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## Role allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`udev_run',`
+ gen_require(`
+ type udev_t;
+ ')
+
+ udev_domtrans($1)
+ role $2 types udev_t;
+')
+
########################################
## <summary>
## Allow udev to execute the specified program in
--
2.20.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] Add interface udev_run
2019-03-05 22:31 [PATCH] Add interface udev_run Sugar, David
@ 2019-03-06 8:11 ` Dominick Grift
0 siblings, 0 replies; 2+ messages in thread
From: Dominick Grift @ 2019-03-06 8:11 UTC (permalink / raw)
To: Sugar, David; +Cc: selinux-refpolicy
"Sugar, David" <dsugar@tresys.com> writes:
Role attributes might be more efficient/scalable
> Signed-off-by: Dave Sugar <dsugar@tresys.com>
> ---
> policy/modules/system/udev.if | 26 ++++++++++++++++++++++++++
> 1 file changed, 26 insertions(+)
>
> diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
> index fee55852..335adb6a 100644
> --- a/policy/modules/system/udev.if
> +++ b/policy/modules/system/udev.if
> @@ -36,6 +36,32 @@ interface(`udev_domtrans',`
> domtrans_pattern($1, udev_exec_t, udev_t)
> ')
>
> +########################################
> +## <summary>
> +## Execute udev in the udev domain, and
> +## allow the specified role the udev domain.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed to transition.
> +## </summary>
> +## </param>
> +## <param name="role">
> +## <summary>
> +## Role allowed access.
> +## </summary>
> +## </param>
> +## <rolecap/>
> +#
> +interface(`udev_run',`
> + gen_require(`
> + type udev_t;
> + ')
> +
> + udev_domtrans($1)
> + role $2 types udev_t;
> +')
> +
> ########################################
> ## <summary>
> ## Allow udev to execute the specified program in
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-03-06 8:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-05 22:31 [PATCH] Add interface udev_run Sugar, David
2019-03-06 8:11 ` Dominick Grift
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).