[PATCH 1/1] Interface to allow reading of virus signature files.

[PATCH 1/1] Interface to allow reading of virus signature files.

[David Sugar]

Signed-off-by: Dave Sugar <dsugar@tresys.com>
---
 policy/modules/services/clamav.if | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if
index 7ad8e800..80ac5c1e 100644
--- a/policy/modules/services/clamav.if
+++ b/policy/modules/services/clamav.if
@@ -177,6 +177,34 @@ interface(`clamav_read_state_clamd',`
 	read_lnk_files_pattern($1, clamd_t, clamd_t)
 ')
 
+#######################################
+## <summary>
+##	Read clam virus signature files
+## </summary>
+## <desc>
+##	<p>
+##	Useful for when using things like 'sigtool'
+##	which provides useful information about
+##	ClamAV signature files.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`clamav_read_signatures',`
+	gen_require(`
+		type clamd_var_lib_t;
+	')
+
+	clamav_search_lib($1)
+	allow $1 clamd_var_lib_t:dir list_dir_perms;
+	read_files_pattern($1, clamd_var_lib_t, clamd_var_lib_t)
+	read_lnk_files_pattern($1, clamd_var_lib_t, clamd_var_lib_t)
+')
+
 ########################################
 ## <summary>
 ##	All of the rules required to
-- 
2.14.4

Re: [PATCH 1/1] Interface to allow reading of virus signature files.

[Chris PeBenito]

On 10/27/2018 12:14 PM, David Sugar wrote:
> Signed-off-by: Dave Sugar <dsugar@tresys.com>
> ---
>   policy/modules/services/clamav.if | 28 ++++++++++++++++++++++++++++
>   1 file changed, 28 insertions(+)
> 
> diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if
> index 7ad8e800..80ac5c1e 100644
> --- a/policy/modules/services/clamav.if
> +++ b/policy/modules/services/clamav.if
> @@ -177,6 +177,34 @@ interface(`clamav_read_state_clamd',`
>   	read_lnk_files_pattern($1, clamd_t, clamd_t)
>   ')
>   
> +#######################################
> +## <summary>
> +##	Read clam virus signature files
> +## </summary>
> +## <desc>
> +##	<p>
> +##	Useful for when using things like 'sigtool'
> +##	which provides useful information about
> +##	ClamAV signature files.
> +##	</p>
> +## </desc>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`clamav_read_signatures',`
> +	gen_require(`
> +		type clamd_var_lib_t;
> +	')
> +
> +	clamav_search_lib($1)
> +	allow $1 clamd_var_lib_t:dir list_dir_perms;
> +	read_files_pattern($1, clamd_var_lib_t, clamd_var_lib_t)
> +	read_lnk_files_pattern($1, clamd_var_lib_t, clamd_var_lib_t)
> +')
> +
>   ########################################
>   ## <summary>
>   ##	All of the rules required to

Merged.

-- 
Chris PeBenito