diff options
| author |   Nicolas Iooss <nicolas.iooss@m4x.org> | 2014-10-18 15:30:22 +0200 |
|---|---|---|
| committer |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-10-31 16:26:27 +0100 |
| commit | 25635ce6697a48861fa0f3021f79261f760b4d99 (patch) | |
| tree | 47e7366906712ef2e29dc28d06b092fba23a0b06 | |
| parent | Allow iw to create generic netlink sockets (diff) | |
| download | hardened-refpolicy-25635ce6697a48861fa0f3021f79261f760b4d99.tar.gz hardened-refpolicy-25635ce6697a48861fa0f3021f79261f760b4d99.tar.bz2 hardened-refpolicy-25635ce6697a48861fa0f3021f79261f760b4d99.zip | |
Use create_netlink_socket_perms when allowing netlink socket creation
create_netlink_socket_perms is defined as:
{ create_socket_perms nlmsg_read nlmsg_write }
This means that it is redundant to allow create_socket_perms and
nlmsg_read/nlmsg_write.
Clean up things without allowing anything new.
| -rw-r--r-- | policy/modules/system/ipsec.te | 2 | ||||
| -rw-r--r-- | policy/modules/system/sysnetwork.te | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te index db6d1c660..15d7cafa9 100644 --- a/policy/modules/system/ipsec.te +++ b/policy/modules/system/ipsec.te @@ -79,7 +79,7 @@ allow ipsec_t self:tcp_socket create_stream_socket_perms; allow ipsec_t self:udp_socket create_socket_perms; allow ipsec_t self:key_socket create_socket_perms; allow ipsec_t self:fifo_file read_fifo_file_perms; -allow ipsec_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_write }; +allow ipsec_t self:netlink_xfrm_socket create_netlink_socket_perms; allow ipsec_t ipsec_initrc_exec_t:file read_file_perms; diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te index b95de3732..f7dbde0d1 100644 --- a/policy/modules/system/sysnetwork.te +++ b/policy/modules/system/sysnetwork.te @@ -57,7 +57,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms; allow dhcpc_t self:tcp_socket create_stream_socket_perms; allow dhcpc_t self:udp_socket create_socket_perms; allow dhcpc_t self:packet_socket create_socket_perms; -allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write }; +allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms; allow dhcpc_t dhcp_etc_t:dir list_dir_perms; read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t) @@ -278,7 +278,7 @@ allow ifconfig_t self:udp_socket create_socket_perms; allow ifconfig_t self:packet_socket create_socket_perms; allow ifconfig_t self:netlink_socket create_socket_perms; allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms; -allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read }; +allow ifconfig_t self:netlink_xfrm_socket create_netlink_socket_perms; allow ifconfig_t self:tcp_socket { create ioctl }; kernel_use_fds(ifconfig_t) |