diff options
author | Chris PeBenito <pebenito@ieee.org> | 2019-01-23 18:30:15 -0500 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2019-02-10 12:11:25 +0800 |
commit | 7dac24a7dc33759e5b31a18ba4d00913b3781e66 (patch) | |
tree | 055ef0f4154d53f64d8236fd39beac1f524adcf9 | |
parent | dpkg: Rename dpkg_nnp_transition() to dpkg_nnp_domtrans(). (diff) | |
download | hardened-refpolicy-7dac24a7dc33759e5b31a18ba4d00913b3781e66.tar.gz hardened-refpolicy-7dac24a7dc33759e5b31a18ba4d00913b3781e66.tar.bz2 hardened-refpolicy-7dac24a7dc33759e5b31a18ba4d00913b3781e66.zip |
dpkg: Move interface implementations.
Signed-off-by: Jason Zaman <jason@perfinion.com>
-rw-r--r-- | policy/modules/admin/dpkg.if | 87 |
1 files changed, 44 insertions, 43 deletions
diff --git a/policy/modules/admin/dpkg.if b/policy/modules/admin/dpkg.if index f5f8483b..6a902e29 100644 --- a/policy/modules/admin/dpkg.if +++ b/policy/modules/admin/dpkg.if @@ -21,6 +21,50 @@ interface(`dpkg_domtrans',` ######################################## ## <summary> +## Transition to dpkg_t when NNP has been set +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`dpkg_nnp_domtrans',` + gen_require(` + type dpkg_t; + ') + + dpkg_domtrans($1) + allow $1 dpkg_t:process2 nnp_transition; +') + +######################################## +## <summary> +## Execute dpkg programs in the dpkg domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`dpkg_run',` + gen_require(` + attribute_role dpkg_roles; + ') + + dpkg_domtrans($1) + roleattribute $2 dpkg_roles; +') + +######################################## +## <summary> ## Execute the dkpg in the caller domain. ## </summary> ## <param name="domain"> @@ -81,31 +125,6 @@ interface(`dpkg_script_rw_pipes',` ######################################## ## <summary> -## Execute dpkg programs in the dpkg domain. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`dpkg_run',` - gen_require(` - attribute_role dpkg_roles; - ') - - dpkg_domtrans($1) - roleattribute $2 dpkg_roles; -') - -######################################## -## <summary> ## Inherit and use file descriptors from dpkg. ## </summary> ## <param name="domain"> @@ -337,21 +356,3 @@ interface(`dpkg_read_script_tmp_symlinks',` allow $1 dpkg_script_tmp_t:lnk_file read_lnk_file_perms; ') - -######################################## -## <summary> -## Transition to dpkg_t when NNP has been set -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`dpkg_nnp_domtrans',` - gen_require(` - type dpkg_t; - ') - - allow $1 dpkg_t:process2 nnp_transition; -') |