diff options
author | Hans Ulrich Niedermann <hun@n-dimensional.de> | 2009-07-11 16:46:39 +0200 |
---|---|---|
committer | Hans Ulrich Niedermann <hun@n-dimensional.de> | 2009-07-11 16:46:39 +0200 |
commit | 1eb07a46b403c592c86100efdccf7a7e548de350 (patch) | |
tree | dba030542eec0fbdb0f1a75e25605e1661af2863 | |
parent | cc07de58baccb0331a78489113ad54c509ea8cfe (diff) | |
download | gps-devices-package-1eb07a46b403c592c86100efdccf7a7e548de350.tar.gz gps-devices-package-1eb07a46b403c592c86100efdccf7a7e548de350.tar.xz gps-devices-package-1eb07a46b403c592c86100efdccf7a7e548de350.zip |
Write gps-device policy module
-rw-r--r-- | gps-device.fc | 6 | ||||
-rw-r--r-- | gps-device.if | 48 | ||||
-rw-r--r-- | gps-device.te | 18 |
3 files changed, 21 insertions, 51 deletions
diff --git a/gps-device.fc b/gps-device.fc index 9cf7c4c..e69de29 100644 --- a/gps-device.fc +++ b/gps-device.fc @@ -1,6 +0,0 @@ -# myapp executable will have: -# label: system_u:object_r:myapp_exec_t -# MLS sensitivity: s0 -# MCS categories: <none> - -/usr/sbin/myapp -- gen_context(system_u:object_r:myapp_exec_t,s0) diff --git a/gps-device.if b/gps-device.if index e2ff094..ce0d046 100644 --- a/gps-device.if +++ b/gps-device.if @@ -1,17 +1,9 @@ -## <summary>Myapp example policy</summary> +## <summary>GPS device file type</summary> ## <desc> ## <p> -## More descriptive text about myapp. The desc -## tag can also use p, ul, and ol -## html tags for formatting. -## </p> -## <p> -## This policy supports the following myapp features: -## <ul> -## <li>Feature A</li> -## <li>Feature B</li> -## <li>Feature C</li> -## </ul> +## This module just defines gps_device_t, +## by copying the definition of usb_device_t +# from the reference policy. ## </p> ## </desc> # @@ -19,7 +11,7 @@ ######################################## ## <summary> -## Getattr generic the USB devices. +## Getattr generic the GPS devices. ## </summary> ## <param name="domain"> ## <summary> @@ -27,17 +19,17 @@ ## </summary> ## </param> # -interface(`dev_getattr_generic_usb_dev',` +interface(`gps_device_getattr_gps_dev,` gen_require(` - type usb_device_t; + type gps_device_t; ') - getattr_chr_files_pattern($1, device_t, usb_device_t) + getattr_chr_files_pattern($1, device_t, gps_device_t) ') ######################################## ## <summary> -## Setattr generic the USB devices. +## Setattr generic the GPS devices. ## </summary> ## <param name="domain"> ## <summary> @@ -45,17 +37,17 @@ interface(`dev_getattr_generic_usb_dev',` ## </summary> ## </param> # -interface(`dev_setattr_generic_usb_dev',` +interface(`gps_device_setattr_gps_dev,` gen_require(` - type usb_device_t; + type gps_device_t; ') - setattr_chr_files_pattern($1, device_t, usb_device_t) + setattr_chr_files_pattern($1, device_t, gps_device_t) ') ######################################## ## <summary> -## Read generic the USB devices. +## Read generic the GPS devices. ## </summary> ## <param name="domain"> ## <summary> @@ -63,17 +55,17 @@ interface(`dev_setattr_generic_usb_dev',` ## </summary> ## </param> # -interface(`dev_read_generic_usb_dev',` +interface(`gps_device_read_gps_dev,` gen_require(` - type usb_device_t; + type gps_device_t; ') - read_chr_files_pattern($1, device_t, usb_device_t) + read_chr_files_pattern($1, device_t, gps_device_t) ') ######################################## ## <summary> -## Read and write generic the USB devices. +## Read and write generic the GPS devices. ## </summary> ## <param name="domain"> ## <summary> @@ -81,13 +73,13 @@ interface(`dev_read_generic_usb_dev',` ## </summary> ## </param> # -interface(`dev_rw_generic_usb_dev',` +interface(`gps_device_rw_gps_dev,` gen_require(` type device_t; - type usb_device_t; + type gps_device_t; ') - rw_chr_files_pattern($1, device_t, usb_device_t) + rw_chr_files_pattern($1, device_t, gps_device_t) ') diff --git a/gps-device.te b/gps-device.te index 8238355..4ec2170 100644 --- a/gps-device.te +++ b/gps-device.te @@ -1,28 +1,12 @@ - -policy_module(myapp,1.0.0) +policy_module(gps-device,0.0.1) ######################################## # # Declarations # -type myapp_t; -type myapp_exec_t; -domain_type(myapp_t) -domain_entry_file(myapp_t, myapp_exec_t) - -type myapp_log_t; -logging_log_file(myapp_log_t) - -type myapp_tmp_t; -files_tmp_file(myapp_tmp_t) ######################################## # # Myapp local policy # - -allow myapp_t myapp_log_t:file { read_file_perms append_file_perms }; - -allow myapp_t myapp_tmp_t:file manage_file_perms; -files_tmp_filetrans(myapp_t,myapp_tmp_t,file) |