Date: Mon, 22 Jan 2007 20:03:11 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 113404 for review Message-ID: <200701222003.l0MK3BY2088882@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=113404 Change 113404 by millert@millert_macbook on 2007/01/22 20:02:38 Label and permit access to /Library/Caches. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.te#14 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/darwin.fc#7 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.te#11 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.te#14 (text+ko) ==== @@ -117,6 +117,7 @@ # Allow reading of security_t files darwin_allow_security_read(securityd_t) -# Access cache files -allow securityd_t darwin_cache_t:dir search; +# Read/write caches +darwin_allow_cache_rw(securityd_t) +allow securityd_t darwin_cache_t:dir { search getattr }; allow securityd_t darwin_cache_t:file { read lock }; ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/darwin.fc#7 (text+ko) ==== @@ -14,8 +14,8 @@ /System/Library/Caches.* gen_context(system_u:object_r:darwin_cache_t,s0) /System/Library/Services.* gen_context(system_u:object_r:darwin_services_t,s0) /System/Library/Security.* gen_context(system_u:object_r:darwin_security_t,s0) -/System/Library/CoreServices.* gen_context(system_u:object_r:darwin_CoreServices_t,s0) -/System/Library/ColorSync.* gen_context(system_u:object_r:darwin_resource_t,s0) +/System/Library/CoreServices.* gen_context(system_u:object_r:darwin_CoreServices_t,s0) +/System/Library/ColorSync.* gen_context(system_u:object_r:darwin_resource_t,s0) # # Applications @@ -25,11 +25,12 @@ # # /Library # +/Library/Caches.* gen_context(system_u:object_r:darwin_cache_t,s0) /Library/ColorSync.* gen_context(system_u:object_r:darwin_resource_t,s0) /Library/Preferences/.GlobalPreferences.plist -- gen_context(system_u:object_r:darwin_global_pref_t,s0) /Library/Preferences.* gen_context(system_u:object_r:darwin_global_pref_t,s0) /Library/Preferences/SystemConfiguration.* gen_context(system_u:object_r:darwin_global_pref_t,s0) -/Library/Keychains.* gen_context(system_u:object_r:darwin_keychain_t,s0) +/Library/Keychains.* gen_context(system_u:object_r:darwin_keychain_t,s0) # Kernel /mach_kernel -- gen_context(system_u:object_r:boot_t,s0) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.te#11 (text+ko) ==== @@ -684,5 +684,6 @@ allow init_t dynamic_pager_swapfile_t:file { getattr unlink }; # Allow access to Cache files -allow init_t darwin_cache_t:dir search; -allow init_t darwin_cache_t:file { read write lock }; +darwin_allow_cache_rw(init_t) +allow init_t darwin_cache_t:dir { getattr search add_name remove_name }; +allow init_t darwin_cache_t:file { create setattr unlink };
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701222003.l0MK3BY2088882>