PERFORCE change 22952 for review

Brian Feldman green at freebsd.org
Mon Dec 30 22:20:17 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=22952

Change 22952 by green at green_laptop_2 on 2002/12/30 14:19:58

	Since FreeBSD does not use block files, utilize character files
	in some of the policies as well.

Affected files ...

.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/initrc.te#3 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/login.te#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/quota.te#2 edit

Differences ...

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/initrc.te#3 (text+ko) ====

@@ -188,7 +188,7 @@
 allow initrc_t apm_bios_t:chr_file { setattr getattr };')
 
 # Access /dev/fd0 (for kudzu). Need a separate domain for kudzu?
-allow initrc_t removable_device_t:blk_file rw_file_perms;
+allow initrc_t removable_device_t:{ blk_file chr_file } rw_file_perms;
 
 ifdef(`lpd.te',
 `# Read printconf files.

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/login.te#2 (text+ko) ====

@@ -42,8 +42,8 @@
 allow local_login_t sysadm_home_t:file r_file_perms;
 
 # Do not audit denied attempts to access devices.
-dontaudit local_login_t fixed_disk_device_t:blk_file { getattr setattr };
-dontaudit local_login_t removable_device_t:blk_file { getattr setattr };
+dontaudit local_login_t fixed_disk_device_t:{ chr_file blk_file } { getattr setattr };
+dontaudit local_login_t removable_device_t:{ chr_file blk_file } { getattr setattr };
 dontaudit local_login_t device_t:{ chr_file blk_file lnk_file } { getattr setattr };
 dontaudit local_login_t misc_device_t:{ chr_file blk_file lnk_file } { getattr setattr };
 dontaudit local_login_t framebuf_device_t:{ chr_file blk_file lnk_file } { getattr setattr read };

==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/quota.te#2 (text+ko) ====

@@ -16,7 +16,7 @@
 allow quota_t etc_runtime_t:file r_file_perms;
 
 allow quota_t device_t:dir r_dir_perms;
-allow quota_t fixed_disk_device_t:blk_file getattr;
+allow quota_t fixed_disk_device_t:{ blk_file chr_file } getattr;
 allow quota_t boot_t:dir r_dir_perms;
 
 
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list