6 gadi atpakaļ · b82ac6a871
--- a/policy/modules/git.fc
+++ b/policy/modules/git.fc
@@ -1,3 +1,4 @@
 
				 /usr/bin/git	--	gen_context(system_u:object_r:git_exec_t,s0)
			
 
				 /usr/bin/git-upload-pack	--	gen_context(system_u:object_r:git_exec_t,s0)
			
 
				 /usr/lib/git-core(/.*)?	--	gen_context(system_u:object_r:git_exec_t,s0)
			
 
				+/usr/share/git-core(/.*)?		gen_context(system_u:object_r:git_usr_t,s0)
			
--- a/policy/modules/git.if
+++ b/policy/modules/git.if
@@ -16,3 +16,24 @@ interface(`git_exec',`
 
				         corecmd_search_bin($1)
			
 
				         can_exec($1, git_exec_t)
			
 
				 ')
			
 
				+
			
 
				+########################################
			
 
				+## <summary>
			
 
				+##      Read files and directories of type git_usr_t.
			
 
				+## </summary>
			
 
				+## <param name="domain">
			
 
				+##      <summary>
			
 
				+##      Domain allowed access.
			
 
				+##      </summary>
			
 
				+## </param>
			
 
				+#
			
 
				+interface(`git_read_usr_t',`
			
 
				+        gen_require(`
			
 
				+                type git_usr_t;
			
 
				+        ')
			
 
				+
			
 
				+	search_dirs_pattern($1, git_usr_t, git_usr_t)
			
 
				+	list_dirs_pattern($1, git_usr_t, git_usr_t)
			
 
				+	read_files_pattern($1, git_usr_t, git_usr_t)
			
 
				+	getattr_files_pattern($1, git_usr_t, git_usr_t)
			
 
				+')
			
--- a/policy/modules/git.te
+++ b/policy/modules/git.te
@@ -1,4 +1,4 @@
 
				-policy_module(git, 0.1.7)
			
 
				+policy_module(git, 0.1.9)
			
 
				 
			
 
				 ########################################
			
 
				 #
			
@@ -9,3 +9,6 @@ attribute_role git_roles;
 
				 
			
 
				 type git_exec_t;
			
 
				 files_type(git_exec_t)
			
 
				+
			
 
				+type git_usr_t;
			
 
				+files_type(git_usr_t)
			
--- a/policy/modules/gogs.te
+++ b/policy/modules/gogs.te
@@ -1,4 +1,4 @@
 
				-policy_module(gogs, 0.2.2)
			
 
				+policy_module(gogs, 0.2.3)
			
 
				 
			
 
				 ########################################
			
 
				 #
			
@@ -63,10 +63,12 @@ miscfiles_read_localization(gogs_t)
 
				 corenet_tcp_bind_generic_node(gogs_t)
			
 
				 corenet_tcp_bind_ntop_port(gogs_t)
			
 
				 corenet_tcp_connect_smtp_port(gogs_t)
			
 
				+corenet_tcp_connect_ntop_port(gogs_t)
			
 
				 kernel_read_net_sysctls(gogs_t)
			
 
				 kernel_read_system_state(gogs_t)
			
 
				 
			
 
				 git_exec(gogs_t)
			
 
				+git_read_usr_t(gogs_t)
			
 
				 corecmd_exec_bin(gogs_t)
			
 
				 files_read_etc_files(gogs_t)
			
 
				 mysql_tcp_connect(gogs_t)