Home Explore Help
Sign In
Hoshpak
/
gentoo-selinux-policies
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

git: add policy module

Helmut Pozimski 4 years ago
parent
9e6d19a436
commit
491aa01fb0
3 changed files with 57 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      git.fc
  2. 39 0
      git.if
  3. 14 0
      git.te

+ 4 - 0
git.fc
View File 

@@ -0,0 +1,4 @@
 
+/usr/bin/git	--	gen_context(system_u:object_r:git_exec_t,s0)
 
+/usr/bin/git-upload-pack	--	gen_context(system_u:object_r:git_exec_t,s0)
 
+/usr/lib/git-core(/.*)?	--	gen_context(system_u:object_r:git_exec_t,s0)
 
+/usr/share/git-core(/.*)?		gen_context(system_u:object_r:git_usr_t,s0)

+ 39 - 0
git.if
View File 

@@ -0,0 +1,39 @@
 
+########################################
 
+## <summary>
 
+##      Execute the git binary in the caller domain.
 
+## </summary>
 
+## <param name="domain">
 
+##      <summary>
 
+##      Domain allowed access.
 
+##      </summary>
 
+## </param>
 
+#
 
+interface(`git_exec',`
 
+        gen_require(`
 
+                type git_exec_t;
 
+        ')
 
+
 
+        corecmd_search_bin($1)
 
+        can_exec($1, git_exec_t)
 
+')
 
+
 
+########################################
 
+## <summary>
 
+##      Read files and directories of type git_usr_t.
 
+## </summary>
 
+## <param name="domain">
 
+##      <summary>
 
+##      Domain allowed access.
 
+##      </summary>
 
+## </param>
 
+#
 
+interface(`git_read_usr_t',`
 
+        gen_require(`
 
+                type git_usr_t;
 
+        ')
 
+
 
+	search_dirs_pattern($1, git_usr_t, git_usr_t)
 
+	list_dirs_pattern($1, git_usr_t, git_usr_t)
 
+	read_files_pattern($1, git_usr_t, git_usr_t)
 
+	getattr_files_pattern($1, git_usr_t, git_usr_t)
 
+')

+ 14 - 0
git.te
View File 

@@ -0,0 +1,14 @@
 
+policy_module(git, 0.1.9)
 
+
 
+########################################
 
+#
 
+# Declarations
 
+#
 
+
 
+attribute_role git_roles;
 
+
 
+type git_exec_t;
 
+files_type(git_exec_t)
 
+
 
+type git_usr_t;
 
+files_type(git_usr_t)