xdg: Add map perms, also make lnk_file, dirs consistent

avd26 · Jun 24, 2018 · b9bbe78 · b9bbe78
1 parent a631323
commit b9bbe78
Showing 1 changed file with 46 additions and 1 deletion.
diff --git a/policy/modules/system/xdg.if b/policy/modules/system/xdg.if
@@ -63,7 +63,6 @@ interface(`xdg_data_content',`
 	userdom_user_home_content($1)
 ')
 
-
 ########################################
 ## <summary>
 ##	Read the xdg cache home files
@@ -80,7 +79,9 @@ interface(`xdg_read_cache_files',`
 	')
 
 	read_files_pattern($1, xdg_cache_t, xdg_cache_t)
+	allow $1 xdg_cache_t:file map;
 	list_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
+	read_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
 
 	userdom_search_user_home_dirs($1)
 ')
@@ -101,6 +102,9 @@ interface(`xdg_read_all_cache_files',`
 	')
 
 	read_files_pattern($1, xdg_cache_type, xdg_cache_type)
+	allow $1 xdg_cache_type:file map;
+	list_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
+	read_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
 
 	userdom_search_user_home_dirs($1)
 ')
@@ -209,6 +213,7 @@ interface(`xdg_manage_cache',`
 
 	manage_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
 	manage_files_pattern($1, xdg_cache_t, xdg_cache_t)
+	allow $1 xdg_cache_t:file map;
 	manage_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
 	manage_fifo_files_pattern($1, xdg_cache_t, xdg_cache_t)
 	manage_sock_files_pattern($1, xdg_cache_t, xdg_cache_t)
@@ -233,6 +238,7 @@ interface(`xdg_manage_all_cache',`
 
 	manage_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
 	manage_files_pattern($1, xdg_cache_type, xdg_cache_type)
+	allow $1 xdg_cache_type:file map;
 	manage_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
 	manage_fifo_files_pattern($1, xdg_cache_type, xdg_cache_type)
 	manage_sock_files_pattern($1, xdg_cache_type, xdg_cache_type)
@@ -324,7 +330,9 @@ interface(`xdg_read_config_files',`
 	')
 
 	read_files_pattern($1, xdg_config_t, xdg_config_t)
+	allow $1 xdg_config_t:file map;
 	list_dirs_pattern($1, xdg_config_t, xdg_config_t)
+	read_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
 
 	userdom_search_user_home_dirs($1)
 ')
@@ -345,6 +353,9 @@ interface(`xdg_read_all_config_files',`
 	')
 
 	read_files_pattern($1, xdg_config_type, xdg_config_type)
+	allow $1 xdg_config_type:file map;
+	list_dirs_pattern($1, xdg_config_type, xdg_config_type)
+	read_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
 
 	userdom_search_user_home_dirs($1)
 ')
@@ -454,6 +465,7 @@ interface(`xdg_manage_config',`
 
 	manage_dirs_pattern($1, xdg_config_t, xdg_config_t)
 	manage_files_pattern($1, xdg_config_t, xdg_config_t)
+	allow $1 xdg_config_t:file map;
 	manage_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
 	manage_fifo_files_pattern($1, xdg_config_t, xdg_config_t)
 	manage_sock_files_pattern($1, xdg_config_t, xdg_config_t)
@@ -478,6 +490,7 @@ interface(`xdg_manage_all_config',`
 
 	manage_dirs_pattern($1, xdg_config_type, xdg_config_type)
 	manage_files_pattern($1, xdg_config_type, xdg_config_type)
+	allow $1 xdg_config_type:file map;
 	manage_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
 	manage_fifo_files_pattern($1, xdg_config_type, xdg_config_type)
 	manage_sock_files_pattern($1, xdg_config_type, xdg_config_type)
@@ -549,7 +562,9 @@ interface(`xdg_read_data_files',`
 	')
 
 	read_files_pattern($1, xdg_data_t, xdg_data_t)
+	allow $1 xdg_data_t:file map;
 	list_dirs_pattern($1, xdg_data_t, xdg_data_t)
+	read_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
 
 	userdom_search_user_home_dirs($1)
 ')
@@ -570,6 +585,9 @@ interface(`xdg_read_all_data_files',`
 	')
 
 	read_files_pattern($1, xdg_data_type, xdg_data_type)
+	allow $1 xdg_data_type:file map;
+	list_dirs_pattern($1, xdg_data_type, xdg_data_type)
+	read_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
 
 	userdom_search_user_home_dirs($1)
 ')
@@ -678,6 +696,7 @@ interface(`xdg_manage_data',`
 
 	manage_dirs_pattern($1, xdg_data_t, xdg_data_t)
 	manage_files_pattern($1, xdg_data_t, xdg_data_t)
+	allow $1 xdg_data_t:file map;
 	manage_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
 	manage_fifo_files_pattern($1, xdg_data_t, xdg_data_t)
 	manage_sock_files_pattern($1, xdg_data_t, xdg_data_t)
@@ -702,6 +721,7 @@ interface(`xdg_manage_all_data',`
 
 	manage_dirs_pattern($1, xdg_data_type, xdg_data_type)
 	manage_files_pattern($1, xdg_data_type, xdg_data_type)
+	allow $1 xdg_data_type:file map;
 	manage_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
 	manage_fifo_files_pattern($1, xdg_data_type, xdg_data_type)
 	manage_sock_files_pattern($1, xdg_data_type, xdg_data_type)
@@ -803,6 +823,8 @@ interface(`xdg_manage_documents',`
 
 	manage_dirs_pattern($1, xdg_documents_t, xdg_documents_t)
 	manage_files_pattern($1, xdg_documents_t, xdg_documents_t)
+	allow $1 xdg_documents_t:file map;
+	manage_lnk_files_pattern($1, xdg_documents_t, xdg_documents_t)
 ')
 
 ########################################
@@ -843,6 +865,9 @@ interface(`xdg_read_downloads',`
 	')
 
 	read_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	allow $1 xdg_downloads_t:file map;
+	list_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	read_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
 
 	userdom_search_user_home_dirs($1)
 ')
@@ -863,6 +888,9 @@ interface(`xdg_create_downloads',`
 	')
 
 	create_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	allow $1 xdg_downloads_t:file map;
+	create_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	create_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
 
 	userdom_search_user_home_dirs($1)
 ')
@@ -883,6 +911,9 @@ interface(`xdg_write_downloads',`
 	')
 
 	write_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	allow $1 xdg_downloads_t:file map;
+	list_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	read_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
 
 	userdom_search_user_home_dirs($1)
 ')
@@ -933,6 +964,8 @@ interface(`xdg_manage_downloads',`
 
 	manage_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
 	manage_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	allow $1 xdg_downloads_t:file map;
+	manage_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
 ')
 
 ########################################
@@ -973,7 +1006,9 @@ interface(`xdg_read_pictures',`
 	')
 
 	read_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
+	allow $1 xdg_pictures_t:file map;
 	list_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
+	read_lnk_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
 
 	userdom_search_user_home_dirs($1)
 ')
@@ -1024,6 +1059,8 @@ interface(`xdg_manage_pictures',`
 
 	manage_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
 	manage_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
+	allow $1 xdg_pictures_t:file map;
+	manage_lnk_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
 ')
 
 ########################################
@@ -1064,7 +1101,9 @@ interface(`xdg_read_music',`
 	')
 
 	read_files_pattern($1, xdg_music_t, xdg_music_t)
+	allow $1 xdg_music_t:file map;
 	list_dirs_pattern($1, xdg_music_t, xdg_music_t)
+	read_lnk_files_pattern($1, xdg_music_t, xdg_music_t)
 
 	userdom_search_user_home_dirs($1)
 ')
@@ -1115,6 +1154,8 @@ interface(`xdg_manage_music',`
 
 	manage_dirs_pattern($1, xdg_music_t, xdg_music_t)
 	manage_files_pattern($1, xdg_music_t, xdg_music_t)
+	allow $1 xdg_music_t:file map;
+	manage_lnk_files_pattern($1, xdg_music_t, xdg_music_t)
 ')
 
 ########################################
@@ -1155,7 +1196,9 @@ interface(`xdg_read_videos',`
 	')
 
 	read_files_pattern($1, xdg_videos_t, xdg_videos_t)
+	allow $1 xdg_videos_t:file map;
 	list_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
+	read_lnk_files_pattern($1, xdg_videos_t, xdg_videos_t)
 
 	userdom_search_user_home_dirs($1)
 ')
@@ -1206,6 +1249,8 @@ interface(`xdg_manage_videos',`
 
 	manage_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
 	manage_files_pattern($1, xdg_videos_t, xdg_videos_t)
+	allow $1 xdg_videos_t:file map;
+	manage_lnk_files_pattern($1, xdg_videos_t, xdg_videos_t)
 ')
 
 ########################################