PERFORCE change 113398 for review

Todd Miller millert at FreeBSD.org
Mon Jan 22 20:11:29 UTC 2007


http://perforce.freebsd.org/chv.cgi?CH=113398

Change 113398 by millert at millert_macbook on 2007/01/22 19:58:59

	Clean up memberd.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/memberd.te#7 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/memberd.te#7 (text+ko) ====

@@ -28,6 +28,8 @@
 ## internal communication is often done using fifo and unix sockets.
 allow memberd_t self:fifo_file { read write };
 allow memberd_t self:unix_stream_socket create_stream_socket_perms;
+allow memberd_t self:socket { connect write };
+allow memberd_t self:unix_dgram_socket create;
 
 # pid file
 allow memberd_t memberd_var_run_t:file manage_file_perms;
@@ -55,11 +57,21 @@
 # Talk to WindowServer
 WindowServer_allow_ipc(memberd_t)
 
-# Allow shared memory usage w/ notifyd
+# Talk to notifyd
+notifyd_allow_ipc(memberd_t)
 notifyd_allow_shm(memberd_t)
 
 # Use Frameworks
 frameworks_read(memberd_t)
 
+# Read CoreServices
+darwin_allow_CoreServices_read(memberd_t)
+
 # read /System
 darwin_allow_system_read(memberd_t)
+
+# Read /private
+darwin_allow_private_read(memberd_t)
+
+# Read /var symlinks
+files_read_var_files(memberd_t)


More information about the trustedbsd-cvs mailing list