summaryrefslogtreecommitdiff
path: root/src/agent/weechat.cil
diff options
context:
space:
mode:
authorJohn Turner <jturner.usa@gmail.com>2025-08-21 20:04:32 -0400
committerJohn Turner <jturner.usa@gmail.com>2025-08-21 20:04:32 -0400
commitceb44f2477dcf2894cfee39dde540268ffe1282b (patch)
treeb1ce71b781afeb5ff64b2d10125c7baba44d5728 /src/agent/weechat.cil
parent67f4de27c98f8855706cabfba91b036ec8d385f4 (diff)
downloadselinux-policy-ceb44f2477dcf2894cfee39dde540268ffe1282b.tar.gz
add weechat.run types and type transition to it when creating runtime files
Diffstat (limited to 'src/agent/weechat.cil')
-rw-r--r--src/agent/weechat.cil27
1 files changed, 23 insertions, 4 deletions
diff --git a/src/agent/weechat.cil b/src/agent/weechat.cil
index 84c0b10..f01abf5 100644
--- a/src/agent/weechat.cil
+++ b/src/agent/weechat.cil
@@ -61,13 +61,20 @@
(call .home.search_file_dirs (subj))
(call .user.home.search_file_dirs (subj))
(call .user.home.create_file_dirs (subj))
- (call home.search_file_dirs (subj))
- (call home.readwrite_file_files (subj))
+ (call .agent.weechat.home.search_file_dirs (subj))
+ (call .agent.weechat.home.readwrite_file_files (subj))
;; access /run/user
(call .run.search_file_dirs (subj))
(call .runuser.search_file_dirs (subj))
- (call .runuser.create_file_dirs (subj))
+ (call .userrun.search_file_dirs (subj))
+ (call .userrun.create_file_dirs (subj))
+
+ ;; access /run/user/${UID}/weechat
+ (call .agent.weechat.run.search_file_dirs (subj))
+ (call .agent.weechat.run.create_file_dirs (subj))
+ (call .agent.weechat.run.write_file_dirs (subj))
+ (call .agent.weechat.run.readwrite_file_files (subj))
(block exec
@@ -82,4 +89,16 @@
(filecon "HOME_DIR/\.local/state/weechat(/.*)?" any file_context)
(filecon "HOME_DIR/\.cache/weechat(/.*)?" any file_context)
- (blockinherit .file.home.user.template))))
+ (blockinherit .file.home.user.template))
+
+ (block run
+ (macro file_type_transition_file ((type ARG1) (class ARG2) (name ARG3))
+ (call .userrun.file_type_transition (ARG1 file ARG2 ARG3)))
+
+ (blockinherit .file.user.run.template)
+
+ (filecon "/run/user/%{USERID}/weechat" dir file_context)
+ (filecon "/run/user/%{USERID}/weechat/.*" any file_context))))
+
+(in file.unconfined
+ (call .agent.weechat.run.file_type_transition_file (typeattr any "*")))
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-20 20:04:30 +0000