From ceb44f2477dcf2894cfee39dde540268ffe1282b Mon Sep 17 00:00:00 2001 From: John Turner Date: Thu, 21 Aug 2025 20:04:32 -0400 Subject: add weechat.run types and type transition to it when creating runtime files --- src/agent/weechat.cil | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/agent/weechat.cil b/src/agent/weechat.cil index 84c0b10..f01abf5 100644 --- a/src/agent/weechat.cil +++ b/src/agent/weechat.cil @@ -61,13 +61,20 @@ (call .home.search_file_dirs (subj)) (call .user.home.search_file_dirs (subj)) (call .user.home.create_file_dirs (subj)) - (call home.search_file_dirs (subj)) - (call home.readwrite_file_files (subj)) + (call .agent.weechat.home.search_file_dirs (subj)) + (call .agent.weechat.home.readwrite_file_files (subj)) ;; access /run/user (call .run.search_file_dirs (subj)) (call .runuser.search_file_dirs (subj)) - (call .runuser.create_file_dirs (subj)) + (call .userrun.search_file_dirs (subj)) + (call .userrun.create_file_dirs (subj)) + + ;; access /run/user/${UID}/weechat + (call .agent.weechat.run.search_file_dirs (subj)) + (call .agent.weechat.run.create_file_dirs (subj)) + (call .agent.weechat.run.write_file_dirs (subj)) + (call .agent.weechat.run.readwrite_file_files (subj)) (block exec @@ -82,4 +89,16 @@ (filecon "HOME_DIR/\.local/state/weechat(/.*)?" any file_context) (filecon "HOME_DIR/\.cache/weechat(/.*)?" any file_context) - (blockinherit .file.home.user.template)))) + (blockinherit .file.home.user.template)) + + (block run + (macro file_type_transition_file ((type ARG1) (class ARG2) (name ARG3)) + (call .userrun.file_type_transition (ARG1 file ARG2 ARG3))) + + (blockinherit .file.user.run.template) + + (filecon "/run/user/%{USERID}/weechat" dir file_context) + (filecon "/run/user/%{USERID}/weechat/.*" any file_context)))) + +(in file.unconfined + (call .agent.weechat.run.file_type_transition_file (typeattr any "*"))) -- cgit v1.2.3