]>
Commit | Line | Data |
---|---|---|
29af4c13 | 1 | policy_module(gpsd, 1.1.0) |
cca4a215 CP |
2 | |
3 | ######################################## | |
4 | # | |
5 | # Declarations | |
6 | # | |
7 | ||
8 | type gpsd_t; | |
9 | type gpsd_exec_t; | |
10 | application_domain(gpsd_t, gpsd_exec_t) | |
11 | init_daemon_domain(gpsd_t, gpsd_exec_t) | |
12 | ||
f37b7bd0 CP |
13 | type gpsd_initrc_exec_t; |
14 | init_script_file(gpsd_initrc_exec_t) | |
15 | ||
cca4a215 CP |
16 | type gpsd_tmpfs_t; |
17 | files_tmpfs_file(gpsd_tmpfs_t) | |
18 | ||
f37b7bd0 CP |
19 | type gpsd_var_run_t; |
20 | files_pid_file(gpsd_var_run_t) | |
21 | ||
cca4a215 CP |
22 | ######################################## |
23 | # | |
24 | # gpsd local policy | |
25 | # | |
26 | ||
4efd70c9 | 27 | allow gpsd_t self:capability { fowner fsetid setuid setgid sys_nice sys_time sys_tty_config }; |
995bdbb1 | 28 | dontaudit gpsd_t self:capability { dac_read_search dac_override }; |
4efd70c9 | 29 | allow gpsd_t self:process { setsched signal_perms }; |
cca4a215 CP |
30 | allow gpsd_t self:shm create_shm_perms; |
31 | allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto }; | |
32 | allow gpsd_t self:tcp_socket create_stream_socket_perms; | |
33 | ||
34 | manage_dirs_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t) | |
35 | manage_files_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t) | |
36 | fs_tmpfs_filetrans(gpsd_t, gpsd_tmpfs_t, { dir file }) | |
37 | ||
f37b7bd0 CP |
38 | manage_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t) |
39 | manage_sock_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t) | |
40 | files_pid_filetrans(gpsd_t, gpsd_var_run_t, { file sock_file }) | |
41 | ||
20e45a99 DW |
42 | kernel_list_proc(gpsd_t) |
43 | ||
cca4a215 CP |
44 | corenet_all_recvfrom_unlabeled(gpsd_t) |
45 | corenet_all_recvfrom_netlabel(gpsd_t) | |
46 | corenet_tcp_sendrecv_generic_if(gpsd_t) | |
47 | corenet_tcp_sendrecv_generic_node(gpsd_t) | |
48 | corenet_tcp_sendrecv_all_ports(gpsd_t) | |
a90706ef | 49 | corenet_tcp_bind_generic_node(gpsd_t) |
cca4a215 CP |
50 | corenet_tcp_bind_gpsd_port(gpsd_t) |
51 | ||
e31a39d0 | 52 | dev_read_sysfs(gpsd_t) |
20e45a99 | 53 | dev_rw_realtime_clock(gpsd_t) |
e31a39d0 | 54 | |
4efd70c9 DW |
55 | domain_dontaudit_read_all_domains_state(gpsd_t) |
56 | ||
cca4a215 CP |
57 | term_use_unallocated_ttys(gpsd_t) |
58 | term_setattr_unallocated_ttys(gpsd_t) | |
2108fad5 | 59 | term_use_usb_ttys(gpsd_t) |
cca4a215 CP |
60 | |
61 | auth_use_nsswitch(gpsd_t) | |
62 | ||
63 | logging_send_syslog_msg(gpsd_t) | |
64 | ||
65 | miscfiles_read_localization(gpsd_t) | |
66 | ||
3eaa9939 DW |
67 | optional_policy(` |
68 | chronyd_rw_shm(gpsd_t) | |
4efd70c9 | 69 | chronyd_stream_connect(gpsd_t) |
20e45a99 | 70 | chronyd_dgram_send(gpsd_t) |
3eaa9939 DW |
71 | ') |
72 | ||
cca4a215 | 73 | optional_policy(` |
3f67f722 | 74 | dbus_system_bus_client(gpsd_t) |
cca4a215 CP |
75 | ') |
76 | ||
77 | optional_policy(` | |
f37b7bd0 | 78 | ntp_rw_shm(gpsd_t) |
cca4a215 | 79 | ') |