projects / people / stevee / selinux-policy.git / blame
| Commit | Line | Data |
|---|---|---|
| 29af4c13 | 1 | policy_module(gpsd, 1.1.0) |
| cca4a215 CP |
2 | |
| 3 | ######################################## | |
| 4 | # | |
| 5 | # Declarations | |
| 6 | # | |
| 7 | ||
| 8 | type gpsd_t; | |
| 9 | type gpsd_exec_t; | |
| 10 | application_domain(gpsd_t, gpsd_exec_t) | |
| 11 | init_daemon_domain(gpsd_t, gpsd_exec_t) | |
| 12 | ||
| f37b7bd0 CP |
13 | type gpsd_initrc_exec_t; |
| 14 | init_script_file(gpsd_initrc_exec_t) | |
| 15 | ||
| cca4a215 CP |
16 | type gpsd_tmpfs_t; |
| 17 | files_tmpfs_file(gpsd_tmpfs_t) | |
| 18 | ||
| f37b7bd0 CP |
19 | type gpsd_var_run_t; |
| 20 | files_pid_file(gpsd_var_run_t) | |
| 21 | ||
| cca4a215 CP |
22 | ######################################## |
| 23 | # | |
| 24 | # gpsd local policy | |
| 25 | # | |
| 26 | ||
| 4efd70c9 | 27 | allow gpsd_t self:capability { fowner fsetid setuid setgid sys_nice sys_time sys_tty_config }; |
| 995bdbb1 | 28 | dontaudit gpsd_t self:capability { dac_read_search dac_override }; |
| 4efd70c9 | 29 | allow gpsd_t self:process { setsched signal_perms }; |
| cca4a215 CP |
30 | allow gpsd_t self:shm create_shm_perms; |
| 31 | allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto }; | |
| 32 | allow gpsd_t self:tcp_socket create_stream_socket_perms; | |
| 33 | ||
| 34 | manage_dirs_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t) | |
| 35 | manage_files_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t) | |
| 36 | fs_tmpfs_filetrans(gpsd_t, gpsd_tmpfs_t, { dir file }) | |
| 37 | ||
| f37b7bd0 CP |
38 | manage_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t) |
| 39 | manage_sock_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t) | |
| 40 | files_pid_filetrans(gpsd_t, gpsd_var_run_t, { file sock_file }) | |
| 41 | ||
| 20e45a99 DW |
42 | kernel_list_proc(gpsd_t) |
| 43 | ||
| cca4a215 CP |
44 | corenet_all_recvfrom_unlabeled(gpsd_t) |
| 45 | corenet_all_recvfrom_netlabel(gpsd_t) | |
| 46 | corenet_tcp_sendrecv_generic_if(gpsd_t) | |
| 47 | corenet_tcp_sendrecv_generic_node(gpsd_t) | |
| 48 | corenet_tcp_sendrecv_all_ports(gpsd_t) | |
| a90706ef | 49 | corenet_tcp_bind_generic_node(gpsd_t) |
| cca4a215 CP |
50 | corenet_tcp_bind_gpsd_port(gpsd_t) |
| 51 | ||
| e31a39d0 | 52 | dev_read_sysfs(gpsd_t) |
| 20e45a99 | 53 | dev_rw_realtime_clock(gpsd_t) |
| e31a39d0 | 54 | |
| 4efd70c9 DW |
55 | domain_dontaudit_read_all_domains_state(gpsd_t) |
| 56 | ||
| cca4a215 CP |
57 | term_use_unallocated_ttys(gpsd_t) |
| 58 | term_setattr_unallocated_ttys(gpsd_t) | |
| 2108fad5 | 59 | term_use_usb_ttys(gpsd_t) |
| cca4a215 CP |
60 | |
| 61 | auth_use_nsswitch(gpsd_t) | |
| 62 | ||
| 63 | logging_send_syslog_msg(gpsd_t) | |
| 64 | ||
| 65 | miscfiles_read_localization(gpsd_t) | |
| 66 | ||
| 3eaa9939 DW |
67 | optional_policy(` |
| 68 | chronyd_rw_shm(gpsd_t) | |
| 4efd70c9 | 69 | chronyd_stream_connect(gpsd_t) |
| 20e45a99 | 70 | chronyd_dgram_send(gpsd_t) |
| 3eaa9939 DW |
71 | ') |
| 72 | ||
| cca4a215 | 73 | optional_policy(` |
| 3f67f722 | 74 | dbus_system_bus_client(gpsd_t) |
| cca4a215 CP |
75 | ') |
| 76 | ||
| 77 | optional_policy(` | |
| f37b7bd0 | 78 | ntp_rw_shm(gpsd_t) |
| cca4a215 | 79 | ') |