projects / people / stevee / selinux-policy.git / blame
| Commit | Line | Data |
|---|---|---|
| 6b19be33 | 1 | |
| 29af4c13 | 2 | policy_module(pcscd, 1.6.0) |
| 6b19be33 CP |
3 | |
| 4 | ######################################## | |
| 5 | # | |
| 6 | # Declarations | |
| 7 | # | |
| 8 | ||
| 9 | type pcscd_t; | |
| 10 | type pcscd_exec_t; | |
| 11 | domain_type(pcscd_t) | |
| 12 | init_daemon_domain(pcscd_t, pcscd_exec_t) | |
| 13 | ||
| 14 | # pid files | |
| 15 | type pcscd_var_run_t; | |
| 16 | files_pid_file(pcscd_var_run_t) | |
| 17 | ||
| 18 | ######################################## | |
| 19 | # | |
| 20 | # pcscd local policy | |
| 21 | # | |
| 22 | ||
| 23 | allow pcscd_t self:capability { dac_override dac_read_search }; | |
| d534d35a | 24 | allow pcscd_t self:process signal; |
| 0b36a214 | 25 | allow pcscd_t self:fifo_file rw_fifo_file_perms; |
| 6b19be33 CP |
26 | allow pcscd_t self:unix_stream_socket create_stream_socket_perms; |
| 27 | allow pcscd_t self:unix_dgram_socket create_socket_perms; | |
| 28 | allow pcscd_t self:tcp_socket create_stream_socket_perms; | |
| 29 | ||
| 8f800d48 | 30 | manage_dirs_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t) |
| 0bfccda4 | 31 | manage_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t) |
| 6df09cfe | 32 | manage_fifo_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t) |
| 0bfccda4 | 33 | manage_sock_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t) |
| 8f800d48 | 34 | files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file dir }) |
| 6b19be33 | 35 | |
| 6df09cfe CP |
36 | kernel_read_system_state(pcscd_t) |
| 37 | ||
| 19006686 CP |
38 | corenet_all_recvfrom_unlabeled(pcscd_t) |
| 39 | corenet_all_recvfrom_netlabel(pcscd_t) | |
| 668b3093 | 40 | corenet_tcp_sendrecv_generic_if(pcscd_t) |
| c1262146 | 41 | corenet_tcp_sendrecv_generic_node(pcscd_t) |
| 6b19be33 | 42 | corenet_tcp_sendrecv_all_ports(pcscd_t) |
| 6b19be33 CP |
43 | corenet_tcp_connect_http_port(pcscd_t) |
| 44 | ||
| 45 | dev_rw_generic_usb_dev(pcscd_t) | |
| 6df09cfe | 46 | dev_rw_smartcard(pcscd_t) |
| 6b19be33 CP |
47 | dev_rw_usbfs(pcscd_t) |
| 48 | dev_search_sysfs(pcscd_t) | |
| 49 | ||
| 50 | files_read_etc_files(pcscd_t) | |
| 51 | files_read_etc_runtime_files(pcscd_t) | |
| 52 | ||
| e828954c | 53 | term_use_unallocated_ttys(pcscd_t) |
| 6b19be33 CP |
54 | term_dontaudit_getattr_pty_dirs(pcscd_t) |
| 55 | ||
| 6b19be33 CP |
56 | locallogin_use_fds(pcscd_t) |
| 57 | ||
| 58 | logging_send_syslog_msg(pcscd_t) | |
| 59 | ||
| 60 | miscfiles_read_localization(pcscd_t) | |
| 61 | ||
| 62 | sysnet_dns_name_resolve(pcscd_t) | |
| 63 | ||
| 8f800d48 CP |
64 | optional_policy(` |
| 65 | dbus_system_bus_client(pcscd_t) | |
| 66 | ||
| 67 | optional_policy(` | |
| 68 | hal_dbus_chat(pcscd_t) | |
| 69 | ') | |
| 70 | ') | |
| 71 | ||
| d534d35a CP |
72 | optional_policy(` |
| 73 | openct_stream_connect(pcscd_t) | |
| 74 | openct_read_pid_files(pcscd_t) | |
| 75 | openct_signull(pcscd_t) | |
| 76 | ') | |
| 77 | ||
| 6b19be33 CP |
78 | optional_policy(` |
| 79 | rpm_use_script_fds(pcscd_t) | |
| 80 | ') |