policy/modules/services/pcscd.te

   1
   2 policy_module(pcscd, 1.6.0)
   3
   4 ########################################
   5 #
   6 # Declarations
   7 #
   8
   9 type pcscd_t;
  10 type pcscd_exec_t;
  11 domain_type(pcscd_t)
  12 init_daemon_domain(pcscd_t, pcscd_exec_t)
  13
  14 # pid files
  15 type pcscd_var_run_t;
  16 files_pid_file(pcscd_var_run_t)
  17
  18 ########################################
  19 #
  20 # pcscd local policy
  21 #
  22
  23 allow pcscd_t self:capability { dac_override dac_read_search };
  24 allow pcscd_t self:process signal;
  25 allow pcscd_t self:fifo_file rw_fifo_file_perms;
  26 allow pcscd_t self:unix_stream_socket create_stream_socket_perms;
  27 allow pcscd_t self:unix_dgram_socket create_socket_perms;
  28 allow pcscd_t self:tcp_socket create_stream_socket_perms;
  29
  30 manage_dirs_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
  31 manage_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
  32 manage_fifo_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
  33 manage_sock_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
  34 files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file dir })
  35
  36 kernel_read_system_state(pcscd_t)
  37
  38 corenet_all_recvfrom_unlabeled(pcscd_t)
  39 corenet_all_recvfrom_netlabel(pcscd_t)
  40 corenet_tcp_sendrecv_generic_if(pcscd_t)
  41 corenet_tcp_sendrecv_generic_node(pcscd_t)
  42 corenet_tcp_sendrecv_all_ports(pcscd_t)
  43 corenet_tcp_connect_http_port(pcscd_t)
  44
  45 dev_rw_generic_usb_dev(pcscd_t)
  46 dev_rw_smartcard(pcscd_t)
  47 dev_rw_usbfs(pcscd_t)
  48 dev_search_sysfs(pcscd_t)
  49
  50 files_read_etc_files(pcscd_t)
  51 files_read_etc_runtime_files(pcscd_t)
  52
  53 term_use_unallocated_ttys(pcscd_t)
  54 term_dontaudit_getattr_pty_dirs(pcscd_t)
  55
  56 locallogin_use_fds(pcscd_t)
  57
  58 logging_send_syslog_msg(pcscd_t)
  59
  60 miscfiles_read_localization(pcscd_t)
  61
  62 sysnet_dns_name_resolve(pcscd_t)
  63
  64 optional_policy(`
  65         dbus_system_bus_client(pcscd_t)
  66
  67         optional_policy(`
  68                 hal_dbus_chat(pcscd_t)
  69         ')
  70 ')
  71
  72 optional_policy(`
  73         openct_stream_connect(pcscd_t)
  74         openct_read_pid_files(pcscd_t)
  75         openct_signull(pcscd_t)
  76 ')
  77
  78 optional_policy(`
  79         rpm_use_script_fds(pcscd_t)
  80 ')