policy/modules/services/vdagent.te

   1 policy_module(vdagent,1.0.0)
   2
   3 ########################################
   4 #
   5 # Declarations
   6 #
   7
   8 type vdagent_t;
   9 type vdagent_exec_t;
  10 init_daemon_domain(vdagent_t, vdagent_exec_t)
  11
  12 type vdagent_var_run_t;
  13 files_pid_file(vdagent_var_run_t)
  14
  15 type vdagent_log_t;
  16 logging_log_file(vdagent_log_t)
  17
  18 ########################################
  19 #
  20 # vdagent local policy
  21 #
  22
  23 dontaudit vdagent_t self:capability sys_admin;
  24
  25 allow vdagent_t self:fifo_file rw_fifo_file_perms;
  26 allow vdagent_t self:unix_stream_socket create_stream_socket_perms;
  27
  28 manage_dirs_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t)
  29 manage_files_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t)
  30 manage_sock_files_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t)
  31 files_pid_filetrans(vdagent_t, vdagent_var_run_t, { dir file sock_file })
  32
  33 manage_dirs_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
  34 manage_files_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
  35 logging_log_filetrans(vdagent_t, vdagent_log_t, { file })
  36
  37 dev_rw_input_dev(vdagent_t)
  38 dev_read_sysfs(vdagent_t)
  39 dev_dontaudit_write_mtrr(vdagent_t)
  40
  41 files_read_etc_files(vdagent_t)
  42
  43 term_use_virtio_console(vdagent_t)
  44
  45 miscfiles_read_localization(vdagent_t)
  46
  47 optional_policy(`
  48         consolekit_dbus_chat(vdagent_t)
  49 ')
  50
  51 optional_policy(`
  52         dbus_system_bus_client(vdagent_t)
  53 ')
  54