Bump module versions for release.

[people/stevee/selinux-policy.git] / policy / modules / services / devicekit.te
diff --git a/policy/modules/services/devicekit.te b/policy/modules/services/devicekit.te

index 5d673bc7e99a4664f06922604a01242832b28b96..f231f17daa80742b0e0372d5f465de357912a47d 100644 (file)
--- a/policy/modules/services/devicekit.te
+++ b/policy/modules/services/devicekit.te
@@ -1,4 +1,4 @@
-policy_module(devicekit, 1.0.0)
+policy_module(devicekit, 1.1.0)
  
  ########################################
  #
@@ -37,6 +37,8 @@ manage_dirs_pattern(devicekit_t, devicekit_var_run_t, devicekit_var_run_t)
  manage_files_pattern(devicekit_t, devicekit_var_run_t, devicekit_var_run_t)
  files_pid_filetrans(devicekit_t, devicekit_var_run_t, { file dir })
  
+kernel_read_system_state(devicekit_t)
+
  dev_read_sysfs(devicekit_t)
  dev_read_urand(devicekit_t)
  
@@ -60,8 +62,10 @@ optional_policy(`
  # DeviceKit disk local policy
  #
  
-allow devicekit_disk_t self:capability { chown dac_override fowner fsetid sys_nice sys_ptrace sys_rawio };
+allow devicekit_disk_t self:capability { chown setuid setgid dac_override fowner fsetid net_admin sys_admin sys_nice sys_ptrace sys_rawio };
+allow devicekit_disk_t self:process { getsched signal_perms };
  allow devicekit_disk_t self:fifo_file rw_fifo_file_perms;
+allow devicekit_disk_t self:netlink_kobject_uevent_socket create_socket_perms;
  
  manage_dirs_pattern(devicekit_disk_t, devicekit_tmp_t, devicekit_tmp_t)
  manage_files_pattern(devicekit_disk_t, devicekit_tmp_t, devicekit_tmp_t)
@@ -71,29 +75,60 @@ manage_dirs_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)
  manage_files_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)
  files_var_lib_filetrans(devicekit_disk_t, devicekit_var_lib_t, dir)
  
+manage_dirs_pattern(devicekit_disk_t, devicekit_var_run_t, devicekit_var_run_t)
+manage_files_pattern(devicekit_disk_t, devicekit_var_run_t, devicekit_var_run_t)
+files_pid_filetrans(devicekit_disk_t, devicekit_var_run_t, { file dir })
+
+kernel_getattr_message_if(devicekit_disk_t)
+kernel_read_fs_sysctls(devicekit_disk_t)
+kernel_read_network_state(devicekit_disk_t)
  kernel_read_software_raid_state(devicekit_disk_t)
+kernel_read_system_state(devicekit_disk_t)
+kernel_request_load_module(devicekit_disk_t)
  kernel_setsched(devicekit_disk_t)
  
  corecmd_exec_bin(devicekit_disk_t)
+corecmd_exec_shell(devicekit_disk_t)
+corecmd_getattr_all_executables(devicekit_disk_t)
  
  dev_rw_sysfs(devicekit_disk_t)
  dev_read_urand(devicekit_disk_t)
  dev_getattr_usbfs_dirs(devicekit_disk_t)
-
+dev_manage_generic_files(devicekit_disk_t)
+dev_getattr_all_chr_files(devicekit_disk_t)
+dev_getattr_mtrr_dev(devicekit_disk_t)
+
+domain_getattr_all_pipes(devicekit_disk_t)
+domain_getattr_all_sockets(devicekit_disk_t)
+domain_getattr_all_stream_sockets(devicekit_disk_t)
+domain_read_all_domains_state(devicekit_disk_t)
+
+files_dontaudit_read_all_symlinks(devicekit_disk_t)
+files_getattr_all_sockets(devicekit_disk_t)
+files_getattr_all_mountpoints(devicekit_disk_t)
+files_getattr_all_files(devicekit_disk_t)
+files_manage_isid_type_dirs(devicekit_disk_t)
  files_manage_mnt_dirs(devicekit_disk_t)
  files_read_etc_files(devicekit_disk_t)
  files_read_etc_runtime_files(devicekit_disk_t)
  files_read_usr_files(devicekit_disk_t)
  
+fs_list_inotifyfs(devicekit_disk_t)
+fs_manage_fusefs_dirs(devicekit_disk_t)
  fs_mount_all_fs(devicekit_disk_t)
  fs_unmount_all_fs(devicekit_disk_t)
-fs_manage_fusefs_dirs(devicekit_disk_t)
+fs_search_all(devicekit_disk_t)
+
+mls_file_read_all_levels(devicekit_disk_t)
+mls_file_write_to_clearance(devicekit_disk_t)
  
  storage_raw_read_fixed_disk(devicekit_disk_t)
  storage_raw_write_fixed_disk(devicekit_disk_t)
  storage_raw_read_removable_device(devicekit_disk_t)
  storage_raw_write_removable_device(devicekit_disk_t)
  
+term_use_all_terms(devicekit_disk_t)
+
  auth_use_nsswitch(devicekit_disk_t)
  
  miscfiles_read_localization(devicekit_disk_t)
@@ -101,6 +136,16 @@ miscfiles_read_localization(devicekit_disk_t)
  userdom_read_all_users_state(devicekit_disk_t)
  userdom_search_user_home_dirs(devicekit_disk_t)
  
+optional_policy(`
+       dbus_system_bus_client(devicekit_disk_t)
+
+       allow devicekit_disk_t devicekit_t:dbus send_msg;
+
+       optional_policy(`
+               consolekit_dbus_chat(devicekit_disk_t)
+       ')
+')
+
  optional_policy(`
         fstools_domtrans(devicekit_disk_t)
  ')
@@ -110,28 +155,27 @@ optional_policy(`
  ')
  
  optional_policy(`
+       mount_domtrans(devicekit_disk_t)
+')
+
+optional_policy(`
+       policykit_dbus_chat(devicekit_disk_t)
         policykit_domtrans_auth(devicekit_disk_t)
         policykit_read_lib(devicekit_disk_t)
         policykit_read_reload(devicekit_disk_t)
  ')
  
  optional_policy(`
-       mount_domtrans(devicekit_disk_t)
+       raid_domtrans_mdadm(devicekit_disk_t)
  ')
  
  optional_policy(`
-       dbus_system_bus_client(devicekit_disk_t)
-
-       allow devicekit_disk_t devicekit_t:dbus send_msg;
-
-       optional_policy(`
-               consolekit_dbus_chat(devicekit_disk_t)
-       ')
+       udev_domtrans(devicekit_disk_t)
+       udev_read_db(devicekit_disk_t)
  ')
  
  optional_policy(`
-       udev_domtrans(devicekit_disk_t)
-       udev_read_db(devicekit_disk_t)
+       virt_manage_images(devicekit_disk_t)
  ')
  
  ########################################
@@ -139,9 +183,11 @@ optional_policy(`
  # DeviceKit-Power local policy
  #
  
-allow devicekit_power_t self:capability { dac_override sys_tty_config sys_nice sys_ptrace };
+allow devicekit_power_t self:capability { dac_override net_admin sys_admin sys_tty_config sys_nice sys_ptrace };
+allow devicekit_power_t self:process getsched;
  allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
  allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
+allow devicekit_power_t self:netlink_kobject_uevent_socket create_socket_perms;
  
  manage_dirs_pattern(devicekit_power_t, devicekit_var_lib_t, devicekit_var_lib_t)
  manage_files_pattern(devicekit_power_t, devicekit_var_lib_t, devicekit_var_lib_t)
@@ -151,6 +197,8 @@ kernel_read_network_state(devicekit_power_t)
  kernel_read_system_state(devicekit_power_t)
  kernel_rw_hotplug_sysctls(devicekit_power_t)
  kernel_rw_kernel_sysctl(devicekit_power_t)
+kernel_search_debugfs(devicekit_power_t)
+kernel_write_proc_files(devicekit_power_t)
  
  corecmd_exec_bin(devicekit_power_t)
  corecmd_exec_shell(devicekit_power_t)
@@ -159,7 +207,9 @@ consoletype_exec(devicekit_power_t)
  
  domain_read_all_domains_state(devicekit_power_t)
  
+dev_read_input(devicekit_power_t)
  dev_rw_generic_usb_dev(devicekit_power_t)
+dev_rw_generic_chr_files(devicekit_power_t)
  dev_rw_netcontrol(devicekit_power_t)
  dev_rw_sysfs(devicekit_power_t)
  
@@ -167,18 +217,27 @@ files_read_kernel_img(devicekit_power_t)
  files_read_etc_files(devicekit_power_t)
  files_read_usr_files(devicekit_power_t)
  
+fs_list_inotifyfs(devicekit_power_t)
+
  term_use_all_terms(devicekit_power_t)
  
  auth_use_nsswitch(devicekit_power_t)
  
  miscfiles_read_localization(devicekit_power_t)
  
+sysnet_read_config(devicekit_power_t)
+sysnet_domtrans_ifconfig(devicekit_power_t)
+
  userdom_read_all_users_state(devicekit_power_t)
  
  optional_policy(`
         bootloader_domtrans(devicekit_power_t)
  ')
  
+optional_policy(`
+       cron_initrc_domtrans(devicekit_power_t)
+')
+
  optional_policy(`
         dbus_system_bus_client(devicekit_power_t)
  
@@ -203,17 +262,23 @@ optional_policy(`
  
  optional_policy(`
         hal_domtrans_mac(devicekit_power_t)
+       hal_manage_log(devicekit_power_t)
         hal_manage_pid_dirs(devicekit_power_t)
         hal_manage_pid_files(devicekit_power_t)
         hal_dbus_chat(devicekit_power_t)
  ')
  
  optional_policy(`
+       policykit_dbus_chat(devicekit_power_t)
         policykit_domtrans_auth(devicekit_power_t)
         policykit_read_lib(devicekit_power_t)
         policykit_read_reload(devicekit_power_t)
  ')
  
+optional_policy(`
+       udev_read_db(devicekit_power_t)
+')
+
  optional_policy(`
         vbetool_domtrans(devicekit_power_t)
  ')