Add colord_can_network_connect boolean

Conflicts:

	policy/modules/services/colord.te

diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
index 25283e476278d50d1326b126263743f3d2b9c93a..9db8952b5a5a258a4905002b5ff0998fe7e61a5d 100644 (file)
--- a/policy/modules/services/colord.te
+++ b/policy/modules/services/colord.te
@@ -5,6 +5,13 @@ policy_module(colord, 1.0.0)
 # Declarations
 #
 
+## <desc>
+##  <p>
+##  Allow colord domain to connect to the network using TCP.
+##  </p>
+## </desc>
+gen_tunable(colord_can_network_connect, false)
+
 type colord_t;
 type colord_exec_t;
 dbus_system_domain(colord_t, colord_exec_t)
@@ -27,6 +34,7 @@ dontaudit colord_t self:capability sys_admin;
 allow colord_t self:process signal;
 allow colord_t self:fifo_file rw_fifo_file_perms;
 allow colord_t self:netlink_kobject_uevent_socket create_socket_perms;
+allow colord_t self:tcp_socket create_stream_socket_perms;
 allow colord_t self:udp_socket create_socket_perms;
 allow colord_t self:unix_dgram_socket create_socket_perms;
 
@@ -93,6 +101,21 @@ userdom_rw_user_tmpfs_files(colord_t)
 
 userdom_home_reader(colord_t)
 
+tunable_policy(`colord_can_network_connect',`
+    corenet_tcp_connect_all_ports(colord_t)
+')
+
+tunable_policy(`use_nfs_home_dirs',`
+       fs_getattr_nfs(colord_t)
+       fs_read_nfs_files(colord_t)
+')
+
+tunable_policy(`use_samba_home_dirs',`
+       fs_getattr_cifs(colord_t)
+       fs_read_cifs_files(colord_t)
+')
+>>>>>>> 5034724... Add colord_can_network_connect boolean
+
 optional_policy(`
        cups_read_config(colord_t)
        cups_read_rw_config(colord_t)