selinux-refpolicy/policy/modules/services/geoclue.te

policy_module(geoclue, 1.1.1)

########################################
#
# Declarations
#

type geoclue_t;
type geoclue_exec_t;
dbus_system_domain(geoclue_t, geoclue_exec_t)

type geoclue_etc_t;
files_config_file(geoclue_etc_t)

type geoclue_var_lib_t;
files_type(geoclue_var_lib_t)

########################################
#
# Local policy
#

read_files_pattern(geoclue_t, geoclue_etc_t, geoclue_etc_t)

kernel_read_kernel_sysctls(geoclue_t)

corenet_tcp_connect_http_port(geoclue_t)

dev_read_urand(geoclue_t)

auth_use_nsswitch(geoclue_t)

logging_send_syslog_msg(geoclue_t)

miscfiles_read_generic_certs(geoclue_t)
miscfiles_read_localization(geoclue_t)

optional_policy(`
	avahi_dbus_chat(geoclue_t)
')

optional_policy(`
	networkmanager_dbus_chat(geoclue_t)
')

optional_policy(`
	modemmanager_dbus_chat(geoclue_t)
')
various: Module version bump. 2019-11-23 14:54:36 +00:00			`policy_module(geoclue, 1.1.1)`
Re-add policy modules from old refpolicy-contrib submodule. 2018-06-23 13:00:56 +00:00
			`########################################`
			`#`
			`# Declarations`
			`#`

			`type geoclue_t;`
			`type geoclue_exec_t;`
			`dbus_system_domain(geoclue_t, geoclue_exec_t)`

			`type geoclue_etc_t;`
			`files_config_file(geoclue_etc_t)`

			`type geoclue_var_lib_t;`
			`files_type(geoclue_var_lib_t)`

			`########################################`
			`#`
			`# Local policy`
			`#`

			`read_files_pattern(geoclue_t, geoclue_etc_t, geoclue_etc_t)`

			`kernel_read_kernel_sysctls(geoclue_t)`

			`corenet_tcp_connect_http_port(geoclue_t)`

			`dev_read_urand(geoclue_t)`

			`auth_use_nsswitch(geoclue_t)`

Allow geoclue to log in syslog ---- time->Thu Oct 3 17:16:40 2019 type=AVC msg=audit(1570115800.136:513): avc: denied { create } for pid=1384 comm="geoclue" scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:geoclue_t:s0 tclass=unix_dgram_socket permissive=1 ---- time->Thu Oct 3 17:16:40 2019 type=AVC msg=audit(1570115800.136:514): avc: denied { sendto } for pid=1384 comm="geoclue" path="/run/systemd/journal/socket" scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tc lass=unix_dgram_socket permissive=1 type=AVC msg=audit(1570115800.136:514): avc: denied { write } for pid=1384 comm="geoclue" name="socket" dev="tmpfs" ino=1781 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:devlog_t:s0 tcla ss=sock_file permissive=1 type=AVC msg=audit(1570115800.136:514): avc: denied { search } for pid=1384 comm="geoclue" name="journal" dev="tmpfs" ino=1777 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:syslogd_runtim e_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1570115800.136:514): avc: denied { search } for pid=1384 comm="geoclue" name="systemd" dev="tmpfs" ino=11001 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:init_runtime_ t:s0 tclass=dir permissive=1 type=AVC msg=audit(1570115800.136:514): avc: denied { write } for pid=1384 comm="geoclue" scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:geoclue_t:s0 tclass=unix_dgram_socket permissive=1 ---- Signed-off-by: Laurent Bigonville <bigon@bigon.be> 2019-10-04 14:13:02 +00:00			`logging_send_syslog_msg(geoclue_t)`

Re-add policy modules from old refpolicy-contrib submodule. 2018-06-23 13:00:56 +00:00			`miscfiles_read_generic_certs(geoclue_t)`
			`miscfiles_read_localization(geoclue_t)`

			optional_policy(`
			`avahi_dbus_chat(geoclue_t)`
			`')`

			optional_policy(`
			`networkmanager_dbus_chat(geoclue_t)`
			`')`

			optional_policy(`
			`modemmanager_dbus_chat(geoclue_t)`
			`')`