RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rearrange rules in tcsd.

This commit is contained in:
Chris PeBenito 2011-02-07 08:51:35 -05:00
parent dd978f6080
commit 26276c2434
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
policy/modules/services/tcsd.te
View File

@ -23,25 +23,26 @@ allow tcsd_t self:capability { dac_override setuid };
allow tcsd_t self:process { signal sigkill }; allow tcsd_t self:process { signal sigkill };
allow tcsd_t self:tcp_socket create_stream_socket_perms; allow tcsd_t self:tcp_socket create_stream_socket_perms;
# Access /dev/tpm0.
dev_rw_tpm(tcsd_t)
# var/lib files for tcsd # var/lib files for tcsd
manage_dirs_pattern(tcsd_t, tcsd_var_lib_t, tcsd_var_lib_t) manage_dirs_pattern(tcsd_t, tcsd_var_lib_t, tcsd_var_lib_t)
manage_files_pattern(tcsd_t, tcsd_var_lib_t, tcsd_var_lib_t) manage_files_pattern(tcsd_t, tcsd_var_lib_t, tcsd_var_lib_t)
files_var_lib_filetrans(tcsd_t, tcsd_var_lib_t, { file dir }) files_var_lib_filetrans(tcsd_t, tcsd_var_lib_t, { file dir })
# Accept connections on the TCS port over loopback. # Accept connections on the TCS port over loopback.
sysnet_read_config(tcsd_t)
corenet_all_recvfrom_unlabeled(tcsd_t) corenet_all_recvfrom_unlabeled(tcsd_t)
corenet_tcp_bind_generic_node(tcsd_t) corenet_tcp_bind_generic_node(tcsd_t)
corenet_tcp_bind_tcs_port(tcsd_t) corenet_tcp_bind_tcs_port(tcsd_t)
# Read /dev/urandom, /etc, /usr, and locale files.
dev_read_urand(tcsd_t) dev_read_urand(tcsd_t)
# Access /dev/tpm0.
dev_rw_tpm(tcsd_t)
files_read_etc_files(tcsd_t) files_read_etc_files(tcsd_t)
files_read_usr_files(tcsd_t) files_read_usr_files(tcsd_t)
miscfiles_read_localization(tcsd_t)
# Log messages via syslog. # Log messages via syslog.
logging_send_syslog_msg(tcsd_t) logging_send_syslog_msg(tcsd_t)
miscfiles_read_localization(tcsd_t)
sysnet_read_config(tcsd_t)