RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #182 from topimiettinen/add-iwd-as-networkmanager

This commit is contained in:
Chris PeBenito 2020-02-16 11:11:59 -05:00
parent 26be8f09a6 cdd292a26d
commit 3bef33fe20
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
policy/modules/services/networkmanager.fc
View File

@ -9,6 +9,8 @@
/etc/dhcp/wireless-settings\.conf -- gen_context(system_u:object_r:NetworkManager_etc_rw_t, s0)
/etc/dhcp/wired-settings\.conf -- gen_context(system_u:object_r:NetworkManager_etc_rw_t, s0)
/etc/iwd/main\.conf -- gen_context(system_u:object_r:NetworkManager_etc_t, s0)
/etc/wicd/manager-settings\.conf -- gen_context(system_u:object_r:NetworkManager_etc_rw_t, s0)
/etc/wicd/wireless-settings\.conf -- gen_context(system_u:object_r:NetworkManager_etc_rw_t, s0)
/etc/wicd/wired-settings\.conf -- gen_context(system_u:object_r:NetworkManager_etc_rw_t, s0)
@ -16,13 +18,17 @@
/usr/lib/NetworkManager/nm-dispatcher.* -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
/usr/lib/networkmanager/nm-dispatcher.* -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
/usr/libexec/nm-dispatcher.* -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
/usr/libexec/iwd -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
# Systemd unit files
/usr/lib/systemd/system/[^/]*NetworkManager.* -- gen_context(system_u:object_r:NetworkManager_unit_t,s0)
/usr/lib/systemd/system/[^/]*iwd.* -- gen_context(system_u:object_r:NetworkManager_unit_t,s0)
/usr/lib/systemd/system/[^/]*wpa_supplicant.* -- gen_context(system_u:object_r:NetworkManager_unit_t,s0)
/usr/bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
/usr/bin/NetworkManagerDispatcher -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
/usr/bin/iwctl -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
/usr/bin/iwmon -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
/usr/bin/nm-system-settings -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
/usr/bin/wicd -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
/usr/bin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0)
@ -35,6 +41,7 @@
/usr/sbin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0)
/usr/sbin/wpa_supplicant -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
/var/lib/iwd(/.*)? gen_context(system_u:object_r:NetworkManager_var_lib_t,s0)
/var/lib/wicd(/.*)? gen_context(system_u:object_r:NetworkManager_var_lib_t,s0)
/var/lib/NetworkManager(/.*)? gen_context(system_u:object_r:NetworkManager_var_lib_t,s0)

2
policy/modules/services/networkmanager.te
View File

@ -57,6 +57,7 @@ allow NetworkManager_t self:tcp_socket { accept listen };
allow NetworkManager_t self:tun_socket { create_socket_perms relabelfrom relabelto };
allow NetworkManager_t self:packet_socket create_socket_perms;
allow NetworkManager_t self:socket create_socket_perms;
allow NetworkManager_t self:alg_socket { accept bind create read setopt write };
# ICMPv6 router solicitation/advertisement
allow NetworkManager_t self:rawip_socket { create setopt getattr write read };
@ -83,6 +84,7 @@ files_tmp_filetrans(NetworkManager_t, NetworkManager_tmp_t, { sock_file file })
manage_dirs_pattern(NetworkManager_t, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
manage_files_pattern(NetworkManager_t, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
files_var_lib_filetrans(NetworkManager_t, NetworkManager_var_lib_t, dir)
allow NetworkManager_t NetworkManager_var_lib_t:file map;
manage_dirs_pattern(NetworkManager_t, NetworkManager_runtime_t, NetworkManager_runtime_t)
manage_files_pattern(NetworkManager_t, NetworkManager_runtime_t, NetworkManager_runtime_t)