Module for tpm2
Module for tpm2 v2 - updated to rename module and interface names, different dbus interface Signed-off-by: Dave Sugar <dsugar@tresys.com>
This commit is contained in:
Sugar, David
Chris PeBenito
parent
fb04518b9d
commit
566fd554a6
|
|
@ -0,0 +1,3 @@
|
|||
/usr/sbin/tpm2-abrmd -- gen_context(system_u:object_r:tpm2_abrmd_exec_t,s0)
|
||||
|
||||
/usr/lib/systemd/system/[^/]*tpm2-abrmd\.service -- gen_context(system_u:object_r:tpm2_abrmd_unit_t,s0)
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
## <summary>Trusted Platform Module 2.0</summary>
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow specified domain to enable/disable tpm2-abrmd unit
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`tpm2_enabledisable_abrmd',`
|
||||
gen_require(`
|
||||
type tpm2_abrmd_unit_t;
|
||||
class service { enable disable };
|
||||
')
|
||||
|
||||
allow $1 tpm2_abrmd_unit_t:service { enable disable };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow specified domain to start/stop tpm2-abrmd unit
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`tpm2_startstop_abrmd',`
|
||||
gen_require(`
|
||||
type tpm2_abrmd_unit_t;
|
||||
class service { start stop };
|
||||
')
|
||||
|
||||
allow $1 tpm2_abrmd_unit_t:service { start stop };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow specified domain to get status of tpm2-abrmd unit
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`tpm2_status_abrmd',`
|
||||
gen_require(`
|
||||
type tpm2_abrmd_unit_t;
|
||||
class service status;
|
||||
')
|
||||
|
||||
allow $1 tpm2_abrmd_unit_t:service status;
|
||||
')
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
policy_module(tpm2, 1.0.0)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
|
||||
type tpm2_abrmd_t;
|
||||
type tpm2_abrmd_exec_t;
|
||||
init_daemon_domain(tpm2_abrmd_t, tpm2_abrmd_exec_t)
|
||||
|
||||
type tpm2_abrmd_unit_t;
|
||||
init_unit_file(tpm2_abrmd_unit_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Local policy
|
||||
#
|
||||
|
||||
allow tpm2_abrmd_t self:process signal;
|
||||
allow tpm2_abrmd_t self:unix_stream_socket create_socket_perms;
|
||||
|
||||
dev_rw_tpm(tpm2_abrmd_t)
|
||||
|
||||
kernel_read_crypto_sysctls(tpm2_abrmd_t)
|
||||
kernel_read_system_state(tpm2_abrmd_t)
|
||||
|
||||
optional_policy(`
|
||||
dbus_system_domain(tpm2_abrmd_t, tpm2_abrmd_exec_t)
|
||||
')
|
||||
Loading…
Reference in New Issue