From de0e70f07a23354b352783ace9b2cdd8b66117ea Mon Sep 17 00:00:00 2001 From: Dave Sugar Date: Sun, 28 Apr 2019 10:28:51 -0400 Subject: [PATCH] create interfaces for NetworkManager units Create interfaces to allow start/stop, enable/disable and status of NetworkManager systemd unit --- policy/modules/services/networkmanager.if | 57 +++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/policy/modules/services/networkmanager.if b/policy/modules/services/networkmanager.if index 20bdcbc32..33450fa6a 100644 --- a/policy/modules/services/networkmanager.if +++ b/policy/modules/services/networkmanager.if @@ -293,6 +293,63 @@ interface(`networkmanager_stream_connect',` stream_connect_pattern($1, NetworkManager_var_run_t, NetworkManager_var_run_t, NetworkManager_t) ') +######################################## +## +## Allow specified domain to enable/disable NetworkManager units +## +## +## +## Domain allowed access. +## +## +# +interface(`networkmanager_enabledisable',` + gen_require(` + type NetworkManager_unit_t; + class service { enable disable }; + ') + + allow $1 NetworkManager_unit_t:service { enable disable }; +') + +######################################## +## +## Allow specified domain to start/stop NetworkManager units +## +## +## +## Domain allowed access. +## +## +# +interface(`networkmanager_startstop',` + gen_require(` + type NetworkManager_unit_t; + class service { start stop }; + ') + + allow $1 NetworkManager_unit_t:service { start stop }; +') + +######################################## +## +## Allow specified domain to get status of NetworkManager +## +## +## +## Domain allowed access. +## +## +# +interface(`networkmanager_status',` + gen_require(` + type NetworkManager_unit_t; + class service status; + ') + + allow $1 NetworkManager_unit_t:service status; +') + ######################################## ## ## All of the rules required to