RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

trunk: last bit of wpa_supplicant update from martin orr.

This commit is contained in:
Chris PeBenito 2008-09-18 15:06:29 +00:00
parent c9824ec5ce
commit fd49feff49
2 changed files with 35 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/services/networkmanager.fc
View File

@ -1,3 +1,4 @@
/sbin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0)
/sbin/wpa_supplicant -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) /sbin/wpa_supplicant -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
/usr/s?bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) /usr/s?bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)

37
policy/modules/services/networkmanager.te
View File

@ -1,5 +1,5 @@
policy_module(networkmanager, 1.10.2) policy_module(networkmanager, 1.10.3)
######################################## ########################################
# #
@ -22,6 +22,10 @@ files_tmp_file(NetworkManager_tmp_t)
type NetworkManager_var_run_t; type NetworkManager_var_run_t;
files_pid_file(NetworkManager_var_run_t) files_pid_file(NetworkManager_var_run_t)
type wpa_cli_t;
type wpa_cli_exec_t;
init_system_domain(wpa_cli_t, wpa_cli_exec_t)
######################################## ########################################
# #
# Local policy # Local policy
@ -40,13 +44,15 @@ allow NetworkManager_t self:tcp_socket create_stream_socket_perms;
allow NetworkManager_t self:udp_socket create_socket_perms; allow NetworkManager_t self:udp_socket create_socket_perms;
allow NetworkManager_t self:packet_socket create_socket_perms; allow NetworkManager_t self:packet_socket create_socket_perms;
allow NetworkManager_t wpa_cli_t:unix_dgram_socket sendto;
can_exec(NetworkManager_t, NetworkManager_exec_t) can_exec(NetworkManager_t, NetworkManager_exec_t)
manage_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_t) manage_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_t)
logging_log_filetrans(NetworkManager_t, NetworkManager_log_t, file) logging_log_filetrans(NetworkManager_t, NetworkManager_log_t, file)
manage_sock_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t) rw_sock_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
files_tmp_filetrans(NetworkManager_t, NetworkManager_tmp_t, sock_file) files_search_tmp(NetworkManager_t)
manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t) manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t) manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
@ -190,3 +196,28 @@ optional_policy(`
vpn_domtrans(NetworkManager_t) vpn_domtrans(NetworkManager_t)
vpn_signal(NetworkManager_t) vpn_signal(NetworkManager_t)
') ')
########################################
#
# wpa_cli local policy
#
allow wpa_cli_t self:capability dac_override;
allow wpa_cli_t self:unix_dgram_socket create_socket_perms;
allow wpa_cli_t NetworkManager_t:unix_dgram_socket sendto;
manage_sock_files_pattern(wpa_cli_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
files_tmp_filetrans(wpa_cli_t, NetworkManager_tmp_t, sock_file)
list_dirs_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
init_dontaudit_use_fds(wpa_cli_t)
init_use_script_ptys(wpa_cli_t)
libs_use_ld_so(wpa_cli_t)
libs_use_shared_libs(wpa_cli_t)
miscfiles_read_localization(wpa_cli_t)
term_dontaudit_use_console(wpa_cli_t)