policy_module(tpm2, 1.1.3) ######################################## # # Declarations # type tpm2_abrmd_t; type tpm2_abrmd_exec_t; init_daemon_domain(tpm2_abrmd_t, tpm2_abrmd_exec_t) type tpm2_abrmd_unit_t; init_unit_file(tpm2_abrmd_unit_t) type tpm2_t; type tpm2_exec_t; application_domain(tpm2_t, tpm2_exec_t) ######################################## # # tpm2-abrmd local policy # allow tpm2_abrmd_t self:process signal; allow tpm2_abrmd_t self:unix_stream_socket create_socket_perms; allow tpm2_abrmd_t self:fifo_file { read write }; dev_rw_tpm(tpm2_abrmd_t) kernel_read_crypto_sysctls(tpm2_abrmd_t) kernel_read_system_state(tpm2_abrmd_t) optional_policy(` dbus_system_domain(tpm2_abrmd_t, tpm2_abrmd_exec_t) ') ########################################### # tpm2_* local policy # allow tpm2_t self:unix_stream_socket create_socket_perms; allow tpm2_t self:capability dac_override; dev_rw_tpm(tpm2_t) files_read_etc_files(tpm2_t) kernel_read_crypto_sysctls(tpm2_t) kernel_read_system_state(tpm2_t) miscfiles_read_generic_certs(tpm2_t) selinux_getattr_fs(tpm2_t) selinux_search_fs(tpm2_t) tpm2_dbus_chat_abrmd(tpm2_t) tpm2_rw_abrmd_pipes(tpm2_t) optional_policy(` dbus_system_bus_client(tpm2_t) ')