selinux-refpolicy/policy/modules/services/tpm2.if

59 lines
1.2 KiB
Plaintext

## <summary>Trusted Platform Module 2.0</summary>
########################################
## <summary>
## Allow specified domain to enable/disable tpm2-abrmd unit
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`tpm2_enabledisable_abrmd',`
gen_require(`
type tpm2_abrmd_unit_t;
class service { enable disable };
')
allow $1 tpm2_abrmd_unit_t:service { enable disable };
')
########################################
## <summary>
## Allow specified domain to start/stop tpm2-abrmd unit
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`tpm2_startstop_abrmd',`
gen_require(`
type tpm2_abrmd_unit_t;
class service { start stop };
')
allow $1 tpm2_abrmd_unit_t:service { start stop };
')
########################################
## <summary>
## Allow specified domain to get status of tpm2-abrmd unit
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`tpm2_status_abrmd',`
gen_require(`
type tpm2_abrmd_unit_t;
class service status;
')
allow $1 tpm2_abrmd_unit_t:service status;
')