Dave Sugar 8f5cbc7779 Setup domain for tpm2_* binaries ... The various /bin/tpm2_* binaries use dbus to communicate with tpm2-abrmd and also can directly access /dev/tpmrm0. This seems like a way to help limit access to the TPM by running the tpm_* binaries in their own domain. I setup this domain because I have a process that needs to use tpm2_hmac to encode something, but didn't want that domain to have direct access to the TPM. I did some basic testing to verify that the other tpm2_* binaries have basically the same access needs. But it wasn't through testing of all the tpm2_* binaries. Signed-off-by: Dave Sugar <dsugar@tresys.com>		2020-04-16 15:40:09 -04:00
..
flask	Add perf_event access vectors.	2020-01-29 09:58:40 -05:00
modules	Setup domain for tpm2_* binaries	2020-04-16 15:40:09 -04:00
support	Add dnl to end of interface declaration. This reduces the number of blank lines in intermediate files and matches the way templates are defined.	2020-03-16 09:31:57 -04:00
constraints	Rename obsolete netlink_firewall_socket and netlink_ip6fw_socket classes	2020-01-16 09:17:56 -05:00
context_defaults	Fix error in default_user example.	2014-04-28 10:19:22 -04:00
global_booleans	Move secure_mode_policyload into selinux module as that is the only place it is used.	2011-09-26 09:53:23 -04:00
global_tunables	Make raw memory access tunable	2020-03-16 14:06:16 +02:00
mcs	refpolicy: Update for kernel sctp support	2018-03-21 14:14:37 -04:00
mls	Rename obsolete netlink_firewall_socket and netlink_ip6fw_socket classes	2020-01-16 09:17:56 -05:00
policy_capabilities	Correct estimate kernel version for polcap genfs_seclabel_symlinks	2020-03-31 17:11:41 +02:00
users	Apply direct_initrc to unconfined_r:unconfined_t	2014-01-16 15:27:18 -05:00