mirror of
https://github.com/SELinuxProject/refpolicy
synced 2025-03-25 04:26:37 +00:00
8f5cbc7779
The various /bin/tpm2_* binaries use dbus to communicate with tpm2-abrmd and also can directly access /dev/tpmrm0. This seems like a way to help limit access to the TPM by running the tpm_* binaries in their own domain. I setup this domain because I have a process that needs to use tpm2_hmac to encode something, but didn't want that domain to have direct access to the TPM. I did some basic testing to verify that the other tpm2_* binaries have basically the same access needs. But it wasn't through testing of all the tpm2_* binaries. Signed-off-by: Dave Sugar <dsugar@tresys.com> |
||
|---|---|---|
| .. | ||
| admin | ||
| apps | ||
| kernel | ||
| roles | ||
| services | ||
| system | ||