add audit_write and a little style cleanup.

This commit is contained in:
Chris PeBenito 2006-07-07 14:51:08 +00:00
parent 385e624407
commit 3aab4a8398

View File

@ -1,5 +1,5 @@
policy_module(clock,1.0.0)
policy_module(clock,1.0.1)
########################################
#
@ -19,16 +19,15 @@ role system_r types hwclock_t;
# Local policy
#
allow hwclock_t self:process signal_perms;
# Give hwclock the capabilities it requires. dac_override is a surprise,
# but hwclock does require it.
allow hwclock_t self:capability { dac_override sys_rawio sys_time sys_tty_config };
allow hwclock_t self:capability { dac_override sys_rawio sys_time sys_tty_config audit_write };
dontaudit hwclock_t self:capability sys_tty_config;
allow hwclock_t self:process signal_perms;
allow hwclock_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
# Allow hwclock to store & retrieve correction factors.
allow hwclock_t adjtime_t:file { setattr ioctl read getattr lock write append };
allow hwclock_t adjtime_t:file { rw_file_perms setattr };
kernel_read_kernel_sysctls(hwclock_t)
kernel_list_proc(hwclock_t)