selinux-refpolicy/policy/modules/services/iiosensorproxy.te

policy_module(iiosensorproxy)

########################################
#
# iio-sensor-proxy (Debian package iio-sensor-proxy)
# IIO sensors to D-Bus proxy
# Industrial I/O subsystem is intended to provide support for devices
# that in some sense are analog to digital or digital to analog convertors
# .
# Devices that fall into this category are:
#  * ADCs
#  * Accelerometers
#  * Gyros
#  * IMUs
#  * Capacitance to Digital Converters (CDCs)
#  * Pressure Sensors
#  * Color, Light and Proximity Sensors
#  * Temperature Sensors
#  * Magnetometers
#  * DACs
#  * DDS (Direct Digital Synthesis)
#  * PLLs (Phase Locked Loops)
#  * Variable/Programmable Gain Amplifiers (VGA, PGA)

########################################
#
# Declarations
#

type iiosensorproxy_t;
type iiosensorproxy_exec_t;
init_daemon_domain(iiosensorproxy_t, iiosensorproxy_exec_t)


########################################
#
# Local policy
#

allow iiosensorproxy_t self:netlink_kobject_uevent_socket { bind create getattr setopt read };
allow iiosensorproxy_t self:process { getsched setsched };
allow iiosensorproxy_t self:unix_dgram_socket { create write };

kernel_read_system_state(iiosensorproxy_t)

dev_read_iio(iiosensorproxy_t)

# for /sys/bus/iio/devices/* (which links to /sys/devices/pci*)
dev_read_sysfs(iiosensorproxy_t)

# for writing to current_trigger and to enable devices
# /sys/devices/pci0000:00/0000:00:13.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200083.21.auto/iio:device8/buffer/enable
dev_write_sysfs(iiosensorproxy_t)

dbus_system_bus_client(iiosensorproxy_t)
dbus_connect_system_bus(iiosensorproxy_t)

logging_send_syslog_msg(iiosensorproxy_t)

miscfiles_read_localization(iiosensorproxy_t)

udev_read_runtime_files(iiosensorproxy_t)

optional_policy(`
	policykit_dbus_chat(iiosensorproxy_t)
')

optional_policy(`
	unconfined_dbus_send(iiosensorproxy_t)
')

optional_policy(`
	xserver_dbus_chat_xdm(iiosensorproxy_t)
')