566fd554a6
Module for tpm2 v2 - updated to rename module and interface names, different dbus interface Signed-off-by: Dave Sugar <dsugar@tresys.com>
31 lines
591 B
Plaintext
31 lines
591 B
Plaintext
policy_module(tpm2, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type tpm2_abrmd_t;
|
|
type tpm2_abrmd_exec_t;
|
|
init_daemon_domain(tpm2_abrmd_t, tpm2_abrmd_exec_t)
|
|
|
|
type tpm2_abrmd_unit_t;
|
|
init_unit_file(tpm2_abrmd_unit_t)
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
allow tpm2_abrmd_t self:process signal;
|
|
allow tpm2_abrmd_t self:unix_stream_socket create_socket_perms;
|
|
|
|
dev_rw_tpm(tpm2_abrmd_t)
|
|
|
|
kernel_read_crypto_sysctls(tpm2_abrmd_t)
|
|
kernel_read_system_state(tpm2_abrmd_t)
|
|
|
|
optional_policy(`
|
|
dbus_system_domain(tpm2_abrmd_t, tpm2_abrmd_exec_t)
|
|
')
|