diff options
author | Hans Ulrich Niedermann <hun@n-dimensional.de> | 2009-07-11 17:19:47 +0200 |
---|---|---|
committer | Hans Ulrich Niedermann <hun@n-dimensional.de> | 2009-07-11 17:19:47 +0200 |
commit | 92462a40fa95eeb9d3eee7c245e56b9c66a4a6af (patch) | |
tree | d1f0dd2a5cd2633404ed58d603fe8d396ba8ed94 /gpsd-devices.if | |
parent | 03a14c13aea1522d4f11f42b9e5b5d720b252713 (diff) | |
download | gps-devices-package-92462a40fa95eeb9d3eee7c245e56b9c66a4a6af.tar.gz gps-devices-package-92462a40fa95eeb9d3eee7c245e56b9c66a4a6af.tar.xz gps-devices-package-92462a40fa95eeb9d3eee7c245e56b9c66a4a6af.zip |
Copy serefpolicy gpsd policy, add access to gps_device_t
Diffstat (limited to 'gpsd-devices.if')
-rw-r--r-- | gpsd-devices.if | 99 |
1 files changed, 64 insertions, 35 deletions
diff --git a/gpsd-devices.if b/gpsd-devices.if index 54d42ae..3eeda41 100644 --- a/gpsd-devices.if +++ b/gpsd-devices.if @@ -1,54 +1,83 @@ -## <summary>Myapp example policy</summary> -## <desc> -## <p> -## More descriptive text about myapp. The desc -## tag can also use p, ul, and ol -## html tags for formatting. -## </p> -## <p> -## This policy supports the following myapp features: -## <ul> -## <li>Feature A</li> -## <li>Feature B</li> -## <li>Feature C</li> -## </ul> -## </p> -## </desc> +## <summary>gpsd monitor daemon</summary> + +######################################## +## <summary> +## Execute a domain transition to run gpsd. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> # +interface(`gpsd_domtrans',` + gen_require(` + type gpsd_t, gpsd_exec_t; + ') + + domtrans_pattern($1, gpsd_exec_t, gpsd_t) +') ######################################## ## <summary> -## Execute a domain transition to run myapp. +## Execute gpsd in the gpsd domain, and +## allow the specified role the gpsd domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access +## </summary> +## </param> +## <param name="role"> +## <summary> +## The role to be allowed the gpsd domain. +## </summary> +## </param> +# +interface(`gpsd_run',` + gen_require(` + type gpsd_t; + ') + + gpsd_domtrans($1) + role $2 types gpsd_t; +') + +######################################## +## <summary> +## Read and write to gpsd shared memory. ## </summary> ## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> +## <summary> +## The type of the process performing this action. +## </summary> ## </param> # -interface(`myapp_domtrans',` - gen_require(` - type myapp_t, myapp_exec_t; - ') +interface(`gpsd_rw_shm',` + gen_require(` + type gpsd_t; + ') - domtrans_pattern($1,myapp_exec_t,myapp_t) + allow $1 gpsd_t:shm rw_shm_perms; ') ######################################## ## <summary> -## Read myapp log files. +## Read/write gpsd tmpfs files. ## </summary> ## <param name="domain"> -## <summary> -## Domain allowed to read the log files. -## </summary> +## <summary> +## The type of the process performing this action. +## </summary> ## </param> # -interface(`myapp_read_log',` - gen_require(` - type myapp_log_t; - ') +interface(`gpsd_rw_tmpfs_files',` + gen_require(` + type gpsd_tmpfs_t; + ') - logging_search_logs($1) - allow $1 myapp_log_t:file read_file_perms; + fs_search_tmpfs($1) + allow $1 gpsd_tmpfs_t:dir list_dir_perms; + rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t) + read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t) ') |