Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp847708ybp;
        Fri, 11 Oct 2019 05:25:08 -0700 (PDT)
X-Google-Smtp-Source: APXvYqw0yREMak2f+p5SU6oTw/fxuTZbpofgi1NJieqBmlLGqi95Um7FNIRKS2zVI8jGCZR80OWI
X-Received: by 2002:a17:906:6bcd:: with SMTP id t13mr13394111ejs.133.1570796708526;
        Fri, 11 Oct 2019 05:25:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1570796708; cv=none;
        d=google.com; s=arc-20160816;
        b=UxkXn00xiZEHi13/LzqLJt9IPFhtHewBU7w74C1xkUTWJMFeNC+SRb2myfBveYHl0V
         cv2SyoV38K4reonoijnrB5JgxyogM1L+TNc3/bZPqonpjcBrug+fIREKNBkh0VL3Z9C8
         Jx5dEywBf5iD0XkZtEOcXAhfzuhNYhgPaEPe0HcprQKvIcuQp/rvIBU5DRnFdZwRrmK+
         b4AThjyQRAmCsLNgLjgri8gUCg8C+TkT+kRuCCQoT1mXFxROQduZYyLPeHcCtyDf0hk+
         5bCboSOSTBdtWxmWBWRQaPt5uVtoOoQm17WdKuuONQo0FDdLXeXljstciXRuT3+NKsvx
         O9ig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:to:from
         :dkim-signature;
        bh=MYCLPRjoqFh/4D7eVunYIczU0y1FmupPvcuKm12RJUM=;
        b=Fxy70dW6j+3PeINxGLO4jgz/+oYTfm1lM9NXzlNPLwzlZLmPyv12w/sRvqpm8H0x/q
         Y9uuAfLmbqLyU8/ij+Ass2qJkmhDSL1SBbNMD85SxiNCSrAh+GPTmZvKvpK5Yz1ds0j5
         0iLUZVhTADv87gfK2x0Lj6Z7Q6ODpZb9lpwpBtVnScXtLejpXYZ+BiBSe7QGsDs8EmlP
         yewM2N2c9DFmHWNcJWPf2dOzLL4a2N7JZX6XbLB8jUxqLG2HjS3YhUvxd7qrykkUUvSr
         ayzxYZgwFLAirOKw3QbvjQhyRyMPGV0FvSVdWRaXm7JCbE6syNUKCL6HvLkXrKIo34y9
         pG+w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@bigon.be header.s=key1 header.b=mds5LXWL;
       spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org
Return-Path: <selinux-refpolicy-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j12si5130303ejx.282.2019.10.11.05.25.05;
        Fri, 11 Oct 2019 05:25:08 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@bigon.be header.s=key1 header.b=mds5LXWL;
       spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728092AbfJKMYW (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 11 others); Fri, 11 Oct 2019 08:24:22 -0400
Received: from ithil.bigon.be ([163.172.57.153]:38290 "EHLO ithil.bigon.be"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728093AbfJKMYV (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Fri, 11 Oct 2019 08:24:21 -0400
Received: from localhost (localhost [IPv6:::1])
        by ithil.bigon.be (Postfix) with ESMTP id 6F9E420559
        for <selinux-refpolicy@vger.kernel.org>; Fri, 11 Oct 2019 14:24:18 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bigon.be; h=
        content-transfer-encoding:mime-version:references:in-reply-to
        :x-mailer:message-id:date:date:subject:subject:from:from
        :received:received:received; s=key1; t=1570796658; x=1572611059;
         bh=H84d6R4gD+f8FUdHJlCpx6j5KP/EU3gLaGSRImfD8KE=; b=mds5LXWLYEoC
        2xkkUaFHvqsOcugmp3yFKj/dzwfKSihPeSpbA0WkNIfE/BmFN6L5UGbj0MBh6WUc
        IdxWUYy2LhMCzTl/3+d1lBdxFi0Xz2T9kxp8osCm+gHi0CG1bfZzUZPl7t/1tNaJ
        W1FcXTX3Ob1G/hJ7TYT8R5VH4+JtLTU=
Received: from ithil.bigon.be ([IPv6:::1])
        by localhost (ithil.bigon.be [IPv6:::1]) (amavisd-new, port 10026)
        with ESMTP id H6yMw_Sf4ZXq for <selinux-refpolicy@vger.kernel.org>;
        Fri, 11 Oct 2019 14:24:18 +0200 (CEST)
Received: from edoras.bigon.be (unknown [193.53.238.198])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
        (No client certificate requested)
        (Authenticated sender: bigon@bigon.be)
        by ithil.bigon.be (Postfix) with ESMTPSA
        for <selinux-refpolicy@vger.kernel.org>; Fri, 11 Oct 2019 14:24:18 +0200 (CEST)
Received: from bigon (uid 1000)
        (envelope-from bigon@bigon.be)
        id 21335
        by edoras.bigon.be (DragonFly Mail Agent v0.12);
        Fri, 11 Oct 2019 14:24:16 +0200
From:   Laurent Bigonville <bigon@debian.org>
To:     selinux-refpolicy@vger.kernel.org
Subject: [PATCH 02/10] Allow geoclue to log in syslog
Date:   Fri, 11 Oct 2019 14:24:08 +0200
Message-Id: <20191011122416.14651-2-bigon@debian.org>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20191011122416.14651-1-bigon@debian.org>
References: <20191011122416.14651-1-bigon@debian.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

From: Laurent Bigonville <bigon@bigon.be>

----
time->Thu Oct  3 17:16:40 2019
type=AVC msg=audit(1570115800.136:513): avc:  denied  { create } for  pid=1384 comm="geoclue" scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:geoclue_t:s0 tclass=unix_dgram_socket permissive=1
----
time->Thu Oct  3 17:16:40 2019
type=AVC msg=audit(1570115800.136:514): avc:  denied  { sendto } for  pid=1384 comm="geoclue" path="/run/systemd/journal/socket" scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tc
lass=unix_dgram_socket permissive=1
type=AVC msg=audit(1570115800.136:514): avc:  denied  { write } for  pid=1384 comm="geoclue" name="socket" dev="tmpfs" ino=1781 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:devlog_t:s0 tcla
ss=sock_file permissive=1
type=AVC msg=audit(1570115800.136:514): avc:  denied  { search } for  pid=1384 comm="geoclue" name="journal" dev="tmpfs" ino=1777 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:syslogd_runtim
e_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1570115800.136:514): avc:  denied  { search } for  pid=1384 comm="geoclue" name="systemd" dev="tmpfs" ino=11001 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:init_runtime_
t:s0 tclass=dir permissive=1
type=AVC msg=audit(1570115800.136:514): avc:  denied  { write } for  pid=1384 comm="geoclue" scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:system_r:geoclue_t:s0 tclass=unix_dgram_socket permissive=1
----

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
---
 policy/modules/services/geoclue.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/services/geoclue.te b/policy/modules/services/geoclue.te
index c6e66408..a36bcb80 100644
--- a/policy/modules/services/geoclue.te
+++ b/policy/modules/services/geoclue.te
@@ -30,6 +30,8 @@ dev_read_urand(geoclue_t)
 
 auth_use_nsswitch(geoclue_t)
 
+logging_send_syslog_msg(geoclue_t)
+
 miscfiles_read_generic_certs(geoclue_t)
 miscfiles_read_localization(geoclue_t)
 
-- 
2.23.0