2017-04-13 23:25:11

by guido

[permalink] [raw]
Subject: [refpolicy] [PATCH 5/10] evolution: do not audit kernel read state

Update the evolution module in order to not audit unnecessary
permissions.

Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/evolution.te | 2 ++
1 file changed, 2 insertions(+)

--- refpolicy-2.20170204-orig/policy/modules/contrib/evolution.te 2017-04-13 13:15:17.786342624 +0200
+++ refpolicy-2.20170204/policy/modules/contrib/evolution.te 2017-04-13 13:13:45.236343002 +0200
@@ -312,6 +312,8 @@ stream_connect_pattern(evolution_alarm_t
stream_connect_pattern(evolution_alarm_t, evolution_exchange_orbit_tmp_t, evolution_exchange_orbit_tmp_t, evolution_exchange_t)
stream_connect_pattern(evolution_alarm_t, evolution_server_orbit_tmp_t, evolution_server_orbit_tmp_t, evolution_server_t)

+kernel_dontaudit_read_system_state(evolution_alarm_t)
+
dev_read_urand(evolution_alarm_t)

files_read_usr_files(evolution_alarm_t)