diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/apps/cpufreqselector.te refpolicy-git-18012011-new/policy/modules/apps/cpufreqselector.te
--- refpolicy-git-18012011/policy/modules/apps/cpufreqselector.te 2011-01-08 19:07:21.177731088 +0100
+++ refpolicy-git-18012011-new/policy/modules/apps/cpufreqselector.te 2011-01-19 20:20:28.258032330 +0100
@@ -16,6 +16,7 @@ application_domain(cpufreqselector_t, cp
allow cpufreqselector_t self:capability { sys_nice sys_ptrace };
allow cpufreqselector_t self:fifo_file rw_fifo_file_perms;
+allow cpufreqselector_t self:process getsched;
files_read_etc_files(cpufreqselector_t)
files_read_usr_files(cpufreqselector_t)
@@ -24,6 +25,8 @@ corecmd_search_bin(cpufreqselector_t)
dev_rw_sysfs(cpufreqselector_t)
+kernel_read_system_state(cpufreqselector_t)
+
miscfiles_read_localization(cpufreqselector_t)
userdom_read_all_users_state(cpufreqselector_t)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/24/2011 01:43 AM, Guido Trentalancia wrote:
> diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/apps/cpufreqselector.te refpolicy-git-18012011-new/policy/modules/apps/cpufreqselector.te
> --- refpolicy-git-18012011/policy/modules/apps/cpufreqselector.te 2011-01-08 19:07:21.177731088 +0100
> +++ refpolicy-git-18012011-new/policy/modules/apps/cpufreqselector.te 2011-01-19 20:20:28.258032330 +0100
> @@ -16,6 +16,7 @@ application_domain(cpufreqselector_t, cp
>
> allow cpufreqselector_t self:capability { sys_nice sys_ptrace };
> allow cpufreqselector_t self:fifo_file rw_fifo_file_perms;
> +allow cpufreqselector_t self:process getsched;
move this above the fifo_file line and below the capability line
>
> files_read_etc_files(cpufreqselector_t)
> files_read_usr_files(cpufreqselector_t)
> @@ -24,6 +25,8 @@ corecmd_search_bin(cpufreqselector_t)
>
> dev_rw_sysfs(cpufreqselector_t)
>
> +kernel_read_system_state(cpufreqselector_t)
> +
move this above files_read_etc_files() atleast
see style guide at oss.tresys.com/refpolicy (documents)
> miscfiles_read_localization(cpufreqselector_t)
>
> userdom_read_all_users_state(cpufreqselector_t)
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk09irMACgkQMlxVo39jgT92cgCg0BcDD9quRWuzeGueYdv1b59Y
Td4AoLIIsuhGzJXxGzkUmuLIkqUhQSdq
=jKwR
-----END PGP SIGNATURE-----
On Mon, 24/01/2011 at 15.20 +0100, Dominick Grift wrote:
> On 01/24/2011 01:43 AM, Guido Trentalancia wrote:
> > diff -pruN -x .git -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-18012011/policy/modules/apps/cpufreqselector.te refpolicy-git-18012011-new/policy/modules/apps/cpufreqselector.te
> > --- refpolicy-git-18012011/policy/modules/apps/cpufreqselector.te 2011-01-08 19:07:21.177731088 +0100
> > +++ refpolicy-git-18012011-new/policy/modules/apps/cpufreqselector.te 2011-01-19 20:20:28.258032330 +0100
> > @@ -16,6 +16,7 @@ application_domain(cpufreqselector_t, cp
> >
> > allow cpufreqselector_t self:capability { sys_nice sys_ptrace };
> > allow cpufreqselector_t self:fifo_file rw_fifo_file_perms;
> > +allow cpufreqselector_t self:process getsched;
>
> move this above the fifo_file line and below the capability line
Ok, it will be done.
> > files_read_etc_files(cpufreqselector_t)
> > files_read_usr_files(cpufreqselector_t)
> > @@ -24,6 +25,8 @@ corecmd_search_bin(cpufreqselector_t)
> >
> > dev_rw_sysfs(cpufreqselector_t)
> >
> > +kernel_read_system_state(cpufreqselector_t)
> > +
>
> move this above files_read_etc_files() atleast
>
> see style guide at oss.tresys.com/refpolicy (documents)
Ok, it will be done. I was not aware of that document. I felt like there
was something missing...
Regards,
Guido