2017-12-06 18:23:41

by Sugar, David

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/1] Allow to read /proc/sys/crypto/fips_enabled

Allow accountsd_t and policykitd_t to read /proc/sys/crypto/fips_enabled
---
accountsd.te | 1 +
policykit.te | 1 +
2 files changed, 2 insertions(+)

diff --git a/accountsd.te b/accountsd.te
index d435a2d..f56058c 100644
--- a/accountsd.te
+++ b/accountsd.te
@@ -30,6 +30,7 @@ manage_dirs_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t)
manage_files_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t)
files_var_lib_filetrans(accountsd_t, accountsd_var_lib_t, dir)

+kernel_read_crypto_sysctls(accountsd_t)
kernel_read_kernel_sysctls(accountsd_t)
kernel_read_system_state(accountsd_t)

diff --git a/policykit.te b/policykit.te
index 9a0c4d5..8f2035a 100644
--- a/policykit.te
+++ b/policykit.te
@@ -85,6 +85,7 @@ can_exec(policykit_t, policykit_exec_t)
domtrans_pattern(policykit_t, policykit_auth_exec_t, policykit_auth_t)
domtrans_pattern(policykit_t, policykit_resolve_exec_t, policykit_resolve_t)

+kernel_read_crypto_sysctls(policykit_t)
kernel_read_kernel_sysctls(policykit_t)
kernel_read_system_state(policykit_t)

--
2.13.6


2017-12-07 23:53:33

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/1] Allow to read /proc/sys/crypto/fips_enabled

On 12/06/2017 01:23 PM, David Sugar via refpolicy wrote:
> Allow accountsd_t and policykitd_t to read /proc/sys/crypto/fips_enabled
> ---
> accountsd.te | 1 +
> policykit.te | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/accountsd.te b/accountsd.te
> index d435a2d..f56058c 100644
> --- a/accountsd.te
> +++ b/accountsd.te
> @@ -30,6 +30,7 @@ manage_dirs_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t)
> manage_files_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t)
> files_var_lib_filetrans(accountsd_t, accountsd_var_lib_t, dir)
>
> +kernel_read_crypto_sysctls(accountsd_t)
> kernel_read_kernel_sysctls(accountsd_t)
> kernel_read_system_state(accountsd_t)
>
> diff --git a/policykit.te b/policykit.te
> index 9a0c4d5..8f2035a 100644
> --- a/policykit.te
> +++ b/policykit.te
> @@ -85,6 +85,7 @@ can_exec(policykit_t, policykit_exec_t)
> domtrans_pattern(policykit_t, policykit_auth_exec_t, policykit_auth_t)
> domtrans_pattern(policykit_t, policykit_resolve_exec_t, policykit_resolve_t)
>
> +kernel_read_crypto_sysctls(policykit_t)
> kernel_read_kernel_sysctls(policykit_t)
> kernel_read_system_state(policykit_t)

Merged.

--
Chris PeBenito