From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 27 Jul 2009 10:19:01 -0400
Subject: [refpolicy] services_hal.patch
In-Reply-To: <4A2DAEB5.8010209@redhat.com>
References: <4A2DAEB5.8010209@redhat.com>
Message-ID: <1248704344.13158.155.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2009-06-08 at 20:37 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_hal.patch
> 
> Add policy for hal-dccm
> 
> Lots of new interfaces
> 
> Manages dos/fusefs files

Why?

> Starts dhcpc
> 
> Interfacts with ppp and uses policykit
> 
> 
> 
> Hald acl gets and sets fixed disk attributes
> 

Renamed hal_create_log() to hal_manage_log() to match up the permissions
allowed.

 ########################################
 ## <summary>
+##	Allo read/write	to a hal unix datagram socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`hal_rw_dgram_sockets',`
+	gen_require(`
+		type hald_t;
+	')
+
+	dontaudit $1 hald_t:unix_dgram_socket { read write };
+')
+

Is this supposed to be allow or dontaudit? the interface name and
implementation conflict.

Otherwise merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150