From: guido@trentalancia.com (Guido Trentalancia)
Date: Mon, 24 Jan 2011 01:44:14 +0100
Subject: [refpolicy] [PATCH/RFC 9/19]: patch set to update the git reference
policy
Message-ID: <1295829854.3862.68.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
diff -pruN refpolicy-git-18012011-update-work/policy/modules/services/devicekit.if refpolicy-git-18012011-devicekit/policy/modules/services/devicekit.if
--- refpolicy-git-18012011-update-work/policy/modules/services/devicekit.if 2011-01-23 23:13:48.169284451 +0100
+++ refpolicy-git-18012011-devicekit/policy/modules/services/devicekit.if 2011-01-23 23:30:29.918756977 +0100
@@ -240,3 +240,22 @@ interface(`devicekit_admin',`
admin_pattern($1, devicekit_var_run_t)
files_search_pids($1)
')
+
+########################################
+##
+## DeviceKit power getattr on APM
+## bios character device node files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`devicekit_getattr_apm_bios_files_power',`
+ gen_require(`
+ type apm_bios_t;
+ ')
+
+ getattr_chr_files_pattern($1, apm_bios_t, apm_bios_t)
+')
diff -pruN refpolicy-git-18012011-update-work/policy/modules/services/devicekit.te refpolicy-git-18012011-devicekit/policy/modules/services/devicekit.te
--- refpolicy-git-18012011-update-work/policy/modules/services/devicekit.te 2011-01-23 23:13:48.170284646 +0100
+++ refpolicy-git-18012011-devicekit/policy/modules/services/devicekit.te 2011-01-23 23:31:31.456301488 +0100
@@ -43,6 +43,7 @@ dev_read_sysfs(devicekit_t)
dev_read_urand(devicekit_t)
files_read_etc_files(devicekit_t)
+files_read_etc_runtime_files(devicekit_t)
miscfiles_read_localization(devicekit_t)
@@ -188,7 +189,7 @@ optional_policy(`
#
allow devicekit_power_t self:capability { dac_override net_admin sys_admin sys_tty_config sys_nice sys_ptrace };
-allow devicekit_power_t self:process getsched;
+allow devicekit_power_t self:process { getsched signal };
allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
allow devicekit_power_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -197,12 +198,15 @@ manage_dirs_pattern(devicekit_power_t, d
manage_files_pattern(devicekit_power_t, devicekit_var_lib_t, devicekit_var_lib_t)
files_var_lib_filetrans(devicekit_power_t, devicekit_var_lib_t, dir)
+kernel_search_fs_sysctl(devicekit_power_t)
+kernel_rw_vm_sysctls(devicekit_power_t)
kernel_read_network_state(devicekit_power_t)
kernel_read_system_state(devicekit_power_t)
kernel_rw_hotplug_sysctls(devicekit_power_t)
kernel_rw_kernel_sysctl(devicekit_power_t)
kernel_search_debugfs(devicekit_power_t)
kernel_write_proc_files(devicekit_power_t)
+kernel_setsched(devicekit_power_t)
corecmd_exec_bin(devicekit_power_t)
corecmd_exec_shell(devicekit_power_t)
@@ -219,9 +223,11 @@ dev_rw_sysfs(devicekit_power_t)
files_read_kernel_img(devicekit_power_t)
files_read_etc_files(devicekit_power_t)
+files_rw_etc_runtime_files(devicekit_power_t)
files_read_usr_files(devicekit_power_t)
fs_list_inotifyfs(devicekit_power_t)
+fs_remount_xattr_fs(devicekit_power_t)
term_use_all_terms(devicekit_power_t)
@@ -234,6 +240,11 @@ sysnet_domtrans_ifconfig(devicekit_power
userdom_read_all_users_state(devicekit_power_t)
+devicekit_getattr_apm_bios_files_power(devicekit_power_t)
+
+mount_exec_getattr(devicekit_power_t)
+mount_exec(devicekit_power_t)
+
optional_policy(`
bootloader_domtrans(devicekit_power_t)
')
@@ -280,6 +291,10 @@ optional_policy(`
')
optional_policy(`
+ storage_raw_read_fixed_disk(devicekit_power_t)
+')
+
+optional_policy(`
udev_read_db(devicekit_power_t)
')