From: bigon@debian.org (Laurent Bigonville)
Date: Mon, 17 Dec 2012 20:58:14 +0100
Subject: [refpolicy] [PATCH 6/9] Allow networkmanager_t to read
	crypto_sysctl_t
In-Reply-To: <1355774297-13606-1-git-send-email-bigon@debian.org>
References: <1355774297-13606-1-git-send-email-bigon@debian.org>
Message-ID: <1355774297-13606-6-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

nm-openvpn-service is started in the networkmanager_t context, if it's
compiled with gnutls instead openssl, the library will read
/proc/sys/crypto/fips_enabled
---
 networkmanager.te |    1 +
 1 file changed, 1 insertion(+)

diff --git a/networkmanager.te b/networkmanager.te
index ebaea1d..e96e750 100644
--- a/networkmanager.te
+++ b/networkmanager.te
@@ -83,6 +83,7 @@ files_pid_filetrans(NetworkManager_t, NetworkManager_var_run_t, { dir file sock_
 
 can_exec(NetworkManager_t, { NetworkManager_exec_t wpa_cli_exec_t NetworkManager_tmp_t })
 
+kernel_read_crypto_sysctls(NetworkManager_t)
 kernel_read_system_state(NetworkManager_t)
 kernel_read_network_state(NetworkManager_t)
 kernel_read_kernel_sysctls(NetworkManager_t)
-- 
1.7.10.4