From: pebenito@ieee.org (Chris PeBenito) Date: Fri, 30 Dec 2016 14:38:14 -0500 Subject: [refpolicy] [PATCH 1/2] devicekit: add new wake_alarm permission (capability2) In-Reply-To: <1483124342.3970.1.camel@trentalancia.net> References: <1483124342.3970.1.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/30/16 13:59, Guido Trentalancia via refpolicy wrote: > Add the new wake_alarm permission from the capability2 class > to the devicekit module (devicekit_power_t domain). > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/devicekit.te | 1 + > 1 file changed, 1 insertion(+) > > diff -pru a/policy/modules/contrib/devicekit.te b/policy/modules/contrib/devicekit.te > --- a/policy/modules/contrib/devicekit.te 2016-12-22 23:12:59.378081690 +0100 > +++ b/policy/modules/contrib/devicekit.te 2016-12-30 19:50:23.947674620 +0100 > @@ -198,6 +198,7 @@ optional_policy(` > # > > allow devicekit_power_t self:capability { dac_override net_admin sys_admin sys_tty_config sys_nice sys_ptrace }; > +allow devicekit_power_t self:capability2 wake_alarm; > allow devicekit_power_t self:process { getsched signal_perms }; > allow devicekit_power_t self:fifo_file rw_fifo_file_perms; > allow devicekit_power_t self:unix_dgram_socket create_socket_perms; Merged. -- Chris PeBenito