From: pebenito@ieee.org (Chris PeBenito)
Date: Fri, 30 Dec 2016 14:38:14 -0500
Subject: [refpolicy] [PATCH 1/2] devicekit: add new wake_alarm
 permission (capability2)
In-Reply-To: <1483124342.3970.1.camel@trentalancia.net>
References: <1483124342.3970.1.camel@trentalancia.net>
Message-ID: <fb085644-18e6-4784-a5ff-97c503e373eb@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/30/16 13:59, Guido Trentalancia via refpolicy wrote:
> Add the new wake_alarm permission from the capability2 class
> to the devicekit module (devicekit_power_t domain).
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
>  policy/modules/contrib/devicekit.te |    1 +
>  1 file changed, 1 insertion(+)
>
> diff -pru a/policy/modules/contrib/devicekit.te b/policy/modules/contrib/devicekit.te
> --- a/policy/modules/contrib/devicekit.te	2016-12-22 23:12:59.378081690 +0100
> +++ b/policy/modules/contrib/devicekit.te	2016-12-30 19:50:23.947674620 +0100
> @@ -198,6 +198,7 @@ optional_policy(`
>  #
>
>  allow devicekit_power_t self:capability { dac_override net_admin sys_admin sys_tty_config sys_nice sys_ptrace };
> +allow devicekit_power_t self:capability2 wake_alarm;
>  allow devicekit_power_t self:process { getsched signal_perms };
>  allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
>  allow devicekit_power_t self:unix_dgram_socket create_socket_perms;

Merged.

-- 
Chris PeBenito