From: guido@trentalancia.net (Guido Trentalancia)
Date: Wed, 08 Feb 2017 00:32:32 +0100
Subject: [refpolicy] [PATCH] bootloader: add permissions to read boot files
 in order to generate a configuration file
In-Reply-To: <85ccfdef-680e-fc31-6640-18567b4609b9@ieee.org>
References: <1482452559.20547.19.camel@trentalancia.net>
	<20170205054446.GB5742@meriadoc.perfinion.com>
	<D9E06BE8-A44B-405E-B357-BB95BC6DF77B@trentalancia.net>
	<85ccfdef-680e-fc31-6640-18567b4609b9@ieee.org>
Message-ID: <1486510352.7595.1.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Allow the bootloader to read boot files in order to generate
a configuration file.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/admin/bootloader.te |    1 +
 1 file changed, 1 insertion(+)

diff -pru refpolicy-git-08022017-orig/policy/modules/admin/bootloader.te refpolicy-git-08022017/policy/modules/admin/bootloader.te
--- refpolicy-git-08022017-orig/policy/modules/admin/bootloader.te	2016-12-29 22:48:16.446818415 +0100
+++ refpolicy-git-08022017/policy/modules/admin/bootloader.te	2017-02-08 00:14:22.923674773 +0100
@@ -108,6 +108,7 @@ corecmd_exec_all_executables(bootloader_
 domain_use_interactive_fds(bootloader_t)
 
 files_create_boot_dirs(bootloader_t)
+files_read_boot_files(bootloader_t)
 files_read_etc_files(bootloader_t)
 files_read_usr_src_files(bootloader_t)
 files_read_usr_files(bootloader_t)