From: jason@perfinion.com (Jason Zaman) Date: Fri, 26 May 2017 23:58:01 +0800 Subject: [refpolicy] [PATCH 6/6] consolekit: Add support for consolekit2 In-Reply-To: <20170526155801.5441-1-jason@perfinion.com> References: <20170526155801.5441-1-jason@perfinion.com> Message-ID: <20170526155801.5441-6-jason@perfinion.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com setattr chr_files is to setting dev nodes on login rw sysfs and devicekit for suspend fifo_files are for inhibit connect to cgmanager to track sessions with cgroups --- consolekit.te | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/consolekit.te b/consolekit.te index c99a6cb..d51634e 100644 --- a/consolekit.te +++ b/consolekit.te @@ -40,6 +40,7 @@ logging_log_filetrans(consolekit_t, consolekit_log_t, file) manage_dirs_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t) manage_files_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t) +manage_fifo_files_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t) files_pid_filetrans(consolekit_t, consolekit_var_run_t, { dir file }) kernel_read_system_state(consolekit_t) @@ -53,7 +54,8 @@ corecmd_exec_bin(consolekit_t) corecmd_exec_shell(consolekit_t) dev_read_urand(consolekit_t) -dev_read_sysfs(consolekit_t) +dev_rw_sysfs(consolekit_t) +dev_setattr_all_chr_files(consolekit_t) domain_read_all_domains_state(consolekit_t) domain_use_interactive_fds(consolekit_t) @@ -104,6 +106,10 @@ tunable_policy(`use_samba_home_dirs',` ') optional_policy(` + cgmanager_stream_connect(consolekit_t) +') + +optional_policy(` dbus_read_lib_files(consolekit_t) dbus_system_domain(consolekit_t, consolekit_exec_t) @@ -125,6 +131,10 @@ optional_policy(` ') optional_policy(` + devicekit_manage_log_files(consolekit_t) +') + +optional_policy(` hal_ptrace(consolekit_t) ') @@ -156,6 +166,7 @@ optional_policy(` optional_policy(` udev_domtrans(consolekit_t) udev_read_db(consolekit_t) + udev_read_pid_files(consolekit_t) udev_signal(consolekit_t) ') -- 2.13.0