From: dsugar@tresys.com (David Sugar)
Date: Wed, 6 Dec 2017 18:23:41 +0000
Subject: [refpolicy] [PATCH 1/1] Allow to read /proc/sys/crypto/fips_enabled
Message-ID: <CO1PR15MB10328B9E98B603CDFA6E3103B9320@CO1PR15MB1032.namprd15.prod.outlook.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Allow accountsd_t and policykitd_t to read /proc/sys/crypto/fips_enabled
---
 accountsd.te | 1 +
 policykit.te | 1 +
 2 files changed, 2 insertions(+)

diff --git a/accountsd.te b/accountsd.te
index d435a2d..f56058c 100644
--- a/accountsd.te
+++ b/accountsd.te
@@ -30,6 +30,7 @@ manage_dirs_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t)
 manage_files_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t)
 files_var_lib_filetrans(accountsd_t, accountsd_var_lib_t, dir)
 
+kernel_read_crypto_sysctls(accountsd_t)
 kernel_read_kernel_sysctls(accountsd_t)
 kernel_read_system_state(accountsd_t)
 
diff --git a/policykit.te b/policykit.te
index 9a0c4d5..8f2035a 100644
--- a/policykit.te
+++ b/policykit.te
@@ -85,6 +85,7 @@ can_exec(policykit_t, policykit_exec_t)
 domtrans_pattern(policykit_t, policykit_auth_exec_t, policykit_auth_t)
 domtrans_pattern(policykit_t, policykit_resolve_exec_t, policykit_resolve_t)
 
+kernel_read_crypto_sysctls(policykit_t)
 kernel_read_kernel_sysctls(policykit_t)
 kernel_read_system_state(policykit_t)
 
-- 
2.13.6