Skip to content

Commit 9ee1539

Browse files
pebenitopebenito
authored
Merge pull request #935 from etbe/phone
phone
2 parents 6571f50 + 42f3f63 commit 9ee1539

File tree

4 files changed

+23
-2
lines changed

4 files changed

+23
-2
lines changed

policy/modules/services/eg25manager.te

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ allow eg25manager_t self:process { getsched setsched signal };
3434
allow eg25manager_t self:tcp_socket { connect create getattr getopt read setopt write };
3535
allow eg25manager_t self:udp_socket { connect create getattr read setopt write };
3636
allow eg25manager_t self:unix_dgram_socket { create write };
37+
allow eg25manager_t self:fifo_file rw_fifo_file_perms;
3738

3839
files_tmp_filetrans(eg25manager_t, eg25manager_tmp_t, { file })
3940
allow eg25manager_t eg25manager_tmp_t:file manage_file_perms;

policy/modules/services/geoclue.te

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,16 +20,27 @@ files_type(geoclue_var_lib_t)
2020
# Local policy
2121
#
2222

23+
allow geoclue_t self:process getsched;
24+
2325
read_files_pattern(geoclue_t, geoclue_etc_t, geoclue_etc_t)
26+
allow geoclue_t geoclue_etc_t:dir list_dir_perms;
27+
28+
allow geoclue_t geoclue_var_lib_t:dir rw_dir_perms;
2429

2530
kernel_read_kernel_sysctls(geoclue_t)
31+
kernel_read_net_sysctls(geoclue_t)
32+
kernel_read_system_state(geoclue_t)
2633

2734
corenet_tcp_connect_http_port(geoclue_t)
2835

2936
dev_read_urand(geoclue_t)
3037

3138
auth_use_nsswitch(geoclue_t)
3239

40+
files_read_usr_files(geoclue_t)
41+
files_map_usr_files(geoclue_t)
42+
files_watch_etc_dirs(geoclue_t)
43+
3344
logging_send_syslog_msg(geoclue_t)
3445

3546
miscfiles_read_generic_certs(geoclue_t)
@@ -50,3 +61,12 @@ optional_policy(`
5061
optional_policy(`
5162
modemmanager_dbus_chat(geoclue_t)
5263
')
64+
65+
optional_policy(`
66+
unconfined_dbus_send(geoclue_t)
67+
')
68+
69+
optional_policy(`
70+
xserver_dbus_chat_xdm(geoclue_t)
71+
xserver_read_xdm_state(geoclue_t)
72+
')

policy/modules/services/gpsd.te

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ files_tmpfs_file(gpsd_tmpfs_t)
2929

3030
allow gpsd_t self:capability { fowner fsetid setgid setuid sys_nice sys_time sys_tty_config };
3131
dontaudit gpsd_t self:capability { dac_override dac_read_search };
32-
allow gpsd_t self:process { setsched signal_perms };
32+
allow gpsd_t self:process { getsession setsched signal_perms };
3333
allow gpsd_t self:shm create_shm_perms;
3434
allow gpsd_t self:unix_dgram_socket sendto;
3535
allow gpsd_t self:tcp_socket { accept listen };

policy/modules/services/modemmanager.te

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ allow modemmanager_t self:process { getsched setpgid setsched signal };
1919
allow modemmanager_t self:fifo_file rw_fifo_file_perms;
2020
allow modemmanager_t self:unix_stream_socket { connectto create_stream_socket_perms };
2121
allow modemmanager_t self:netlink_kobject_uevent_socket create_socket_perms;
22-
allow modemmanager_t self:netlink_route_socket { create getattr getopt nlmsg_write read write };
22+
allow modemmanager_t self:netlink_route_socket { create_socket_perms nlmsg_write };
2323
allow modemmanager_t self:qipcrtr_socket { create getattr getopt read write };
2424

2525
# ModemManager calls mmap(PROT_READ|PROT_WRITE|PROT_EXEC)

0 commit comments

Comments
 (0)