1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
--- services/networkmanager.te 2010-09-10 17:05:45.000000000 +0200
+++ ../../../refpolicy/policy/modules/services/networkmanager.te 2011-01-02 15:40:48.781999979 +0100
@@ -28,6 +28,9 @@
type wpa_cli_exec_t;
init_system_domain(wpa_cli_t, wpa_cli_exec_t)
+type wpa_cli_var_run_t;
+files_pid_file(wpa_cli_var_run_t)
+
########################################
#
# Local policy
@@ -68,6 +71,11 @@
manage_sock_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
files_pid_filetrans(NetworkManager_t, NetworkManager_var_run_t, { dir file sock_file })
+manage_dirs_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t)
+manage_files_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t)
+manage_sock_files_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t)
+files_pid_filetrans(wpa_cli_t, wpa_cli_var_run_t, { dir file sock_file })
+
kernel_read_system_state(NetworkManager_t)
kernel_read_network_state(NetworkManager_t)
kernel_read_kernel_sysctls(NetworkManager_t)
@@ -125,10 +133,12 @@
init_read_utmp(NetworkManager_t)
init_dontaudit_write_utmp(NetworkManager_t)
init_domtrans_script(NetworkManager_t)
+init_domtrans_script(wpa_cli_t)
auth_use_nsswitch(NetworkManager_t)
logging_send_syslog_msg(NetworkManager_t)
+logging_send_syslog_msg(wpa_cli_t)
miscfiles_read_localization(NetworkManager_t)
miscfiles_read_generic_certs(NetworkManager_t)
@@ -149,6 +159,7 @@
userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)
userdom_dontaudit_use_user_ttys(NetworkManager_t)
+userdom_use_user_ttys(wpa_cli_t)
# Read gnome-keyring
userdom_read_user_home_content_files(NetworkManager_t)
@@ -287,3 +298,20 @@
miscfiles_read_localization(wpa_cli_t)
term_dontaudit_use_console(wpa_cli_t)
+
+fs_search_tmpfs(wpa_cli_t)
+fs_search_tmpfs(NetworkManager_t)
+fs_rw_tmpfs_files(wpa_cli_t)
+fs_rw_tmpfs_files(NetworkManager_t)
+fs_manage_tmpfs_dirs(wpa_cli_t)
+fs_manage_tmpfs_sockets(wpa_cli_t)
+fs_manage_tmpfs_sockets(NetworkManager_t)
+getty_use_fds(wpa_cli_t)
+files_search_pids(wpa_cli_t)
+corecmd_exec_shell(wpa_cli_t)
+corecmd_exec_bin(wpa_cli_t)
+
+ifdef(`distro_gentoo',`
+ sysnet_domtrans_dhcpc(wpa_cli_t)
+ allow wpa_cli_t etc_t:file { getattr };
+')
--- services/networkmanager.fc 2010-08-03 15:11:06.000000000 +0200
+++ ../../../refpolicy/policy/modules/services/networkmanager.fc 2011-01-02 17:30:48.448999997 +0100
@@ -24,3 +24,6 @@
/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+/var/run/wpa_cli-.* -- gen_context(system_u:object_r:wpa_cli_var_run_t,s0)
+/etc/wpa_supplicant/wpa_cli.sh -- gen_context(system_u:object_r:bin_t,s0)
+/usr/bin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0)
|
GitWeb
