|
Chris PeBenito |
31b7c0 |
#DESC ddcprobe - output ddcprobe results from kudzu
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Author: dan walsh <dwalsh@redhat.com>
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
type ddcprobe_t, domain, privmem;
|
|
Chris PeBenito |
31b7c0 |
type ddcprobe_exec_t, file_type, exec_type, sysadmfile;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
# Allow execution by the sysadm
|
|
Chris PeBenito |
31b7c0 |
role sysadm_r types ddcprobe_t;
|
|
Chris PeBenito |
31b7c0 |
role system_r types ddcprobe_t;
|
|
Chris PeBenito |
31b7c0 |
domain_auto_trans(sysadm_t, ddcprobe_exec_t, ddcprobe_t)
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
uses_shlib(ddcprobe_t)
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
# Allow terminal access
|
|
Chris PeBenito |
31b7c0 |
access_terminal(ddcprobe_t, sysadm)
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
# Allow ddcprobe to read /dev/mem
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t memory_device_t:chr_file read;
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t memory_device_t:chr_file { execute write };
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t self:process execmem;
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t zero_device_t:chr_file { execute read };
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t proc_t:dir search;
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t proc_t:file { getattr read };
|
|
Chris PeBenito |
31b7c0 |
can_exec(ddcprobe_t, sbin_t)
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t user_tty_type:chr_file rw_file_perms;
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t userdomain:fd use;
|
|
Chris PeBenito |
31b7c0 |
read_sysctl(ddcprobe_t)
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t urandom_device_t:chr_file { getattr read };
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t { bin_t sbin_t }:dir r_dir_perms;
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t self:capability { sys_rawio sys_admin };
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t { etc_t etc_runtime_t }:file { getattr read };
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t kudzu_exec_t:file getattr;
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t lib_t:file { getattr read };
|
|
Chris PeBenito |
31b7c0 |
read_locale(ddcprobe_t)
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t modules_object_t:dir search;
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t modules_dep_t:file { getattr read };
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t usr_t:file { getattr read };
|
|
Chris PeBenito |
31b7c0 |
allow ddcprobe_t kernel_t:system syslog_console;
|