Blame strict/domains/program/dmidecode.te
|
Chris PeBenito |
2705f9 |
#DESC dmidecode - decodes DMI data for x86/ia64 bioses
|
|
Chris PeBenito |
2705f9 |
#
|
|
Chris PeBenito |
2705f9 |
# Author: Ivan Gyurdiev <ivg2@cornell.edu>
|
|
Chris PeBenito |
2705f9 |
#
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
type dmidecode_t, domain, privmem;
|
|
Chris PeBenito |
2705f9 |
type dmidecode_exec_t, file_type, exec_type, sysadmfile;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Allow execution by the sysadm
|
|
Chris PeBenito |
2705f9 |
role sysadm_r types dmidecode_t;
|
|
Chris PeBenito |
2705f9 |
role system_r types dmidecode_t;
|
|
Chris PeBenito |
2705f9 |
domain_auto_trans(sysadm_t, dmidecode_exec_t, dmidecode_t)
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
uses_shlib(dmidecode_t)
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Allow terminal access
|
|
Chris PeBenito |
2705f9 |
access_terminal(dmidecode_t, sysadm)
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Allow dmidecode to read /dev/mem
|
|
Chris PeBenito |
2705f9 |
allow dmidecode_t memory_device_t:chr_file read;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
allow dmidecode_t self:capability sys_rawio;
|