rpms / selinux-policy

Clone
Source Code
GIT

Blame strict/domains/program/usbmodules.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   a8b62e799cdc4841a113ad0ee9ed0907c4de91fa
  2.   strict
  3.   domains
  4.   program
  5.   usbmodules.te
Blob History Raw
Chris PeBenito 0fbfa5 
#DESC USBModules - List kernel modules for USB devices
Chris PeBenito 0fbfa5 
#
Chris PeBenito 0fbfa5 
# Author:  Russell Coker <russell@coker.com.au>
Chris PeBenito 0fbfa5 
# X-Debian-Packages:
Chris PeBenito 0fbfa5 
#
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
#################################
Chris PeBenito 0fbfa5 
#
Chris PeBenito 0fbfa5 
# Rules for the usbmodules_t domain.
Chris PeBenito 0fbfa5 
#
Chris PeBenito 0fbfa5 
type usbmodules_t, domain, privlog;
Chris PeBenito 0fbfa5 
type usbmodules_exec_t, file_type, sysadmfile, exec_type;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
in_user_role(usbmodules_t)
Chris PeBenito 0fbfa5 
role sysadm_r types usbmodules_t;
Chris PeBenito 0fbfa5 
role system_r types usbmodules_t;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
domain_auto_trans(initrc_t, usbmodules_exec_t, usbmodules_t)
Chris PeBenito 0fbfa5 
ifdef(`hotplug.te',`
Chris PeBenito 0fbfa5 
domain_auto_trans(hotplug_t, usbmodules_exec_t, usbmodules_t)
Chris PeBenito 0fbfa5 
allow usbmodules_t hotplug_etc_t:file r_file_perms;
Chris PeBenito 0fbfa5 
allow usbmodules_t hotplug_etc_t:dir search;
Chris PeBenito 0fbfa5 
')
Chris PeBenito 0fbfa5 
allow usbmodules_t init_t:fd use;
Chris PeBenito 0fbfa5 
allow usbmodules_t console_device_t:chr_file { read write };
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
uses_shlib(usbmodules_t)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
# allow usb device access
Chris PeBenito 0fbfa5 
allow usbmodules_t usbdevfs_t:file rw_file_perms;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
allow usbmodules_t { etc_t modules_object_t proc_t usbdevfs_t }:dir r_dir_perms;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
# needs etc_t read access for the hotplug config, maybe should have a new type
Chris PeBenito 0fbfa5 
allow usbmodules_t { etc_t modules_dep_t }:file r_file_perms;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation