diff --git a/policy/modules/apps/nsplugin.te b/policy/modules/apps/nsplugin.te index 7c8e23b1..b4f08524 100644 --- a/policy/modules/apps/nsplugin.te +++ b/policy/modules/apps/nsplugin.te @@ -62,7 +62,7 @@ allow nsplugin_t self:shm create_shm_perms; allow nsplugin_t self:msgq create_msgq_perms; allow nsplugin_t self:unix_stream_socket { connectto create_stream_socket_perms }; allow nsplugin_t self:unix_dgram_socket create_socket_perms; -allow nsplugin_t nsplugin_rw_t:dir search_dir_perms; +allow nsplugin_t nsplugin_rw_t:dir list_dir_perms; tunable_policy(`allow_nsplugin_execmem',` allow nsplugin_t self:process { execstack execmem }; diff --git a/policy/modules/services/devicekit.te b/policy/modules/services/devicekit.te index ccacea92..b191ff73 100644 --- a/policy/modules/services/devicekit.te +++ b/policy/modules/services/devicekit.te @@ -283,6 +283,10 @@ optional_policy(` fstools_domtrans(devicekit_power_t) ') +optional_policy(` + gnome_read_home_config(devicekit_power_t) +') + optional_policy(` hal_domtrans_mac(devicekit_power_t) hal_manage_log(devicekit_power_t) @@ -302,6 +306,11 @@ optional_policy(` udev_read_db(devicekit_power_t) ') +optional_policy(` + usbmuxd_stream_connect(devicekit_power_t) +') + optional_policy(` vbetool_domtrans(devicekit_power_t) ') + diff --git a/policy/modules/services/qmail.te b/policy/modules/services/qmail.te index 355b2a28..1b01d757 100644 --- a/policy/modules/services/qmail.te +++ b/policy/modules/services/qmail.te @@ -120,6 +120,10 @@ mta_append_spool(qmail_local_t) qmail_domtrans_queue(qmail_local_t) +optional_policy(` + uucp_domtrans(qmail_local_t) +') + optional_policy(` spamassassin_domtrans_client(qmail_local_t) ') diff --git a/policy/modules/services/uucp.if b/policy/modules/services/uucp.if index a4fbe319..0e4774c8 100644 --- a/policy/modules/services/uucp.if +++ b/policy/modules/services/uucp.if @@ -1,5 +1,24 @@ ## Unix to Unix Copy +######################################## +## +## Execute the uucico program in the +## uucpd_t domain. +## +## +## +## Domain allowed to transition. +## +## +# +interface(`uucp_domtrans',` + gen_require(` + type uucpd_t, uucpd_exec_t; + ') + + domtrans_pattern($1, uucpd_exec_t, uucpd_t) +') + ######################################## ## ## Allow the specified domain to append diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te index 8451600f..7cc36983 100644 --- a/policy/modules/system/udev.te +++ b/policy/modules/system/udev.te @@ -295,6 +295,7 @@ optional_policy(` optional_policy(` usbmuxd_domtrans(udev_t) + usbmuxd_stream_connect(udev_t) ') optional_policy(`