add ddcprobe
This commit is contained in:
parent
871b685511
commit
87107917f3
@ -4,6 +4,7 @@
|
||||
- Miscellaneous fixes from Dan Walsh.
|
||||
- Added modules:
|
||||
automount
|
||||
ddcprobe
|
||||
fetchmail
|
||||
smartmon
|
||||
sysstat
|
||||
|
4
refpolicy/policy/modules/admin/ddcprobe.fc
Normal file
4
refpolicy/policy/modules/admin/ddcprobe.fc
Normal file
@ -0,0 +1,4 @@
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/sbin/ddcprobe -- gen_context(system_u:object_r:ddcprobe_exec_t,s0)
|
47
refpolicy/policy/modules/admin/ddcprobe.if
Normal file
47
refpolicy/policy/modules/admin/ddcprobe.if
Normal file
@ -0,0 +1,47 @@
|
||||
## <summary>ddcprobe retrieves monitor and graphics card information</summary>
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute ddcprobe in the ddcprobe domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## The type of the process performing this action.
|
||||
## </param>
|
||||
#
|
||||
interface(`ddcprobe_domtrans',`
|
||||
gen_require(`
|
||||
type ddcprobe_t, ddcprobe_exec_t;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,ddcprobe_exec_t,ddcprobe_t)
|
||||
|
||||
allow $1 ddcprobe_t:fd use;
|
||||
allow ddcprobe_t $1:fd use;
|
||||
allow ddcprobe_t $1:fifo_file rw_file_perms;
|
||||
allow ddcprobe_t $1:process sigchld;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute ddcprobe in the ddcprobe domain, and
|
||||
## allow the specified role the ddcprobe domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## The type of the process performing this action.
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## Role to be authenticated for ddcprobe domain.
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## The type of the terminal allow the clock domain to use.
|
||||
## </param>
|
||||
#
|
||||
interface(`ddcprobe_run',`
|
||||
gen_require(`
|
||||
type ddcprobe_t;
|
||||
')
|
||||
|
||||
ddcprobe_domtrans($1)
|
||||
role $2 types ddcprobe_t;
|
||||
allow ddcprobe_t $3:chr_file rw_term_perms;
|
||||
')
|
55
refpolicy/policy/modules/admin/ddcprobe.te
Normal file
55
refpolicy/policy/modules/admin/ddcprobe.te
Normal file
@ -0,0 +1,55 @@
|
||||
|
||||
policy_module(ddcprobe,1.0.0)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
|
||||
type ddcprobe_t;
|
||||
type ddcprobe_exec_t;
|
||||
domain_type(ddcprobe_t)
|
||||
domain_entry_file(ddcprobe_t,ddcprobe_exec_t)
|
||||
role system_r types ddcprobe_t;
|
||||
|
||||
########################################
|
||||
#
|
||||
# Local policy
|
||||
#
|
||||
|
||||
allow ddcprobe_t self:capability { sys_rawio sys_admin };
|
||||
allow ddcprobe_t self:process execmem;
|
||||
|
||||
kernel_read_system_state(ddcprobe_t)
|
||||
kernel_read_kernel_sysctl(ddcprobe_t)
|
||||
kernel_change_ring_buffer_level(ddcprobe_t)
|
||||
|
||||
bootloader_search_kernel_modules(ddcprobe_t)
|
||||
|
||||
corecmd_list_sbin(ddcprobe_t)
|
||||
corecmd_list_bin(ddcprobe_t)
|
||||
corecmd_exec_sbin(ddcprobe_t)
|
||||
|
||||
dev_read_urand(ddcprobe_t)
|
||||
dev_read_raw_memory(ddcprobe_t)
|
||||
dev_wx_raw_memory(ddcprobe_t)
|
||||
|
||||
files_read_etc_files(ddcprobe_t)
|
||||
files_read_etc_runtime_files(ddcprobe_t)
|
||||
files_read_usr_files(ddcprobe_t)
|
||||
|
||||
term_use_all_user_ttys(ddcprobe_t)
|
||||
term_use_all_user_ptys(ddcprobe_t)
|
||||
|
||||
libs_read_lib(ddcprobe_t)
|
||||
libs_use_ld_so(ddcprobe_t)
|
||||
libs_use_shared_libs(ddcprobe_t)
|
||||
|
||||
miscfiles_read_localization(ddcprobe_t)
|
||||
|
||||
modutils_read_mods_deps(ddcprobe_t)
|
||||
|
||||
userdom_use_all_user_fd(ddcprobe_t)
|
||||
|
||||
#reh why? this does not seem even necessary to function properly
|
||||
kudzu_getattr_exec_file(ddcprobe_t)
|
@ -49,3 +49,20 @@ interface(`kudzu_run',`
|
||||
role $2 types kudzu_t;
|
||||
allow kudzu_t $3:chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Get attributes of kudzu executable.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## The type of the process performing this action.
|
||||
## </param>
|
||||
#
|
||||
# cjp: added for ddcprobe
|
||||
interface(`kudzu_getattr_exec_file',`
|
||||
gen_require(`
|
||||
type kudzu_exec_t;
|
||||
')
|
||||
|
||||
allow $1 kudzu_exec_t:file getattr;
|
||||
')
|
||||
|
@ -174,6 +174,10 @@ ifdef(`targeted_policy',`
|
||||
clock_run(sysadm_t,sysadm_r,admin_terminal)
|
||||
')
|
||||
|
||||
optional_policy(`ddcprobe',`
|
||||
ddcprobe_run(sysadm_t,sysadm_r,admin_terminal)
|
||||
')
|
||||
|
||||
optional_policy(`dmidecode',`
|
||||
dmidecode_run(sysadm_t,sysadm_r,admin_terminal)
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user