add ddcprobe

This commit is contained in:
Chris PeBenito 2006-01-04 16:29:11 +00:00
parent 871b685511
commit 87107917f3
6 changed files with 128 additions and 0 deletions

View File

@ -4,6 +4,7 @@
- Miscellaneous fixes from Dan Walsh. - Miscellaneous fixes from Dan Walsh.
- Added modules: - Added modules:
automount automount
ddcprobe
fetchmail fetchmail
smartmon smartmon
sysstat sysstat

View File

@ -0,0 +1,4 @@
#
# /usr
#
/usr/sbin/ddcprobe -- gen_context(system_u:object_r:ddcprobe_exec_t,s0)

View File

@ -0,0 +1,47 @@
## <summary>ddcprobe retrieves monitor and graphics card information</summary>
########################################
## <summary>
## Execute ddcprobe in the ddcprobe domain.
## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
#
interface(`ddcprobe_domtrans',`
gen_require(`
type ddcprobe_t, ddcprobe_exec_t;
')
domain_auto_trans($1,ddcprobe_exec_t,ddcprobe_t)
allow $1 ddcprobe_t:fd use;
allow ddcprobe_t $1:fd use;
allow ddcprobe_t $1:fifo_file rw_file_perms;
allow ddcprobe_t $1:process sigchld;
')
########################################
## <summary>
## Execute ddcprobe in the ddcprobe domain, and
## allow the specified role the ddcprobe domain.
## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
## <param name="role">
## Role to be authenticated for ddcprobe domain.
## </param>
## <param name="terminal">
## The type of the terminal allow the clock domain to use.
## </param>
#
interface(`ddcprobe_run',`
gen_require(`
type ddcprobe_t;
')
ddcprobe_domtrans($1)
role $2 types ddcprobe_t;
allow ddcprobe_t $3:chr_file rw_term_perms;
')

View File

@ -0,0 +1,55 @@
policy_module(ddcprobe,1.0.0)
########################################
#
# Declarations
#
type ddcprobe_t;
type ddcprobe_exec_t;
domain_type(ddcprobe_t)
domain_entry_file(ddcprobe_t,ddcprobe_exec_t)
role system_r types ddcprobe_t;
########################################
#
# Local policy
#
allow ddcprobe_t self:capability { sys_rawio sys_admin };
allow ddcprobe_t self:process execmem;
kernel_read_system_state(ddcprobe_t)
kernel_read_kernel_sysctl(ddcprobe_t)
kernel_change_ring_buffer_level(ddcprobe_t)
bootloader_search_kernel_modules(ddcprobe_t)
corecmd_list_sbin(ddcprobe_t)
corecmd_list_bin(ddcprobe_t)
corecmd_exec_sbin(ddcprobe_t)
dev_read_urand(ddcprobe_t)
dev_read_raw_memory(ddcprobe_t)
dev_wx_raw_memory(ddcprobe_t)
files_read_etc_files(ddcprobe_t)
files_read_etc_runtime_files(ddcprobe_t)
files_read_usr_files(ddcprobe_t)
term_use_all_user_ttys(ddcprobe_t)
term_use_all_user_ptys(ddcprobe_t)
libs_read_lib(ddcprobe_t)
libs_use_ld_so(ddcprobe_t)
libs_use_shared_libs(ddcprobe_t)
miscfiles_read_localization(ddcprobe_t)
modutils_read_mods_deps(ddcprobe_t)
userdom_use_all_user_fd(ddcprobe_t)
#reh why? this does not seem even necessary to function properly
kudzu_getattr_exec_file(ddcprobe_t)

View File

@ -49,3 +49,20 @@ interface(`kudzu_run',`
role $2 types kudzu_t; role $2 types kudzu_t;
allow kudzu_t $3:chr_file rw_term_perms; allow kudzu_t $3:chr_file rw_term_perms;
') ')
########################################
## <summary>
## Get attributes of kudzu executable.
## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
#
# cjp: added for ddcprobe
interface(`kudzu_getattr_exec_file',`
gen_require(`
type kudzu_exec_t;
')
allow $1 kudzu_exec_t:file getattr;
')

View File

@ -174,6 +174,10 @@ ifdef(`targeted_policy',`
clock_run(sysadm_t,sysadm_r,admin_terminal) clock_run(sysadm_t,sysadm_r,admin_terminal)
') ')
optional_policy(`ddcprobe',`
ddcprobe_run(sysadm_t,sysadm_r,admin_terminal)
')
optional_policy(`dmidecode',` optional_policy(`dmidecode',`
dmidecode_run(sysadm_t,sysadm_r,admin_terminal) dmidecode_run(sysadm_t,sysadm_r,admin_terminal)
') ')