Hal patch from Dan Walsh.

Lots of random access for hal.
This commit is contained in:
Chris PeBenito 2010-05-18 09:06:36 -04:00
parent 2e4e39d26a
commit b0c2cae14a

View File

@ -1,5 +1,5 @@
policy_module(hal, 1.12.1) policy_module(hal, 1.12.2)
######################################## ########################################
# #
@ -63,7 +63,7 @@ files_type(hald_var_lib_t)
# execute openvt which needs setuid # execute openvt which needs setuid
allow hald_t self:capability { chown setuid setgid kill net_admin sys_admin sys_nice dac_override dac_read_search mknod sys_rawio sys_tty_config }; allow hald_t self:capability { chown setuid setgid kill net_admin sys_admin sys_nice dac_override dac_read_search mknod sys_rawio sys_tty_config };
dontaudit hald_t self:capability {sys_ptrace sys_tty_config }; dontaudit hald_t self:capability {sys_ptrace sys_tty_config };
allow hald_t self:process { getattr signal_perms }; allow hald_t self:process { getsched getattr signal_perms };
allow hald_t self:fifo_file rw_fifo_file_perms; allow hald_t self:fifo_file rw_fifo_file_perms;
allow hald_t self:unix_stream_socket { create_stream_socket_perms connectto }; allow hald_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow hald_t self:unix_dgram_socket create_socket_perms; allow hald_t self:unix_dgram_socket create_socket_perms;
@ -100,6 +100,7 @@ kernel_read_fs_sysctls(hald_t)
kernel_rw_irq_sysctls(hald_t) kernel_rw_irq_sysctls(hald_t)
kernel_rw_vm_sysctls(hald_t) kernel_rw_vm_sysctls(hald_t)
kernel_write_proc_files(hald_t) kernel_write_proc_files(hald_t)
kernel_search_network_sysctl(hald_t)
kernel_setsched(hald_t) kernel_setsched(hald_t)
kernel_request_load_module(hald_t) kernel_request_load_module(hald_t)
@ -117,6 +118,7 @@ corenet_tcp_sendrecv_all_ports(hald_t)
corenet_udp_sendrecv_all_ports(hald_t) corenet_udp_sendrecv_all_ports(hald_t)
dev_rw_usbfs(hald_t) dev_rw_usbfs(hald_t)
dev_read_rand(hald_t)
dev_read_urand(hald_t) dev_read_urand(hald_t)
dev_read_input(hald_t) dev_read_input(hald_t)
dev_read_mouse(hald_t) dev_read_mouse(hald_t)
@ -161,6 +163,7 @@ fs_mount_dos_fs(hald_t)
fs_unmount_dos_fs(hald_t) fs_unmount_dos_fs(hald_t)
fs_manage_dos_files(hald_t) fs_manage_dos_files(hald_t)
fs_manage_fusefs_dirs(hald_t) fs_manage_fusefs_dirs(hald_t)
fs_rw_removable_blk_files(hald_t)
files_getattr_all_mountpoints(hald_t) files_getattr_all_mountpoints(hald_t)
@ -180,7 +183,7 @@ storage_raw_write_fixed_disk(hald_t)
# hal_probe_serial causes these # hal_probe_serial causes these
term_setattr_unallocated_ttys(hald_t) term_setattr_unallocated_ttys(hald_t)
term_dontaudit_use_unallocated_ttys(hald_t) term_use_unallocated_ttys(hald_t)
auth_use_nsswitch(hald_t) auth_use_nsswitch(hald_t)
@ -295,6 +298,7 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
ppp_domtrans(hald_t)
ppp_read_rw_config(hald_t) ppp_read_rw_config(hald_t)
') ')
@ -319,6 +323,10 @@ optional_policy(`
udev_read_db(hald_t) udev_read_db(hald_t)
') ')
optional_policy(`
usbmuxd_stream_connect(hald_t)
')
optional_policy(` optional_policy(`
updfstab_domtrans(hald_t) updfstab_domtrans(hald_t)
') ')