selinux-policy/policy/modules/admin/usbmodules.te

50 lines
941 B
Plaintext

policy_module(usbmodules, 1.1.0)
########################################
#
# Declarations
#
type usbmodules_t;
type usbmodules_exec_t;
init_system_domain(usbmodules_t, usbmodules_exec_t)
role system_r types usbmodules_t;
########################################
#
# Local policy
#
kernel_list_proc(usbmodules_t)
files_list_kernel_modules(usbmodules_t)
dev_list_usbfs(usbmodules_t)
# allow usb device access
dev_rw_usbfs(usbmodules_t)
files_list_etc(usbmodules_t)
# needs etc_t read access for the hotplug config, maybe should have a new type
files_read_etc_files(usbmodules_t)
term_read_console(usbmodules_t)
term_write_console(usbmodules_t)
init_use_fds(usbmodules_t)
libs_use_ld_so(usbmodules_t)
libs_use_shared_libs(usbmodules_t)
miscfiles_read_hwdata(usbmodules_t)
modutils_read_module_deps(usbmodules_t)
optional_policy(`
hotplug_read_config(usbmodules_t)
')
optional_policy(`
logging_send_syslog_msg(usbmodules_t)
')