commit: 18ddac2acc0a71975ba87e0683cc3846ed72bb9f Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> AuthorDate: Sat Sep 10 15:28:14 2016 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Mon Oct 3 06:05:14 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=18ddac2a
cups: Move can_exec() line. policy/modules/contrib/cups.te | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/policy/modules/contrib/cups.te b/policy/modules/contrib/cups.te index 1b0dffa..245926b 100644 --- a/policy/modules/contrib/cups.te +++ b/policy/modules/contrib/cups.te @@ -633,6 +633,9 @@ allow hplip_t hplip_etc_t:dir list_dir_perms; allow hplip_t hplip_etc_t:file read_file_perms; allow hplip_t hplip_etc_t:lnk_file read_lnk_file_perms; +# e.g. execute python script to load the firmware +can_exec(hplip_t, hplip_exec_t) + manage_files_pattern(hplip_t, hplip_var_lib_t, hplip_var_lib_t) manage_lnk_files_pattern(hplip_t, hplip_var_lib_t, hplip_var_lib_t) @@ -647,9 +650,6 @@ stream_connect_pattern(hplip_t, cupsd_var_run_t, cupsd_var_run_t, cupsd_t) kernel_read_system_state(hplip_t) kernel_read_kernel_sysctls(hplip_t) -# e.g. execute python script to load the firmware -can_exec(hplip_t, hplip_exec_t) - corenet_all_recvfrom_unlabeled(hplip_t) corenet_all_recvfrom_netlabel(hplip_t) corenet_tcp_sendrecv_generic_if(hplip_t)
