commit: 65f2dc9479c12dca474e917434415e1d0fda7ff3
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Wed Apr 19 01:21:12 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 30 09:12:52 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=65f2dc94
devicekit, mount, xserver, and selinuxutil from Russell Coker
Allow devicekit_power_t to chat to xdm via dbus and log via syslog.
Allow mount_t to do more with it's runtime files and stat more filesystem
types.
Allow xauth to send sigchld to xdm.
Allow semanage to search policy_src_t dirs and read /dev/urandom.
policy/modules/contrib/devicekit.te | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/devicekit.te
b/policy/modules/contrib/devicekit.te
index 83e0fabd..d2d3f830 100644
--- a/policy/modules/contrib/devicekit.te
+++ b/policy/modules/contrib/devicekit.te
@@ -1,4 +1,4 @@
-policy_module(devicekit, 1.6.3)
+policy_module(devicekit, 1.6.4)
########################################
#
@@ -59,12 +59,17 @@ optional_policy(`
udev_read_db(devicekit_t)
')
+optional_policy(`
+ xserver_dbus_chat_xdm(devicekit_power_t)
+')
+
########################################
#
# Disk local policy
#
allow devicekit_disk_t self:capability { chown dac_override fowner fsetid
net_admin setgid setuid sys_admin sys_nice sys_ptrace sys_rawio };
+allow devicekit_disk_t self:capability2 wake_alarm;
allow devicekit_disk_t self:process { getsched signal_perms };
allow devicekit_disk_t self:fifo_file rw_fifo_file_perms;
allow devicekit_disk_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -263,6 +268,8 @@ init_all_labeled_script_domtrans(devicekit_power_t)
init_read_utmp(devicekit_power_t)
init_search_run(devicekit_power_t)
+logging_send_syslog_msg(devicekit_power_t)
+
miscfiles_read_localization(devicekit_power_t)
sysnet_domtrans_ifconfig(devicekit_power_t)
