[selinux-policy: 1422/3172] add appletalk socket for cups

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:08:17 UTC 2010 

commit f40b22bf4293ce1f9ed69d33dfb46c00c1ac21a4
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu May 4 20:40:49 2006 +0000

    add appletalk socket for cups

 refpolicy/policy/flask/access_vectors      |    3 +++
 refpolicy/policy/flask/security_classes    |    2 ++
 refpolicy/policy/modules/services/cups.te  |    3 +++
 refpolicy/policy/support/obj_perm_sets.spt |    2 +-
 4 files changed, 9 insertions(+), 1 deletions(-)
---
diff --git a/refpolicy/policy/flask/access_vectors b/refpolicy/policy/flask/access_vectors
index 57e55a6..3dbfeaa 100644
--- a/refpolicy/policy/flask/access_vectors
+++ b/refpolicy/policy/flask/access_vectors
@@ -607,3 +607,6 @@ class association
 # Updated Netlink class for KOBJECT_UEVENT family.
 class netlink_kobject_uevent_socket
 inherits socket
+
+class appletalk_socket
+inherits socket
diff --git a/refpolicy/policy/flask/security_classes b/refpolicy/policy/flask/security_classes
index e51ae88..3495ab1 100644
--- a/refpolicy/policy/flask/security_classes
+++ b/refpolicy/policy/flask/security_classes
@@ -86,4 +86,6 @@ class association
 # Updated Netlink class for KOBJECT_UEVENT family.
 class netlink_kobject_uevent_socket
 
+class appletalk_socket
+
 # FLASK
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 1f8f1f7..7c3fbcb 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -84,6 +84,9 @@ allow cupsd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_rela
 allow cupsd_t self:netlink_route_socket { r_netlink_socket_perms };
 allow cupsd_t self:tcp_socket { create_stream_socket_perms connectto acceptfrom recvfrom };
 allow cupsd_t self:udp_socket create_socket_perms;
+allow cupsd_t self:appletalk_socket create_socket_perms;
+# generic socket here until appletalk socket is available in kernels
+allow cupsd_t self:socket create_socket_perms;
 
 allow cupsd_t cupsd_etc_t:file { r_file_perms setattr };
 allow cupsd_t cupsd_etc_t:dir { rw_dir_perms setattr };
diff --git a/refpolicy/policy/support/obj_perm_sets.spt b/refpolicy/policy/support/obj_perm_sets.spt
index d487080..eea1598 100644
--- a/refpolicy/policy/support/obj_perm_sets.spt
+++ b/refpolicy/policy/support/obj_perm_sets.spt
@@ -28,7 +28,7 @@ define(`devfile_class_set', `{ chr_file blk_file }')
 #
 # All socket classes.
 #
-define(`socket_class_set', `{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket }')
+define(`socket_class_set', `{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket }')
 
 
 #

More information about the scm-commits mailing list