[selinux-policy: 2015/3172] trunk: last bit of wpa_supplicant update from martin orr.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:58:59 UTC 2010
commit fd49feff4966fc55c39e2b62839c7a6c9ac2b694
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Sep 18 15:06:29 2008 +0000
trunk: last bit of wpa_supplicant update from martin orr.
policy/modules/services/networkmanager.fc | 1 +
policy/modules/services/networkmanager.te | 37 ++++++++++++++++++++++++++--
2 files changed, 35 insertions(+), 3 deletions(-)
---
diff --git a/policy/modules/services/networkmanager.fc b/policy/modules/services/networkmanager.fc
index f61bc45..6d6005d 100644
--- a/policy/modules/services/networkmanager.fc
+++ b/policy/modules/services/networkmanager.fc
@@ -1,3 +1,4 @@
+/sbin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0)
/sbin/wpa_supplicant -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
/usr/s?bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
index 0c6f056..81445c2 100644
--- a/policy/modules/services/networkmanager.te
+++ b/policy/modules/services/networkmanager.te
@@ -1,5 +1,5 @@
-policy_module(networkmanager, 1.10.2)
+policy_module(networkmanager, 1.10.3)
########################################
#
@@ -22,6 +22,10 @@ files_tmp_file(NetworkManager_tmp_t)
type NetworkManager_var_run_t;
files_pid_file(NetworkManager_var_run_t)
+type wpa_cli_t;
+type wpa_cli_exec_t;
+init_system_domain(wpa_cli_t, wpa_cli_exec_t)
+
########################################
#
# Local policy
@@ -40,13 +44,15 @@ allow NetworkManager_t self:tcp_socket create_stream_socket_perms;
allow NetworkManager_t self:udp_socket create_socket_perms;
allow NetworkManager_t self:packet_socket create_socket_perms;
+allow NetworkManager_t wpa_cli_t:unix_dgram_socket sendto;
+
can_exec(NetworkManager_t, NetworkManager_exec_t)
manage_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_t)
logging_log_filetrans(NetworkManager_t, NetworkManager_log_t, file)
-manage_sock_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
-files_tmp_filetrans(NetworkManager_t, NetworkManager_tmp_t, sock_file)
+rw_sock_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
+files_search_tmp(NetworkManager_t)
manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
@@ -190,3 +196,28 @@ optional_policy(`
vpn_domtrans(NetworkManager_t)
vpn_signal(NetworkManager_t)
')
+
+########################################
+#
+# wpa_cli local policy
+#
+allow wpa_cli_t self:capability dac_override;
+allow wpa_cli_t self:unix_dgram_socket create_socket_perms;
+
+allow wpa_cli_t NetworkManager_t:unix_dgram_socket sendto;
+
+manage_sock_files_pattern(wpa_cli_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
+files_tmp_filetrans(wpa_cli_t, NetworkManager_tmp_t, sock_file)
+
+list_dirs_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
+rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
+
+init_dontaudit_use_fds(wpa_cli_t)
+init_use_script_ptys(wpa_cli_t)
+
+libs_use_ld_so(wpa_cli_t)
+libs_use_shared_libs(wpa_cli_t)
+
+miscfiles_read_localization(wpa_cli_t)
+
+term_dontaudit_use_console(wpa_cli_t)
More information about the scm-commits
mailing list