[selinux-policy: 2253/3172] add hddtemp from dan.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:19:56 UTC 2010
commit aa83007d5a15a314e4df2102cf225a446e43462e
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Sep 1 08:32:37 2009 -0400
add hddtemp from dan.
Changelog | 2 +
policy/modules/kernel/corenetwork.te.in | 3 +-
policy/modules/services/hddtemp.fc | 3 ++
policy/modules/services/hddtemp.if | 38 +++++++++++++++++++++++++++++++
policy/modules/services/hddtemp.te | 38 +++++++++++++++++++++++++++++++
5 files changed, 83 insertions(+), 1 deletions(-)
---
diff --git a/Changelog b/Changelog
index babf18e..61bb77c 100644
--- a/Changelog
+++ b/Changelog
@@ -8,6 +8,8 @@
- Fix infrastructure to expand macros in initrc_context when installing.
- Handle unix_chkpwd usage by useradd and groupadd.
- Add missing compatibility aliases for xdm_xserver*_t types.
+- Added modules:
+ hddtemp (Dan Walsh)
* Thu Jul 30 2009 Chris PeBenito <selinux at tresys.com> - 2.20090730
- Gentoo fixes for init scripts and system startup.
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 9d100fe..c62a95e 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,5 +1,5 @@
-policy_module(corenetwork, 1.12.0)
+policy_module(corenetwork, 1.12.1)
########################################
#
@@ -102,6 +102,7 @@ network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
network_port(giftd, tcp,1213,s0)
network_port(gopher, tcp,70,s0, udp,70,s0)
network_port(gpsd, tcp,2947,s0)
+network_port(hddtemp, tcp,7634,s0)
network_port(howl, tcp,5335,s0, udp,5353,s0)
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
diff --git a/policy/modules/services/hddtemp.fc b/policy/modules/services/hddtemp.fc
new file mode 100644
index 0000000..67ea7b6
--- /dev/null
+++ b/policy/modules/services/hddtemp.fc
@@ -0,0 +1,3 @@
+/etc/rc\.d/init\.d/hddtemp -- gen_context(system_u:object_r:hddtemp_initrc_exec_t,s0)
+
+/usr/sbin/hddtemp -- gen_context(system_u:object_r:hddtemp_exec_t,s0)
diff --git a/policy/modules/services/hddtemp.if b/policy/modules/services/hddtemp.if
new file mode 100644
index 0000000..af25134
--- /dev/null
+++ b/policy/modules/services/hddtemp.if
@@ -0,0 +1,38 @@
+## <summary>hddtemp hard disk temperature tool running as a daemon</summary>
+
+#######################################
+## <summary>
+## Execute hddtemp in the hddtemp domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`hddtemp_domtrans',`
+ gen_require(`
+ type hddtemp_t, hddtemp_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1, hddtemp_exec_t, hddtemp_t)
+')
+
+######################################
+## <summary>
+## Execute hddtemp
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`hddtemp_exec',`
+ gen_require(`
+ type hddtemp_exec_t;
+ ')
+
+ can_exec($1, hddtemp_exec_t)
+')
diff --git a/policy/modules/services/hddtemp.te b/policy/modules/services/hddtemp.te
new file mode 100644
index 0000000..e883ca3
--- /dev/null
+++ b/policy/modules/services/hddtemp.te
@@ -0,0 +1,38 @@
+
+policy_module(hddtemp, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type hddtemp_t;
+type hddtemp_exec_t;
+init_daemon_domain(hddtemp_t, hddtemp_exec_t)
+
+type hddtemp_initrc_exec_t;
+init_script_file(hddtemp_initrc_exec_t)
+
+########################################
+#
+# hddtemp local policy
+#
+
+allow hddtemp_t self:capability sys_rawio;
+dontaudit hddtemp_t self:capability sys_admin;
+allow hddtemp_t self:netlink_route_socket r_netlink_socket_perms;
+allow hddtemp_t self:tcp_socket create_stream_socket_perms;
+allow hddtemp_t self:udp_socket create_socket_perms;
+
+corenet_tcp_bind_all_nodes(hddtemp_t)
+corenet_tcp_bind_hddtemp_port(hddtemp_t)
+
+# read hddtemp db file
+files_read_usr_files(hddtemp_t)
+
+storage_raw_read_fixed_disk(hddtemp_t)
+
+logging_send_syslog_msg(hddtemp_t)
+
+miscfiles_read_localization(hddtemp_t)
+
More information about the scm-commits
mailing list