[selinux-policy: 2352/3172] PCSCD patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:28:50 UTC 2010
commit 6df09cfef73be1e718e789a83e0e4efc141a3703
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Dec 18 10:44:59 2009 -0500
PCSCD patch from Dan Walsh.
policy/modules/services/pcscd.if | 3 +--
policy/modules/services/pcscd.te | 6 +++++-
2 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/policy/modules/services/pcscd.if b/policy/modules/services/pcscd.if
index 7622d76..913e857 100644
--- a/policy/modules/services/pcscd.if
+++ b/policy/modules/services/pcscd.if
@@ -53,6 +53,5 @@ interface(`pcscd_stream_connect',`
')
files_search_pids($1)
- allow $1 pcscd_var_run_t:sock_file write;
- allow $1 pcscd_t:unix_stream_socket connectto;
+ stream_connect_pattern($1, pcscd_var_run_t, pcscd_var_run_t, pcscd_t)
')
diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te
index 0dc3371..37ddf3e 100644
--- a/policy/modules/services/pcscd.te
+++ b/policy/modules/services/pcscd.te
@@ -1,5 +1,5 @@
-policy_module(pcscd, 1.5.0)
+policy_module(pcscd, 1.5.1)
########################################
#
@@ -29,9 +29,12 @@ allow pcscd_t self:tcp_socket create_stream_socket_perms;
manage_dirs_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
manage_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
+manage_fifo_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
manage_sock_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file dir })
+kernel_read_system_state(pcscd_t)
+
corenet_all_recvfrom_unlabeled(pcscd_t)
corenet_all_recvfrom_netlabel(pcscd_t)
corenet_tcp_sendrecv_generic_if(pcscd_t)
@@ -40,6 +43,7 @@ corenet_tcp_sendrecv_all_ports(pcscd_t)
corenet_tcp_connect_http_port(pcscd_t)
dev_rw_generic_usb_dev(pcscd_t)
+dev_rw_smartcard(pcscd_t)
dev_rw_usbfs(pcscd_t)
dev_search_sysfs(pcscd_t)
More information about the scm-commits
mailing list