[selinux-policy: 2664/3172] Hal patch from Dan Walsh.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:56:53 UTC 2010 

commit b0c2cae14a2e3481500ffb7dcdb3ff19ec3ea46a
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue May 18 09:06:36 2010 -0400

    Hal patch from Dan Walsh.
    
    Lots of random access for hal.

 policy/modules/services/hal.te |   14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)
---
diff --git a/policy/modules/services/hal.te b/policy/modules/services/hal.te
index 4d3cae0..63ad17f 100644
--- a/policy/modules/services/hal.te
+++ b/policy/modules/services/hal.te
@@ -1,5 +1,5 @@
 
-policy_module(hal, 1.12.1)
+policy_module(hal, 1.12.2)
 
 ########################################
 #
@@ -63,7 +63,7 @@ files_type(hald_var_lib_t)
 # execute openvt which needs setuid
 allow hald_t self:capability { chown setuid setgid kill net_admin sys_admin sys_nice dac_override dac_read_search mknod sys_rawio sys_tty_config };
 dontaudit hald_t self:capability {sys_ptrace sys_tty_config };
-allow hald_t self:process { getattr signal_perms };
+allow hald_t self:process { getsched getattr signal_perms };
 allow hald_t self:fifo_file rw_fifo_file_perms;
 allow hald_t self:unix_stream_socket { create_stream_socket_perms connectto };
 allow hald_t self:unix_dgram_socket create_socket_perms;
@@ -100,6 +100,7 @@ kernel_read_fs_sysctls(hald_t)
 kernel_rw_irq_sysctls(hald_t)
 kernel_rw_vm_sysctls(hald_t)
 kernel_write_proc_files(hald_t)
+kernel_search_network_sysctl(hald_t)
 kernel_setsched(hald_t)
 kernel_request_load_module(hald_t)
 
@@ -117,6 +118,7 @@ corenet_tcp_sendrecv_all_ports(hald_t)
 corenet_udp_sendrecv_all_ports(hald_t)
 
 dev_rw_usbfs(hald_t)
+dev_read_rand(hald_t)
 dev_read_urand(hald_t)
 dev_read_input(hald_t)
 dev_read_mouse(hald_t)
@@ -161,6 +163,7 @@ fs_mount_dos_fs(hald_t)
 fs_unmount_dos_fs(hald_t)
 fs_manage_dos_files(hald_t)
 fs_manage_fusefs_dirs(hald_t)
+fs_rw_removable_blk_files(hald_t)
 
 files_getattr_all_mountpoints(hald_t)
 
@@ -180,7 +183,7 @@ storage_raw_write_fixed_disk(hald_t)
 
 # hal_probe_serial causes these
 term_setattr_unallocated_ttys(hald_t)
-term_dontaudit_use_unallocated_ttys(hald_t)
+term_use_unallocated_ttys(hald_t)
 
 auth_use_nsswitch(hald_t)
 
@@ -295,6 +298,7 @@ optional_policy(`
 ')
 
 optional_policy(`
+	ppp_domtrans(hald_t)
 	ppp_read_rw_config(hald_t)
 ')
 
@@ -320,6 +324,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	usbmuxd_stream_connect(hald_t)
+')
+
+optional_policy(`
 	updfstab_domtrans(hald_t)
 ')

More information about the scm-commits mailing list