[selinux-policy/f21] * Wed Oct 29 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-92 - Allow modemmanger to connectto itsel

Wed Oct 29 09:55:56 UTC 2014

commit c659691ff573fc336c00de9a94f7fb8111fe0e10
Author: Lukas Vrabec <lvrabec at redhat.com>
Date:   Wed Oct 29 10:55:57 2014 +0100

    * Wed Oct 29 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-92
    - Allow modemmanger to connectto itself

 policy-f21-base.patch    |    9 ++++-----
 policy-f21-contrib.patch |   10 ++++++++--
 selinux-policy.spec      |    5 ++++-
 3 files changed, 16 insertions(+), 8 deletions(-)
---

diff --git a/policy-f21-base.patch b/policy-f21-base.patch
index 202cc87..3fa409d 100644
--- a/policy-f21-base.patch
+++ b/policy-f21-base.patch
@@ -29278,7 +29278,7 @@ index bc0ffc8..7198bd9 100644
  ')
 +/var/run/systemd(/.*)?		gen_context(system_u:object_r:init_var_run_t,s0)
 diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
-index 79a45f6..b88e8a2 100644
+index 79a45f6..f142c45 100644
 --- a/policy/modules/system/init.if
 +++ b/policy/modules/system/init.if
 @@ -1,5 +1,21 @@
@@ -30745,7 +30745,7 @@ index 79a45f6..b88e8a2 100644
 +		type init_t;
 +	')
 +
-+	allow $1 init_t:service manage_service_perms;
++	allow $1 init_t:service { start stop reload status };
 +')
 +
 +########################################
@@ -41158,10 +41158,10 @@ index 0000000..d2a8fc7
 +')
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
 new file mode 100644
-index 0000000..a75ffd3
+index 0000000..5b904b0
 --- /dev/null
 +++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,700 @@
+@@ -0,0 +1,699 @@
 +policy_module(systemd, 1.0.0)
 +
 +#######################################
@@ -41813,7 +41813,6 @@ index 0000000..a75ffd3
 +allow systemd_sysctl_t self:unix_dgram_socket create_socket_perms;
 +
 +kernel_dgram_send(systemd_sysctl_t)
-+kernel_request_load_module(systemd_sysctl_t)
 +kernel_rw_all_sysctls(systemd_sysctl_t)
 +kernel_write_security_state(systemd_sysctl_t)
 +
diff --git a/policy-f21-contrib.patch b/policy-f21-contrib.patch
index 4719fff..84d5ffb 100644
--- a/policy-f21-contrib.patch
+++ b/policy-f21-contrib.patch
@@ -46204,7 +46204,7 @@ index b1ac8b5..9b22bea 100644
 +	')
 +')
 diff --git a/modemmanager.te b/modemmanager.te
-index d15eb5b..6af07aa 100644
+index d15eb5b..25f2cfe 100644
 --- a/modemmanager.te
 +++ b/modemmanager.te
 @@ -11,6 +11,9 @@ init_daemon_domain(modemmanager_t, modemmanager_exec_t)
@@ -46217,7 +46217,13 @@ index d15eb5b..6af07aa 100644
  ########################################
  #
  # Local policy
-@@ -24,15 +27,17 @@ allow modemmanager_t self:netlink_kobject_uevent_socket create_socket_perms;
+@@ -19,20 +22,22 @@ typealias modemmanager_exec_t alias ModemManager_exec_t;
+ allow modemmanager_t self:capability { net_admin sys_admin sys_tty_config };
+ allow modemmanager_t self:process { getsched signal };
+ allow modemmanager_t self:fifo_file rw_fifo_file_perms;
+-allow modemmanager_t self:unix_stream_socket create_stream_socket_perms;
++allow modemmanager_t self:unix_stream_socket {connectto create_stream_socket_perms};
+ allow modemmanager_t self:netlink_kobject_uevent_socket create_socket_perms;
  
  kernel_read_system_state(modemmanager_t)
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 928b2b7..7fe519b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 91%{?dist}
+Release: 92%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -604,6 +604,9 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Wed Oct 29 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-92
+- Allow modemmanger to connectto itself
+
 * Fri Oct 24 2014 Miroslav Grepl <mgrepl at redhat.com> 3.13.1-91
 - Allow rolekit transition to rpm_script_t.
 - Need to label rpmnew file correctly
