oreonproject/Oreon-Lime-R2
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Oreon-Lime-R2/selinux-policy/selinux-policy-bc228bd/selinux-policy-bc228bd0c249a9e4aa3dcf238c2b1bb138943b07/policy/modules/contrib/linuxptp.te

193 lines
5 KiB
Text
Raw Normal View History

extract all compressed files to make viewing source code easier and updated oreon-backgrounds and oreon-release packages
2024-07-03 21:20:34 -07:00
policy_module(linuxptp, 1.0.0)
########################################
#
# Declarations
#
type timemaster_t;
type timemaster_exec_t;
init_daemon_domain(timemaster_t, timemaster_exec_t)
type timemaster_var_run_t;
files_pid_file(timemaster_var_run_t)
type timemaster_tmpfs_t;
files_tmpfs_file(timemaster_tmpfs_t)
type timemaster_unit_file_t;
systemd_unit_file(timemaster_unit_file_t)
type phc2sys_t;
type phc2sys_exec_t;
init_daemon_domain(phc2sys_t, phc2sys_exec_t)
type phc2sys_unit_file_t;
systemd_unit_file(phc2sys_unit_file_t)
type ptp4l_t;
type ptp4l_exec_t;
init_daemon_domain(ptp4l_t, ptp4l_exec_t)
type ptp4l_unit_file_t;
systemd_unit_file(ptp4l_unit_file_t)
########################################
#
# timemaster local policy
#
allow timemaster_t self:process { signal_perms setcap};
allow timemaster_t self:fifo_file rw_fifo_file_perms;
allow timemaster_t self:capability { setuid sys_time kill setgid };
allow timemaster_t self:unix_stream_socket create_stream_socket_perms;
allow timemaster_t self:shm create_shm_perms;
allow timemaster_t self:udp_socket create_socket_perms;
allow timemaster_t ptp4l_t:process signal;
allow timemaster_t phc2sys_t:process signal;
allow timemaster_t ptp4l_t:shm rw_shm_perms;
manage_dirs_pattern(timemaster_t, timemaster_var_run_t, timemaster_var_run_t)
manage_files_pattern(timemaster_t, timemaster_var_run_t, timemaster_var_run_t)
manage_sock_files_pattern(timemaster_t, timemaster_var_run_t, timemaster_var_run_t)
files_pid_filetrans(timemaster_t, timemaster_var_run_t, { dir file sock_file })
manage_dirs_pattern(timemaster_t, timemaster_tmpfs_t, timemaster_tmpfs_t)
manage_files_pattern(timemaster_t, timemaster_tmpfs_t, timemaster_tmpfs_t)
fs_tmpfs_filetrans(timemaster_t, timemaster_tmpfs_t, { dir file })
kernel_read_network_state(timemaster_t)
auth_use_nsswitch(timemaster_t)
corenet_udp_bind_generic_node(timemaster_t)
corenet_udp_bind_ntp_port(timemaster_t)
dev_read_urand(timemaster_t)
logging_send_syslog_msg(timemaster_t)
sysnet_read_config(timemaster_t)
optional_policy(`
ntp_domtrans(timemaster_t)
ntp_signal(timemaster_t)
')
optional_policy(`
chronyd_domtrans(timemaster_t)
chronyd_rw_shm(timemaster_t)
')
optional_policy(`
gpsd_rw_shm(timemaster_t)
')
optional_policy(`
chronyd_signal(timemaster_t)
')
optional_policy(`
linuxptp_domtrans_ptp4l(timemaster_t)
')
optional_policy(`
linuxptp_domtrans_phc2sys(timemaster_t)
')
########################################
#
# phc2sys local policy
#
allow phc2sys_t self:capability sys_time;
allow phc2sys_t self:fifo_file rw_fifo_file_perms;
allow phc2sys_t self:unix_stream_socket create_stream_socket_perms;
allow phc2sys_t self:shm create_shm_perms;
allow phc2sys_t self:udp_socket create_socket_perms;
allow phc2sys_t ptp4l_t:unix_dgram_socket sendto;
allow phc2sys_t timemaster_t:shm rw_shm_perms;
manage_dirs_pattern(phc2sys_t, timemaster_var_run_t, timemaster_var_run_t)
manage_files_pattern(phc2sys_t, timemaster_var_run_t, timemaster_var_run_t)
manage_sock_files_pattern(phc2sys_t, timemaster_var_run_t, timemaster_var_run_t)
files_pid_filetrans(phc2sys_t, timemaster_var_run_t, { dir file sock_file })
manage_dirs_pattern(phc2sys_t, timemaster_tmpfs_t, timemaster_tmpfs_t)
manage_files_pattern(phc2sys_t, timemaster_tmpfs_t, timemaster_tmpfs_t)
fs_tmpfs_filetrans(phc2sys_t, timemaster_tmpfs_t, { dir file })
dev_rw_realtime_clock(phc2sys_t)
logging_send_syslog_msg(phc2sys_t)
optional_policy(`
chronyd_rw_shm(phc2sys_t)
')
optional_policy(`
gpsd_rw_shm(phc2sys_t)
')
optional_policy(`
ntp_rw_shm(phc2sys_t)
')
optional_policy(`
ptp4l_rw_shm(phc2sys_t)
')
########################################
#
# ptp4l local policy
#
allow ptp4l_t self:fifo_file rw_fifo_file_perms;
allow ptp4l_t self:packet_socket create_socket_perms;
allow ptp4l_t self:unix_stream_socket create_stream_socket_perms;
allow ptp4l_t self:shm create_shm_perms;
allow ptp4l_t self:udp_socket create_socket_perms;
allow ptp4l_t self:capability { net_admin net_raw sys_time };
allow ptp4l_t self:capability2 { bpf wake_alarm };
allow ptp4l_t self:netlink_route_socket rw_netlink_socket_perms;
allow ptp4l_t phc2sys_t:unix_dgram_socket sendto;
manage_dirs_pattern(ptp4l_t, timemaster_var_run_t, timemaster_var_run_t)
manage_files_pattern(ptp4l_t, timemaster_var_run_t, timemaster_var_run_t)
manage_sock_files_pattern(ptp4l_t, timemaster_var_run_t, timemaster_var_run_t)
files_pid_filetrans(ptp4l_t, timemaster_var_run_t, { dir file sock_file })
manage_dirs_pattern(ptp4l_t, timemaster_tmpfs_t, timemaster_tmpfs_t)
manage_files_pattern(ptp4l_t, timemaster_tmpfs_t, timemaster_tmpfs_t)
fs_tmpfs_filetrans(ptp4l_t, timemaster_tmpfs_t, { dir file })
corenet_udp_bind_generic_node(ptp4l_t)
corenet_udp_bind_ptp_event_port(ptp4l_t)
corenet_udp_bind_reserved_port(ptp4l_t)
kernel_read_network_state(ptp4l_t)
dev_rw_realtime_clock(ptp4l_t)
files_write_generic_pid_sockets(ptp4l_t)
logging_send_syslog_msg(ptp4l_t)
userdom_users_dgram_send(ptp4l_t)
optional_policy(`
chronyd_rw_shm(ptp4l_t)
')
optional_policy(`
gpsd_rw_shm(ptp4l_t)
')
Reference in a new issue Copy permalink