52 lines
1.1 KiB
Text
52 lines
1.1 KiB
Text
policy_module(sensord, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type sensord_t;
|
|
type sensord_exec_t;
|
|
init_daemon_domain(sensord_t, sensord_exec_t)
|
|
|
|
type sensord_unit_file_t;
|
|
systemd_unit_file(sensord_unit_file_t)
|
|
|
|
type sensord_initrc_exec_t;
|
|
init_script_file(sensord_initrc_exec_t)
|
|
|
|
type sensord_var_run_t;
|
|
files_pid_file(sensord_var_run_t)
|
|
|
|
type sensord_log_t;
|
|
logging_log_file(sensord_log_t)
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
allow sensord_t self:process { signal execmem };
|
|
|
|
allow sensord_t self:fifo_file rw_fifo_file_perms;
|
|
allow sensord_t self:unix_stream_socket create_stream_socket_perms;
|
|
|
|
manage_files_pattern(sensord_t, sensord_log_t, sensord_log_t)
|
|
logging_log_filetrans(sensord_t, sensord_log_t, file)
|
|
allow sensord_t sensord_log_t:file map;
|
|
|
|
manage_files_pattern(sensord_t, sensord_var_run_t, sensord_var_run_t)
|
|
files_pid_filetrans(sensord_t, sensord_var_run_t, file)
|
|
|
|
auth_use_nsswitch(sensord_t)
|
|
|
|
can_exec(sensord_t, sensord_exec_t)
|
|
|
|
corecmd_exec_shell(sensord_t)
|
|
|
|
kernel_read_system_state(sensord_t)
|
|
|
|
dev_read_sysfs(sensord_t)
|
|
|
|
logging_send_syslog_msg(sensord_t)
|
|
|