1 files changed, 63 insertions, 0 deletions

diff --git a/policy/modules/contrib/resolvconf.te b/policy/modules/contrib/resolvconf.te
new file mode 100644
index 000000000..28ecd4d4a
--- /dev/null
+++ b/policy/modules/contrib/resolvconf.te
@@ -0,0 +1,63 @@
+policy_module(resolvconf, 0.1)
+
+type resolvconf_t;
+type resolvconf_exec_t;
+domain_type(resolvconf_t)
+domain_entry_file(resolvconf_t, resolvconf_exec_t)
+role system_r types resolvconf_t;
+
+attribute resolvconf_client;
+
+type resolvconf_conf_t;
+files_config_file(resolvconf_conf_t)
+
+type resolvconf_runtime_t alias resolvconf_var_run_t;
+files_runtime_file(resolvconf_runtime_t)
+
+#########################################
+#
+# OpenResolv policy
+#
+
+allow resolvconf_t self:fifo_file manage_fifo_file_perms;
+allow resolvconf_t resolvconf_conf_t:file read_file_perms;
+
+manage_dirs_pattern(resolvconf_t, resolvconf_runtime_t, resolvconf_runtime_t)
+manage_files_pattern(resolvconf_t, resolvconf_runtime_t, resolvconf_runtime_t)
+
+corecmd_exec_bin(resolvconf_t)
+corecmd_exec_shell(resolvconf_t)
+
+files_runtime_filetrans(resolvconf_t, resolvconf_runtime_t, { dir file })
+files_read_etc_files(resolvconf_t)
+
+miscfiles_read_localization(resolvconf_t)
+
+sysnet_manage_config(resolvconf_t)
+
+optional_policy(`
+	init_domtrans_script(resolvconf_t)
+	init_read_script_status_files(resolvconf_t)
+	init_use_script_fds(resolvconf_t)
+	init_use_script_ptys(resolvconf_t)
+')
+
+optional_policy(`
+	term_dontaudit_use_console(resolvconf_t)
+')
+
+optional_policy(`
+	dnsmasq_read_config(resolvconf_t)
+	dnsmasq_write_config(resolvconf_t)
+')
+
+optional_policy(`
+	networkmanager_rw_rawip_sockets(resolvconf_t)
+')
+
+#########################################
+#
+# Resolvconf client policy
+#
+
+resolvconf_client_domain_privs(resolvconf_client)