Implement core systemd policy.

Significant contributions from the Tresys CLIP team. Other changes from Laurent Bigonville.
author: Chris PeBenito <cpebenito@tresys.com> 2015-10-23 10:16:59 -0400
committer: Jason Zaman <jason@perfinion.com> 2015-10-26 11:52:47 +0800
commit: d92bdf260887935367802afbbaf25d399c020cd5 (patch)
tree: b86986e21aa5f091d3a097ef825decad7bfad6f0 /policy/modules/system/udev.if
parent: Add systemd access vectors. (diff)
download: hardened-refpolicy-d92bdf260887935367802afbbaf25d399c020cd5.tar.gz
hardened-refpolicy-d92bdf260887935367802afbbaf25d399c020cd5.tar.bz2
hardened-refpolicy-d92bdf260887935367802afbbaf25d399c020cd5.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
index 06175a76..d4c92ccb 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -92,6 +92,25 @@ interface(`udev_read_state',`
 	allow $1 udev_t:lnk_file read_lnk_file_perms;
 ')
 
+
+########################################
+## <summary>
+##	Allow domain to create uevent sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`udev_create_kobject_uevent_sockets',`
+	gen_require(`
+		type udev_t;
+	')
+
+	allow $1 udev_t:netlink_kobject_uevent_socket create_socket_perms;
+')
+
 ########################################
 ## <summary>
 ##	Do not audit attempts to inherit a
author	Chris PeBenito <cpebenito@tresys.com>	2015-10-23 10:16:59 -0400
committer	Jason Zaman <jason@perfinion.com>	2015-10-26 11:52:47 +0800
commit	d92bdf260887935367802afbbaf25d399c020cd5 (patch)
tree	b86986e21aa5f091d3a097ef825decad7bfad6f0 /policy/modules/system/udev.if
parent	Add systemd access vectors. (diff)
download	hardened-refpolicy-d92bdf260887935367802afbbaf25d399c020cd5.tar.gz hardened-refpolicy-d92bdf260887935367802afbbaf25d399c020cd5.tar.bz2 hardened-refpolicy-d92bdf260887935367802afbbaf25d399c020cd5.zip