diff options
author | Chris PeBenito <cpebenito@tresys.com> | 2015-10-23 10:16:59 -0400 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2015-10-26 11:52:47 +0800 |
commit | d92bdf260887935367802afbbaf25d399c020cd5 (patch) | |
tree | b86986e21aa5f091d3a097ef825decad7bfad6f0 /policy/modules/system/udev.if | |
parent | Add systemd access vectors. (diff) | |
download | hardened-refpolicy-d92bdf260887935367802afbbaf25d399c020cd5.tar.gz hardened-refpolicy-d92bdf260887935367802afbbaf25d399c020cd5.tar.bz2 hardened-refpolicy-d92bdf260887935367802afbbaf25d399c020cd5.zip |
Implement core systemd policy.
Significant contributions from the Tresys CLIP team.
Other changes from Laurent Bigonville.
Diffstat (limited to 'policy/modules/system/udev.if')
-rw-r--r-- | policy/modules/system/udev.if | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if index 06175a76..d4c92ccb 100644 --- a/policy/modules/system/udev.if +++ b/policy/modules/system/udev.if @@ -92,6 +92,25 @@ interface(`udev_read_state',` allow $1 udev_t:lnk_file read_lnk_file_perms; ') + +######################################## +## <summary> +## Allow domain to create uevent sockets. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`udev_create_kobject_uevent_sockets',` + gen_require(` + type udev_t; + ') + + allow $1 udev_t:netlink_kobject_uevent_socket create_socket_perms; +') + ######################################## ## <summary> ## Do not audit attempts to inherit a |