From d5dde3aac15de32aa5a701a4a4a21cb4d12ccbb8 Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Sun, 4 Feb 2024 11:16:37 +0800
Subject: systemd: allow systemd-rfkill to getopt from uevent sockets

Fixes:
avc:  denied  { getopt } for  pid=313 comm="systemd-rfkill"
scontext=system_u:system_r:systemd_rfkill_t:s0-s15:c0.c1023
tcontext=system_u:system_r:systemd_rfkill_t:s0-s15:c0.c1023
tclass=netlink_kobject_uevent_socket permissive=1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
---
 policy/modules/system/systemd.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'policy')

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index b1e1e3b72..c4b66c825 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1540,7 +1540,7 @@ logging_send_syslog_msg(systemd_pstore_t)
 # Rfkill local policy
 #
 
-allow systemd_rfkill_t self:netlink_kobject_uevent_socket { bind create getattr read setopt };
+allow systemd_rfkill_t self:netlink_kobject_uevent_socket { bind create getattr read getopt setopt };
 
 manage_dirs_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t)
 manage_files_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t)
-- 
cgit v1.2.3-65-gdbad