[refpolicy] [PATCH 1/3] Add policy for systemd GPT generator

Krzysztof Nowicki krzysztof.a.nowicki at gmail.com
Thu May 18 19:31:08 UTC 2017


From: Krzysztof Nowicki <krissn at op.pl>

---
 policy/modules/system/systemd.fc |  3 +++
 policy/modules/system/systemd.te | 16 ++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
index b32c006..57944e1 100644
--- a/policy/modules/system/systemd.fc
+++ b/policy/modules/system/systemd.fc
@@ -11,6 +11,9 @@
 /usr/bin/systemd-tty-ask-password-agent	--	gen_context(system_u:object_r:systemd_passwd_agent_exec_t,s0)
 /usr/bin/systemd-notify			--	gen_context(system_u:object_r:systemd_notify_exec_t,s0)
 
+# Systemd generators
+/usr/lib/systemd/system-generators/systemd-gpt-auto-generator	    --	    gen_context(system_u:object_r:systemd_gpt_generator_exec_t,s0)
+
 /usr/lib/systemd/systemd-activate	--	gen_context(system_u:object_r:systemd_activate_exec_t,s0)
 /usr/lib/systemd/systemd-backlight	--	gen_context(system_u:object_r:systemd_backlight_exec_t,s0)
 /usr/lib/systemd/systemd-binfmt		--	gen_context(system_u:object_r:systemd_binfmt_exec_t,s0)
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 0a0b34b..eb70c77 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -48,6 +48,10 @@ init_system_domain(systemd_binfmt_t, systemd_binfmt_exec_t)
 type systemd_binfmt_unit_t;
 init_unit_file(systemd_binfmt_unit_t)
 
+type systemd_gpt_generator_t;
+type systemd_gpt_generator_exec_t;
+init_system_domain(systemd_gpt_generator_t, systemd_gpt_generator_exec_t)
+
 type systemd_cgroups_t;
 type systemd_cgroups_exec_t;
 domain_type(systemd_cgroups_t)
@@ -194,6 +198,18 @@ files_read_etc_files(systemd_binfmt_t)
 
 fs_register_binary_executable_type(systemd_binfmt_t)
 
+#######################################
+#
+# GPT auto generator local policy
+#
+
+dev_read_sysfs(systemd_gpt_generator_t)
+files_read_etc_files(systemd_gpt_generator_t)
+fs_getattr_xattr_fs(systemd_gpt_generator_t)
+storage_raw_read_fixed_disk(systemd_gpt_generator_t)
+
+systemd_log_parse_environment(systemd_gpt_generator_t)
+
 ######################################
 #
 # Cgroups local policy
-- 
2.10.2



More information about the refpolicy mailing list