Skip to content
Snippets Groups Projects
Commit 5eab3ab9 authored by Nick Kralevich's avatar Nick Kralevich Committed by Gerrit Code Review
Browse files

Merge "Confine gpsd, but leave it permissive for now."

parents b1016ed5 a60abdce
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 11 additions and 1 deletion
gpsd.te
+ 11
1
View file @ 5eab3ab9
# gpsd - GPS daemon
type gpsd, domain;
permissive_or_unconfined(gpsd)
type gpsd_exec, exec_type, file_type;
init_daemon_domain(gpsd)
net_domain(gpsd)
unconfined_domain(gpsd)
allow gpsd gps_data_file:dir rw_dir_perms;
allow gpsd gps_data_file:notdevfile_class_set create_file_perms;
# Socket is created by the daemon, not by init, and under /data/gps,
# not under /dev/socket.
type_transition gpsd gps_data_file:sock_file gps_socket;
allow gpsd gps_socket:sock_file create_file_perms;
# XXX Label sysfs files with a specific type?
allow gpsd sysfs:file rw_file_perms;
allow gpsd gps_device:chr_file rw_file_perms;
# Execute the shell or system commands.
allow gpsd shell_exec:file rx_file_perms;
allow gpsd system_file:file rx_file_perms;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment