From cc65fe8271ee7ed3c54a641a6c87262925db8f9f Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 29 Oct 2013 14:42:38 -0400
Subject: [PATCH] Make ppp permissive or unconfined.

Also add rules from our policy.

Change-Id: I6f552538cc4f6b28b2883aa74832230944cbdb7a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 ppp.te | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/ppp.te b/ppp.te
index 1f61fdd9a..21838f16d 100644
--- a/ppp.te
+++ b/ppp.te
@@ -1,6 +1,15 @@
 # Point to Point Protocol daemon
 type ppp, domain;
+permissive_or_unconfined(ppp)
 type ppp_device, dev_type;
 type ppp_exec, exec_type, file_type;
-unconfined_domain(ppp)
 domain_auto_trans(mtp, ppp_exec, ppp)
+
+allow ppp mtp:socket rw_socket_perms;
+allow ppp ppp_device:chr_file rw_file_perms;
+allow ppp self:capability net_admin;
+allow ppp self:udp_socket create_socket_perms;
+allow ppp system_file:file rx_file_perms;
+allow ppp vpn_data_file:dir w_dir_perms;
+allow ppp vpn_data_file:file create_file_perms;
+allow ppp mtp:fd use;
-- 
GitLab