diff options
Diffstat (limited to 'selinux/gpsd.te')
-rw-r--r-- | selinux/gpsd.te | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/selinux/gpsd.te b/selinux/gpsd.te new file mode 100644 index 0000000..4aa2b04 --- /dev/null +++ b/selinux/gpsd.te @@ -0,0 +1,25 @@ +type gpsd, domain; +type gpsd_exec, exec_type, file_type; + +init_daemon_domain(gpsd) + +allow gpsd shell_exec:file { rx_file_perms entrypoint }; + +#for text relocs & execution +allow gpsd system_file:file { execute_no_trans execmod }; +allow gpsd gps_device:chr_file { getattr setattr }; +allow gpsd gps_data_file:dir { search write add_name remove_name }; +allow gpsd gps_data_file:file { create rw_file_perms }; +allow gpsd gps_data_file:fifo_file { unlink create setattr getattr rw_file_perms }; + +allow gpsd node:udp_socket { node_bind name_bind }; +allow gpsd port:tcp_socket name_connect; +allow gpsd self:tcp_socket { getopt write read }; + +allow gpsd sysfs:file { setattr write }; +allow gpsd gps_device:chr_file { ioctl open read write }; +allow gpsd gpsd:udp_socket { create bind }; +allow gpsd gpsd:tcp_socket { create connect }; +allow gpsd fwmarkd_socket:sock_file write; +allow gpsd dnsproxyd_socket:sock_file write; +allow gpsd netd:unix_stream_socket connectto; |