1 |
commit: 5594149bf7f62722500151aedf29711bf607105a |
2 |
Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> |
3 |
AuthorDate: Wed Dec 9 13:26:24 2015 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Dec 17 15:57:35 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5594149b |
7 |
|
8 |
Add initial geoclue 2 module |
9 |
|
10 |
This has been tested with geoclue 2.4.0 on Debian |
11 |
|
12 |
policy/modules/contrib/geoclue.fc | 7 +++++++ |
13 |
policy/modules/contrib/geoclue.if | 1 + |
14 |
policy/modules/contrib/geoclue.te | 37 +++++++++++++++++++++++++++++++++++++ |
15 |
3 files changed, 45 insertions(+) |
16 |
|
17 |
diff --git a/policy/modules/contrib/geoclue.fc b/policy/modules/contrib/geoclue.fc |
18 |
new file mode 100644 |
19 |
index 0000000..faca546 |
20 |
--- /dev/null |
21 |
+++ b/policy/modules/contrib/geoclue.fc |
22 |
@@ -0,0 +1,7 @@ |
23 |
+/etc/geoclue(/.*)? gen_context(system_u:object_r:geoclue_etc_t,s0) |
24 |
+ |
25 |
+/usr/lib/geoclue-2.0/geoclue -- gen_context(system_u:object_r:geoclue_exec_t,s0) |
26 |
+ |
27 |
+/usr/libexec/geoclue -- gen_context(system_u:object_r:geoclue_exec_t,s0) |
28 |
+ |
29 |
+/var/lib/geoclue(/.*)? gen_context(system_u:object_r:geoclue_var_lib_t,s0) |
30 |
|
31 |
diff --git a/policy/modules/contrib/geoclue.if b/policy/modules/contrib/geoclue.if |
32 |
new file mode 100644 |
33 |
index 0000000..9df3608 |
34 |
--- /dev/null |
35 |
+++ b/policy/modules/contrib/geoclue.if |
36 |
@@ -0,0 +1 @@ |
37 |
+## <summary>Geoclue is a D-Bus service that provides location information.</summary> |
38 |
|
39 |
diff --git a/policy/modules/contrib/geoclue.te b/policy/modules/contrib/geoclue.te |
40 |
new file mode 100644 |
41 |
index 0000000..fc72974 |
42 |
--- /dev/null |
43 |
+++ b/policy/modules/contrib/geoclue.te |
44 |
@@ -0,0 +1,37 @@ |
45 |
+policy_module(geoclue, 1.0.0) |
46 |
+ |
47 |
+type geoclue_t; |
48 |
+type geoclue_exec_t; |
49 |
+dbus_system_domain(geoclue_t, geoclue_exec_t) |
50 |
+ |
51 |
+type geoclue_etc_t; |
52 |
+files_config_file(geoclue_etc_t) |
53 |
+ |
54 |
+type geoclue_var_lib_t; |
55 |
+files_type(geoclue_var_lib_t) |
56 |
+ |
57 |
+read_files_pattern(geoclue_t, geoclue_etc_t, geoclue_etc_t) |
58 |
+ |
59 |
+corenet_tcp_connect_http_port(geoclue_t) |
60 |
+ |
61 |
+dev_read_urand(geoclue_t) |
62 |
+ |
63 |
+# Reads /etc/nsswitch.conf |
64 |
+files_read_etc_files(geoclue_t) |
65 |
+ |
66 |
+miscfiles_read_generic_certs(geoclue_t) |
67 |
+miscfiles_read_localization(geoclue_t) |
68 |
+ |
69 |
+sysnet_dns_name_resolve(geoclue_t) |
70 |
+ |
71 |
+optional_policy(` |
72 |
+ avahi_dbus_chat(geoclue_t) |
73 |
+') |
74 |
+ |
75 |
+optional_policy(` |
76 |
+ networkmanager_dbus_chat(geoclue_t) |
77 |
+') |
78 |
+ |
79 |
+optional_policy(` |
80 |
+ modemmanager_dbus_chat(geoclue_t) |
81 |
+') |