1 |
commit: 9fd7c1d7cd40977f22af7970e1d4d943912ed5d2 |
2 |
Author: David Sugar <dsugar <AT> tresys <DOT> com> |
3 |
AuthorDate: Wed Dec 6 18:23:41 2017 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Dec 12 07:07:30 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9fd7c1d7 |
7 |
|
8 |
Allow to read /proc/sys/crypto/fips_enabled |
9 |
|
10 |
Allow accountsd_t and policykitd_t to read /proc/sys/crypto/fips_enabled |
11 |
|
12 |
policy/modules/contrib/accountsd.te | 1 + |
13 |
policy/modules/contrib/policykit.te | 1 + |
14 |
2 files changed, 2 insertions(+) |
15 |
|
16 |
diff --git a/policy/modules/contrib/accountsd.te b/policy/modules/contrib/accountsd.te |
17 |
index d435a2d6..f56058cc 100644 |
18 |
--- a/policy/modules/contrib/accountsd.te |
19 |
+++ b/policy/modules/contrib/accountsd.te |
20 |
@@ -30,6 +30,7 @@ manage_dirs_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t) |
21 |
manage_files_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t) |
22 |
files_var_lib_filetrans(accountsd_t, accountsd_var_lib_t, dir) |
23 |
|
24 |
+kernel_read_crypto_sysctls(accountsd_t) |
25 |
kernel_read_kernel_sysctls(accountsd_t) |
26 |
kernel_read_system_state(accountsd_t) |
27 |
|
28 |
|
29 |
diff --git a/policy/modules/contrib/policykit.te b/policy/modules/contrib/policykit.te |
30 |
index 9a0c4d5c..8f2035a0 100644 |
31 |
--- a/policy/modules/contrib/policykit.te |
32 |
+++ b/policy/modules/contrib/policykit.te |
33 |
@@ -85,6 +85,7 @@ can_exec(policykit_t, policykit_exec_t) |
34 |
domtrans_pattern(policykit_t, policykit_auth_exec_t, policykit_auth_t) |
35 |
domtrans_pattern(policykit_t, policykit_resolve_exec_t, policykit_resolve_t) |
36 |
|
37 |
+kernel_read_crypto_sysctls(policykit_t) |
38 |
kernel_read_kernel_sysctls(policykit_t) |
39 |
kernel_read_system_state(policykit_t) |