1 |
commit: 18ddac2acc0a71975ba87e0683cc3846ed72bb9f |
2 |
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> |
3 |
AuthorDate: Sat Sep 10 15:28:14 2016 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Oct 3 06:05:14 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=18ddac2a |
7 |
|
8 |
cups: Move can_exec() line. |
9 |
|
10 |
policy/modules/contrib/cups.te | 6 +++--- |
11 |
1 file changed, 3 insertions(+), 3 deletions(-) |
12 |
|
13 |
diff --git a/policy/modules/contrib/cups.te b/policy/modules/contrib/cups.te |
14 |
index 1b0dffa..245926b 100644 |
15 |
--- a/policy/modules/contrib/cups.te |
16 |
+++ b/policy/modules/contrib/cups.te |
17 |
@@ -633,6 +633,9 @@ allow hplip_t hplip_etc_t:dir list_dir_perms; |
18 |
allow hplip_t hplip_etc_t:file read_file_perms; |
19 |
allow hplip_t hplip_etc_t:lnk_file read_lnk_file_perms; |
20 |
|
21 |
+# e.g. execute python script to load the firmware |
22 |
+can_exec(hplip_t, hplip_exec_t) |
23 |
+ |
24 |
manage_files_pattern(hplip_t, hplip_var_lib_t, hplip_var_lib_t) |
25 |
manage_lnk_files_pattern(hplip_t, hplip_var_lib_t, hplip_var_lib_t) |
26 |
|
27 |
@@ -647,9 +650,6 @@ stream_connect_pattern(hplip_t, cupsd_var_run_t, cupsd_var_run_t, cupsd_t) |
28 |
kernel_read_system_state(hplip_t) |
29 |
kernel_read_kernel_sysctls(hplip_t) |
30 |
|
31 |
-# e.g. execute python script to load the firmware |
32 |
-can_exec(hplip_t, hplip_exec_t) |
33 |
- |
34 |
corenet_all_recvfrom_unlabeled(hplip_t) |
35 |
corenet_all_recvfrom_netlabel(hplip_t) |
36 |
corenet_tcp_sendrecv_generic_if(hplip_t) |