psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame entropyd.te

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   master_contrib
  2.   entropyd.te
Blob History Raw
Dominick Grift 2c9540a 
policy_module(entropyd, 1.7.2)
1ec3d1a
1ec3d1a 
########################################
1ec3d1a 
#
1ec3d1a 
# Declarations
1ec3d1a 
#
1ec3d1a
1ec3d1a 
## <desc>
Dominick Grift b93e55e 
##
Dominick Grift b93e55e 
##	Determine whether entropyd can use
Dominick Grift b93e55e 
##	audio devices as the source for
Dominick Grift b93e55e 
##	the entropy feeds.
Dominick Grift b93e55e 
##
1ec3d1a 
## </desc>
1ec3d1a 
gen_tunable(entropyd_use_audio, false)
1ec3d1a
1ec3d1a 
type entropyd_t;
1ec3d1a 
type entropyd_exec_t;
1ec3d1a 
init_daemon_domain(entropyd_t, entropyd_exec_t)
1ec3d1a
Dominick Grift b93e55e 
type entropyd_initrc_exec_t;
Dominick Grift b93e55e 
init_script_file(entropyd_initrc_exec_t)
Dominick Grift b93e55e
1ec3d1a 
type entropyd_var_run_t;
1ec3d1a 
files_pid_file(entropyd_var_run_t)
1ec3d1a
1ec3d1a 
########################################
1ec3d1a 
#
1ec3d1a 
# Local policy
1ec3d1a 
#
1ec3d1a
1ec3d1a 
allow entropyd_t self:capability { dac_override ipc_lock sys_admin };
1ec3d1a 
dontaudit entropyd_t self:capability sys_tty_config;
1ec3d1a 
allow entropyd_t self:process signal_perms;
1ec3d1a
1ec3d1a 
manage_files_pattern(entropyd_t, entropyd_var_run_t, entropyd_var_run_t)
1ec3d1a 
files_pid_filetrans(entropyd_t, entropyd_var_run_t, file)
1ec3d1a
17a407e 
kernel_read_system_state(entropyd_t)
Chris PeBenito 9401ae1 
kernel_rw_kernel_sysctl(entropyd_t)
1ec3d1a
1ec3d1a 
dev_read_sysfs(entropyd_t)
1ec3d1a 
dev_read_urand(entropyd_t)
1ec3d1a 
dev_write_urand(entropyd_t)
1ec3d1a 
dev_read_rand(entropyd_t)
1ec3d1a 
dev_write_rand(entropyd_t)
1ec3d1a
1ec3d1a 
fs_getattr_all_fs(entropyd_t)
1ec3d1a 
fs_search_auto_mountpoints(entropyd_t)
1ec3d1a
1ec3d1a 
domain_use_interactive_fds(entropyd_t)
1ec3d1a
1ec3d1a 
logging_send_syslog_msg(entropyd_t)
1ec3d1a
1ec3d1a 
auth_use_nsswitch(entropyd_t)
1ec3d1a
1ec3d1a 
userdom_dontaudit_use_unpriv_user_fds(entropyd_t)
1ec3d1a 
userdom_dontaudit_search_user_home_dirs(entropyd_t)
1ec3d1a
1ec3d1a 
tunable_policy(`entropyd_use_audio',`
1ec3d1a 
	dev_read_sound(entropyd_t)
1ec3d1a 
	dev_write_sound(entropyd_t)
1ec3d1a 
')
1ec3d1a
1ec3d1a 
optional_policy(`
1ec3d1a 
	tunable_policy(`entropyd_use_audio',`
1ec3d1a 
		alsa_read_lib(entropyd_t)
1ec3d1a 
		alsa_read_rw_config(entropyd_t)
1ec3d1a 
	')
1ec3d1a 
')
1ec3d1a
1ec3d1a 
optional_policy(`
1ec3d1a 
	seutil_sigchld_newrole(entropyd_t)
1ec3d1a 
')
1ec3d1a
1ec3d1a 
optional_policy(`
1ec3d1a 
	udev_read_db(entropyd_t)
1ec3d1a 
')
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.