diff --git a/policy/modules/services/hal.te b/policy/modules/services/hal.te index 4d3cae0..63ad17f 100644 --- a/policy/modules/services/hal.te +++ b/policy/modules/services/hal.te @@ -1,5 +1,5 @@ -policy_module(hal, 1.12.1) +policy_module(hal, 1.12.2) ######################################## # @@ -63,7 +63,7 @@ files_type(hald_var_lib_t) # execute openvt which needs setuid allow hald_t self:capability { chown setuid setgid kill net_admin sys_admin sys_nice dac_override dac_read_search mknod sys_rawio sys_tty_config }; dontaudit hald_t self:capability {sys_ptrace sys_tty_config }; -allow hald_t self:process { getattr signal_perms }; +allow hald_t self:process { getsched getattr signal_perms }; allow hald_t self:fifo_file rw_fifo_file_perms; allow hald_t self:unix_stream_socket { create_stream_socket_perms connectto }; allow hald_t self:unix_dgram_socket create_socket_perms; @@ -100,6 +100,7 @@ kernel_read_fs_sysctls(hald_t) kernel_rw_irq_sysctls(hald_t) kernel_rw_vm_sysctls(hald_t) kernel_write_proc_files(hald_t) +kernel_search_network_sysctl(hald_t) kernel_setsched(hald_t) kernel_request_load_module(hald_t) @@ -117,6 +118,7 @@ corenet_tcp_sendrecv_all_ports(hald_t) corenet_udp_sendrecv_all_ports(hald_t) dev_rw_usbfs(hald_t) +dev_read_rand(hald_t) dev_read_urand(hald_t) dev_read_input(hald_t) dev_read_mouse(hald_t) @@ -161,6 +163,7 @@ fs_mount_dos_fs(hald_t) fs_unmount_dos_fs(hald_t) fs_manage_dos_files(hald_t) fs_manage_fusefs_dirs(hald_t) +fs_rw_removable_blk_files(hald_t) files_getattr_all_mountpoints(hald_t) @@ -180,7 +183,7 @@ storage_raw_write_fixed_disk(hald_t) # hal_probe_serial causes these term_setattr_unallocated_ttys(hald_t) -term_dontaudit_use_unallocated_ttys(hald_t) +term_use_unallocated_ttys(hald_t) auth_use_nsswitch(hald_t) @@ -295,6 +298,7 @@ optional_policy(` ') optional_policy(` + ppp_domtrans(hald_t) ppp_read_rw_config(hald_t) ') @@ -320,6 +324,10 @@ optional_policy(` ') optional_policy(` + usbmuxd_stream_connect(hald_t) +') + +optional_policy(` updfstab_domtrans(hald_t) ')