[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/

[Jason Zaman]

commit:     624ea0197fb2d059bfc884bbd1f06ab5d2e9898b
Author:     Russell Coker <russell <AT> coker <DOT> com <DOT> au>
AuthorDate: Wed Jul 23 00:02:11 2025 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Sep  2 21:59:08 2025 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=624ea019

Some small fixes for the fingerprint daemon

Signed-off-by: Russell Coker <russell <AT> coker.com.au>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/modules/services/fprintd.te | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/policy/modules/services/fprintd.te 
b/policy/modules/services/fprintd.te
index 11fe51ae8..4108f137c 100644
--- a/policy/modules/services/fprintd.te
+++ b/policy/modules/services/fprintd.te
@@ -17,9 +17,12 @@ files_type(fprintd_var_lib_t)
 # Local policy
 #
 
+dontaudit fprintd_t self:capability net_admin;
 allow fprintd_t self:capability sys_nice;
 allow fprintd_t self:process { getsched setsched sigkill signal };
 allow fprintd_t self:fifo_file rw_fifo_file_perms;
+allow fprintd_t self:netlink_kobject_uevent_socket { create bind getopt setopt 
getattr read };
+allow fprintd_t self:unix_dgram_socket { create write };
 
 manage_dirs_pattern(fprintd_t, fprintd_var_lib_t, fprintd_var_lib_t)
 manage_files_pattern(fprintd_t, fprintd_var_lib_t, fprintd_var_lib_t)
@@ -36,6 +39,7 @@ fs_getattr_all_fs(fprintd_t)
 
 auth_use_nsswitch(fprintd_t)
 
+logging_send_syslog_msg(fprintd_t)
 miscfiles_read_localization(fprintd_t)
 
 userdom_use_user_ptys(fprintd_t)
@@ -55,3 +59,12 @@ optional_policy(`
        policykit_read_reload(fprintd_t)
        policykit_read_lib(fprintd_t)
 ')
+
+optional_policy(`
+       systemd_dbus_chat_logind(fprintd_t)
+       systemd_write_inherited_logind_inhibit_pipes(fprintd_t)
+')
+
+optional_policy(`
+       udev_read_runtime_files(fprintd_t)
+')